Framework to optimize the exploitation transition phase in AFLGo and test it
Run git clone --recursive [repository url] to clone this repository with its submodules.
Simply run ./build.sh at the project home directory.
Or you can download the prebuilt docker image from docker hub by docker pull goodtaeeun/aflgopt
Make sure that you retag the docker image to be compatible with our scripts. docker tag goodtaeeun/aflgopt aflgopt
Note that the docker image in dockerhub may not always be up-to-date with this repository.
First, launce a docker container by ./launch.sh
Then, inside the docker, run fuzzer by the following command
/tool-script/run_AFLGo.sh cxxfilt-2016-4487 stdin 600
This means you will run AFLGo on a binary named cxxfilt-2016-4487, which takes inputs from stdin, for 600 seconds.
For other targets or other time limits, you may change the arguments.
Currently, the exploitation phase starts at the 3/4 point of the entire runtime.
See the script "run_AFLGo.sh" to modify it.
After the fuzzing is done, you can check the results under /box/output
There, you can check the crashing inputs, and the replays logs generated by them.
To run AFL/AFLGo, you should first fix core dump name pattern.
$ echo core | sudo tee /proc/sys/kernel/core_pattern
If your system has /sys/devices/system/cpu/cpu*/cpufreq directory, AFL may
also complain about the CPU frequency scaling configuration. Check the current
configuration and remember it if you want to restore it later. Then, set it to
performance, as requested by AFL.
$ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
powersave
powersave
powersave
powersave
$ echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor