profile
viewpoint

sangkilc/ofuzz 28

Fuzzing framework written in OCaml

sangkilc/ocaml-exploit 15

A collection of useful functions to write an exploit in OCaml

sangkilc/whyfsharp 10

F# meetup presentation material

sangkilc/libbil 9

libBIL: an intermediate language for binary derived from BAP

sangkilc/ocloud 4

oCloud: controlling cloud nodes via command lines (written in OCaml)

B2R2-org/FsOptParse 3

A single-file FSharp-based command line argument parsing

sangkilc/bddset 2

BddSet: BDD-based set representation

sangkilc/libinput 2

Program Input Representation in OCaml

sangkilc/shelleval 2

ShellCode Evaluator for Linux

sangkilc/ICSE-2020-SV-Handbook 1

ICSE 2020 Student Volunteer Handbook

issue closedSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

So that Eclipser can be used easily on current Linux plus not needing to install all the dependencies required - could you please supply a Dockerfile for Eclipser 2.0? Based on the fuzzbench builder.Dockerfile + runner.Dockerfile this should not be too much work? (I would do it myself, but too much on my plate for afl++ at the moment ...)

closed time in 6 days

vanhauser-thc

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

I think this can be closed now. thanks!

vanhauser-thc

comment created time in 6 days

PR opened SoftSec-KAIST/Fuzzing-Survey

Add Kitty network fuzzer

Kitty network fuzzer added to /data/fuzzers.json

+21 -0

0 comment

1 changed file

pr created time in 6 days

issue commentSoftSec-KAIST/MeanDiff

Missing arithmetic operation - `xadd`

I know there is “xadd", but is there "xadd eax, eax" in the commodity software? Thanks.

mfaerevaag

comment created time in 9 days

issue commentSoftSec-KAIST/MeanDiff

Missing arithmetic operation - `xadd`

It seems that this bug has not been repaired by PyVEX. I supposed that maybe this instruction won't appear in actual software.

mfaerevaag

comment created time in 10 days

push eventSoftSec-KAIST/TikNib

Dongkwan Kim

commit sha 503583c25888f58702997e661e44bd57505d4982

Support IDA Pro v7.5 and update README

view details

push time in 10 days

issue commentSoftSec-KAIST/Fuzzing-Survey

ASE'20 and CCS'20

Happy New Year!

I have problems with MoFuzz:

  1. I cannot find the PDF. Just an abstract.
  2. It's main reference is Zest, a fuzzer from ISSTA 2019. It's referenced often, but we didn't add it so we cannot link. Should we add Zest in the DB? Should we add ISSTA to our selection criteria (it was mentioned several time on Twitter after we did the last update).

Done with the rest :)

sangkilc

comment created time in 16 days

push eventSoftSec-KAIST/Fuzzing-Survey

Valentin Manes

commit sha ece6943379f5e935088c339d0567ac32e1be3a11

Add CSS and ASE 2020

view details

push time in 16 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

And yes, I can maintain aflplusplus_eclipser for future updates in Eclipser.

Although the result is promising, I would prefer not to include aflplusplus_eclipser in the core fuzzer. Since 'AFL++ without cmplog' is not included in the core fuzzer, it may be hard to check the coverage improvement made by Eclipser over the random fuzzing baseline.

vanhauser-thc

comment created time in 18 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

I was assuming that each docker container used for fuzzing was confined to run with a single CPU core. If that was not the case, then I agree the comparison is unfair.

Actually, things get complicated here, because (Eclipser & AFL) will not fully utilize two cores even if if there are enough cores. Since Eclipser was originally intended for a single-core environment, it monitors how effectively it increases coverage, and adaptively yields resource (i.e. sleeps) to give more resource to random fuzzing module (which is AFL in Eclipser v2.0).

In my experience, the Eclipser thread will converge to utilize around 0.25 CPU cores eventually, when fuzzing time is long enough. This makes it hard to design a properly aligned comparison setting. Limiting the docker container to run with a single CPU core seems to be the best option so far.

vanhauser-thc

comment created time in 18 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

The result of integrating Eclipser with AFL++ is interesting. If I understood the code correctly, AFL++ was run without 'cmplog' feature (https://github.com/google/fuzzbench/blob/master/fuzzers/aflplusplus_eclipser/fuzzer.py#L51).

yes

This indicates that AFL++'s 'cmplog' feature (inspired from REDQUEEN) and Eclipser's grey-box concolic testing have almost equivalent effectiveness in increasing coverage. This makes sense because Eclisper and REDQUEEN tried to address the same research problem.

I would not say so, because it is not really a fair comparison. afl/afl++ and eclipser together use 2 CPU cores/threads, whereas aflplusplus (with cmplog) is using only one. So a fair comparison would be running them aginst 2xafl or 2xafl++ (one with cmplog one without).

I did the 2xafl++ (one with cmplog, one without) vs afl++ + eclipser here: https://www.fuzzbench.com/reports/experimental/2020-12-26/ due to a bug in fuzzbench it only completed half of the benchmark time, but it shows that the mono+binary analysis is - unsurprisingly - at a larger disadvantage.

but IMHO this is fine. there is no "the best" fuzzer. because what eclipser does has difference to cmplog it will usualyl find different paths, and that helps in a fuzzing campaign. plus it is easier to deploy than symcc, plus it also works on binary-only fuzzing.

maybe the best comparison would be to run aflplusplus_qemu with cmplog + aflplusplus_qemu without cmplog vs aflplusplus_qemu without cmplog + eclipser.

And I think integrating Eclipser with AFL is still meaningful, because the difference between (Eclipser & AFL) and (AFL) directly shows how effectively Eclipser solved branches that AFL could not cover. So I think it would be the best to keep both (Eclipser & AFL) and (Eclipser & AFL++) in fuzzbench.

I don't mind, I was just curious how that would affect the ranking :) will you take over the aflplusplus_eclipser maintainance for potential upcoming eclipser changes? I could handle any afl++ changes. and do you want it as a core fuzzer?

vanhauser-thc

comment created time in 19 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

I believe it's a good idea to keep the Dockerfile for the latest Eclipser in the pository. Please try this Dockerfile in 'dev' branch.

it build fine, thank you! I would recommend to add ENV DOTNET_CLI_TELEMETRY_OPTOUT 1

vanhauser-thc

comment created time in 19 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

The result of integrating Eclipser with AFL++ is interesting. If I understood the code correctly, AFL++ was run without 'cmplog' feature (https://github.com/google/fuzzbench/blob/master/fuzzers/aflplusplus_eclipser/fuzzer.py#L51).

This indicates that AFL++'s 'cmplog' feature (inspired from REDQUEEN) and Eclipser's grey-box concolic testing have almost equivalent effectiveness in increasing coverage. This makes sense because Eclisper and REDQUEEN tried to address the same research problem.

And I think integrating Eclipser with AFL is still meaningful, because the difference between (Eclipser & AFL) and (AFL) directly shows how effectively Eclipser solved branches that AFL could not cover. So I think it would be the best to keep both (Eclipser & AFL) and (Eclipser & AFL++) in fuzzbench.

vanhauser-thc

comment created time in 19 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

I believe it's a good idea to keep the Dockerfile for the latest Eclipser in the pository. Please try this Dockerfile in 'dev' branch.

vanhauser-thc

comment created time in 19 days

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 18975dcace03885441ec771c72f13e93e41206f2

Add Dockerfile for the latest Eclipser For the early prototype of Eclipser, we had a Dockerfile in a separate repository (artifact evaluation). From now on, we will update Dockerfile in this repository. This commit addresses issue #16.

view details

push time in 19 days

issue commentSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

btw - combining afl++ with eclipser gives it a huge performance improvement, bypassing entropic and libfuzzer: https://www.fuzzbench.com/reports/experimental/2020-12-25/index.html

vanhauser-thc

comment created time in 22 days

issue openedSoftSec-KAIST/Eclipser

Please provide a Dockerfile for Eclipser 2.0

So that Eclipser can be used easily on current Linux plus not needing to install all the dependencies required - could you please supply a Dockerfile for Eclipser 2.0? Based on the fuzzbench builder.Dockerfile + runner.Dockerfile this should not be too much work? (I would do it myself, but too much on my plate for afl++ at the moment ...)

created time in 24 days

issue commentSoftSec-KAIST/Eclipser

Any chance you can fix qemu to work on ubuntu 20.04

It turned our that both qemu-2.10.0 (used in Eclipser 2.0) and qemu-2.3.0 (used in Eclipser 1.1) are affected by this issue.

For Eclipser 2.0, commit c0ae7fd in 'dev' branch resolves this issue.

For Eclipser 1.1, we created a new branch 'v1.x' for the maintenance, and commit 75b1bc8 resolves this issue (there were some force pushes, so please ignore the other commits).

So you can try 'dev' and 'v1.x' branches for Ubuntu 20.04.

agroce

comment created time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 75b1bc8a4590ec199fe21b8b3db4a71e75b8cd54

Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.

view details

push time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 7a64d6968dd9e4e62c176cde68a3a81e865741af

Remove version specification from python dependency Ubuntu 18 and 20 have subtly different package and binary name for python. To avoid confusion, remove version specification of python.

view details

push time in a month

issue commentSoftSec-KAIST/Eclipser

Any chance you can fix qemu to work on ubuntu 20.04

It turned our that both qemu-2.10.0 (used in Eclipser 2.0) and qemu-2.3.0 (used in Eclipser 1.1) are affected by this issue.

For Eclipser 2.0, commit c0ae7fd in 'dev' branch resolves this issue.

For Eclipser 1.1, we created a new branch 'v1.x' for the maintenance, and commit 67804d9 resolves this issue.

So please try 'v1.x' branch for Ubuntu 20.04.

agroce

comment created time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 155fbb24e1a8cf5e2548acc1d266afef6608d2bf

Fix dependency checker script Explicitly check for python2, instead of python.

view details

Jaeseung Choi

commit sha 67804d9e9641e084d6880ea6625da55e38353b91

Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.

view details

push time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 1e6aeea9a295503c16dec0cfe3a9d1d476de8e99

Fix dependency checker script Explicitly check for python2, instead of python.

view details

push time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha c0ae7fd3fbbacd52d21f5526afc67b34bc423241

Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.

view details

push time in a month

create barnchSoftSec-KAIST/Eclipser

branch : v1.x

created branch time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha 829b12110c293f3c52366a0bb60ffe5b47e8ca15

Refactor and cleanup patches for instrumentation After removing basic block counting tracer, more patches can be shared.

view details

push time in a month

push eventSoftSec-KAIST/Eclipser

Jaeseung Choi

commit sha eac7aa58b5b178d0629380d73e6f26b5bdce8ebf

Update README Slightly fix the instruction about fixing `/etc/apt/sources.list`.

view details

Jaeseung Choi

commit sha 59cb9c08018da9f2cbfb50811041a3493dfe155a

Merge branch 'dev'

view details

Jaeseung Choi

commit sha 310220649a4d790f8bc858ef85873399bba79a8c

Merge pull request #14 from SoftSec-KAIST/dev Update Eclipser to v2.0

view details

Jaeseung Choi

commit sha a87e5c8347477ff980d93bdc33b01b5bcd0ef790

Update dependency description in README

view details

Jaeseung Choi

commit sha e5de4e7da274354fbe6eb3551cdfd0761d2c5b33

Fix dependency checker script Explicitly check for python2, instead of python.

view details

Jaeseung Choi

commit sha 9298ac816fa5fcfd715b35db9de62eef3bce904d

Remove basic block counting tracer Since this component is not directly required in the fuzzing process, we will remove it to simplify instrumentor code.

view details

Jaeseung Choi

commit sha ac0b814ad0867d80bce570a0ed67a8804d54fedd

Refactor and cleanup patches for instrumentation After removing basic block counting tracer, more patches can be shared.

view details

push time in a month

issue commentSoftSec-KAIST/Eclipser

Any chance you can fix qemu to work on ubuntu 20.04

Don't stress about it; turns out most of the other tools DeepState uses ALSO fail on 20.04, except AFL and libFuzzer, so we're holding off moving until 20.04 is closer to the fuzzing community's horizon.

agroce

comment created time in a month

issue commentSoftSec-KAIST/Eclipser

Any chance you can fix qemu to work on ubuntu 20.04

I will investigate this issue and try to make Eclipser v1.1 work on Ubuntu 20.04.

agroce

comment created time in a month

issue openedSoftSec-KAIST/Eclipser

Any chance you can fix qemu to work on ubuntu 20.04

Short version: ubuntu 20.04 uses a later glibc, which leads to a failure to build qemu according to the recipe in the v1.1 ("old Eclipser") release. It looks like QEMU has fixed this, but presumably you are tagged to version 2.10.0 for good reasons. Any chance you can incorporate the fix here https://patchwork.openembedded.org/patch/165581/ to get Eclipser 1.1 runnable on 20.04?

We're trying to make a DeepState (https://github.com/trailofbits/deepstate) release that bases off 20.04 instead of 18.04, and we'd like to keep the "old" Eclipser in the fuzzer stable (and add Eclipser 2.0 when we get a chance; the switch to relying on AFL parallel mode makes this non-trivial). But when we try to build from docker, we run into:

/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:235:16: error: static declaration of 'gettid' follows non-static declaration
  235 | _syscall0(int, gettid)
      |                ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:164:13: note: in definition of macro '_syscall0'
  164 | static type name (void)   \
      |             ^~~~
In file included from /usr/include/unistd.h:1170,
                 from /home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:27:
/usr/include/x86_64-linux-gnu/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here
   34 | extern __pid_t gettid (void) __THROW;
      |                ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:235:16: error: static declaration of 'gettid' follows non-static declaration
  235 | _syscall0(int, gettid)
      |                ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:164:13: note: in definition of macro '_syscall0'
  164 | static type name (void)   \
      |             ^~~~
In file included from /usr/include/unistd.h:1170,
                 from /home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:27:
/usr/include/x86_64-linux-gnu/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here
   34 | extern __pid_t gettid (void) __THROW;
      |                ^~~~~~
make[2]: *** [/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/rules.mak:57: linux-user/syscall.o] Error 1
make[1]: *** [Makefile:173: subdir-x86_64-linux-user] Error 2
make[1]: Leaving directory '/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64'
make: *** [Makefile:41: /home/user/Eclipser/Instrumentor/qemu/.compiled_x64] Error 1
make: *** Waiting for unfinished jobs....
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c: In function 'do_syscall':
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:5962:29: warning: implicit declaration of function 'stime'; did you mean 'utime'? [-Wimplicit-function-declaration]
 5962 |             ret = get_errno(stime(&host_time));
      |                             ^~~~~
      |                             utime
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:5962:29: warning: nested extern declaration of 'stime' [-Wnested-externs]
make[2]: *** [/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/rules.mak:57: linux-user/syscall.o] Error 1
make[1]: *** [Makefile:173: subdir-i386-linux-user] Error 2
make[1]: Leaving directory '/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86'
make: *** [Makefile:37: /home/user/Eclipser/Instrumentor/qemu/.compiled_x86] Error 1

There may be other issues preventing Eclipser 1.1 from running on 20.04 but this one seems fixable, if you have time.

created time in a month

more