#!/usr/bin/env python3
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
#
# Everything about the bug and firmware https://www.exploit-db.com/exploits/33863
import os, sys
# This is new. Instead of unicorn, we import unicornafl. It's the same Uc with some new `afl_` functions
import unicornafl
# Make sure Qiling uses our patched unicorn instead of it's own, second so without instrumentation!
unicornafl.monkeypatch()
sys.path.append("../../..")
from qiling import *
from qiling.const import QL_VERBOSE
def main(input_file, enable_trace=False):
env_vars = {
"REQUEST_METHOD": "POST",
"REQUEST_URI": "/hedwig.cgi",
"CONTENT_TYPE": "application/x-www-form-urlencoded",
"REMOTE_ADDR": "127.0.0.1",
"HTTP_COOKIE": "uid=1234&password="******"A" * 0x1000, # fill up
# "CONTENT_LENGTH": "8", # no needed
}
o Build Unicorn support
$ ( cd AFLplusplus/unicorn_mode ; ./build_unicorn_support.sh )
o Start fuzzing
$ AFL_AUTORESUME=1 AFL_PATH="$(realpath ./AFLplusplus)" PATH="$AFL_PATH:$PATH" afl-fuzz -i afl_inputs -o afl_outputs -U -- python3 ./fuzz_x8664_linux.py @@
o Cleanup results
$ rm -fr afl_outputs/default/
"""
# This is new. Instead of unicorn, we import unicornafl. It's the same Uc with some new `afl_` functions
import unicornafl as UcAfl
# Make sure Qiling uses our patched unicorn instead of it's own, second so without instrumentation!
UcAfl.monkeypatch()
import os
import sys
from typing import Any, Optional
sys.path.append("../../..")
from qiling import Qiling
from qiling.const import QL_VERBOSE
from qiling.extensions import pipe
def main(input_file: str):
mock_stdin = pipe.SimpleInStream(sys.stdin.fileno())
