FFW Dictionary Support

Small feature, much work. While studying fuzzing papers, it appears that dictionary support greatly improves code coverage. It is like a bypass/alternative for symbolic execution. I decided to quickly implement it, but was surprised on how much work it took to finish. The basic premise is simple: Having a…

FFW Fenrir Update

FFW was initially conceived at sleepless night in the Luxor hotel in Las Vegas, between Blackhat and Defcon. With this the basic fundamental data structures FFW uses are a bit... shitty. I called my attempt to rewrite these data structures "Fenrir", the beast: Basically, the initial data structures…

Fuzzing rpcbind

My idea was to fuzz rpcbind, which should be easy enough. I used apt-get source rpcbind and apt-get source libtirpc. The first problem was getting libtirpc to compile, which needed the following magic command: autoreconf --install. Both packages can be compiled with clang. But the main issue was that rpcbind/…

FFW Honggmode Update: Hang recovery

FFW utilizes Honggfuzz to observe the target. Honggfuzz will identify crashes and also code coverage in the target. The communication between FFW and Honggfuzz is performed via a local unix socket: Overall the following communication protocol is implemented: Honggfuzz will start the target server. When it is ready it will…