# to work anymore (errors about startup and stuff crashing). Don't know exact reason yet ######################### import os import time import subprocess from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Utils.WinUtils import * count = 0 proc = None first = True log = FilesystemLoging() log.dir = "\\\\vboxsrv\\__share__\\crashesEdge" mut = FileBitFlipping() mut.rate=12000 while True: try: for f in os.listdir("c:/Work/input"): extension = os.path.splitext(f)[1] if first: while True: try: desc = mut.mutate("c:/Work/input/" + f, "c:/Work/test" + extension) break
import os import time import subprocess import sys from Vanapagan.Detector.AndroidAdbValgrind import AndroidAdbValgrind from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping myNr = "MY" count = 0 crashes = 0 notNull = 0 log = FilesystemLoging() log.dir = "./crashesAdobeReader" run = AndroidAdbValgrind(deviceTmpFile="/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate = 12000 if len(sys.argv) > 1: run.device = sys.argv[1] if len(sys.argv) > 2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.adobe.reader/com.adobe.reader.AdobeReader", "./test_" + myNr + ".pdf") crash = run.waitForCrash(60) if crash != None:
from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.Loging.FilesystemLoging import FilesystemLoging log = FilesystemLoging() run = WinBasic() run.run(['crash']) crash = run.waitForCrash(10, True) if crash != None: log.log("./Readme.txt", crash, "TEST")
######################## #Simple example how to fuzz Linux evince program with bitflipping mutations on pdf files ######################### import os import time import subprocess from Vanapagan.Detector.LinuxGdb import LinuxGdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping count = 0 log = FilesystemLoging() run = LinuxGdb() mut = FileBitFlipping() mut.rate = 12000 while True: try: for f in os.listdir("./input"): desc = mut.mutate( "./input/" + f, "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf") run.run([ "/usr/bin/evince", "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf" ]) crash = run.waitForCrash(6) if crash != None: log.log( "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf", crash, desc)
######################### import os import time import subprocess from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Utils.WinUtils import * desc = None count = 0 first = 0 log = FilesystemLoging() log.dir = "\\\\vboxsrv\\__share__\\crashesMedia" run = WinBasic() mut = FileBitFlipping() mut.rate=50000 while True: try: for f in os.listdir("c:/Work/input"): while True: extension = os.path.splitext(f)[1] if first == 0: while True: try:
import os import time import subprocess import sys from Vanapagan.Detector.AndroidAdb import AndroidAdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping myNr = "MY" count = 0 crashes = 0 notNull = 0 log = FilesystemLoging() log.dir = "./crashesFoxit" run = AndroidAdb(deviceTmpFile = "/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate=12000 if len(sys.argv)>1: run.device = sys.argv[1] if len(sys.argv)>2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.foxit.mobile.pdf.lite/com.fuxin.read.RD_ReadActivity", "./test_" + myNr + ".pdf") crash = run.waitForCrash(5) if crash != None: crashes += 1
######################## #Very simple "fuzzer" for detecting and reporting crash in always crashing elf file # #NB: Crash file is 64bit ######################### from Vanapagan.Detector.LinuxGdb import LinuxGdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging log = FilesystemLoging() run = LinuxGdb() run.run(['./Crash']) crash = run.waitForCrash(4) if crash != None: log.log("./Readme.txt", crash, "TEST")
import os import time import subprocess import psutil from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging desc = None count = 0 crashes = 0 crashCheck = 0 log = FilesystemLoging() log.dir = "c:/Work/crashes" run = WinBasic() mut = FileBitFlipping() mut.rate=40000 start = time.time() def killAll(): proc = subprocess.Popen(["cmd", "/c","taskkill /f /im AcroRd32.exe"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) proc.wait() while True: for f in os.listdir("c:/Work/input"): try:
import os import time import subprocess import sys from Vanapagan.Detector.AndroidAdb import AndroidAdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping myNr = "MY" count = 0 crashes = 0 notNull = 0 log = FilesystemLoging() log.dir = "./crashesAdobeReader" run = AndroidAdb(deviceTmpFile = "/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate=12000 if len(sys.argv)>1: run.device = sys.argv[1] if len(sys.argv)>2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.adobe.reader/com.adobe.reader.AdobeReader", "./test_" + myNr + ".pdf") crash = run.waitForCrash(5) if crash != None: crashes += 1
#Recommend gflags full page heap for processes Video.UI.exe and WWAHost.exe ######################### import os import time import subprocess from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Utils.WinUtils import * desc = None count = 0 first = 0 log = FilesystemLoging() log.dir = "\\\\vboxsrv\\__share__\\crashesMedia" run = WinBasic() mut = FileBitFlipping() mut.rate = 50000 while True: try: for f in os.listdir("c:/Work/input"): while True: extension = os.path.splitext(f)[1] if first == 0: while True: try: desc = mut.mutate("c:/Work/input/" + f, "c:/Work/test" + extension)
import os import time import subprocess import sys from Vanapagan.Detector.AndroidAdb import AndroidAdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping myNr = "MY" count = 0 crashes = 0 notNull = 0 log = FilesystemLoging() log.dir = "./crashesFoxit" run = AndroidAdb(deviceTmpFile="/sdcard/Tmp/test.pdf") mut = FileBitFlipping() mut.rate = 12000 if len(sys.argv) > 1: run.device = sys.argv[1] if len(sys.argv) > 2: myNr = sys.argv[2] while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "./test_" + myNr + ".pdf") run.run("com.foxit.mobile.pdf.lite/com.fuxin.read.RD_ReadActivity", "./test_" + myNr + ".pdf") crash = run.waitForCrash(5) if crash != None:
#NB: It is not 100% stable, usually between 10K and 20K of testcases, the Windows doesn't want # to work anymore (errors about startup and stuff crashing). Don't know exact reason yet ######################### import os import time import subprocess from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Utils.WinUtils import * count = 0 proc = None first = True log = FilesystemLoging() log.dir = "\\\\vboxsrv\\__share__\\crashesEdge" mut = FileBitFlipping() mut.rate = 12000 while True: try: for f in os.listdir("c:/Work/input"): extension = os.path.splitext(f)[1] if first: while True: try: desc = mut.mutate("c:/Work/input/" + f, "c:/Work/test" + extension) break except:
######################## #Simple example how to fuzz Linux evince program with bitflipping mutations on pdf files ######################### import os import time import subprocess from Vanapagan.Detector.LinuxGdb import LinuxGdb from Vanapagan.Loging.FilesystemLoging import FilesystemLoging from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping count =0 log = FilesystemLoging() run = LinuxGdb() mut = FileBitFlipping() mut.rate=12000 while True: try: for f in os.listdir("./input"): desc = mut.mutate("./input/" + f, "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf") run.run(["/usr/bin/evince", "/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf"]) crash = run.waitForCrash(6) if crash != None: log.log("/home/jaanus/MysTuff/0day/__share__/Test/Vanapagan/test.pdf", crash, desc) run.close(False) count += 1 if count % 5 == 0: print "Done %d reps" % count
######################### import os import time import subprocess import psutil from Vanapagan.Detector.WinBasic import WinBasic from Vanapagan.CrashReport import CrashReport from Vanapagan.Mutator.FileBitFlipping import FileBitFlipping from Vanapagan.Loging.FilesystemLoging import FilesystemLoging desc = None count = 0 crashes = 0 crashCheck = 0 log = FilesystemLoging() log.dir = "c:/Work/crashes" run = WinBasic() mut = FileBitFlipping() mut.rate = 40000 start = time.time() def killAll(): proc = subprocess.Popen(["cmd", "/c", "taskkill /f /im AcroRd32.exe"], stdout=subprocess.PIPE, stderr=subprocess.PIPE) proc.wait() while True: