Docker system and tooling to compile & fuzz parts of the kernel in user-space.
- It compiles the all parts of the kernel for linking into regular user-space programs
- It builds three versions of your fuzz-harness, one "regular" one with afl and one with coverage
- It provides scripts for starting the fuzzing on multiple cores
apt install graphviz docker.io python3 python3-pip
pip3 install angr angr-utils
./build.sh
./fuzz.sh
watch -n 60 ./info.sh
Build the docker image for fuzzing. Run once you configured everything.
Compile kernel & fuzz harness, modify to fit your harness. Will be run by Dockerfile.
Configs for scripts and build
Part of coverage script placed within Docker container, no need to run manually
Analyze fuzzing coverage
Analyze found crashes, needs to be run from within docker container. Unknown if it is working.
Base for docker image, starts with aflplusplus image, builds kernel three times
Run docker image and start fuzzing with different configurations of AFL, modify to match your usage of AFL. Uses all your cores.
Get info about your fuzzing run
Mocked functions for the kernel. Add mocked functions to match your target
Minor modifications to the kernel code to expose the function targeted for fuzzing. Modify to expose your target
Fuzzing harness. Modify to match your target
Internal part of mincorp.sh, no need to run manually
Minimize the fuzzing corpus using afl-cmin
Identifies required functions and .o files for building a binary using the given function in the kernel.
Assumes that we have a source-folder of a compiled kernel (i.e all .o files remainig) named 'linux' Takes two arguments, the name of the function to start identifying dependencies for and the .o file that contains this function.
Outputs the spec of a graphviz '.dot' file to the stdout and outputs the required .o files to stderr (and also debug info)
This file.