Skip to content

subnuwa/becfuzz

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.vscode
.vscode
 
 
dictionaries
dictionaries
 
 
docs
docs
 
 
testcases
testcases
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
BECFuzzDyninst128
BECFuzzDyninst128
 
 
BECFuzzDyninst128.cpp
BECFuzzDyninst128.cpp
 
 
BECFuzzDyninst256
BECFuzzDyninst256
 
 
BECFuzzDyninst256.cpp
BECFuzzDyninst256.cpp
 
 
BECFuzzDyninst64
BECFuzzDyninst64
 
 
BECFuzzDyninst64.cpp
BECFuzzDyninst64.cpp
 
 
Changes-of-files
Changes-of-files
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.txt
README.txt
 
 
afl-plot
afl-plot
 
 
afl-showmap.c
afl-showmap.c
 
 
alloc-inl.h
alloc-inl.h
 
 
becfuzz-afl128
becfuzz-afl128
 
 
becfuzz-afl128.c
becfuzz-afl128.c
 
 
becfuzz-afl256
becfuzz-afl256
 
 
becfuzz-afl256.c
becfuzz-afl256.c
 
 
becfuzz-afl64
becfuzz-afl64
 
 
becfuzz-afl64.c
becfuzz-afl64.c
 
 
config.h
config.h
 
 
debug.h
debug.h
 
 
hash.h
hash.h
 
 
instConfig.h
instConfig.h
 
 
instUnmap.h
instUnmap.h
 
 
libBECFuzzDyninst128.cpp
libBECFuzzDyninst128.cpp
 
 
libBECFuzzDyninst256.cpp
libBECFuzzDyninst256.cpp
 
 
libBECFuzzDyninst64.cpp
libBECFuzzDyninst64.cpp
 
 
readme.md
readme.md
 
 
runBecfuzzFuzz.sh
runBecfuzzFuzz.sh
 
 
runBecfuzzInst.sh
runBecfuzzInst.sh
 
 
types.h
types.h
 
 

Repository files navigation

Overview

BECFuzz aims to fuzz binaries efficiently. The current version is for non-PIE binaries.

Install Dyninst

We use Dyninst to instrument target binaries. So firstly, install Dyninst the branch.

git clone https://github.com/mxz297/dyninst.git
cd dyninst
git checkout fuzzing

Then, follow the instructions on install instructions to install Dyninst.

Set up ENVs

export DYNINST_INSTALL=/path/to/dyninst/build/dir
export BECFUZZ_PATH=/path/to/becfuzz

export DYNINSTAPI_RT_LIB=$DYNINST_INSTALL/lib/libdyninstAPI_RT.so
export LD_LIBRARY_PATH=$DYNINST_INSTALL/lib:$BECFUZZ_PATH
export PATH=$PATH:$BECFUZZ_PATH

Install BECFuzz

Enter the folder becfuzz. Change DYN_ROOT in makefile accordingly. Then

make clean && make all

Instrument binary and run fuzzing

${VERSION}: 64, 128, or 256

$TARGET: Path to target binary

${OUTDIR}: Output folder for instrumented binary and results of fuzzing

${INSTNAME}: The name of instrumented binary

$SEEDS: Path to the folder including initial seeds

$TIMEOUT: Timeout for each execution

$PARAMS: Parameters for running target binary

Instrument target binaries

Instrument target binaries using BECFuzzDyninst

mkdir $OUTDIR
./BECFuzzDyninst${VERSION} -i $TARGET  -o  ${OUTDIR}/${INSTNAME} -b $OUTDIR

Run fuzzing

Fuzz with the instrumented binary.

./becfuzz-afl${VERSION} -i $SEEDS -o ${OUTDIR}/out -t $TIMEOUT -m 1G -- ${OUTDIR}/${INSTNAME} $PARAMS

About

Fuzzing on binaries

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages