shellphish-afl icon indicating copy to clipboard operation
shellphish-afl copied to clipboard

Published 20 hours ago verified publisher icon shellphish

Error while running 32 bit binary in 64 bit machine

Open lzina opened this issue 5 years ago • 1 comments

Hi, I experience something very wired when running my 32 binary on 64 bit machine with shellphish/fuzzer.

If I execute the command below:

/~/PycharmProjects/driller-afl/venv/bin/python /~/PycharmProjects/driller-afl/venv/bin/shellphuzz --memory none -c 1 -d 1 --length-extension 20 --driller-timeout 80 /~/PycharmProjects/driller-afl/venv/test_cases/test_new_null_pointer_32

I get the error:

[0;36mafl-fuzz [1;37m1.85b[0m by <[email protected]>
[1;32m[+] [0mLooks like we're not running on a tty, so I'll be a bit less verbose.[0m
[1;32m[+] [0mYou have 3 CPU cores and 2 runnable tasks (utilization: 67%).[0m
[1;32m[+] [0mTry parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.txt.[0m
[1;34m[*] [0mChecking core_pattern...[0m
[1;34m[*] [0mSetting up output directories...[0m
[1;34m[*] [0mScanning '/dev/shm/work/test_new_null_pointer_32/input'...[0m
[1;32m[+] [0mNo auto-generated dictionary tokens to reuse.[0m
[1;34m[*] [0mCreating hard links for all input files...[0m
[1;34m[*] [0mLoading extra dictionary from '/dev/shm/work/test_new_null_pointer_32/test_new_null_pointer_32.dict' (level 0)...[0m
[1;32m[+] [0mLoaded 1 extra tokens, size range 19 B to 19 B.[0m
[1;34m[*] [0mValidating target binary...[0m
[1;34m[*] [0mAttempting dry run with 'id:000000,orig:seed-0'...[0m
[1;34m[*] [0mSpinning up the fork server...[0m

[1;31m[-] [0mHmm, looks like the target binary terminated before we could complete a
    handshake with the injected code. Perhaps there is a horrible bug in the
    fuzzer. Poke <[email protected]> for troubleshooting tips.
)B[?25h[1;31m
[-] PROGRAM ABORT : [1;37mFork server handshake failed[1;31m
         Location : [0minit_forkserver(), afl-fuzz.c:2082

However, if I run AFL through cmd with the same afl-fuzz and afl-qemu-tracer files like below:

guest@vm:~/Documents/Fuzzing$ export AFL_PATH='/~/PycharmProjects/driller-afl/venv/bin/afl-unix/tracers/i386'
guest@vm:~/Documents/Fuzzing$ /~/PycharmProjects/driller-afl/venv/bin/afl-unix/afl-fuzz  -i 'afl-master32/qemu-32-test/input' -o 'afl-master32/qemu-32-test/output' -m none -Q ./afl-master32/qemu-32-test/test_new_null_pointer_32

everything works as excepted.

issue_driller_afl.zip

please your help.

lzina avatar May 14 '19 10:05 lzina

Eventually is worked for me. I comment 2 lines in fuzzer.py:

  1. os.environ['QEMU_LD_PREFIX'] = path
  2. args += ["--"] in _start_afl_instance function

lzina avatar May 16 '19 11:05 lzina