Trouble fuzzing #5
Description
I set up redqueen on ubuntu 16.04, I tried to fuzz the binary who in the lava directory with the commands given in the README and it worked well.
So I tried to fuzz the other binaries (uniq, base64 and md5sum), I packed them the same way I did with who, I got the address range with the 2nd instruction and executed the 3rd with it and ...
Either it finds almost no path ending up with 0/X in Pending and the number of cycle getting quite high pretty fast or it starts working well and about 5 min into fuzzing I get this from the log :
[QEMU] FAIL RECV: Z (Exp: R)
So I'm guessing I'm doing something wrong, anyone has an idea on what it is ?
I tried to play with the arguments but I just can't make it work ...
Those are the command lines I used (in the kAFL-Fuzzer directory) :
$ python ~/redqueen/kAFL-Fuzzer/kafl_user_prepare.py --recompile -args=/A -file=/A ~/redqueen/Evaluation/lava/binaries/uniq ~/redqueen/Evaluation/lava/packed/ m64
$ python kafl_info.py Kernel \
~/redqueen/Target-Components/linux_initramfs/bzImage-linux-4.15-rc7 \
~/redqueen/Target-Components/linux_initramfs/init.cpio.gz \
~/redqueen/Evaluation/lava/packed/uniq_info \
500
Which gave me the range 0x400000 - 0x40a000 so I executed this input :
$ python kafl_fuzz.py Kernel \
~/redqueen/Target-Components/linux_initramfs/bzImage-linux-4.15-rc7 \
~/redqueen/Target-Components/linux_initramfs/init.cpio.gz \
~/redqueen/Evaluation/lava/packed/uniq_fuzz \
500 \
~/redqueen/Evaluation/lava/seeds \
/tmp/kafl_workdir -ip0 0x400000 - 0x40a000 -t10 -hammer_jmp_tables -n -D -r -l -v -p1```