Fuzzing framework written in OCaml
A collection of useful functions to write an exploit in OCaml
F# meetup presentation material
libBIL: an intermediate language for binary derived from BAP
oCloud: controlling cloud nodes via command lines (written in OCaml)
A single-file FSharp-based command line argument parsing
BddSet: BDD-based set representation
Program Input Representation in OCaml
ShellCode Evaluator for Linux
sangkilc/ICSE-2020-SV-Handbook 1
ICSE 2020 Student Volunteer Handbook
issue closedSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
So that Eclipser can be used easily on current Linux plus not needing to install all the dependencies required - could you please supply a Dockerfile for Eclipser 2.0? Based on the fuzzbench builder.Dockerfile + runner.Dockerfile this should not be too much work? (I would do it myself, but too much on my plate for afl++ at the moment ...)
closed time in 6 days
vanhauser-thcissue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
I think this can be closed now. thanks!
comment created time in 6 days
PR opened SoftSec-KAIST/Fuzzing-Survey
Kitty network fuzzer added to /data/fuzzers.json
pr created time in 6 days
issue commentSoftSec-KAIST/MeanDiff
Missing arithmetic operation - `xadd`
I know there is “xadd", but is there "xadd eax, eax" in the commodity software? Thanks.
comment created time in 9 days
issue commentSoftSec-KAIST/MeanDiff
Missing arithmetic operation - `xadd`
It seems that this bug has not been repaired by PyVEX. I supposed that maybe this instruction won't appear in actual software.
comment created time in 10 days
push eventSoftSec-KAIST/TikNib
commit sha 503583c25888f58702997e661e44bd57505d4982
Support IDA Pro v7.5 and update README
push time in 10 days
issue commentSoftSec-KAIST/Fuzzing-Survey
Happy New Year!
I have problems with MoFuzz:
- I cannot find the PDF. Just an abstract.
- It's main reference is Zest, a fuzzer from ISSTA 2019. It's referenced often, but we didn't add it so we cannot link. Should we add Zest in the DB? Should we add ISSTA to our selection criteria (it was mentioned several time on Twitter after we did the last update).
Done with the rest :)
comment created time in 16 days
push eventSoftSec-KAIST/Fuzzing-Survey
commit sha ece6943379f5e935088c339d0567ac32e1be3a11
Add CSS and ASE 2020
push time in 16 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
And yes, I can maintain aflplusplus_eclipser for future updates in Eclipser.
Although the result is promising, I would prefer not to include aflplusplus_eclipser in the core fuzzer. Since 'AFL++ without cmplog' is not included in the core fuzzer, it may be hard to check the coverage improvement made by Eclipser over the random fuzzing baseline.
comment created time in 18 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
I was assuming that each docker container used for fuzzing was confined to run with a single CPU core. If that was not the case, then I agree the comparison is unfair.
Actually, things get complicated here, because (Eclipser & AFL) will not fully utilize two cores even if if there are enough cores. Since Eclipser was originally intended for a single-core environment, it monitors how effectively it increases coverage, and adaptively yields resource (i.e. sleeps) to give more resource to random fuzzing module (which is AFL in Eclipser v2.0).
In my experience, the Eclipser thread will converge to utilize around 0.25 CPU cores eventually, when fuzzing time is long enough. This makes it hard to design a properly aligned comparison setting. Limiting the docker container to run with a single CPU core seems to be the best option so far.
comment created time in 18 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
The result of integrating Eclipser with AFL++ is interesting. If I understood the code correctly, AFL++ was run without 'cmplog' feature (https://github.com/google/fuzzbench/blob/master/fuzzers/aflplusplus_eclipser/fuzzer.py#L51).
yes
This indicates that AFL++'s 'cmplog' feature (inspired from REDQUEEN) and Eclipser's grey-box concolic testing have almost equivalent effectiveness in increasing coverage. This makes sense because Eclisper and REDQUEEN tried to address the same research problem.
I would not say so, because it is not really a fair comparison. afl/afl++ and eclipser together use 2 CPU cores/threads, whereas aflplusplus (with cmplog) is using only one. So a fair comparison would be running them aginst 2xafl or 2xafl++ (one with cmplog one without).
I did the 2xafl++ (one with cmplog, one without) vs afl++ + eclipser here: https://www.fuzzbench.com/reports/experimental/2020-12-26/ due to a bug in fuzzbench it only completed half of the benchmark time, but it shows that the mono+binary analysis is - unsurprisingly - at a larger disadvantage.
but IMHO this is fine. there is no "the best" fuzzer. because what eclipser does has difference to cmplog it will usualyl find different paths, and that helps in a fuzzing campaign. plus it is easier to deploy than symcc, plus it also works on binary-only fuzzing.
maybe the best comparison would be to run aflplusplus_qemu with cmplog + aflplusplus_qemu without cmplog vs aflplusplus_qemu without cmplog + eclipser.
And I think integrating Eclipser with AFL is still meaningful, because the difference between (Eclipser & AFL) and (AFL) directly shows how effectively Eclipser solved branches that AFL could not cover. So I think it would be the best to keep both (Eclipser & AFL) and (Eclipser & AFL++) in fuzzbench.
I don't mind, I was just curious how that would affect the ranking :) will you take over the aflplusplus_eclipser maintainance for potential upcoming eclipser changes? I could handle any afl++ changes. and do you want it as a core fuzzer?
comment created time in 19 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
I believe it's a good idea to keep the Dockerfile for the latest Eclipser in the pository. Please try this Dockerfile in 'dev' branch.
it build fine, thank you!
I would recommend to add ENV DOTNET_CLI_TELEMETRY_OPTOUT 1
comment created time in 19 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
The result of integrating Eclipser with AFL++ is interesting. If I understood the code correctly, AFL++ was run without 'cmplog' feature (https://github.com/google/fuzzbench/blob/master/fuzzers/aflplusplus_eclipser/fuzzer.py#L51).
This indicates that AFL++'s 'cmplog' feature (inspired from REDQUEEN) and Eclipser's grey-box concolic testing have almost equivalent effectiveness in increasing coverage. This makes sense because Eclisper and REDQUEEN tried to address the same research problem.
And I think integrating Eclipser with AFL is still meaningful, because the difference between (Eclipser & AFL) and (AFL) directly shows how effectively Eclipser solved branches that AFL could not cover. So I think it would be the best to keep both (Eclipser & AFL) and (Eclipser & AFL++) in fuzzbench.
comment created time in 19 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
I believe it's a good idea to keep the Dockerfile for the latest Eclipser in the pository. Please try this Dockerfile in 'dev' branch.
comment created time in 19 days
push eventSoftSec-KAIST/Eclipser
commit sha 18975dcace03885441ec771c72f13e93e41206f2
Add Dockerfile for the latest Eclipser For the early prototype of Eclipser, we had a Dockerfile in a separate repository (artifact evaluation). From now on, we will update Dockerfile in this repository. This commit addresses issue #16.
push time in 19 days
issue commentSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
btw - combining afl++ with eclipser gives it a huge performance improvement, bypassing entropic and libfuzzer: https://www.fuzzbench.com/reports/experimental/2020-12-25/index.html
comment created time in 22 days
issue openedSoftSec-KAIST/Eclipser
Please provide a Dockerfile for Eclipser 2.0
So that Eclipser can be used easily on current Linux plus not needing to install all the dependencies required - could you please supply a Dockerfile for Eclipser 2.0? Based on the fuzzbench builder.Dockerfile + runner.Dockerfile this should not be too much work? (I would do it myself, but too much on my plate for afl++ at the moment ...)
created time in 24 days
issue commentSoftSec-KAIST/Eclipser
Any chance you can fix qemu to work on ubuntu 20.04
It turned our that both qemu-2.10.0 (used in Eclipser 2.0) and qemu-2.3.0 (used in Eclipser 1.1) are affected by this issue.
For Eclipser 2.0, commit c0ae7fd in 'dev' branch resolves this issue.
For Eclipser 1.1, we created a new branch 'v1.x' for the maintenance, and commit 75b1bc8 resolves this issue (there were some force pushes, so please ignore the other commits).
So you can try 'dev' and 'v1.x' branches for Ubuntu 20.04.
comment created time in a month
push eventSoftSec-KAIST/Eclipser
commit sha 75b1bc8a4590ec199fe21b8b3db4a71e75b8cd54
Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.
push time in a month
push eventSoftSec-KAIST/Eclipser
commit sha 7a64d6968dd9e4e62c176cde68a3a81e865741af
Remove version specification from python dependency Ubuntu 18 and 20 have subtly different package and binary name for python. To avoid confusion, remove version specification of python.
push time in a month
issue commentSoftSec-KAIST/Eclipser
Any chance you can fix qemu to work on ubuntu 20.04
It turned our that both qemu-2.10.0 (used in Eclipser 2.0) and qemu-2.3.0 (used in Eclipser 1.1) are affected by this issue.
For Eclipser 2.0, commit c0ae7fd in 'dev' branch resolves this issue.
For Eclipser 1.1, we created a new branch 'v1.x' for the maintenance, and commit 67804d9 resolves this issue.
So please try 'v1.x' branch for Ubuntu 20.04.
comment created time in a month
push eventSoftSec-KAIST/Eclipser
commit sha 155fbb24e1a8cf5e2548acc1d266afef6608d2bf
Fix dependency checker script Explicitly check for python2, instead of python.
commit sha 67804d9e9641e084d6880ea6625da55e38353b91
Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.
push time in a month
push eventSoftSec-KAIST/Eclipser
commit sha 1e6aeea9a295503c16dec0cfe3a9d1d476de8e99
Fix dependency checker script Explicitly check for python2, instead of python.
push time in a month
push eventSoftSec-KAIST/Eclipser
commit sha c0ae7fd3fbbacd52d21f5526afc67b34bc423241
Fix Ubuntu 20.04 build issue Ubuntu 20.04 uses a newer version of glibc, which raises a QEMU build error. Backport several patches from upstream QEMU to fix this error. This commit resolves issue #15.
push time in a month
push eventSoftSec-KAIST/Eclipser
commit sha 829b12110c293f3c52366a0bb60ffe5b47e8ca15
Refactor and cleanup patches for instrumentation After removing basic block counting tracer, more patches can be shared.
push time in a month
push eventSoftSec-KAIST/Eclipser
commit sha eac7aa58b5b178d0629380d73e6f26b5bdce8ebf
Update README Slightly fix the instruction about fixing `/etc/apt/sources.list`.
commit sha 59cb9c08018da9f2cbfb50811041a3493dfe155a
Merge branch 'dev'
commit sha 310220649a4d790f8bc858ef85873399bba79a8c
Merge pull request #14 from SoftSec-KAIST/dev Update Eclipser to v2.0
commit sha a87e5c8347477ff980d93bdc33b01b5bcd0ef790
Update dependency description in README
commit sha e5de4e7da274354fbe6eb3551cdfd0761d2c5b33
Fix dependency checker script Explicitly check for python2, instead of python.
commit sha 9298ac816fa5fcfd715b35db9de62eef3bce904d
Remove basic block counting tracer Since this component is not directly required in the fuzzing process, we will remove it to simplify instrumentor code.
commit sha ac0b814ad0867d80bce570a0ed67a8804d54fedd
Refactor and cleanup patches for instrumentation After removing basic block counting tracer, more patches can be shared.
push time in a month
issue commentSoftSec-KAIST/Eclipser
Any chance you can fix qemu to work on ubuntu 20.04
Don't stress about it; turns out most of the other tools DeepState uses ALSO fail on 20.04, except AFL and libFuzzer, so we're holding off moving until 20.04 is closer to the fuzzing community's horizon.
comment created time in a month
issue commentSoftSec-KAIST/Eclipser
Any chance you can fix qemu to work on ubuntu 20.04
I will investigate this issue and try to make Eclipser v1.1 work on Ubuntu 20.04.
comment created time in a month
issue openedSoftSec-KAIST/Eclipser
Any chance you can fix qemu to work on ubuntu 20.04
Short version: ubuntu 20.04 uses a later glibc, which leads to a failure to build qemu according to the recipe in the v1.1 ("old Eclipser") release. It looks like QEMU has fixed this, but presumably you are tagged to version 2.10.0 for good reasons. Any chance you can incorporate the fix here https://patchwork.openembedded.org/patch/165581/ to get Eclipser 1.1 runnable on 20.04?
We're trying to make a DeepState (https://github.com/trailofbits/deepstate) release that bases off 20.04 instead of 18.04, and we'd like to keep the "old" Eclipser in the fuzzer stable (and add Eclipser 2.0 when we get a chance; the switch to relying on AFL parallel mode makes this non-trivial). But when we try to build from docker, we run into:
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:235:16: error: static declaration of 'gettid' follows non-static declaration
235 | _syscall0(int, gettid)
| ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:164:13: note: in definition of macro '_syscall0'
164 | static type name (void) \
| ^~~~
In file included from /usr/include/unistd.h:1170,
from /home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/linux-user/syscall.c:27:
/usr/include/x86_64-linux-gnu/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here
34 | extern __pid_t gettid (void) __THROW;
| ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:235:16: error: static declaration of 'gettid' follows non-static declaration
235 | _syscall0(int, gettid)
| ^~~~~~
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:164:13: note: in definition of macro '_syscall0'
164 | static type name (void) \
| ^~~~
In file included from /usr/include/unistd.h:1170,
from /home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:27:
/usr/include/x86_64-linux-gnu/bits/unistd_ext.h:34:16: note: previous declaration of 'gettid' was here
34 | extern __pid_t gettid (void) __THROW;
| ^~~~~~
make[2]: *** [/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64/rules.mak:57: linux-user/syscall.o] Error 1
make[1]: *** [Makefile:173: subdir-x86_64-linux-user] Error 2
make[1]: Leaving directory '/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x64'
make: *** [Makefile:41: /home/user/Eclipser/Instrumentor/qemu/.compiled_x64] Error 1
make: *** Waiting for unfinished jobs....
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c: In function 'do_syscall':
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:5962:29: warning: implicit declaration of function 'stime'; did you mean 'utime'? [-Wimplicit-function-declaration]
5962 | ret = get_errno(stime(&host_time));
| ^~~~~
| utime
/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/linux-user/syscall.c:5962:29: warning: nested extern declaration of 'stime' [-Wnested-externs]
make[2]: *** [/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86/rules.mak:57: linux-user/syscall.o] Error 1
make[1]: *** [Makefile:173: subdir-i386-linux-user] Error 2
make[1]: Leaving directory '/home/user/Eclipser/Instrumentor/qemu/qemu-2.3.0-pathcov-x86'
make: *** [Makefile:37: /home/user/Eclipser/Instrumentor/qemu/.compiled_x86] Error 1
There may be other issues preventing Eclipser 1.1 from running on 20.04 but this one seems fixable, if you have time.
created time in a month