FUZZING.IN
some notes i have taken during my fuzzing work in last 2 years. may be useful for someone.
ram disk create
mkdir /tmp/afl-ramdisk && chmod 777 /tmp/afl-ramdisk
mount -t tmpfs -o size=2048M tmpfs /tmp/afl-ramdisk
creating build with GCC, ASAN etc, 32 bit
CFLAGS="-m32 -g -fsanitize=address -fno-omit-frame-pointer" LDFLAGS="-m32 -g -fsanitize=address -fno-omit-frame-pointer" ./configure
options for ASAN
-fsanitize=undefined
-fsanitize=memory
-fsanitize=address
CMAKE build
cmake .. -DCMAKE_CXX_FLAGS="-fsanitize=address -fsanitize=leak -g" -DCMAKE_C_FLAGS="-fsanitize=address -fsanitize=leak -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak" -DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak"
deleteing CMake temp build files
rm -rf CMakeFiles/
CMake change compilers:
cmake .. -DCMAKE_C_COMPILER=path/to/afl-gcc -DCMAKE_CXX_COMPILER=path/to/afl-g++
asan with clang
CFLAGS = "-g -fsanitize=address -I/usr/lib/llvm-6.0/lib/clang/6.0.0/include"
or
../configure --cc=clang --extra-cflags=" -fsanitize=address -g " --extra-ldflags=" -fsanitize=address -g " --enable-debug
Configure Disable shared libraries
./configure --disable-shared
Some files related commands, used for corpus managment
find .mdb and move to new folder
find /corpus -name "*.mdb" -exec mv {} /papers \;
find file greater then 1 mb and delete them, this will ask to confirm
find . -size +1M -name "*.mdb" -exec rm -i {} \;screen -
find file greater then 1mb and delte without asking to confirm
find -type f ( -name "mdb" -o -name "accdb" ) -size +1M -delete
To Move all files, but not folders:
find ~/Downloads/ -type f -print0 | xargs -0 mv -t ~/Videos
check if elf is compiled with asan
nm -an | grep asan
alternatively use checksec utility from pwntools package.
use this command for triaging crashes with ASAN
ASAN_OPTIONS="abort_on_error=1:symbolize=0"