time.sleep(4) while getPidByImg("MicrosoftEdge.exe")!=0: time.sleep(1) clearEvents() proc = subprocess.Popen(["cmd", "/c","start c:/Work/test" + extension], stdout=subprocess.PIPE, stderr=subprocess.PIPE) time.sleep(5) killByImg("MicrosoftEdge.exe") killByPid(proc.pid) crash = isEvent() if crash != None: if first: first = False else: log.log("c:/Work/test.pdf", crash, desc) print "Issue detected!" first = True else: first = True count += 1 if count % 5 == 0: print "Done %d reps" % count except: raise killByImg("MicrosoftEdge.exe") time.sleep(1)
run = AndroidAdbValgrind(deviceTmpFile="/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate = 12000 if len(sys.argv) > 1: run.device = sys.argv[1] if len(sys.argv) > 2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.adobe.reader/com.adobe.reader.AdobeReader", "./test_" + myNr + ".pdf") crash = run.waitForCrash(60) if crash != None: crashes += 1 if not crash.nearNull: notNull += 1 print "##########Something happened in %s###########" % crash.location log.log("./test_" + myNr + ".pdf", crash, desc) run.close() count += 1 if count % 5 == 0: print "######Done %d reps, found %d crashes (%d not null)" % ( count, crashes, notNull) except: raise
from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.Loging.FilesystemLoging import FilesystemLoging log = FilesystemLoging() run = WinBasic() run.run(['crash']) crash = run.waitForCrash(10, True) if crash != None: log.log("./Readme.txt", crash, "TEST")
from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping count = 0 log = FilesystemLoging() run = LinuxGdb() mut = FileBitFlipping() mut.rate = 12000 while True: try: for f in os.listdir("./input"): desc = mut.mutate( "./input/" + f, "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf") run.run([ "/usr/bin/evince", "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf" ]) crash = run.waitForCrash(6) if crash != None: log.log( "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf", crash, desc) run.close(False) count += 1 if count % 5 == 0: print "Done %d reps" % count except: raise
if pid != 0: break countFailure += 1 if countFailure > 10: killByPid(proc1.pid) raise Exception("F**k it") time.sleep(1) run.attachPid(pid) proc2 = subprocess.Popen(["cmd", "/c","start c:/Work/test" + extension], stdout=subprocess.PIPE, stderr=subprocess.PIPE) crash = run.waitForCrash(6) run.close() if crash != None: if first == 4: print "Issue detected at %s" % crash.location log.log("c:/Work/test" + extension, crash, desc) first = 0 else: first += 1 else: first = 0 killByImg("Video.UI.exe") killByImg("WWAHost.exe") killByPid(proc1.pid) killByPid(proc2.pid) count += 1 if count % 5 == 0: print "Done %d reps" % count
######################## #Very simple "fuzzer" for detecting and reporting crash in always crashing elf file # #NB: Crash file is 64bit ######################### from Vanapagan.Detector.LinuxGdb import LinuxGdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging log = FilesystemLoging() run = LinuxGdb() run.run(['./Crash']) crash = run.waitForCrash(4) if crash != None: log.log("./Readme.txt", crash, "TEST")
log = FilesystemLoging() log.dir = "./crashesFoxit" run = AndroidAdb(deviceTmpFile = "/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate=12000 if len(sys.argv)>1: run.device = sys.argv[1] if len(sys.argv)>2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.foxit.mobile.pdf.lite/com.fuxin.read.RD_ReadActivity", "./test_" + myNr + ".pdf") crash = run.waitForCrash(5) if crash != None: crashes += 1 if not crash.nearNull: notNull += 1 print "##########Something happened in %s###########" % crash.location log.log("./test_" + myNr + ".pdf", crash, desc) run.close() count += 1 if count % 5 == 0: print "######Done %d reps, found %d crashes (%d not null)" % (count, crashes, notNull) except: raise
if countFailure > 10: killByPid(proc1.pid) raise Exception("F**k it") time.sleep(1) run.attachPid(pid) proc2 = subprocess.Popen( ["cmd", "/c", "start c:/Work/test" + extension], stdout=subprocess.PIPE, stderr=subprocess.PIPE) crash = run.waitForCrash(6) run.close() if crash != None: if first == 4: print "Issue detected at %s" % crash.location log.log("c:/Work/test" + extension, crash, desc) first = 0 else: first += 1 else: first = 0 killByImg("Video.UI.exe") killByImg("WWAHost.exe") killByPid(proc1.pid) killByPid(proc2.pid) count += 1 if count % 5 == 0: print "Done %d reps" % count
while getPidByImg("MicrosoftEdge.exe") != 0: time.sleep(1) clearEvents() proc = subprocess.Popen( ["cmd", "/c", "start c:/Work/test" + extension], stdout=subprocess.PIPE, stderr=subprocess.PIPE) time.sleep(5) killByImg("MicrosoftEdge.exe") killByPid(proc.pid) crash = isEvent() if crash != None: if first: first = False else: log.log("c:/Work/test.pdf", crash, desc) print "Issue detected!" first = True else: first = True count += 1 if count % 5 == 0: print "Done %d reps" % count except: raise killByImg("MicrosoftEdge.exe") time.sleep(1)
######################### import os import time import subprocess from Vanapagan.Detector.LinuxGdb import LinuxGdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping count =0 log = FilesystemLoging() run = LinuxGdb() mut = FileBitFlipping() mut.rate=12000 while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf") run.run(["/usr/bin/evince", "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf"]) crash = run.waitForCrash(6) if crash != None: log.log("/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf", crash, desc) run.close(False) count += 1 if count % 5 == 0: print "Done %d reps" % count except: raise