[go: nahoru, domu]
Skip to content
This repository has been archived by the owner on Jan 27, 2019. It is now read-only.
/ afl-other-arch Public archive

AFL, with scripts to support other architectures.

94 stars 43 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

shellphish/afl-other-arch

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
dictionaries
dictionaries
 
 
docs
docs
 
 
experimental
experimental
 
 
libdislocator
libdislocator
 
 
libtokencap
libtokencap
 
 
llvm_mode
llvm_mode
 
 
qemu_mode
qemu_mode
 
 
testcases
testcases
 
 
Makefile
Makefile
 
 
QuickStartGuide.txt
QuickStartGuide.txt
 
 
README.md
README.md
 
 
afl-analyze.c
afl-analyze.c
 
 
afl-as.c
afl-as.c
 
 
afl-as.h
afl-as.h
 
 
afl-cmin
afl-cmin
 
 
afl-fuzz.c
afl-fuzz.c
 
 
afl-gcc.c
afl-gcc.c
 
 
afl-gotcpu.c
afl-gotcpu.c
 
 
afl-plot
afl-plot
 
 
afl-showmap.c
afl-showmap.c
 
 
afl-tmin.c
afl-tmin.c
 
 
afl-whatsup
afl-whatsup
 
 
alloc-inl.h
alloc-inl.h
 
 
build.sh
build.sh
 
 
config.h
config.h
 
 
debug.h
debug.h
 
 
hash.h
hash.h
 
 
test-instr.c
test-instr.c
 
 
types.h
types.h
 
 

Repository files navigation

This is a simple patch to AFL to make other-arch (non-x86 based) support easy. Just run ./build.sh <arches> to get started, where <arches> can be one or more of:

   aarch64 alpha arm armeb cris i386 m68k microblaze microblazeel 
   mips mips64 mips64el mipsel mipsn32 mipsn32el or32 ppc ppc64 
   ppc64abi32 ppc64le s390x sh4 sh4eb sparc sparc32plus sparc64 unicore32 
   x86_64

This will compile AFL with qemu support for the architecture requested.

Once building is completed, you'll need to set some environment variables before you can begin fuzzing.

Set QEMU_LD_PREFIX to a path containing a directory lib which itself contains the shared objects required by the binary (such as libc compiled for <arch>)

export QEMU_LD_PREFIX=. # assuming your CWD contains the 'lib' directory

Set AFL_PATH to the directory containing the afl-qemu-trace binary for the architecture of the binary being fuzzed

export AFL_PATH=afl-other-arch/tracers/$TARGET/

Happy other-arch fuzzing!

afl-other-arch/afl-fuzz -m 8G -Q -i testcases -o output -- ./deepblue

About

AFL, with scripts to support other architectures.

Resources

Readme
Activity
Custom properties

Stars

94 stars

Watchers

17 watching

Forks

43 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages