QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
Switch branches/tags
Nothing to show
Clone or download
jakkdu Merge pull request #15 from bolry/bolry-patch-1
Update call_stack_manager.cpp
Latest commit 215f7e5 Sep 21, 2018
Permalink
Failed to load latest commit information.
bin Initial commit Aug 16, 2018
qsym Update call_stack_manager.cpp Sep 21, 2018
tests Check whether the Symbol is concrete before adding Sep 12, 2018
third_party Initial commit Aug 16, 2018
.gitignore Initial commit Aug 16, 2018
.gitmodules Initial commit Aug 16, 2018
Dockerfile Add Dockerfile for setup Aug 20, 2018
LICENSE Add LICENSE Sep 18, 2018
README.md Be more specific Sep 5, 2018
TODO.md Remove TODO for Docker Aug 20, 2018
setup.py Initial commit Aug 16, 2018
setup.sh Fix typo Aug 20, 2018

README.md

Environment

  • Tested on Ubuntu 14.04 64bit and 16.04 64bit

Installation

# disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

# install z3 and system deps
$ ./setup.sh

# install using virtual env
$ virtualenv venv
$ source venv/bin/activate
$ pip install .

Installation using Docker

# disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

# build docker image
$ docker build -t qsym ./

# run docker image
$ docker run --cap-add=SYS_PTRACE -it qsym /bin/bash

Run hybrid fuzzing with AFL

# require to set the following environment variables
#   AFL_ROOT: afl directory (http://lcamtuf.coredump.cx/afl/)
#   INPUT: input seed files
#   OUTPUT: output directory
#   AFL_CMDLINE: command line for a testing program for AFL (ASAN + instrumented)
#   QSYM_CMDLINE: command line for a testing program for QSYM (Naive)

# run AFL master
$ $(AFL_ROOT)/afl-fuzz -M afl-master -i $(INPUT) -o $(OUTPUT) -- $(AFL_CMDLINE)
# run AFL slave
$ $(AFL_ROOT)/afl-fuzz -S afl-slave -i $(INPUT) -o $(OUTPUT) -- $(AFL_CMDLINE)
# run QSYM
$ bin/run_qsym_afl.py -a afl-slave -o $(OUTPUT) -n qsym -- $(QSYM_CMDLINE)

Run for testing

$ cd tests
$ python build.py
$ python -m pytest -n $(nproc)

Authors

Publications

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

@inproceedings{yun:qsym,
  title        = {{QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing}},
  author       = {Insu Yun and Sangho Lee and Meng Xu and Yeongjin Jang and Taesoo Kim},
  booktitle    = {Proceedings of the 27th USENIX Security Symposium (Security)},
  month        = aug,
  year         = 2018,
  address      = {Baltimore, MD},
}