Radamsa Mutators

.gitignore

@@ -5,6 +5,7 @@
 *.obj
 *.*~
 *.exe
+*.swp
 
 # Vader
 */VaderWin/.vs/*

AFLPlusPlus/CMakeLists.txt

@@ -0,0 +1,74 @@
+#===============================================================================
+# Vader Modular Fuzzer (VMF)
+# Copyright (c) 2021-2023 The Charles Stark Draper Laboratory, Inc.
+# <[email protected]>
+#  
+# Effort sponsored by the U.S. Government under Other Transaction number
+# W9124P-19-9-0001 between AMTC and the Government. The U.S. Government
+# Is authorized to reproduce and distribute reprints for Governmental purposes
+# notwithstanding any copyright notation thereon.
+#  
+# The views and conclusions contained herein are those of the authors and
+# should not be interpreted as necessarily representing the official policies
+# or endorsements, either expressed or implied, of the U.S. Government.
+#  
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 (only) as 
+# published by the Free Software Foundation.
+#  
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#  
+# @license GPL-2.0-only <https://spdx.org/licenses/GPL-2.0-only.html>
+#===============================================================================
+
+# Create AFLPlusPlus library
+add_library(AFLPlusPlus SHARED
+  src/module/AFLCloneMutator.cpp
+  src/module/AFLDeleteMutator.cpp
+  src/module/AFLDWordAddSubMutator.cpp
+  src/module/AFLFlip2BitMutator.cpp
+  src/module/AFLFlip2ByteMutator.cpp
+  src/module/AFLFlip4BitMutator.cpp
+  src/module/AFLFlip4ByteMutator.cpp
+  src/module/AFLFlipBitMutator.cpp
+  src/module/AFLFlipByteMutator.cpp
+  src/module/AFLInteresting8Mutator.cpp
+  src/module/AFLInteresting16Mutator.cpp
+  src/module/AFLInteresting32Mutator.cpp
+  src/module/AFLOverwriteCopyMutator.cpp
+  src/module/AFLOverwriteFixedMutator.cpp
+  src/module/AFLRandomByteAddSubMutator.cpp
+  src/module/AFLRandomByteMutator.cpp
+  src/module/AFLSpliceMutator.cpp
+  src/module/AFLWordAddSubMutator.cpp
+)
+
+# Build-time dependencies for AFLPlusPlus
+link_directories(AFLPlusPlus PRIVATE
+)
+
+# Build-time dependencies for AFLPlusPlus
+target_link_libraries(AFLPlusPlus PRIVATE
+  # ${CMAKE_INSTALL_PREFIX}/bin/vader
+  vmf_framework
+  # ${CMAKE_INSTALL_PREFIX}/../../submodules/LibAFL-legacy
+)
+
+# Build-time dependencies for AFLPlusPlus
+target_include_directories(AFLPlusPlus PRIVATE
+  ${CMAKE_INSTALL_PREFIX}/include
+  ${CMAKE_INSTALL_PREFIX}/include/vmf
+  ${CMAKE_INSTALL_PREFIX}/include/plog
+  ${PROJECT_SOURCE_DIR}/src/module
+)
+
+# Install AFLPlusPlus library in VMF plugins directory
+install(TARGETS AFLPlusPlus
+  LIBRARY DESTINATION "${CMAKE_INSTALL_PREFIX}/plugins")
+

AFLPlusPlus/README.md

@@ -0,0 +1,14 @@
+= SamplePackage README
+
+== Overview
+
+This document gives an overview of the SamplePackage extension package for VMF.
+
+== Building and installing
+
+Build instructions
+
+== License
+
+This module is licensed under the GNU General Public License version 2 (GPLv2)
+

AFLPlusPlus/data/README.md

@@ -0,0 +1,4 @@
+= SamplePackage data
+
+Put any necessary data files for your modules in this directory
+

AFLPlusPlus/docs/README.md

@@ -0,0 +1,26 @@
+= SamplePackage documentation
+
+== Configuration parameters
+
+These modules use the following configuration parameters.
+
+### `SamplePackage.param1`
+
+Value type: `<path>`
+
+Status: Optional
+
+Default value: local directory 
+
+Usage: Specifies the directory that all VMF outputs will be put into, including log files and test case data. 
+
+### `vmfFramework.logLevel`
+
+Value type: `string`
+
+Status: Optional
+
+Default value: foo
+
+Usage: Specifies the level of foobar used by this module.
+

AFLPlusPlus/src/module/AFLCloneMutator.cpp

@@ -0,0 +1,170 @@
+/* =============================================================================
+ * Vader Modular Fuzzer (VMF)
+ * Copyright (c) 2021-2023 The Charles Stark Draper Laboratory, Inc.
+ * <[email protected]>
+ *  
+ * Effort sponsored by the U.S. Government under Other Transaction number
+ * W9124P-19-9-0001 between AMTC and the Government. The U.S. Government
+ * Is authorized to reproduce and distribute reprints for Governmental purposes
+ * notwithstanding any copyright notation thereon.
+ *  
+ * The views and conclusions contained herein are those of the authors and
+ * should not be interpreted as necessarily representing the official policies
+ * or endorsements, either expressed or implied, of the U.S. Government.
+ *  
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 (only) as 
+ * published by the Free Software Foundation.
+ *  
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *  
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *  
+ * @license GPL-2.0-only <https://spdx.org/licenses/GPL-2.0-only.html>
+ * ===========================================================================*/
+/*****
+ * The following includes code copied from the LibAFL_Legacy repository.
+ * 
+ *       american fuzzy lop++ - fuzzer header
+ *  ------------------------------------
+ *  Originally written by Michal Zalewski
+ *  Now maintained by Marc Heuse <[email protected]>,
+ *                    Heiko Eißfeldt <[email protected]>,
+ *                    Andrea Fioraldi <[email protected]>,
+ *                    Dominik Maier <[email protected]>
+ *  Copyright 2016, 2017 Google Inc. All rights reserved.
+ *  Copyright 2019-2020 AFLplusplus Project. All rights reserved.
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at:
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  This is the Library based on AFL++ which can be used to build
+ *  customized fuzzers for a specific target while taking advantage of
+ *  a lot of features that AFL++ already provides.
+ */
+
+#include "AFLCloneMutator.hpp"
+#include "AFLDeleteMutator.hpp" //For static choose_block_len method
+#include "RuntimeException.hpp"
+#include <random>
+#include <algorithm>
+
+using namespace vmf;
+
+#include "ModuleFactory.hpp"
+REGISTER_MODULE(AFLCloneMutator);
+
+/**
+ * @brief Builder method to support the ModuleFactory
+ * Constructs an instance of this class
+ * @return Module* 
+ */
+Module* AFLCloneMutator::build(std::string name)
+{
+    return new AFLCloneMutator(name);
+}
+
+/**
+ * @brief Initialization method
+ * 
+ * @param config 
+ */
+void AFLCloneMutator::init(ConfigInterface& config)
+{
+
+}
+
+/**
+ * @brief Construct a new AFLCloneMutator::AFLCloneMutator object
+ * 
+ * @param name the name of the module
+ */
+AFLCloneMutator::AFLCloneMutator(std::string name) :
+    MutatorModule(name)
+{
+    // rand->randInit();
+}
+
+/**
+ * @brief Destroy the AFLCloneMutator::AFLCloneMutator object
+ * 
+ */
+AFLCloneMutator::~AFLCloneMutator()
+{
+
+}
+
+/**
+ * @brief Registers storage needs
+ * This class uses only the "TEST_CASE" key
+ * 
+ * @param registry 
+ */
+void AFLCloneMutator::registerStorageNeeds(StorageRegistry& registry)
+{
+    testCaseKey = registry.registerKey("TEST_CASE", StorageRegistry::BUFFER, StorageRegistry::READ_WRITE);
+}
+
+void AFLCloneMutator::mutateTestCase(StorageModule& storage, StorageEntry* baseEntry, StorageEntry* newEntry, int testCaseKey)
+{
+
+    int size = baseEntry->getBufferSize(testCaseKey);
+    char* buffer = baseEntry->getBufferPointer(testCaseKey);
+
+    if(size <= 0)
+    {
+        throw RuntimeException("AFLCloneMutator mutate called with zero sized buffer", RuntimeException::USAGE_ERROR);
+    }
+
+    //The variable actually_clone determines which strategy is used.
+    int actually_clone = rand->randBelow(4);
+    int clone_from;
+    int clone_len;
+    int clone_to = rand->randBelow(size);
+
+    if (actually_clone) {
+        //Clone a small block of the original data
+
+        clone_len = AFLDeleteMutator::choose_block_len(rand, size);
+        clone_from = rand->randBelow(size - clone_len + 1);
+
+        int newSize = clone_len + size;
+        char* newBuff = newEntry->allocateBuffer(testCaseKey, newSize);
+
+        //Copies a random number of bytes (clone_to) from the original buffer
+        memcpy((void*)newBuff, (void*)buffer, clone_to);
+
+        //Insert some bytes in the middle (cloning from part of the original buffer)
+        memcpy(newBuff + clone_to, buffer + clone_from, clone_len);
+
+        //Now copy the rest of the original byte buffer
+        memcpy(newBuff + clone_to + clone_len, buffer + clone_to, size - clone_to);
+
+    } else {
+        //Clone a large block of the original value
+
+        clone_len = AFLDeleteMutator::choose_block_len(rand, HAVOC_BLK_XL); //This constant is 32768
+        int randomByte = rand->randBelow(255);
+
+        int newSize = clone_len + size;
+        char* newBuff = newEntry->allocateBuffer(testCaseKey, newSize);
+
+        //Insert clone_len bytes at a location clone_to, the inserted bytes
+        //will contain the value in the just determined randomByte
+
+        //First copy clone_to bytes from the original buffer
+        memcpy((void*)newBuff, (void*)buffer, clone_to);
+
+        //Now copy the new random byte clone_len times
+        memset(newBuff + clone_to, randomByte, clone_len);
+
+        //Now copy the rest of the original buffer
+        memcpy(newBuff + clone_to + clone_len, buffer + clone_to, size - clone_to);
+    }
+
+    return;
+}

AFLPlusPlus/src/module/AFLCloneMutator.hpp

@@ -0,0 +1,92 @@
+/* =============================================================================
+ * Vader Modular Fuzzer (VMF)
+ * Copyright (c) 2021-2023 The Charles Stark Draper Laboratory, Inc.
+ * <[email protected]>
+ *  
+ * Effort sponsored by the U.S. Government under Other Transaction number
+ * W9124P-19-9-0001 between AMTC and the Government. The U.S. Government
+ * Is authorized to reproduce and distribute reprints for Governmental purposes
+ * notwithstanding any copyright notation thereon.
+ *  
+ * The views and conclusions contained herein are those of the authors and
+ * should not be interpreted as necessarily representing the official policies
+ * or endorsements, either expressed or implied, of the U.S. Government.
+ *  
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 (only) as 
+ * published by the Free Software Foundation.
+ *  
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *  
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *  
+ * @license GPL-2.0-only <https://spdx.org/licenses/GPL-2.0-only.html>
+ * ===========================================================================*/
+#pragma once
+
+// main includes
+#include "MutatorModule.hpp"
+#include "StorageEntry.hpp"
+#include "RuntimeException.hpp"
+#include "VmfRand.hpp"
+
+// external project includes.
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wwrite-strings"
+#pragma GCC diagnostic pop
+
+namespace vmf
+{
+/**
+ * @brief This mutator inserts a random number of additional cloned bytes.
+ * 
+ * The majority (75%) of the time this is a small duplication of the original buffer,
+ * but some (25%) of the time it will be a larger insertion of a repeated random byte.
+ * 
+ * This module is draws heavily upon the libAFL mutator.c
+ * 
+ * Uses the specified AFL-style mutation algorithm to mutate the provided
+ * input.  createTestCase is the main mutation method.
+ * 
+ * See https://github.com/AFLplusplus/LibAFL-legacy/blob/dev/src/mutator.c
+ * 
+ * The following includes code copied from the LibAFL_Legacy repository.
+ * 
+ *       american fuzzy lop++ - fuzzer header
+ *  ------------------------------------
+ *  Originally written by Michal Zalewski
+ *  Now maintained by Marc Heuse <[email protected]>,
+ *                    Heiko Eißfeldt <[email protected]>,
+ *                    Andrea Fioraldi <[email protected]>,
+ *                    Dominik Maier <[email protected]>
+ *  Copyright 2016, 2017 Google Inc. All rights reserved.
+ *  Copyright 2019-2020 AFLplusplus Project. All rights reserved.
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at:
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  This is the Library based on AFL++ which can be used to build
+ *  customized fuzzers for a specific target while taking advantage of
+ *  a lot of features that AFL++ already provides.
+ */
+class AFLCloneMutator: public MutatorModule
+{
+public:
+
+    static Module* build(std::string name);
+    virtual void init(ConfigInterface& config);
+
+    AFLCloneMutator(std::string name);
+    virtual ~AFLCloneMutator();
+    virtual void registerStorageNeeds(StorageRegistry& registry);
+    virtual void mutateTestCase(StorageModule& storage, StorageEntry* baseEntry, StorageEntry* newEntry, int testCaseKey);
+
+private:
+    int testCaseKey;
+    VmfRand* rand = VmfRand::getInstance();
+};
+}