fuzzamos

sudo apt install build-essential git vim
sudo apt install pip python-lz4 libpython-dev xdot python-psutil
pip install --upgrade pip
sudo pip install setuptools mmh3

git clone https://github.com/richinseattle/kAFL
cd kAFL
bash install.sh

sudo apt install qemu-utils

fuzzamos

#!/usr/bin/env python

import os
import sys
import os.path
import site

try:
    import binaryninja
    print "Binary Ninja API Installed"

fuzzamos

// Gets a pointer to the PEB for x86, x64, ARM, ARM64, IA64, Alpha AXP, MIPS, and PowerPC.

// This relies on MS-compiler intrinsics.
// It has only been tested on x86/x64/ARMv7.

inline PEB* NtCurrentPeb() {
#ifdef _M_X64
	return (PEB*)(__readgsqword(0x60));
#elif _M_IX86
	return (PEB*)(__readfsdword(0x30));

fuzzamos

import reven

def read_symbolic(point, symbolic):
	if isinstance(symbolic, reven.SymbolicRegister):
		return point.cpu().read_register(symbolic.name)
	elif isinstance(symbolic, reven.SymbolicPhysicalMemory):
		mem = point.memory().read_physical(symbolic.address, symbolic.size)
		value = 0
		for byte in reversed(mem):
			value <<= 8

fuzzamos

The repository for the assignment is public and Github does not allow the creation of private forks for public repositories.

The correct way of creating a private frok by duplicating the repo is documented here.

For this assignment the commands are:

1. Create a bare clone of the repository. (This is temporary and will be removed so just do it wherever.)

git clone --bare git@github.com:usi-systems/easytrace.git

fuzzamos

/*
VLC harness 

sudo apt-get install libvlc-dev
gcc fuzz-harness-vlc.c -l vlc -o fuzz-harness-vlc

*/

#include <stdio.h>
#include <vlc/vlc.h>

fuzzamos

Choco Install

Install Choco

@"%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -InputFormat None -ExecutionPolicy Bypass -Command "iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))" && SET "PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin"

Install Ghidra 9.0.2

choco install ghidra

fuzzamos

#!/usr/bin/env python
# vim: tabstop=4:softtabstop=4:shiftwidth=4:expandtab:

import os
import requests
import sys

docs = {
    '68000': {
        'M68000PRM.pdf': 'https://www.nxp.com/files-static/archives/doc/ref_manual/M68000PRM.pdf',

fuzzamos

History

• http://jakob.engbloms.se/archives/1554
• “Debugging Operating Systems with Time-Traveling Virtual Machines“ 2005. Samuel King, George Dunlap, and Peter Chen, - paper - https://www.usenix.org/legacy/events/usenix05/tech/general/king.html - nice list of example bugs for which reverse debugging work much better than cyclic debugging.
• “Framework for Instruction-level Tracing and Analysis of Program Executions“, Virtual Execution Environments (VEE), 2006. Sanjay Bhansali, Wen-Ke Chen, Stuart de Jong, Andrew Edwards, Ron Murray, Milenko Drinic, Darek Mihocka, and Joe Chau,
  • iDNA paper - https://www.usenix.org/legacy/events/vee06/full_papers/p154-bhansali.pdf
• “Don’t Panic: Reverse Debugging of Kernel Drivers“. 2015. Pavel Dovgalyuk, Denis Dmitriev, and Vladimir Makarov,
  • An approach using record-replay of hardware interactions from an OS running inside a Qemu virtual amachine,
• Paper - https://dl.acm.org/citation.cfm?doid=2786805.2803179

fuzzamos

// Launch WinAFL with current function as hook location
//@author richinseattle
//@category _NEW_
//@keybinding 
//@menupath 
//@toolbar 

// Usage: 
// Install DynamoRIO and WinAFL
// Add LaunchWinAFL to Ghidra scripts