LibAFL-legacy icon indicating copy to clipboard operation
LibAFL-legacy copied to clipboard

Published 20 hours ago verified publisher icon AFLplusplus

Add Dictionary/Extras Support

Open domenukk opened this issue 5 years ago • 8 comments

The main feature lacking in LibAFL right now is Extas support. This includes the dictionary extras, you would pass to AFL using -x, but also autoextras added during fuzzing, as well as the compile-time autodict feature in AFL LTO builds, and eventually even cmplog. The important pieces of code are in https://github.com/AFLplusplus/AFLplusplus/blob/stable/src/afl-fuzz-extras.c

domenukk avatar Sep 01 '20 21:09 domenukk

I was looking at doing this. Can you give a little background of how afl generates extras during the fuzzing? taking a dict as a command-line parameter and parsing is pretty straight-forward. But generating them during fuzzing was a bit confusing :sweat_smile:

rish9101 avatar Oct 03 '20 09:10 rish9101

We can start with the "normal" ones and go from there :)

domenukk avatar Oct 03 '20 09:10 domenukk

Ok. So, if we get a dict, do we need any special mutators for them? Or the havoc ones work(for now)?

rish9101 avatar Oct 03 '20 09:10 rish9101

Havoc needs to take extras into account, that's okay for now. Later we'll probably want redqueen

domenukk avatar Oct 03 '20 09:10 domenukk

:+1: I think we'll need a deterministic stage too now?

rish9101 avatar Oct 03 '20 09:10 rish9101

If we want to be close to AFL, eventually yes

domenukk avatar Oct 03 '20 10:10 domenukk

I've started with the deterministic stage and deterministic mutators (Had to introduce a new structure for storing "state" of mutation since it isn't random). You guys can have a look at add_extras branch

rish9101 avatar Oct 04 '20 08:10 rish9101

Don't code, I have the lock this week, deterministic can be implemented just using the stage_idx parameter to mutate (that was in FFF for this purpose, but was not ported to LibAFL)

andreafioraldi avatar Oct 04 '20 18:10 andreafioraldi