ucf fuzz: AFL forkserver error

Question

ucf fuzz: AFL forkserver error

Closed this issue 2 years ago · 2 comments

*] Spinning up the fork server...

[-] Hmm, looks like the target binary terminated before we could complete a
    handshake with the injected code. Perhaps there is a horrible bug in the
    fuzzer. Poke <afl-users@googlegroups.com> for troubleshooting tips.

[-] PROGRAM ABORT : Fork server handshake failed
         Location : afl_fsrv_start(), src/afl-forkserver.c:726

I created an image like the one from syzkaller and I was able to attach ucf to the breakpoint however I run into the issue above when I run ucf fuzz
at the end of config.py

    if len(input) > 1500:
        import os

        os._exit(0)  # too big!

    # read input to the correct position at param rdx here:
    rdx = uc.reg_read(UC_X86_REG_RDX)
    rdi = uc.reg_read(UC_X86_REG_RDI)
    ucf.map_page(uc, rdx)  # ensure sk_buf is mapped
    bufferPtr = struct.unpack("<Q", uc.mem_read(rdx + 0xD8, 8))[0]
    ucf.map_page(uc, bufferPtr)  # ensure the buffer is mapped
    uc.mem_write(rdi, input)  # insert afl input
    uc.mem_write(rdx + 0xC4, b"\xdc\x05")  # fix tail

def place_input(ucf: Unicorefuzz, uc: Uc, input: bytes) -> None:
    rax = uc.reg_read(UC_X86_REG_RAX)
    # make sure the parameter memory is mapped
    ucf.map_page(uc, rax)
    uc.mem_write(rax, input)  # insert afl input

#init_func(Uc)
#place_input(Unicorefuzz, Uc, AFL_INPUTS)

Answer 1 · 2021-11-06T16:33:10.000Z

This usually means your python script crashes.
If you want more output from afl, run afl-fuzz with AFL_DEBUG_CHILD=1.
Probably a script throwing an exception at some point.

Answer 2 · 2023-01-02T18:21:39.000Z

Please reopen if this issue persists