def create_dict(binary, dict_filename):
create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin",
"create_dict.py")
args = [sys.executable, create_dict_script, binary]
with open(dict_filename, 'wb') as df:
p = subprocess.Popen(args, stdout=df)
retcode = p.wait()
df.close()
return_ok = retcode == 0 and os.path.getsize(dict_filename)
if return_ok:
# angr prints 'wtf' on some lines, I think due to this file https://github.com/angr/angr/blob/8b1f0325187f28ba7721ee1e9a1f33f46394c487/angr/analyses/cfg/cfg_fast.py
# so I remove these lines and log it
with open(dict_filename, 'rb') as df:
lines = df.readlines()
df.close()
WTF = b'wtf\n'
if WTF in lines:
logger.warn("Found 'wtf' lines in dictionary. Removing them")
content = b''.join([line for line in lines if line != WTF])
with open(dict_filename, 'wb') as df:
df.write(content)
return return_ok
def create_dict(binary, dict_filename):
create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin",
"create_dict.py")
args = [sys.executable, create_dict_script, binary]
with open(dict_filename, 'wb') as df:
p = subprocess.Popen(args, stdout=df)
retcode = p.wait()
return retcode == 0 and os.path.getsize(dict_filename)
def create_dict(binary, dict_filename):
create_dict_script = os.path.join(__angr_Fuzzer._get_base(), "bin",
"create_dict.py")
args = [sys.executable, create_dict_script, binary]
with open(dict_filename + '.org', 'wb') as df:
p = subprocess.Popen(args, stdout=df)
retcode = p.wait()
out = open(dict_filename + '.org')
file = open(dict_filename, 'w')
for line in out:
match = re.match(r"string_[\d]+=.+[\n]{0,1}", line)
if match:
file.writelines(line)
return retcode == 0 and os.path.getsize(dict_filename)
def __init__(self, binary_path, testcase):
"""
:param binary_path: path to the binary which the testcase applies to
:param testcase: string representing the contents of the testcase
"""
self.binary_path = binary_path
self.testcase = testcase
Fuzzer._perform_env_checks()
self.base = Fuzzer._get_base()
l.debug("got base dir %s", self.base)
# unfortunately here is some code reuse between Fuzzer and Minimizer
p = angr.Project(self.binary_path)
tracer_id = 'cgc' if p.loader.main_bin.os == 'cgc' else p.arch.qemu_name
self.tmin_path = os.path.join(afl_wrapper.afl_dir(tracer_id),
"afl-tmin")
self.afl_path_var = afl_wrapper.afl_path_var(tracer_id)
l.debug("tmin_path: %s", self.tmin_path)
l.debug("afl_path_var: %s", self.afl_path_var)
os.environ['AFL_PATH'] = self.afl_path_var
# create temp
self.work_dir = tempfile.mkdtemp(prefix='tmin-', dir='/tmp/')
# flag for work directory removal
self._removed = False
self.input_testcase = os.path.join(self.work_dir, 'testcase')
self.output_testcase = os.path.join(self.work_dir, 'minimized_result')
l.debug("input_testcase: %s", self.input_testcase)
l.debug("output_testcase: %s", self.output_testcase)
# populate contents of input testcase
with open(self.input_testcase, 'w') as f:
f.write(testcase)
def __init__(self, binary_path, testcase, timeout=None):
"""
:param binary_path: path to the binary which the testcase applies to
:param testcase: string representing the contents of the testcase
:param timeout: millisecond timeout
"""
self.binary_path = binary_path
self.testcase = testcase
self.timeout = None
if isinstance(binary_path, basestring):
self.is_multicb = False
self.binaries = [binary_path]
elif isinstance(binary_path, (list,tuple)):
self.is_multicb = True
self.binaries = binary_path
else:
raise ValueError("Was expecting either a string or a list/tuple for binary_path! "
"It's {} instead.".format(type(binary_path)))
if timeout is not None:
if isinstance(timeout, (int, long)):
self.timeout = str(timeout)
elif isinstance(timeout, (str)):
self.timeout = timeout
else:
raise ValueError("timeout param must be of type int or str")
# will be set by showmap's return code
self.causes_crash = False
Fuzzer._perform_env_checks()
self.base = Fuzzer._get_base()
l.debug("got base dir %s", self.base)
# unfortunately here is some code reuse between Fuzzer and Minimizer (and Showmap!)
p = angr.Project(self.binaries[0])
tracer_id = 'cgc' if p.loader.main_bin.os == 'cgc' else p.arch.qemu_name
if self.is_multicb:
tracer_id = 'multi-{}'.format(tracer_id)
self.showmap_path = os.path.join(afl_wrapper.afl_dir(tracer_id), "afl-showmap")
self.afl_path_var = afl_wrapper.afl_path_var(tracer_id)
l.debug("showmap_path: %s", self.showmap_path)
l.debug("afl_path_var: %s", self.afl_path_var)
os.environ['AFL_PATH'] = self.afl_path_var
# create temp
self.work_dir = tempfile.mkdtemp(prefix='showmap-', dir='/tmp/')
# flag for work directory removal
self._removed = False
self.input_testcase = os.path.join(self.work_dir, 'testcase')
self.output = os.path.join(self.work_dir, 'out')
l.debug("input_testcase: %s", self.input_testcase)
l.debug("output: %s", self.output)
# populate contents of input testcase
with open(self.input_testcase, 'w') as f:
f.write(testcase)