uds-se / formatfuzzer Goto Github PK

Converted to JSON

This is really nice and fast C++ tool for parsing 010 template based binaries. However we need to convert parsed data structure to JSON or XML, Could you guide on where we can implement such thing or what existing functionalities that can be used to do this easily.

I tried the FormatFuzzer with our own template and it seems it can parse the binaries based on the output it generates, But we want this to generate the JSON output from the tree.

Thank you

Need to install

• ffcompile into /usr/local/bin (or wherever)
• fuzzer.o (should be ffuzzer.o, better libffuzzer.so) into /usr/local/lib

such that it can be used in any directory

“mutate file1 file2” would parse file1, invert one randomly chosen decision, and then generate file2. Simple, yet effective.

Do you have any plan on integration to newer version of AFL++ recently? Since the APIs of AFL++ has updated a lot in last 2 years and it has more powerful functions.

Add pdf.bt file

After creating the issue, checkboxes will appear where [] label exist in the
markdown. You can check/uncheck them to fill out the environment section.

Checklist

• I have filled out the environment section

Environment

Platform

• Windows
• Mac
• Linux
• Other (please specify)

Python Version

• Python 2.7
• Python 3.4
• Python 3.5
• Python 3.6
• Python 3.7
• Python 3.8
• Other (please specify)

Describe the bug

After checking out FormatFuzzer, I get

$ make gif-fuzzer
g++ -std=c++17 -DHAVE_CONFIG_H -I.     -g -O3 -Wall -MT gif.o -MD -MP -MF .deps/gif.Tpo -c -o gif.o gif.cpp
In file included from gif.cpp:6:
./bt.h:12:10: fatal error: 'boost/crc.hpp' file not found
#include <boost/crc.hpp>
         ^~~~~~~~~~~~~~~

To Reproduce

See above

Expected Behavior

gif-fuzzer should be produced

I would like to have a flag to automatically delete error file when running ./gif-fuzzer parse input.gif
And I want to control max width and height when generating images using ./gif-fuzzer fuzz command

Say, “gif-fuzzer fuzz -n 500 —pattern=input{}.gif” generates input1.gif to input500.gif

First of all, thanks for the project! Looks interesting, hoping to add it to my workflow tomorrow.

Is there an easy way to implement something that works similar to generate_file(), except using buffers instead of using file descriptors?

I tried copying afl_pre_save_handler, but it looks like that expects stdin?

extern "C" size_t afl_pre_save_handler(unsigned char *data, size_t size,
                                       unsigned char **new_data) {
  file_acc.seed(data, size, 0);
  try {
    generate_file();
  } catch (...) {
    delete_globals();
    *new_data = NULL;
    return 0;
  }
  *new_data = file_acc.file_buffer;
  return file_acc.file_size;
}

Currently writing a new template that needs to seek to an offset that's defined in the file itself. The issue is that because I try to use FSeek to an invalid offset often, the vast majority of files end up being invalid. It's extremely slow.

dave@ubuntu:/mnt/space/FormatFuzzer$ ./dave-fuzzer benchmark
Generated 7 files from 10000 attempts in 1.245248 s.
Average file size 285 bytes.
Speed 5.621370 / s.

And my template looks like this:

uint32 off;
FSeek(off);

Any suggestions on how I can give FormatFuzzer a hint that off can't be larger than the file itself?

Related to #5.

Checklist

• I have included the [relevant portions of the] 010 template used that caused the bug
• I have filled out the environment section

Environment

Platform

• Windows
• Mac
• Linux
• Other (please specify)

Python Version

• Python 2.7
• Python 3.4
• Python 3.5
• Python 3.6
• Python 3.7
• Python 3.8
• Other (please specify)

Describe the bug

When mutating the decision files randomly, quite often FormatFuzzer will fail on random size exceeded rand_size.

I also run into bitfield lookahead not implemented sometimes.

To Reproduce

Steps to reproduce

while true; do ./gif-fuzzer fuzz --decision /dev/urandom /dev/null ; done

Expected Behavior

gif-fuzzer: output.gif created

Is this an intended design limitation/choice, or a bug? I think it's the former, but it's not documented anywhere.

Hi Rafael,

Since the included "pfp" package is heavily modified, it should be renamed - also to avoid conflicts with a potentially installed "pfp" package. I suggest the name "pfpg".

Cheers,

Andreas

can we add android dex file format ?