v-shuttle/V-Shuttle-S at main · zwhnz88/v-shuttle

History

Name		Name	Last commit message	Last commit date
parent directory ..
QEMU-patch		QEMU-patch
afl-seedpool		afl-seedpool
.DS_Store		.DS_Store
README.md		README.md
collect_seeds.sh		collect_seeds.sh
fuzz-seedpool.h		fuzz-seedpool.h
fuzz.sh		fuzz.sh
hook-write.h		hook-write.h
memory.c		memory.c

README.md

V-SHUTTLE Semantics-Aware Fuzzing Mode

Based on V-Shuttle main framework, we extended AFL to support seedpool targeting multiple kinds of input objects in parallel, with which we perform fine-grained semantics-aware fuzzing.

1. Setup

Compile AFL

cd afl-seedpool
make
make install

Compile QEMU

Get QEMU source code (Take QEMU 5.1.0 as an example)
Move fuzz-seedpool.h and hook-write.h to QEMU_DIR/include
Move memory.c to QEMU_DIR/softmmu
Apply our patches (such as hcd-ohci) to enable type awareness
Compile QEMU

./configure --enable-debug --enable-sanitizers --enable-gcov --cc=afl-gcc --target-list=x86_64-softmmu
make -j8

Create input and output directory

mkdir in out seed

2. Collect seeds（optional）

Take hcd-ohci as an exmaple

../collect_seeds.sh

3. Fuzzing

Take hcd-ohci as an exmaple

./fuzz.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

V-Shuttle-S

V-Shuttle-S

README.md

V-SHUTTLE Semantics-Aware Fuzzing Mode

1. Setup

2. Collect seeds（optional）

3. Fuzzing

Files

V-Shuttle-S

Directory actions

More options

Directory actions

More options

Latest commit

History

V-Shuttle-S

Folders and files

parent directory

README.md

V-SHUTTLE Semantics-Aware Fuzzing Mode

1. Setup

2. Collect seeds（optional）

3. Fuzzing