fuzzing is automated testing of programs to gen crashes and stuff
the state of modern day fuzzing assumes a couple things
- running linucks
- u have source
- u can build
- u can swap out compiler to build
- afl is not holding you at gunpoint
gamozo is going blind, not exactly sure of his plan for fuzz week
fuzzing something binutils related, objdump works
debug symbols not working, cringe
debug not showing, but we have symbols, very cool
we need to first make a harness which loads/runs the program & checks to see if crashes happen to report on them. for now, we are gonna ignore crashes for now.
we also need a corpus which holds our examples to test with. corpuses are corrupted and mutated to get crashes. gamozo uses his binaries from /usr/bin to test on. this will seed the fuzzer.
gamozo reccomends to start with threading instead of adding later on, cuz reformatting a code base to work with threads is tuff compared to starting with threading
Using subprocess.Popen to wait & check status code. Return codes are negative for crashes!
objdump is stand alone enough that we can run it multi threaded, but sometimes that's not possible. In that case, we'd need to emulate multiple machines at a time or test in blocks.
gamozo mutates just a few random bytes from the corpus and gets crashes. absolute mad lad