Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

afl-qemu-trace-32 and afl-qemu-trace-64 #1928

Open
ele7enxxh opened this issue Dec 8, 2023 · 7 comments
Open

afl-qemu-trace-32 and afl-qemu-trace-64 #1928

ele7enxxh opened this issue Dec 8, 2023 · 7 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@ele7enxxh
Copy link

Hi,

Sometimes, I need to perform fuzz testing on both 32-bit and 64 bit programs simultaneously. The current compilation and installation will overwrite the previous product afl-qemu-trace binary. Can you add a suffix to distinguish between the two? For example: afl-qemu-trace-32 and afl-qemu-trace-64.

Thanks.
@vanhauser-thc
Copy link
Member

and how would afl-fuzz know which qemu binary to call? and what if someone wants that for arm64, mips etc.?
that just adds complexity on top that is not helpful I think.
the easy solution:

make
cd ..
cp -r AFLplusplus AFLplusplus32
cd AFLplusplus32/qemu_mode
export CPU_TARGET=i386
./build_qemu_support.sh

and then when fuzzing your simply set AFL_PATH to either /path/to/AFLplusplus or /path/to/AFLplusplus2

@p21nc3
Copy link

p21nc3 commented Dec 10, 2023

Hi @vanhauser-thc agreed with your point of considering other architectures. but having an binary selection method (dynamically) would work for this. lets say having a configuration setting for the users to configure the archi's they want to target. give it a thought ✌️

@ele7enxxh
Copy link
Author

Hi, @vanhauser-thc, I think afl-fuzz can automatically select a specific afl-qemu-trace(eg. afl-qemu-trace-arm, afl-qemu-trace-aarch64) by checking the file architecture of the target binary.

@vanhauser-thc
Copy link
Member

Yeah that would be possible. I have no time for this though as I work on something for a presentation at the ccc congress.
You can send a PR if you think it is an important thing to have.

@vanhauser-thc vanhauser-thc added enhancement New feature or request help wanted Extra attention is needed labels Dec 11, 2023
@p21nc3
Copy link

p21nc3 commented Dec 13, 2023

Hi, @vanhauser-thc, I think afl-fuzz can automatically select a specific afl-qemu-trace(eg. afl-qemu-trace-arm, afl-qemu-trace-aarch64) by checking the file architecture of the target binary.

Hi @ele7enxxh, are you working on this ?

@ele7enxxh
Copy link
Author

Hi, @vanhauser-thc, I think afl-fuzz can automatically select a specific afl-qemu-trace(eg. afl-qemu-trace-arm, afl-qemu-trace-aarch64) by checking the file architecture of the target binary.

Hi @ele7enxxh, are you working on this ?

No, Do you have free time to do it?

@p21nc3
Copy link

p21nc3 commented Dec 23, 2023

@ele7enxxh Sure, on it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vanhauser-thc @ele7enxxh @p21nc3