linecode / qsym Goto Github PK

; disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

; install z3 and system deps
$ ./setup.sh

; install using virtual env
$ virtualenv venv
$ source venv/bin/activate
$ pip install .

; disable ptrace_scope for PIN
$ echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope

; build docker image
$ docker build -t qsym ./

$ run docker image
$ docker run --cap-add=SYS_PTRACE -it qsym /bin/bash

; require to set the following environment variables
;   AFL_ROOT: afl directory (http://lcamtuf.coredump.cx/afl/)
;   INPUT: input seed files
;   OUTPUT: output directory
;   AFL_CMDLINE: command line for a testing program for AFL (ASAN + instrumented)
;   QSYM_CMDLINE: command line for a testing program for QSYM (Naive)

; run AFL master
$ $(AFL_ROOT)/afl-fuzz -M afl-master -i $(INPUT) -o $(OUTPUT) -- $(AFL_CMDLINE)
; run AFL slave
$ $(AFL_ROOT)/afl-fuzz -S afl-slave -i $(INPUT) -o $(OUTPUT) -- $(AFL_CMDLINE)
; run QSYM
$ bin/run_qsym_afl.py -a afl-slave -o $(OUTPUT) -n qsym -- $(QSYM_CMDLINE)

$ cd tests
$ python build.py
$ python -m pytest -n $(nproc)

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

@inproceedings{yun:qsym,
  title        = {{QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing (to appear)}},
  author       = {Insu Yun and Sangho Lee and Meng Xu and Yeongjin Jang and Taesoo Kim},
  booktitle    = {Proceedings of the 27th USENIX Security Symposium (Security)},
  month        = aug,
  year         = 2018,
  address      = {Baltimore, MD},
}