Setup
Paths
We need setup three paths: GOPATH, IMAGE and KERNEL.
GOPATH is the working directory for syzkaller
IMAGE is for Linux img and KERNEL is for kernel source and binary.
Android_Compile_Setting
File-Transfer
Transfer File Using rsync
native cmd
rsync -avuz –progress source_dir dest_dir
-v, –verbose Verbose output
-q, –quiet suppress message output
- -a, –archive archive files and directory while synchronizing ( -a equal to following options -rlptgoD)
- -r, –recursive sync files and directories recursively
- -b, –backup take the backup during synchronization
- -u, –update don’t copy the files from source to destination if destination files are newer
- -l, –links copy symlinks as symlinks during the sync
- -n, –dry-run perform a trial run without synchronization
- -e, –rsh=COMMAND mention the remote shell to use in rsync
- -z, –compress compress file data during the transfer
- -h, –human-readable display the output numbers in a human-readable format
- –progress show the sync progress during transfer
parallelled wrapper
http://moo.nac.uci.edu/~hjm/parsync/
./parsyncfp –NP=6 –startdir = ‘/home/zl/fuzz’ ./ remote_user@remote_ip:remote_dir
AFL-StarterKit
目标程序源代码
首先准备测试的目标程序1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
int vuln(char *str)
{
int len = strlen(str);
//如果输入的字符串的首字符为A并且长度为66,则异常退出
if(str[0] == 'A' && len == 66)
{
raise(SIGSEGV);
}
//如果输入的字符串的首字符为F并且长度为6,则异常退出
else if(str[0] == 'F' && len == 6)
{
raise(SIGSEGV);
}
else
{
printf("\nit is good!\n");
}
return 0;
}
int main(int argc, char *argv[])
{
int i;
char buf[100]={0};
printf( "Enter a value :");
scanf("%d", &i);
if ((i % 2) == 1)
{
getchar();
printf("Odd\nPlease enter a string: ");
gets(buf);//存在栈溢出漏洞
printf(buf);//存在格式化字符串漏洞
vuln(buf);
}
else
{
printf("Even\n");
}
return 0;
}