├── LICENSE ├── README.md ├── arm_depedencies ├── ld-linux-armhf.so.3 ├── ld-linux.so.3 ├── ld-uClibc.so.0 ├── lib │ ├── ld-linux-armhf.so.3 │ ├── ld-linux.so.3 │ ├── ld-uClibc.so.0 │ ├── libbcm_crc.so │ ├── libbcm_flashutil.so │ ├── libblobmsg_json.so │ ├── libc.so │ ├── libc.so.0 │ ├── libc.so.1 │ ├── libc.so.6 │ ├── libcms_boardctl.so │ ├── libcms_msg.so │ ├── libcms_util.so │ ├── libcrypt.so │ ├── libcrypt.so.1 │ ├── libcrypto.so.1.0.0 │ ├── libcrypto.so.1.1 │ ├── libdl.so.2 │ ├── libfloat.so.1 │ ├── libgcc_s.so.1 │ ├── libjson.so.0 │ ├── libm.so.0 │ ├── libm.so.1 │ ├── libm.so.6 │ ├── libpam.so.0 │ ├── libpam_misc.so.0 │ ├── libpopt.so.0 │ ├── libptcsrv.so │ ├── libresolv.so.2 │ ├── libselinux.so.1 │ ├── libsepol.so.1 │ └── libubox.so ├── libbcm_crc.so ├── libbcm_flashutil.so ├── libblobmsg_json.so ├── libc.so ├── libc.so.0 ├── libc.so.1 ├── libc.so.6 ├── libcms_boardctl.so ├── libcms_msg.so ├── libcms_util.so ├── libcrypt.so ├── libcrypt.so.1 ├── libcrypto.so.1.0.0 ├── libcrypto.so.1.1 ├── libdl.so.2 ├── libfloat.so.1 ├── libgcc_s.so.1 ├── libjson.so.0 ├── libm.so.0 ├── libm.so.1 ├── libm.so.6 ├── libpam.so.0 ├── libpam_misc.so.0 ├── libpopt.so.0 ├── libptcsrv.so ├── libresolv.so.2 ├── libselinux.so.1 ├── libsepol.so.1 ├── libubox.so └── usr │ ├── ld-linux-armhf.so.3 │ ├── ld-linux.so.3 │ ├── ld-uClibc.so.0 │ ├── libbcm_crc.so │ ├── libbcm_flashutil.so │ ├── libblobmsg_json.so │ ├── libc.so │ ├── libc.so.0 │ ├── libc.so.1 │ ├── libc.so.6 │ ├── libcms_boardctl.so │ ├── libcms_msg.so │ ├── libcms_util.so │ ├── libcrypt.so │ ├── libcrypt.so.1 │ ├── libcrypto.so.1.0.0 │ ├── libcrypto.so.1.1 │ ├── libdl.so.2 │ ├── libfloat.so.1 │ ├── libgcc_s.so.1 │ ├── libjson.so.0 │ ├── libm.so.0 │ ├── libm.so.1 │ ├── libm.so.6 │ ├── libpam.so.0 │ ├── libpam_misc.so.0 │ ├── libpopt.so.0 │ ├── libptcsrv.so │ ├── libresolv.so.2 │ ├── libselinux.so.1 │ ├── libsepol.so.1 │ └── libubox.so ├── automation_src ├── __init__.py ├── afl_fuzz.py ├── afl_stats.py ├── fuzz_multiple_targets.py ├── fuzz_one_target_main.py └── run_busybox_target.py └── demo_samples ├── input_collection ├── sample1x86 └── sample2x86 ├── output_dir_structure.md └── sample_corpus_awk └── 1.awk /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 Asmita 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # FuzzingBusyBox_LLM 2 | We have performed fuzzing on BusyBox target extracted from firmware of real-world embedded products (Firmware database provided by [NetRise](https://www.netrise.io/)). 3 | Apart from fuzzing using AFL++, we have leveraged LLM (Using OpenAI GPT-4) for initial input generation, followed by adding crash reuse technique to the pipline. 4 | This repo is for paper : *"Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing", Usenix 2024* 5 | 6 | * The automation script to perform fuzzing on a large batch of BusyBox target binaries using AFL++ is provided in *automation_src* folder. Note : *Currently it is for busybox awk applet fuzzing, 7 | change `afl_fuzz_command`(afl_fuzz.py) in case of different applet* 8 | * Target architecture : x86_64 and ARM_32 9 | * Command : 10 | `python3 fuzz_multiple_targets.py --input /path/to/binary/collection --arch ARM_32/x86_64 --corpus /path/to/corpus --output /path/for/output --afl-path path/of/afl --run-time required_runtime --depend arm_dependecies_in_case_of_arm ` 11 | * `fuzz_multiple_targets.py` is the main script that takes in a bunch of collected BusyBox target binaries, perform fuzzing on each target using AFL++ till the runtime provided by the user. ANd after fuzzing is done, it stores the fuzzing stats (json) of all the target in the output directory. 12 | 13 | ## Dependencies 14 | * For x86_64 based target, install [AFL++](https://github.com/AFLplusplus/AFLplusplus) in Qemu_mode 15 | * For running arm based target on x86 machine, we need to build AFL++ in Qemu mode for ARM arch, and fix arm based dependencies. We have provided some of them in `arm_dependencies` folder. Or you can pull docker image `asmitaj08/afl-qemu-arm` 16 | 17 | -------------------------------------------------------------------------------- /arm_depedencies/ld-linux-armhf.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/ld-linux-armhf.so.3 -------------------------------------------------------------------------------- /arm_depedencies/ld-linux.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/ld-linux.so.3 -------------------------------------------------------------------------------- /arm_depedencies/ld-uClibc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/ld-uClibc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/ld-linux-armhf.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/ld-linux-armhf.so.3 -------------------------------------------------------------------------------- /arm_depedencies/lib/ld-linux.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/ld-linux.so.3 -------------------------------------------------------------------------------- /arm_depedencies/lib/ld-uClibc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/ld-uClibc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libbcm_crc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libbcm_crc.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libbcm_flashutil.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libbcm_flashutil.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libblobmsg_json.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libblobmsg_json.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libc.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libc.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libc.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libc.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libc.so.6 -------------------------------------------------------------------------------- /arm_depedencies/lib/libcms_boardctl.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcms_boardctl.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libcms_msg.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcms_msg.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libcms_util.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcms_util.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libcrypt.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcrypt.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libcrypt.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcrypt.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libcrypto.so.1.0.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcrypto.so.1.0.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libcrypto.so.1.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libcrypto.so.1.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libdl.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libdl.so.2 -------------------------------------------------------------------------------- /arm_depedencies/lib/libfloat.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libfloat.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libgcc_s.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libgcc_s.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libjson.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libjson.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libm.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libm.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libm.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libm.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libm.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libm.so.6 -------------------------------------------------------------------------------- /arm_depedencies/lib/libpam.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libpam.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libpam_misc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libpam_misc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libpopt.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libpopt.so.0 -------------------------------------------------------------------------------- /arm_depedencies/lib/libptcsrv.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libptcsrv.so -------------------------------------------------------------------------------- /arm_depedencies/lib/libresolv.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libresolv.so.2 -------------------------------------------------------------------------------- /arm_depedencies/lib/libselinux.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libselinux.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libsepol.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libsepol.so.1 -------------------------------------------------------------------------------- /arm_depedencies/lib/libubox.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/lib/libubox.so -------------------------------------------------------------------------------- /arm_depedencies/libbcm_crc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libbcm_crc.so -------------------------------------------------------------------------------- /arm_depedencies/libbcm_flashutil.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libbcm_flashutil.so -------------------------------------------------------------------------------- /arm_depedencies/libblobmsg_json.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libblobmsg_json.so -------------------------------------------------------------------------------- /arm_depedencies/libc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libc.so -------------------------------------------------------------------------------- /arm_depedencies/libc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libc.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libc.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libc.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libc.so.6 -------------------------------------------------------------------------------- /arm_depedencies/libcms_boardctl.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcms_boardctl.so -------------------------------------------------------------------------------- /arm_depedencies/libcms_msg.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcms_msg.so -------------------------------------------------------------------------------- /arm_depedencies/libcms_util.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcms_util.so -------------------------------------------------------------------------------- /arm_depedencies/libcrypt.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcrypt.so -------------------------------------------------------------------------------- /arm_depedencies/libcrypt.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcrypt.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libcrypto.so.1.0.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcrypto.so.1.0.0 -------------------------------------------------------------------------------- /arm_depedencies/libcrypto.so.1.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libcrypto.so.1.1 -------------------------------------------------------------------------------- /arm_depedencies/libdl.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libdl.so.2 -------------------------------------------------------------------------------- /arm_depedencies/libfloat.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libfloat.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libgcc_s.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libgcc_s.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libjson.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libjson.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libm.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libm.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libm.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libm.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libm.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libm.so.6 -------------------------------------------------------------------------------- /arm_depedencies/libpam.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libpam.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libpam_misc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libpam_misc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libpopt.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libpopt.so.0 -------------------------------------------------------------------------------- /arm_depedencies/libptcsrv.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libptcsrv.so -------------------------------------------------------------------------------- /arm_depedencies/libresolv.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libresolv.so.2 -------------------------------------------------------------------------------- /arm_depedencies/libselinux.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libselinux.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libsepol.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libsepol.so.1 -------------------------------------------------------------------------------- /arm_depedencies/libubox.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/libubox.so -------------------------------------------------------------------------------- /arm_depedencies/usr/ld-linux-armhf.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/ld-linux-armhf.so.3 -------------------------------------------------------------------------------- /arm_depedencies/usr/ld-linux.so.3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/ld-linux.so.3 -------------------------------------------------------------------------------- /arm_depedencies/usr/ld-uClibc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/ld-uClibc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libbcm_crc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libbcm_crc.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libbcm_flashutil.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libbcm_flashutil.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libblobmsg_json.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libblobmsg_json.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libc.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libc.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libc.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libc.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libc.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libc.so.6 -------------------------------------------------------------------------------- /arm_depedencies/usr/libcms_boardctl.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcms_boardctl.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libcms_msg.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcms_msg.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libcms_util.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcms_util.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libcrypt.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcrypt.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libcrypt.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcrypt.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libcrypto.so.1.0.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcrypto.so.1.0.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libcrypto.so.1.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libcrypto.so.1.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libdl.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libdl.so.2 -------------------------------------------------------------------------------- /arm_depedencies/usr/libfloat.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libfloat.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libgcc_s.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libgcc_s.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libjson.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libjson.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libm.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libm.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libm.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libm.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libm.so.6: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libm.so.6 -------------------------------------------------------------------------------- /arm_depedencies/usr/libpam.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libpam.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libpam_misc.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libpam_misc.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libpopt.so.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libpopt.so.0 -------------------------------------------------------------------------------- /arm_depedencies/usr/libptcsrv.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libptcsrv.so -------------------------------------------------------------------------------- /arm_depedencies/usr/libresolv.so.2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libresolv.so.2 -------------------------------------------------------------------------------- /arm_depedencies/usr/libselinux.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libselinux.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libsepol.so.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libsepol.so.1 -------------------------------------------------------------------------------- /arm_depedencies/usr/libubox.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/arm_depedencies/usr/libubox.so -------------------------------------------------------------------------------- /automation_src/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/automation_src/__init__.py -------------------------------------------------------------------------------- /automation_src/afl_fuzz.py: -------------------------------------------------------------------------------- 1 | import os 2 | import subprocess 3 | from afl_stats import * 4 | import time 5 | import signal 6 | import shutil 7 | import asyncio 8 | 9 | # Currently it is for busybox awk applet fuzzing, 10 | # change afl_fuzz_command in case of different applet 11 | def afl_fuzz_run(target_binary : str, 12 | input_corpus : str, 13 | output_dir : str, 14 | arch : str, 15 | path_to_afl_fuzz: str = 'afl-fuzz', 16 | run_time : int = 3600, 17 | dependency : str = "", 18 | additional_flags: list =None, 19 | env_list: list=None, 20 | hide_output: bool=False,) -> None: 21 | 22 | afl_fuzz_command = [] 23 | 24 | if env_list != "": 25 | env_vars = env_list.split(",") 26 | print(f"env_list : {env_vars}") 27 | for env_var in env_vars : 28 | key, val = env_var.split("=") 29 | print(f'setting env var : {key} to {val}') 30 | os.environ[key] = val 31 | print(f'Verifying if it was actually set. The set value is : {os.environ.get(key)}') 32 | 33 | 34 | afl_fuzz_command += [ 35 | path_to_afl_fuzz, 36 | '-Q', 37 | '-i', 38 | input_corpus, 39 | '-o', 40 | output_dir, 41 | ] 42 | 43 | if additional_flags != "": 44 | flag_vars = additional_flags.split(",") 45 | print(f'Additional flags : {flag_vars}') 46 | for flag_var in flag_vars : 47 | keyf, valf = flag_var.split("=") 48 | print(f'Key : {keyf}, val : {valf}') 49 | if valf != 'none' : 50 | flag_val = '-' + keyf + ' ' + valf 51 | print(f'Flag : {flag_val}') 52 | afl_fuzz_command.append(flag_val) 53 | else : 54 | flag_val1 = '-' + keyf 55 | print(f'Flag1: {flag_val1}') 56 | afl_fuzz_command.append(flag_val1) 57 | 58 | 59 | afl_fuzz_command += [ 60 | '--', 61 | target_binary, 62 | 'awk', 63 | '-f', 64 | '@@', 65 | ] 66 | 67 | # Check if the output directory already exists 68 | if os.path.exists(output_dir): 69 | # Delete the directory 70 | subprocess.run(['rm', '-rf' , output_dir]) 71 | print(f'Directory {output_dir} deleted') 72 | 73 | print(f'Run time : {run_time}') 74 | print('Running command: ' + ' '.join(afl_fuzz_command)) 75 | 76 | 77 | if dependency != "" : # Not needed here as already done in run_target 78 | # Set the LD_LIBRARY_PATH environment variable. 79 | os.putenv('LD_LIBRARY_PATH', dependency) 80 | 81 | output_stream = subprocess.PIPE if hide_output else None 82 | try : 83 | afl_fuzz_run_process = subprocess.Popen(afl_fuzz_command, stdout=output_stream, stdin=output_stream) 84 | time.sleep(60) 85 | print("reading fuzz stat file \n") 86 | return_val , read_fuzz_stats_dict = get_afl_fuzz_stats(output_dir) 87 | print(f'Fuzzing stats return val : {return_val}') 88 | if return_val == False: 89 | print("Cannot read fuzzer_stats file in start. Exiting!!") 90 | exit(1) 91 | 92 | 93 | print(f'Fuzzing stats file exists. \n') 94 | print(f'Fuzzing stats return val : {return_val} \n') 95 | # Run afl-fuzz until given run_time 96 | while (int(read_fuzz_stats_dict['run_time'])) < run_time : 97 | return_val , read_fuzz_stats_dict = get_afl_fuzz_stats(output_dir) 98 | print(f"Fuzzing cycle: {read_fuzz_stats_dict['run_time']}") 99 | 100 | if (int(read_fuzz_stats_dict['run_time'])) >= run_time: 101 | print(f'{run_time} seconds completed.\n') 102 | print("Terminating fuzzer process \n") 103 | afl_fuzz_run_process.terminate() 104 | return 2 105 | time.sleep(1) 106 | except KeyboardInterrupt: 107 | print(f"KeyboardInterrupt") 108 | return 2 109 | 110 | except subprocess.CalledProcessError as e: 111 | print(f"Fuzzing failed for unknown reason. Error : \n {e.output}") 112 | return 1 113 | 114 | -------------------------------------------------------------------------------- /automation_src/afl_stats.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | 4 | def get_afl_fuzz_stats(fuzz_output_dir : str, end_fuzz: bool = False) -> dict : 5 | """ Dump fuzzin status after fuzzing is completed""" 6 | 7 | stats_file = os.path.join(fuzz_output_dir, 'default/fuzzer_stats') 8 | # print(f'Fuzzer stats file path : {stats_file}') 9 | stats_file_dict = {} 10 | if not os.path.exists(stats_file): 11 | print(f'Cannot find fuzzer_stats file : {stats_file}') 12 | return False , stats_file_dict 13 | 14 | # with open(stats_file, encoding='utf-8') as fuzz_stat_file : 15 | # stats_file_lines = fuzz_stat_file.read().splitlines() 16 | fuzz_stat_file = open(stats_file, encoding='utf-8') 17 | stats_file_lines = fuzz_stat_file.read().splitlines() 18 | 19 | if end_fuzz == True: 20 | fuzz_stat_file.close() 21 | 22 | for stat_line in stats_file_lines : 23 | key, value = stat_line.split(': ') 24 | stats_file_dict[key.strip()] = value.strip() 25 | 26 | return True, stats_file_dict 27 | -------------------------------------------------------------------------------- /automation_src/fuzz_multiple_targets.py: -------------------------------------------------------------------------------- 1 | import os 2 | import subprocess 3 | import argparse 4 | import shutil 5 | 6 | def get_user_input() : 7 | parser = argparse.ArgumentParser( 8 | prog = 'Run fuzzer - multiple target', 9 | description = 'Run fuzzing on multiple target' 10 | ) 11 | parser.add_argument("--input", dest='target_binary_collection_dir', help = 'Enter the path of the input dir that contains bunch of target binaries to be fuzzed', required=True) 12 | parser.add_argument("--arch",dest='target_architecture', help = 'Specify the architecture of the target binary', 13 | choices = ['x86_64', 'ARM_32'], required=True) 14 | parser.add_argument("--corpus",dest='input_corpus', help = 'Enter the path of input corpus', required=True) 15 | parser.add_argument("--output",dest='output_dir', help = 'Enter the path for output dir', required=True) 16 | parser.add_argument("--afl-path",dest='afl_dir_path', default='/usr/bin/', help = 'Enter the path of dir that contains afl-fuzz executables, if other than the default system path' ) 17 | parser.add_argument("--run-time",dest='run_time', default='3600', help = 'Enter the run time in seconds for which you want to run AFL++' ) 18 | parser.add_argument("--depend", dest='dependency_path', default="", help = 'Provide the path of dir containing the library dependencies if any') 19 | parser.add_argument("--envs", dest='env_list', default="", help = "Provide the list of env variables to be set. NB : provide in format (no space) 'ENV1=val1','ENV2=val2'") 20 | parser.add_argument("--flags", dest='additional_flags_list', default="", help = "Provide the list of additional flags like 'c=0','M=none' (no space): none if no value is assigned to that flag") 21 | 22 | 23 | args = parser.parse_args() 24 | return args 25 | 26 | 27 | 28 | if __name__=='__main__' : 29 | args = get_user_input() 30 | target_binary_collection_dir = args.target_binary_collection_dir 31 | target_architecure = args.target_architecture 32 | input_corpus_path = args.input_corpus 33 | output_dir = args.output_dir 34 | afl_dir_path = args.afl_dir_path 35 | run_time = args.run_time 36 | dependency_path = args.dependency_path 37 | env_list = args.env_list 38 | additional_flags_list = args.additional_flags_list 39 | 40 | 41 | if not os.path.exists(output_dir): 42 | os.makedirs(output_dir) 43 | 44 | if not os.path.exists(afl_dir_path): 45 | print('Error afl-fuzz path: {afl_dir_path} not found') 46 | exit(1) 47 | 48 | if not os.path.exists(input_corpus_path): 49 | print('Error input_corpus: {input_corpus_path} not found') 50 | exit(1) 51 | 52 | if not os.path.exists(target_binary_collection_dir): 53 | print('Error binary_collection: {target_binary_collection_dir} not found') 54 | exit(1) 55 | 56 | if dependency_path != "" : 57 | print(f'Arm dependency file provided : {dependency_path}') 58 | if not os.path.exists(dependency_path) : 59 | print(f'Error: arm_dependencies_path not found !!') 60 | exit(1) 61 | 62 | 63 | 64 | stats_json_dump_dir = os.path.join(output_dir, 'json_dumps') 65 | if not os.path.exists(stats_json_dump_dir): 66 | os.makedirs(stats_json_dump_dir) 67 | 68 | files = os.listdir(target_binary_collection_dir) 69 | print(f'No. of targets : {len(files)}') 70 | # processes = [] 71 | failed_target_name_file = os.path.join(output_dir, 'failed_target.txt') 72 | for file in files: 73 | print(f'Target : {file}') 74 | target_output_dir = os.path.join(output_dir, file) 75 | print(f'Target output dir is : {target_output_dir}') 76 | target_run_command = [ 77 | 'python3', 78 | 'fuzz_one_target_main.py', 79 | '--input', 80 | os.path.join(target_binary_collection_dir, file), 81 | '--arch', 82 | target_architecure, 83 | '--corpus', 84 | input_corpus_path, 85 | '--output', 86 | target_output_dir, 87 | '--afl-path', 88 | afl_dir_path, 89 | '--run-time', 90 | run_time, 91 | '--depend', 92 | dependency_path, 93 | '--envs', 94 | env_list, 95 | '--flags', 96 | additional_flags_list, 97 | ] 98 | print(type(target_run_command)) 99 | process = subprocess.Popen(target_run_command) 100 | process.wait() 101 | print(f'Process return code : {process.returncode}') 102 | if process.returncode!= 0: 103 | print(f'Error in target : {file}') 104 | with open(failed_target_name_file, 'a') as f: 105 | f.write(f'{file}\n') 106 | f.close() 107 | 108 | else : 109 | json_filename = file + '.json' 110 | target_json_file = os.path.join(stats_json_dump_dir, json_filename) 111 | shutil.copy(os.path.join(target_output_dir, 'stats.json'), target_json_file) 112 | print(f'The stats json file for target : {file} is at : {target_json_file}') 113 | 114 | -------------------------------------------------------------------------------- /automation_src/fuzz_one_target_main.py: -------------------------------------------------------------------------------- 1 | from afl_fuzz import * 2 | from afl_stats import * 3 | from run_busybox_target import * 4 | import argparse 5 | import shutil 6 | import json 7 | 8 | 9 | def get_user_input() : 10 | parser = argparse.ArgumentParser( 11 | prog = 'Run fuzzer', 12 | description = 'Run fuzzing on a single target' 13 | ) 14 | parser.add_argument("--input", dest='target_binary', help = 'Enter the path of the target binary that you wnat to fuzz', required=True) 15 | parser.add_argument("--arch",dest='target_architecture', help = 'Specify the architecture of the target binary', 16 | choices = ['x86_64', 'ARM_32'], required=True) 17 | parser.add_argument("--corpus",dest='input_corpus', help = 'Enter the path of input corpus', required=True) 18 | parser.add_argument("--output",dest='output_dir', help = 'Enter the path for output dir', required=True) 19 | parser.add_argument("--afl-path",dest='afl_dir_path', default='/usr/local/bin/', help = 'Enter the path of dir that contains afl-fuzz executables, if other than the default system path' ) 20 | parser.add_argument("--run-time",dest='run_time', default='3600', help = 'Enter the run time in seconds for which you want to run AFL++' ) 21 | parser.add_argument("--depend", dest='dependency_path', default="", help = 'Provide the path of dir containing the library dependencies if any') 22 | parser.add_argument("--envs", dest='env_list', default="", help = "Provide the list of env variables to be set. NB : provide in format (no space) 'ENV1=val1','ENV2=val2'") 23 | parser.add_argument("--flags", dest='additional_flags_list', default="", help = "Provide the list of additional flags like 'c=0','M=none' (no space): none if no value is assigned to that flag") 24 | 25 | args = parser.parse_args() 26 | return args 27 | 28 | 29 | 30 | if __name__=='__main__' : 31 | args = get_user_input() 32 | target_binary = args.target_binary 33 | target_architecure = args.target_architecture 34 | input_corpus_path = args.input_corpus 35 | output_dir = args.output_dir 36 | afl_fuzz_path = os.path.join(args.afl_dir_path, "afl-fuzz") 37 | run_time = int(args.run_time) 38 | dependency_path = args.dependency_path 39 | env_list = args.env_list 40 | additional_flags_list = args.additional_flags_list 41 | 42 | print(f'afl_fuzz_path provided : {afl_fuzz_path}') 43 | 44 | if not os.path.exists(output_dir): 45 | os.makedirs(output_dir) 46 | 47 | if not os.path.exists(afl_fuzz_path): 48 | print('Error afl-fuzz path: {afl_fuzz_path} not found') 49 | exit(1) 50 | 51 | if not os.path.exists(input_corpus_path): 52 | print('Error input_corpus: {input_corpus_path} not found') 53 | exit(1) 54 | 55 | if not os.path.exists(target_binary): 56 | print('Error target_binary: {target_binary} not found') 57 | exit(1) 58 | 59 | if dependency_path != "" : 60 | print(f'Arm dependency file provided : {dependency_path}') 61 | if not os.path.exists(dependency_path) : 62 | print(f'Error: arm_dependencies_path not found !!') 63 | exit(1) 64 | 65 | # Rename target_binary as 'busybox' and Copy it in the output_dir 66 | busybox_path = os.path.join(output_dir, "busybox") 67 | shutil.copy(target_binary, busybox_path) 68 | print(f'The targeted busybox path is {busybox_path}') 69 | 70 | busybox_version = run_busybox_target(busybox_path, target_architecure, dependency_path) 71 | 72 | afl_fuzz_output_dir = os.path.join(output_dir, "crash-out") 73 | overall_dict = {'busybox_hash_name' : os.path.basename(target_binary), 'busybox_version' : busybox_version, 'stats' : {}} 74 | # Run afl-fuzz 75 | print(f'Running afl fuzz for target : {target_binary} and arch : {target_architecure} ') 76 | running_status = afl_fuzz_run(target_binary=busybox_path, input_corpus=input_corpus_path,arch=target_architecure, output_dir=afl_fuzz_output_dir,path_to_afl_fuzz=afl_fuzz_path, dependency=dependency_path, run_time=run_time, additional_flags=additional_flags_list, env_list=env_list) 77 | 78 | 79 | if running_status == 2: 80 | print("Reading fuzzing stats") 81 | ret_val , stats_dict = get_afl_fuzz_stats(afl_fuzz_output_dir, True) 82 | if ret_val == False: 83 | print("Cannot read fuzzer_stats file. Exiting!!") 84 | exit(1) 85 | else: 86 | print(running_status) 87 | print("Fuzzing failed unknown error") 88 | exit(1) 89 | 90 | overall_dict['stats'] = stats_dict 91 | print(overall_dict) 92 | with open(os.path.join(output_dir, "stats.json"), 'w') as outfile: 93 | json.dump(overall_dict, outfile) 94 | 95 | print("Dumped the fuzzer stats in stats.json file in dir : {output_dir}") 96 | print("Done") 97 | 98 | 99 | -------------------------------------------------------------------------------- /automation_src/run_busybox_target.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | import os 3 | 4 | def run_busybox_target(busybox_path, arch, dependencies_path = ""): 5 | chmod_result = subprocess.run(['chmod', '+x' , busybox_path]) 6 | if chmod_result.returncode!= 0: 7 | print("Error: chmod failed") 8 | exit(1) 9 | 10 | if dependencies_path != "" : 11 | # Set the LD_LIBRARY_PATH environment variable. 12 | os.putenv('LD_LIBRARY_PATH', dependencies_path) 13 | 14 | # qemu = 'qemu-arm' 15 | if os.path.exists('/usr/bin/qemu-arm') or os.path.exists('/usr/local/bin/qemu-arm'): 16 | qemu = 'qemu-arm' 17 | elif os.path.exists('/usr/bin/qemu-arm-static') or os.path.exists('/usr/local/bin/qemu-arm-static'): 18 | qemu = 'qemu-arm-static' 19 | else: 20 | print("cannot find qemu-arm or qemu-arm-static") 21 | exit(1) 22 | 23 | if arch == 'x86_64' : 24 | busybox_process = subprocess.Popen([busybox_path], stdout=subprocess.PIPE) 25 | busybox_result , busybox_err = busybox_process.communicate() 26 | if busybox_err == None : 27 | print(busybox_result) 28 | busybox_version = busybox_result.decode().split(' ')[1] 29 | print(f'Busybox version : {busybox_version}') 30 | return busybox_version 31 | else : 32 | print(f'Error: busybox_run_err : {busybox_err}') 33 | exit(1) 34 | 35 | elif arch == 'ARM_32' : 36 | busybox_process = subprocess.Popen([qemu, busybox_path], stdout=subprocess.PIPE) 37 | busybox_result , busybox_err = busybox_process.communicate() 38 | if busybox_err == None : 39 | print(busybox_result) 40 | busybox_version = busybox_result.decode().split(' ')[1] 41 | print(f'Busybox version : {busybox_version}') 42 | return busybox_version 43 | else : 44 | print(f'Error: busybox_run_err : {busybox_err}') 45 | exit(1) 46 | 47 | else : 48 | print(f'Error: busybox arch err : {arch} not supported') 49 | exit(1) 50 | 51 | 52 | -------------------------------------------------------------------------------- /demo_samples/input_collection/sample1x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/demo_samples/input_collection/sample1x86 -------------------------------------------------------------------------------- /demo_samples/input_collection/sample2x86: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/asmitaj08/FuzzingBusyBox_LLM/7aec7cfbad9b36712a6af68824eceae1cbd6c3a2/demo_samples/input_collection/sample2x86 -------------------------------------------------------------------------------- /demo_samples/output_dir_structure.md: -------------------------------------------------------------------------------- 1 | - output_dir 2 | - json_dumps *(Directory to store the fuzzing stat output of each of the target provided in the input_collection dir)* 3 | - failed_target.txt *(List of input target filename that failed while execution)* 4 | - multiple dir with same names as the input_targte name *(The number of these dir will be same as the number of input taregt files)* 5 | - busybox file (it's the input target file, just renamed as busybox) 6 | - Default output dir which is the output of afl-fuzz. It has crash, queues,stat and other outpusts from the fuzzer. 7 | 8 | ** N.B : Try to do fuzzing in a different directory as you might se some random data poulated from `awk` script being fuzzed. -------------------------------------------------------------------------------- /demo_samples/sample_corpus_awk/1.awk: -------------------------------------------------------------------------------- 1 | BEGIN { FS=":"; OFS=":" } { print $1, $6 } --------------------------------------------------------------------------------