radare2 icon indicating copy to clipboard operation
radare2 copied to clipboard

Published 20 hours ago verified publisher icon radareorg

Aborted (core dumped) when installed by afl.sh

Open Janette88 opened this issue 2 years ago • 2 comments

Environment

Linux ubuntu 5.15.0-41-generic #44~20.04.1-Ubuntu SMP Fri Jun 24 13:27:29 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0 radare2 version: git log commit d6cd7e74ba392ea3c224572d031c61c100403257 (grafted, HEAD -> master, origin/master, origin/HEAD)

STEPS:

1) vim radare2/sys/afl.sh
    modified this line : export CC="afl-clang"   ---> export CC="afl-clang-fast"
  and then save 

 2)bash radare2/sys/afl.sh
 3) after installing process,run command as following:
  rabin2 -h
 
Warning: AFL++ tools might need to set AFL_MAP_SIZE to 342709 to be able to run this instrumented program if this crashes!
[-] FATAL: forkserver is already up, but an instrumented dlopen() library loaded afterwards. You must AFL_PRELOAD such libraries to be able to fuzz them or LD_PRELOAD to run outside of afl-fuzz.
To ignore this set AFL_IGNORE_PROBLEMS=1.
Aborted (core dumped)

radare2$ r2 -h
Warning: AFL++ tools might need to set AFL_MAP_SIZE to 320176 to be able to run this instrumented program if this crashes!
Usage: r2 [-ACdfLMnNqStuvwzX] [-P patch] [-p prj] [-a arch] [-b bits] [-i file]
          [-s addr] [-B baddr] [-m maddr] [-c cmd] [-e k=v] file|pid|-|--|=
 --           run radare2 without opening any file
 -            same as 'r2 malloc://512'
 =            read file from stdin (use -i and -c to run cmds)
 -=           perform !=! command to run all commands remotely
 -0           print \x00 after init and every command
 -2           close stderr file descriptor (silent warning messages)
 -a [arch]    set asm.arch
 -A           run 'aaa' command to analyze all referenced code
 -b [bits]    set asm.bits
 -B [baddr]   set base address for PIE binaries
 -c 'cmd..'   execute radare command
 -C           file is host:port (alias for -c+=http://%s/cmd/)
 -d           debug the executable 'file' or running process 'pid'
 -D [backend] enable debug mode (e cfg.debug=true)
 -e k=v       evaluate config var
 -f           block size = file size
 -F [binplug] force to use that rbin plugin
 -h, -hh      show help message, -hh for long
 -H ([var])   display variable
 -i [file]    run script file
 -I [file]    run script file before the file is opened
 -j           use json for -v, -L and maybe others
 -k [OS/kern] set asm.os (linux, macos, w32, netbsd, ...)
 -l [lib]     load plugin file
 -L           list supported IO plugins
 -m [addr]    map file at given address (loadaddr)
 -M           do not demangle symbol names
 -n, -nn      do not load RBin info (-nn only load bin structures)
 -N           do not load user settings and scripts
 -NN          do not load any script or plugin
 -q           quiet mode (no prompt) and quit after -i
 -qq          quit after running all -c and -i
 -Q           quiet mode (no prompt) and quit faster (quickLeak=true)
 -p [prj]     use project, list if no arg, load if no file
 -P [file]    apply rapatch file and quit
 -r [rarun2]  specify rarun2 profile to load (same as -e dbg.profile=X)
 -R [rr2rule] specify custom rarun2 directive
 -s [addr]    initial seek
 -S           start r2 in sandbox mode
 -T           do not compute file hashes
 -u           set bin.filter=false to get raw sym/sec/cls names
 -v, -V       show radare2 version (-V show lib versions)
 -w           open file in write mode
 -x           open without exec-flag (asm.emu will not work), See io.exec
 -X           same as -e bin.usextr=false (useful for dyldcache)
 -z, -zz      do not load strings or load them even in raw

Janette88 avatar Aug 03 '22 09:08 Janette88

thats an afl related problem, not r2 one i think. did you tried doing what the logs say?

Warning: AFL++ tools might need to set AFL_MAP_SIZE to 342709 to be able to run this instrumented program if this crashes!
[-] FATAL: forkserver is already up, but an instrumented dlopen() library loaded afterwards. You must AFL_PRELOAD such libraries to be able to fuzz them or LD_PRELOAD to run outside of afl-fuzz.
To ignore this set AFL_IGNORE_PROBLEMS=1.
Aborted (core dumped)

trufae avatar Aug 07 '22 11:08 trufae

yes, i set export AFL_IGNORE_PROBLEMS=1,and it worked.

rabin2 -I /bin/ls [-] FATAL: forkserver is already up, but an instrumented dlopen() library loaded afterwards. You must AFL_PRELOAD such libraries to be able to fuzz them or LD_PRELOAD to run outside of afl-fuzz. To ignore this set AFL_IGNORE_PROBLEMS=1. Aborted (core dumped)

export AFL_IGNORE_PROBLEMS=1

rabin2 -I /bin/ls arch x86 baddr 0x0 binsz 140217 bintype elf bits 64 canary true class ELF64 crypto false endian little havecode true intrp /lib64/ld-linux-x86-64.so.2 laddr 0x0 lang c linenum false lsyms false machine AMD x86-64 architecture nx true os linux pic true relocs false relro full rpath NONE sanitize false static false stripped true subsys linux va true

ps: Besides' ignore' method , is there any other way to solve this problem? maybe someone could give me a guidance.

Janette88 avatar Aug 08 '22 08:08 Janette88