shellphish/driller

How new inputs generated by driller are passed to AFL?

joyceqi opened this issue · 5 comments

Hello, I have been using driller. I look into the schedule of celery, but there is one question confusing me.
When driller generates new inputs, it will pass the new input through redis publish/subscribe to AFL output directory, which is binary/sync/driller/queue. But then how can AFL read these inputs? Normally the queue directory here should be binary/sync/fuzzer-master/queue.
So, I think maybe you changed the AFL source code. I have noticed that driller-afl is tailored for driller's use in analyzing cgc binaries, which really adds some operation of driller. But, I just want to use driller for unix binary, then how AFL reads inputs from driller? Thanks :)

salls commented

Afl will sync inputs from other /*/queue directories. This is how the multiproces mode works. If the inputs generated by driller are synced you should see in fuzzer-master/queue files with sync driller in the name

Thank you very much! I just know a little about AFL.
Actually there is another question about celery. It seems that all arguments passed by calling task.function.delay() will be transformed as unicode, but you know the input from afl queue can be like '\xff\xde...' (contains byte that > 127), where directly pass these inputs to delay() will cause:
_kombu.exceptions.EncodeError: 'utf8' codec can't decode byte 0xbe in position 0: invalid start byte
How should I solve this problem?

salls commented

I don't really know here. I didn't work on the celery setup. I would expect it's not hard to encode before sending it to celery and decide in the receiving process

Thank you anyway!