emulatedfirmwarefuzzing's People
Contributors
Watchers
emulatedfirmwarefuzzing's Issues
rename function_patches to patches and function_patch to patch - and also all function names
address already in use
check if malloc fails
Fuzz speeduino
all 3 unit test parts
check what would be best to fuzz. what can be fuzzed
Stack Smashing Detected PC 0x0f50 in exercise /home/user/EFF/TestPrograms/exercise_strcpy_solution stops after triggered
external interrupt
API helper functions
Optimize simavr, e.g. disable instruction tracing
coverage.html shows 100% line coverage
Line coverage is always displayed at 100% because I do not include lines that are not triggered.
allow no seeds dir start, in this case create an empty seed, or 'AAAAAAAAAAAAAAA' -- empty seed start
current inputs are not freed
in avr_core_watch_write: also send invalid_write_address_found if avr_core_watch_write
and check that we call ->reset = 1 in invalid_write_address_found
check whether the stack trace is correct -- is the line number correct?
avr->trace_data->stack_frame seems to be off by 3 bytes? thats why i have alternative for stack buffer sani
Fix OSError: [Errno 98] Address already in use
In server.py
When + C on ./server.py process
search for TODOE
Stack Smashing Detected PC 0x0f50 twice. dedup problem
src code documentation
crash handler.h -- // ids
Sanitizer info to backend
uninitialized memory -> also printable, i.e. addr2line
> i can send stacktrace via built in array thingy
fuzzer stats
- avg exec per sec of last 10 sec
- total runtime (seconds or minutes)
instead of timeout: reset
cycle timer takes into account sleeps -- so i think cycle is more accurate than counting slept time. maybe some users explicitly want delay time?
correct shadow map at startup, i.e. all 0 except the ones in specific maps
TODO: from symbol to addr get the __bss_end symbol and setup shadow map from 0..__bss_end
rename write_to_flashaddr to write_to_ram
also make it work with what i write in paper
rename libfuzzer_custom_fuzz to mutator_mutate mutator_init
and in
!! it looks like sanitizer shadow map is not reset
in abgabe VM
in bash config same alias as in zsh
error msg when using seeds but seeds dir is empty or all seeds exceed max size
bad_jump_count: 2 - should be 1
Fuzz NeoGPS
Stack Buffer Overflow Sanitizer faulty -- HIGH PRIO
when we return we set avr->stack_return_address = -1; -- use avr->trace_data->stack_frame for that, its what we want
Sanitizer
Do I check for these issues?:
/// A read or write memory request overflowed the address size
AddressIntegerOverflow,
algo for crash input minimization
coverage.html only includes branch lines and start of functions
write a function patch to treat input as a crash. can use it for marlins crash() and e.g. in assert
- new type
- function call
in addr_to_src change path_to_binary to path_to_emulated_executable
server.py can crash whole system. probably issue with PID groups?
RJMP and maybe others probably dont need edge_triggered
am i missing invalid_read_address_found?
signal handler for
SIGFPE
SIGXFSZ
i can write that i have this list from libfuzzer src: https://github.com/AFLplusplus/AFLplusplus/blob/stable/custom_mutators/libfuzzer/FuzzerDriver.cpp#L990
Defer gcovr invocation until no new coverage was found in the last X seconds
get_symbol_address minus 0x80000... automatically
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.