Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
mini_bsp add BSP inputs Aug 26, 2018
re types for IDA Aug 26, 2018
triage initial commit Aug 26, 2018
.gitignore initial commit Aug 26, 2018
LICENSE Create LICENSE Sep 4, 2018
Makefile make sure PIE is disabled for the bspfuzz binary Sep 7, 2018
README.md Update README.md Sep 4, 2018
afl_patches.diff initial commit Aug 26, 2018
main.cpp Add missing pointer lookup Sep 15, 2018
patch.py simplify Aug 26, 2018
run_afl.sh initial commit Aug 26, 2018
setup.sh setup script Aug 26, 2018

README.md

CS:GO map file fuzzing using AFL in QEMU mode

Author: @_niklasb

Overview article.

See LICENSE.

Prerequisites

$ sudo apt install gdb valgrind build-essential python3-minimal python-minimal
$ cd ~
$ git clone https://github.com/niklasb/gdbinit
$ cd gdbinit
$ ./setup.sh

Then, build AFL with qemu mode support and afl_patches.diff applied. Set AFL_PATH correctly in your .bashrc.

Setup

  1. git clone https://github.com/niklasb/bspfuzz/ && cd bspfuzz
  2. Copy over bin/ and csgo/ directories from the CS:GO server installation into the bspfuzz directory
  3. Adapt offsets in main.cpp and patch.py for your version
  4. ./setup.sh

Running

$ cd /path/to/bspfuzz
$ ./run_afl.sh 1
$ ./run_afl.sh 2
$ ./run_afl.sh 3
...

Triaging

$ sudo sysctl -w kernel.randomize_va_space=0
$ cd /path/to/bspfuzz/triage
$ ./triage.sh
$ ./valgrind.sh