optee_fuzzer icon indicating copy to clipboard operation
optee_fuzzer copied to clipboard

Published 20 hours ago verified publisher icon Riscure

For seeding formats

Open dengpeiyao0515 opened this issue 3 years ago • 1 comments

Hi there,

I am wondering if the hex format for collected system call sequences was defined by you? 0 If so, would it be possible for you to give some documentation links to understand the format?

dengpeiyao0515 avatar Mar 22 '21 09:03 dengpeiyao0515

Yes, this is my own format. There is no documentation about it. The data structures can be found here: https://github.com/Riscure/optee_fuzzer/blob/master/shared/include/afl-tee.h#L45-L102

It is basically an array of SYSCALL_INVOKEs followed by arbitrary data that can be referenced by an ARG_DATA_* argument. The different argument types allow providing values, pointers to buffers, a value by dereferencing a pointer, etc. This way you can construct pretty much any chain of function calls.

MartijnB avatar Aug 12 '21 07:08 MartijnB