ucf fuzz: AFL forkserver error
Closed this issue · 2 comments
docfate111 commented
*] Spinning up the fork server...
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. Perhaps there is a horrible bug in the
fuzzer. Poke <afl-users@googlegroups.com> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : afl_fsrv_start(), src/afl-forkserver.c:726
I created an image like the one from syzkaller and I was able to attach ucf to the breakpoint however I run into the issue above when I run ucf fuzz
at the end of config.py
if len(input) > 1500:
import os
os._exit(0) # too big!
# read input to the correct position at param rdx here:
rdx = uc.reg_read(UC_X86_REG_RDX)
rdi = uc.reg_read(UC_X86_REG_RDI)
ucf.map_page(uc, rdx) # ensure sk_buf is mapped
bufferPtr = struct.unpack("<Q", uc.mem_read(rdx + 0xD8, 8))[0]
ucf.map_page(uc, bufferPtr) # ensure the buffer is mapped
uc.mem_write(rdi, input) # insert afl input
uc.mem_write(rdx + 0xC4, b"\xdc\x05") # fix tail
def place_input(ucf: Unicorefuzz, uc: Uc, input: bytes) -> None:
rax = uc.reg_read(UC_X86_REG_RAX)
# make sure the parameter memory is mapped
ucf.map_page(uc, rax)
uc.mem_write(rax, input) # insert afl input
#init_func(Uc)
#place_input(Unicorefuzz, Uc, AFL_INPUTS)
domenukk commented
This usually means your python script crashes.
If you want more output from afl, run afl-fuzz with AFL_DEBUG_CHILD=1
.
Probably a script throwing an exception at some point.
domenukk commented
Please reopen if this issue persists