#!/usr/bin/env python3 # # Cross Platform and Multi Architecture Advanced Binary Emulation Framework # # Everything about the bug and firmware https://www.exploit-db.com/exploits/33863 import os, sys # This is new. Instead of unicorn, we import unicornafl. It's the same Uc with some new `afl_` functions import unicornafl # Make sure Qiling uses our patched unicorn instead of it's own, second so without instrumentation! unicornafl.monkeypatch() sys.path.append("../../..") from qiling import * from qiling.const import QL_VERBOSE def main(input_file, enable_trace=False): env_vars = { "REQUEST_METHOD": "POST", "REQUEST_URI": "/hedwig.cgi", "CONTENT_TYPE": "application/x-www-form-urlencoded", "REMOTE_ADDR": "127.0.0.1", "HTTP_COOKIE": "uid=1234&password="******"A" * 0x1000, # fill up # "CONTENT_LENGTH": "8", # no needed }
o Build Unicorn support $ ( cd AFLplusplus/unicorn_mode ; ./build_unicorn_support.sh ) o Start fuzzing $ AFL_AUTORESUME=1 AFL_PATH="$(realpath ./AFLplusplus)" PATH="$AFL_PATH:$PATH" afl-fuzz -i afl_inputs -o afl_outputs -U -- python3 ./fuzz_x8664_linux.py @@ o Cleanup results $ rm -fr afl_outputs/default/ """ # This is new. Instead of unicorn, we import unicornafl. It's the same Uc with some new `afl_` functions import unicornafl as UcAfl # Make sure Qiling uses our patched unicorn instead of it's own, second so without instrumentation! UcAfl.monkeypatch() import os import sys from typing import Any, Optional sys.path.append("../../..") from qiling import Qiling from qiling.const import QL_VERBOSE from qiling.extensions import pipe def main(input_file: str): mock_stdin = pipe.SimpleInStream(sys.stdin.fileno())