Andrea Fioraldi

You must use the Frida API, Cmodule or load the libradamsa as a shared library and invoke its routines from JS using a NativeFunction.

Yes you can try to add other mutators. Personally I don't like radamsa as it is too slow and generates the same inputs many times, but if you add other...

Seems that your libc is too old. Try to simply remove `HOTPATCH(explicit_bzero)` from libqasan/patch.c. This is weird btw, I have to insert an preprocessor check on the libc version.

Hey @oleavr this should be the arm64 equivalent of https://github.com/frida/frida-gum/issues/389. Confirmed that affects frida-fuzzer too.

Ok the problem here is that the app is not arm64 but arm32. Stalker is not implemented for arm32 yet, so frida-fuzzer can't work. Btw this is a CModule issue,...

feel free to implement it

I don't get this issue. Maybe /opt/searchsploit is a thing in your system, why should I care about the cloned repos in your system?

Again, you are assuming thait searchsploit is installed. In addition, i don't think that a script dowloads things in /opt as you need root.

Ah and T-Fuzz is not a network protocol fuzzer but a binary-only fuzzer based on program transformation.

Adding `klee_assume(h.size > 0);` before the calloc it conretizes to 63 (an apparently random value)