Comments (3)
Hi Ace,
Yeah, we're considering adding this capability for a future version of BFF. Some file types are likely not friendly towards size-wise minimization. For example, a PDF has an XREF section at the end with offsets of parts. Minimization for size could likely change the target app's parsing of the file.
That being said, a trivial implementation of a size reduction could be as simple as going through a file one byte at a time sequentially, dropping the byte, and re-running it through the target app to see if the crash is the same. Optionally, the process could be started over with a successful byte drop to see if a dropped byte could allow a prior byte to be successfully dropped now. But that could significantly increase the number of iterations to come to a size-wise minimum.
If you come up with something yourself, we'd be glad to see your contributions. All of the python pieces are in FOE (or currently BFF, which supports Windows with the development branch) should all be there to implement such a minimizer.
from certfuzz.
That being said, a trivial implementation of a size reduction could be as simple as going through a file one byte at a time sequentially, dropping the byte, and re-running it through the target app to see if the crash is the same.
This was exactly my thought process; I am by no means a Python Guru; but I was going to try to take a stab at it (and contribute back obviously!)
Thank you for the response
from certfuzz.
I took another run at Delta (for another problem related to this same compiler) and there is actually a Python Port of Delta! I followed the guide here: https://www.st.cs.uni-saarland.de/dd/ddusage.php3
The guide was mostly straightforward to use. The biggest hurdles being that it appears that the MyDD and DD modules are written for Python 2.x (which as of this writing you can still get an older release 2.7.x). Straight out of the box it will not work with Python 3. The "commands" module was deprecated/removed from newer versions of 2.x Python so this line had to be changed to use the new "subprocess" module (it would not work out of the box with Windows; kept complaining about the "{" character for some reason). I was able to fumble around (I know absolutely no Python) and get this to work (following the GCC example):
Replace:
# Invoke GCC
(status, output) = commands.getstatusoutput(
"(ulimit -H -s 256; gcc -c -O input.c) 2>&1")
With:
# Invoke DBL
try:
output = subprocess.check_output("dbl R:\Delta\input.dbl")
status = 0
except subprocess.CalledProcessError, e:
status = e.returncode
output = e.output
There also seemed to be some need to initialize ācā like so:
c = []
Along with keeping this check:
if c == []:
return self.PASS
Otherwise, you would get an assertion failure in the DD Module. Again, I have no idea what Iām doing but it seemed to work for my purposes.
As far as expanding this for use with FOE (I guess BFF for Windows now?) I have not tried my hand at it; I think part of the problem would be ensuring that the crash that is produced is identical. I can imagine scenarios where attempting to reduce the case would produce additional crashes (which may be interesting in their own right).
Other things that seemed to have helped us (might be worth mentioning):
- I run this on a RAM Drive (using the free/open source IMDisk) as this wants to write several very small files; speeds up the process incredibly
- I wondered if this would benefit at all from multithreading, but I did not have the required Python knowledge to understand if this could be improved to take advantage of that (or even if Python can easily be multithreaded)
from certfuzz.
Related Issues (20)
- BFF 2.8 Failing due to some errors HOT 5
- Fuzz static read files instead of cmdline target file HOT 5
- BFF Installer does not download .msi files on Windows XP 32 bits HOT 1
- fuzzing MSFT Edge
- Fuzz project files HOT 1
- Binary to read a specific file from the directory HOT 3
- not found crash HOT 1
- Contact fuzzer crash HOT 1
- BFF won't minimize a case that starts out as total_stack_corruption on Linux
- struct.error: unpack requires a string argument of length 8 at drillresults\testcasebundle_base.py HOT 1
- WindowsIteration terminating abnormally due to MemoryError HOT 5
- BFF does not capture the crash HOT 10
- support for Winapps
- mtsp_enum.py breaks if the directory name contains a dot
- Can BFF fuzz form based GUI application? HOT 1
- CertBFF isn't logging crashes as Microsoft visual c++ runtime library handles them HOT 6
- Manually enabling CPU monitoring for apps detected as CLI doesn't work on post XP
- WindowsError: [Error 2] The system cannot find the file specified HOT 9
- BFF 2.8 ISO includes Visual C++ Runtime 2013 rather than 2010
- Question: Parallel Fuzzing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certfuzz.