Skip to content

/ redqueen

No description, website, or topics provided.
Python C Shell C++ Other
  1. Python 46.4%
  2. C 45.8%
  3. Shell 3.9%
  4. C++ 3.4%
  5. Other 0.5%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

@schumilo
schumilo additional setup details
Latest commit 2a8a496 Sep 23, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Evaluation initial commit Sep 23, 2019
KVM-PT
QEMU-PT initial commit Sep 23, 2019
Target-Components initial commit Sep 23, 2019
fastrand
kAFL-Fuzzer initial commit Sep 23, 2019
AUTHORS initial commit Sep 23, 2019
LICENSE initial commit Sep 23, 2019
README.md additional setup details Sep 23, 2019
fuzzer.gif
install.sh initial commit Sep 23, 2019
rq_paper.png initial commit Sep 23, 2019

README.md

Red­queen: Fuz­zing with In­put-to-Sta­te Cor­re­spon­dence

Redqueen is a fast general purpose fuzzer for x86 binary applications. It can automatically overcome checksums and magic bytes without falling back to complex and fragile program analysis techniques, such as symbolic execution. It works by observing the arguments to function calls and compare instructions via virtual machine introspection. Observed values are used to provide inputs specific mutations. More details can be found in the paper. This fuzzer is built upon kAFL and requires support for Intel VT-x as well as Intel Processor Trace.

The Paper, Talk and Slides describing Redqueen were published at NDSS 2019.

BibTex:

@inproceedings{redqueen,
  title={REDQUEEN: Fuzzing with Input-to-State Correspondence},
  author={Aschermann, Cornelius and Schumilo, Sergej and Blazytko, Tim and Gawlik, Robert and Holz, Thorsten},
  booktitle={Symposium on Network and Distributed System Security (NDSS)},
  year={2019},
}

Initial Setup

To install redqueen run install.sh

cd ~/redqueen/
sh install.sh

This will setup everything, assuming an Ubuntu 16.04.

Fuzzing with Redqueen is a two stage process. First, the target application is packed:

python ~/redqueen/kAFL-Fuzzer/kafl_user_prepare.py --recompile -args=/A -file=/A ~/redqueen/Evaluation/lava/binaries/who ~/redqueen/Evaluation/lava/packed/who/ m64

Use kafl_info.py and the generated info executable to get the address ranges of your fuzzing target:

python kafl_info.py Kernel  \
~/redqueen/Target-Components/linux_initramfs/bzImage-linux-4.15-rc7 \
~/redqueen/Target-Components/linux_initramfs/init.cpio.gz \
~/redqueen/Evaluation/lava/packed/who/who_info \
500

Then the packed binary can be fuzzed.

python kafl_fuzz.py Kernel \
~/redqueen/Target-Components/linux_initramfs/bzImage-linux-4.15-rc7 \
~/redqueen/Target-Components/linux_initramfs/init.cpio.gz \
~/redqueen/Evaluation/lava/packed/who/who_fuzz  \
500 \
~/redqueen/Evaluation/lava/packed/uninformed_seeds \
/tmp/kafl_workdir -ip0 0x400000-0x47c000 -t10 -hammer_jmp_tables -n -D -r -l -v -p1

Trophies

License

AGPLv3

Free Software, Hell Yeah!

You can’t perform that action at this time.