revng icon indicating copy to clipboard operation
revng copied to clipboard

Published 20 hours ago verified publisher icon revng

Fuzzing binaries with LLVM's libFuzzer and rev.ng

Open edi33416 opened this issue 4 years ago • 4 comments
trafficstars

Hello,

I'm trying to reproduce the steps presented in the Fuzzing binaries with LLVM's libFuzzer and rev.ng blog post, but I wasn't able to find the LLVM passes mentioned in the blog post.

Are the passes mentioned in the post available on GitHub? How would one go about to reproduce the steps described in the blog post?

Looking forward to your answer, Eduard

edi33416 avatar Apr 13 '21 20:04 edi33416

Hi Eduard, we're looking into making some of that available. We want to push out the part enabling to use libFuzzer on lifted binaries soon. But the part where you can call directly functions with a nice prototype has been postponed after we finalize #27 and #37.

Will post an update once the PR for using libFuzzer is ready.

aleclearmind avatar Apr 15 '21 16:04 aleclearmind

Cheers,

Any updates on this? Thank you for your previous response and I'm looking forward to your reply

edi33416 avatar Jun 01 '22 15:06 edi33416

Sadly #37 has fallen out of our short terms goals, as fuzzing in general. You can fuzz things after function isolation though, you can try to run revng translate -i, link in the fuzzing function in support.c and call root and add the instrumentation passes.

aleclearmind avatar Jun 01 '22 15:06 aleclearmind

Thank you for the updates and for the guidelines. I'll look into it

edi33416 avatar Jun 02 '22 13:06 edi33416

Fuzzing is no longer one of our core goals. Closing this.

aleclearmind avatar Dec 27 '22 10:12 aleclearmind