itunes-xbmc fuzzing example
pmwalk opened this issue · 2 comments
I'm trying to use the itunes-xbmc model provided in the models/ folder as an example for fuzzing. I've created configuration files for the server and client and when I launch a fuzzing session, I see the following from the server side:
[ ] Waiting for client connection...
[*] Connected to client...
>>> RESETING MODEL...
>>> RECEIVING message...
>>> RECEIVED message:
################################################################################
OPTIONS%20%2A%20RTSP/1.0%0D%0ACSeq%3A%201%0D%0AUser-Agent%3A%20iTunes/11.4%20%28Macintosh%3B%20OS%20X%2010.9.5%29%0D%0AClient-Instance%3A%209516327BC34A8004%0D%0ADACP-ID%3A%209516327BC34A8004%0D%0AActive-Remote%3A%202924970602%0D%0AApple-Challenge%3A%20Fp%2BwsheUfktDySHpateTWA%0D%0A%0D%0A
################################################################################
>>> Consuming RECEIVED msg of length 211
>>> EXACT MATCHED TEMPLATE: 25
>>> TRANSITION TO STATE: START|1.UAC
>>> STATUS: OK
[1502218306, 1, 'OK', 'START|1.UAC', '25', [], []]
>>> Selecting next MOST probable state from: [('1.UAC|2.UAC', 1)]
>>> STATUS: NO TRANSITION, TRANSITION: None
>>> RECEIVING message...
And the following from the client side:
>>> RESETING MODEL...
[*] Connected to server...
Selecting next MOST probable state from: [('START|1.UAC', 1)]
Probability-based selection from templates: ['25']
>>> SELECTED TEMPLATE: 25
>>> TRANSITION TO STATE: START|1.UAC
>>> SENDING msg:
OPTIONS * RTSP/1.0
CSeq: 1
User-Agent: iTunes/11.4 (Macintosh; OS X 10.9.5)
Client-Instance: 9516327BC34A8004
DACP-ID: 9516327BC34A8004
Active-Remote: 2924970602
Apple-Challenge: Fp+wsheUfktDySHpateTWA
The server-side is started with the following command:
python pulsar.py -c pulsar/conf/server_fuzz -z -m ./models/itunes-xbmc
The client-side is started with the following command:
python pulsar.py -c pulsar/conf/client_fuzz -z -m ./models/itunes-xbmc
At which point both hang, because it seems the server-side is waiting for a message, but the client has not sent it. Is there something I'm doing wrong? Thanks!
@pmwalk you can try to play with different types of transition modes for both the client and the server. For that, check pulsar/conf/simulation.conf and change transitionmode. For example from MODE_MOST_PROBABLE_TRANSITION to MODE_RANDOM_TRANSITION. That would mean setting transitionmode = 2.