ucsb-seclab / hal-fuzz Goto Github PK
View Code? Open in Web Editor NEWSource code of HAL-fuzz
License: Apache License 2.0
hal-fuzz's People
Contributors
Stargazers
Watchers
Forkers
sucof terry2012 fengjixuchui 4n6strider gavz longjohncoder diagprov ykankaya 5l1v3r1 bdankwa howknows mmg1 dawuge silipwn findo chaosdragonian jzck-ty bird8693 pwnforce carlosjordandev redpack-kr fireknight-hj wqqqy zunlongzhou wsxk jhersack fly1ngpengu1ns swapnilmukherjeehal-fuzz's Issues
problem about hal_fuzz/hal_fuzz/native.py
I believe the codes of native.py in Line 219 should be "if timer_cb_wrapper is None or timer_cb_user_data is None". "if timer_cb_wrapper is not None or timer_cb_user_data is not None then exit(1)" has the opposite meaning of "assert (timer_cb_wrapper is not None and timer_cb_user_data is not None)" and that is the reason why I couldn't run csaw cases.
I don't have the permission to your codes. If you think it is wrong, maybe you could try to fix it. Thanks for your prompt attention and have a lovely day.
Example of a harness script for hal-fuzz
I am having trouble testing your tool on any of the tests from the repo. I don't exactly know how to implement a harness script from scratch (it's especially difficult since every binary is closed-source).
Do you have an example of a harness that would work out-of-the-box with one of your proposed tests?
WARNING: You just tried to use a timer, and timers are not enabled! Try adding `use_timers: True` and `use_nvic: True` to your firmware's YAML file.
I got this error when run 'test_st_plc.sh', but I'm sure that use_timers: True and use_nvic: True was added in the file st_plc.yaml. Is that normal ?
Loading fuzz from: ./tests/st-plc/inputs/input1
Executing until a crash
WARNING: You just tried to use a timer, and timers are not enabled! Try adding `use_timers: True` and `use_nvic: True` to your firmware's YAML file.
Traceback (most recent call last):
File "/home/halfuzz/hal-fuzz/hal_fuzz/hal_fuzz/handlers/__init__.py", line 61, in func_hook_handler
hook(uc)
File "/home/halfuzz/hal-fuzz/hal_fuzz/hal_fuzz/handlers/stm32f4_hal/stm32f4_wifi.py", line 26, in wifi_init
Timer.start_timer(hex(tim1), wifi_timer_rate, 45)
File "/home/halfuzz/hal-fuzz/hal_fuzz/hal_fuzz/models/timer.py", line 105, in start_timer
internal_ind = native.add_timer(timer_rate, isr_num=timer_func_irq)
File "/home/halfuzz/hal-fuzz/hal_fuzz/hal_fuzz/native.py", line 221, in add_timer
sys.exit(1)
SystemExit: 1
Exiting via os._exit
Address is already backed
I use the dump_symbols.py to dump symbols of an axf file, which is ELF. It failed:
Traceback (most recent call last):
File "dump_symbols.py", line 10, in <module>
p = angr.Project(fname)
File "/home/wangfeng/.local/lib/python3.8/site-packages/angr/project.py", line 224, in __init__
self.simos.configure_project()
File "/home/wangfeng/.local/lib/python3.8/site-packages/angr/simos/linux.py", line 45, in configure_project
self._loader_addr = self.project.loader.extern_object.allocate()
File "/home/wangfeng/.local/lib/python3.8/site-packages/cle/loader.py", line 223, in extern_object
self._internal_load(self._extern_object)
File "/home/wangfeng/.local/lib/python3.8/site-packages/cle/loader.py", line 774, in _internal_load
self._map_object(obj)
File "/home/wangfeng/.local/lib/python3.8/site-packages/cle/loader.py", line 876, in _map_object
self.memory.add_backer(base_addr, obj.memory)
File "/home/wangfeng/.local/lib/python3.8/site-packages/cle/memory.py", line 194, in add_backer
raise ValueError("Address %#x is already backed!" % start)
ValueError: Address 0x8100000 is already backed!
How to solve this ?
Fork server handshake failed Location
Whether I use native installation or docker installation, I get an error when running the basic test case:
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. Perhaps there is a horrible bug in the
fuzzer. Poke <[email protected]> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : init_forkserver(), afl-fuzz.c:2258
I run the command ./afl-fuzz -U -m none -i tests/p2im_console/inputs -o ./outputs_tmp -- python3 -m hal_fuzz.harness -c tests/p2im_console/p2im_console.yml @@
Because you start by running ./afl-fuzz -U -m none -i tests/p2im_console/inputs -o ./zzl -- ./hal-fuzz -c tests/p2im_console/p2im_console.yml @@
To report an error:
[-] Oops, the target binary looks like a shell script. Some build systems will
sometimes generate shell stubs for dynamically linked programs; try static
library mode (./configure --disable-shared) if that's the case.
Another possible cause is that you are actually trying to use a shell
wrapper around the fuzzed component. Invoking shell can slow down the
fuzzing process by a factor of 20x or more; it's best to write the wrapper
in a compiled language instead.
[-] PROGRAM ABORT : Program './hal-fuzz' is a shell script
Location : check_binary(), afl-fuzz.c:6893
ivt meaning
What is the meaning of ivt in YML file? I guess it is the interrupt vector table. For example, I browsed the maximum ivt address of the datasheet of stm32f407, which is 184. However, compared with the ivt size, 0x800000, in the stm32_tcp_echo_server.yml, it is much lower. How could I change ivt based on personal setting?
Furthermore, some YML files point out ivt and flash in memory_map, but others point out ivt and rom. What is the difference?
Thanks for your prompt attention.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.