Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No instrumentation detected issue on Jil.dll #31

Closed
mgayanov opened this issue Feb 1, 2023 · 5 comments
Closed

No instrumentation detected issue on Jil.dll #31

mgayanov opened this issue Feb 1, 2023 · 5 comments

Comments

@mgayanov
Copy link

mgayanov commented Feb 1, 2023

Hello! I am trying to run Jil example, but it fails with message:

$ afl-fuzz -i corpus -o findings -t 5000 -m 10000 dotnet bin/Debug/net6.0/fuzzer.dll

afl-fuzz 2.52b by <lcamtuf@google.com>
[+] You have 12 CPU cores and 2 runnable tasks (utilization: 17%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[*] Setting up output directories...
[*] Scanning 'corpus'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:1.json'...
[*] Spinning up the fork server...
[+] All right - fork server is up.

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), afl-fuzz.c:2860

My environment - fresh ubuntu 22.04 container with patched AFL 2.52b and dotnet:

$ dotnet --info
.NET SDK (reflecting any global.json):
 Version:   6.0.113
 Commit:    4a23b50f97

Runtime Environment:
 OS Name:     ubuntu
 OS Version:  22.04
 OS Platform: Linux
 RID:         ubuntu.22.04-x64
 Base Path:   /usr/lib/dotnet/sdk/6.0.113/

global.json file:
  Not found

Host:
  Version:      6.0.13
  Architecture: x64
  Commit:       1af80ba017

.NET SDKs installed:
  6.0.113 [/usr/lib/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 6.0.13 [/usr/lib/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 6.0.13 [/usr/lib/dotnet/shared/Microsoft.NETCore.App]

My csproj:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>net6.0</TargetFramework>
    <ImplicitUsings>enable</ImplicitUsings>
    <Nullable>enable</Nullable>
  </PropertyGroup>

  <ItemGroup>
    <Reference Include="Jil">
      <HintPath>Jil.dll</HintPath>
    </Reference>
  </ItemGroup>

  <ItemGroup>
    <PackageReference Include="SharpFuzz" Version="2.0.1" />
    <PackageReference Include="Sigil" Version="4.7.0" />
  </ItemGroup>

</Project>

Jil.dll are instrumented through sharpfuzz jil.2.16.0/lib/netstandard2.0/Jil.dll and are copied to the root of the project.

Program.cs is the same as in the example.

What have I missed? Thank you!
@jnyrup
Copy link
Contributor

jnyrup commented Feb 1, 2023

Did you see the part in https://github.com/Metalnem/sharpfuzz#installation about patching afl-fuzz?

I use export AFL_SKIP_BIN_CHECK=1

@mgayanov
Copy link
Author

mgayanov commented Feb 1, 2023

Did you see the part in https://github.com/Metalnem/sharpfuzz#installation about patching afl-fuzz?

I use export AFL_SKIP_BIN_CHECK=1

Hello! Yes, I followed the instruction and patched AFL.

export AFL_SKIP_BIN_CHECK=1 didn't help.

@mgayanov
Copy link
Author

mgayanov commented Feb 2, 2023

Here is my container:

FROM ubuntu:22.04

RUN apt update && apt dist-upgrade -y

RUN DEBIAN_FRONTEND="noninteractive" apt -y install \
        build-essential \
        clang \
        git \
        libtool \
        m4 \
        cmake \
        automake \
        llvm \
        gcc-9-plugin-dev \
        golang \
        python3-pip 

# sharpfuzz
RUN apt install -y \
        dotnet6 \
        unzip  \
        wget && \
    cd /opt && \
    wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz && \
    tar -xvf afl-latest.tgz && \
    rm afl-latest.tgz && \
    cd afl-2.52b && \
    wget https://github.com/Metalnem/sharpfuzz/raw/master/patches/RemoveInstrumentationCheck.diff && \
    patch < RemoveInstrumentationCheck.diff && \
    make install && \
    cd .. && rm -rf afl-2.52b/ && \
    dotnet tool install --global SharpFuzz.CommandLine

ENV PATH=$PATH:/root/.dotnet/tools

ENV JIL_ZIP=jil.2.16.0.zip

ENV JIL_DLL=jil.2.16.0/lib/netstandard2.0/Jil.dll

RUN cd /opt && \
    mkdir json-example && \
    cd json-example && \
    wget -O $JIL_ZIP  https://www.nuget.org/api/v2/package/Jil/2.16.0 && \
    unzip $JIL_ZIP -d jil.2.16.0 && \
    sharpfuzz jil.2.16.0/lib/netstandard2.0/Jil.dll && \
    cp $JIL_DLL . && \
    dotnet new console

WORKDIR /opt/json-example

RUN echo 'using System;\n\
using System.IO;\n\
using SharpFuzz;\n\
namespace Jil.Fuzz\n\
{\n\
  public class Program\n\
  {\n\
    public static void Main(string[] args)\n\
    {\n\
      Fuzzer.Run(stream =>\n\
      {\n\
        try\n\
        {\n\
          using (var reader = new StreamReader(stream))\n\
          {\n\
            JSON.DeserializeDynamic(reader);\n\
          }\n\
        }\n\
        catch (DeserializationException) { }\n\
      });\n\
    }\n\
  }\n\
}' > Program.cs

RUN echo '<Project Sdk="Microsoft.NET.Sdk">\n\
  <PropertyGroup>\n\
    <OutputType>Exe</OutputType>\n\
    <TargetFramework>net6.0</TargetFramework>\n\
    <ImplicitUsings>enable</ImplicitUsings>\n\
    <Nullable>enable</Nullable>\n\
  </PropertyGroup>\n\
  <ItemGroup>\n\
    <Reference Include="Jil">\n\
      <HintPath>Jil.dll</HintPath>\n\
    </Reference>\n\
  </ItemGroup>\n\
</Project>' > json-example.csproj

RUN dotnet add package Sigil --version 4.7.0 && \
    dotnet add package SharpFuzz && \
    dotnet build

CMD mkdir -p corpus && \
    echo '{"a": 123}' > corpus/123 && \
    AFL_SKIP_BIN_CHECK=1 \
    afl-fuzz \
        -i corpus \
        -o findings \
        -t 5000 \
        -m 10000 \
        dotnet bin/Debug/net6.0/json-example.dll

To launch:

$ docker build -t sharp .
$ echo core | sudo tee /proc/sys/kernel/core_pattern
$ echo performance | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
$ docker run sharp
afl-fuzz 2.52b by <lcamtuf@google.com>
[+] Looks like we're not running on a tty, so I'll be a bit less verbose.
[+] You have 12 CPU cores and 2 runnable tasks (utilization: 17%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[*] Setting up output directories...
[*] Scanning 'corpus'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:123'...
[*] Spinning up the fork server...
[+] All right - fork server is up.

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), afl-fuzz.c:2860

@mgayanov
Copy link
Author

mgayanov commented Feb 6, 2023

I found out that instrumenting bin/Debug/net6.0/Jil.dll solves the issue.

Instrumenting ./jil.2.16.0/lib/netstandard2.0/Jil.dll, putting it to the root of the project and adding <ItemGroup>...</ItemGroup> doesn't work in my case.

dotnet build downloads fresh dll to bin/Debug/net6.0/Jil.dll.

@jnyrup
Copy link
Contributor

jnyrup commented Feb 6, 2023

I "solved" that by running sharpfuzz as part of the building process by adding this target to the csproj file.

<Target Name="Fuzz" AfterTargets="build">
  <Message Text="sharpfuzz $(OutDir)Jil.dll" Importance="high" />
  <Exec Command="sharpfuzz $(OutDir)Jil.dll" />
</Target>

@Metalnem Metalnem closed this as completed May 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jnyrup @Metalnem @mgayanov