SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Makefile.toml for frida fuzzer (#566)

Browse Source 
* frida makefile.toml

* makefile.toml
This commit is contained in:
Dongjia Zhang 2022-03-23 19:30:20 +09:00 committed by GitHub
parent c72f773ca0
commit acba89b92a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 110 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fuzzers/frida_libpng/Cargo.toml
View File

@ -1,9 +1,8 @@
[package] [package]
name = "frida_libpng" name = "frida_fuzzer"
version = "0.7.1" version = "0.7.1"
authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"] authors = ["Andrea Fioraldi <andreafioraldi@gmail.com>", "Dominik Maier <domenukk@gmail.com>"]
edition = "2021" edition = "2021"
build = "build.rs"
[features] [features]
default = ["std"] default = ["std"]

106
fuzzers/frida_libpng/Makefile.toml Normal file
View File

@ -0,0 +1,106 @@
# Variables
[env]
FUZZER_NAME='frida_fuzzer'
FUZZER = './target/release/${FUZZER_NAME}'
PROJECT_DIR = { script = ["pwd"] }
[tasks.unsupported]
script_runner="@shell"
script='''
echo "Cargo-make not integrated yet on this"
'''
# libpng
[tasks.libpng]
linux_alias = "libpng_unix"
mac_alias = "libpng_unix"
windows_alias = "unsupported"
[tasks.libpng_unix]
condition = { files_not_exist = ["./libpng-1.6.37"]}
script_runner="@shell"
script='''
wget https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz
tar -xvf libpng-1.6.37.tar.xz
'''
# Library
[tasks.lib]
linux_alias = "lib_unix"
mac_alias = "lib_unix"
windows_alias = "unsupported"
[tasks.lib_unix]
script_runner="@shell"
script='''
cd libpng-1.6.37 && ./configure --enable-shared=no --with-pic=yes --enable-hardware-optimizations=yes
cd "${PROJECT_DIR}"
make -C libpng-1.6.37
'''
dependencies = [ "libpng" ]
# Harness
[tasks.harness]
linux_alias = "harness_unix"
mac_alias = "harness_unix"
windows_alias = "unsupported"
[tasks.harness_unix]
script_runner="@shell"
script='''
clang++ -O3 -c -fPIC harness.cc -o harness.o
clang++ -O3 harness.o libpng-1.6.37/.libs/libpng16.a -shared -lz -o libpng-harness.so
'''
dependencies = [ "lib" ]
# Fuzzer
[tasks.fuzzer]
script_runner="@shell"
script='''
cargo build --release
cp ./target/release/${FUZZER_NAME} .
'''
# Run the fuzzer
[tasks.run]
linux_alias = "run_unix"
mac_alias = "run_unix"
windows_alias = "unsupported"
[tasks.run_unix]
script_runner = "@shell"
script='''
./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so
'''
dependencies = [ "fuzzer", "harness" ]
# Test
[tasks.test]
linux_alias = "test_unix"
mac_alias = "test_unix"
windows_alias = "unsupported"
[tasks.test_unix]
script_runner = "@shell"
script='''
rm -rf libafl_unix_shmem_server || true
timeout 10s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so &
'''
dependencies = [ "fuzzer", "harness" ]
# Clean up
[tasks.clean]
linux_alias = "clean_unix"
mac_alias = "clean_unix"
windows_alias = "unsupported"
[tasks.clean_unix]
# Disable default `clean` definition
clear = true
script_runner="@shell"
script='''
rm -f ./${FUZZER_NAME}
make -C libpng-1.6.37 clean
cargo clean
'''

8
fuzzers/frida_libpng/README.md
View File

@ -31,15 +31,13 @@ After building the libpng-harness, too, you can run `find . -name libpng-harness
`./target/release/frida_libpng ./libpng-harness.so LLVMFuzzerTestOneInput ./libpng-harness.so --cores=0 --input=./corpus` `./target/release/frida_libpng ./libpng-harness.so LLVMFuzzerTestOneInput ./libpng-harness.so --cores=0 --input=./corpus`
## Windows ## Windows
You can also fuzz libpng-1.6.37 on windows with frida mode! (still experimental, we have an issue on frida-gum.) You can also fuzz libpng-1.6.37 on windows with frida mode
### To build it with visual studio ### To build it with visual studio
1. Install clang for windows (make sure you add LLVM to the system path!) 1. Install clang for windows (make sure you add LLVM to the system path!)
[https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1](https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1) [https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1](https://github.com/llvm/llvm-project/releases/tag/llvmorg-12.0.1)
2. Run build, this will download and extract libpng-1.6.37 directory. 2. Download libpng-1.6.37[https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz] and zlib [https://zlib.net/zlib-1.2.11.tar.gz] into this directory, and rename `zlib-1.2.11` directory to `zlib`.
```
cargo build --release
```
3. Build libpng1.6.37 3. Build libpng1.6.37
- Open libpng-1.6.37/projects/vstudio/vstudio.sln - Open libpng-1.6.37/projects/vstudio/vstudio.sln
- Open Build->Configuration Manager - Open Build->Configuration Manager

184
fuzzers/frida_libpng/build.rs
View File

@ -1,184 +0,0 @@
// build.rs
use std::{
env,
fs::{rename, File},
io,
path::Path,
process::{exit, Command},
};
use which::which;
use flate2::read::GzDecoder;
use tar::Archive;
use xz::read::XzDecoder;
const LIBPNG_URL: &str =
"https://deac-fra.dl.sourceforge.net/project/libpng/libpng16/1.6.37/libpng-1.6.37.tar.xz";
const ZLIB_URL: &str = "https://zlib.net/zlib-1.2.11.tar.gz";
fn build_dep_check(tools: &[&str]) {
for tool in tools {
println!("Checking for build tool {}...", tool);
if let Ok(path) = which(tool) {
println!("Found build tool {}", path.to_str().unwrap());
} else {
println!("ERROR: missing build tool {}", tool);
exit(1);
};
}
}
fn main() {
if cfg!(windows) {
let cwd = env::current_dir().unwrap().to_string_lossy().to_string();
println!("cargo:rerun-if-changed=build.rs");
println!("cargo:rerun-if-changed=../libfuzzer_runtime/rt.c",);
println!("cargo:rerun-if-changed=harness.cc");
let libpng = format!("{}/libpng-1.6.37", &cwd);
let libpng_path = Path::new(&libpng);
let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd);
let zlib = format!("{}/zlib", &cwd);
let zlib_1_2_11 = format!("{}/zlib-1.2.11", &cwd);
let zlib_path = Path::new(&zlib);
let zlib_tar = format!("{}/zlib-1.2.11.tar.gz", &cwd);
if !libpng_path.is_dir() && !Path::new(&libpng_tar).is_file() {
println!("cargo:warning=Libpng not found, downloading...");
// Download libpng
let mut resp = reqwest::blocking::get(LIBPNG_URL).expect("Libpng download failed");
let mut out = File::create(&libpng_tar).expect("Libpng download failed");
io::copy(&mut resp, &mut out).expect("Libpng downlaod failed");
let tar_xz = File::open(&libpng_tar).expect("Libpng extraction failed");
let tar = XzDecoder::new(tar_xz);
let mut archive = Archive::new(tar);
archive.unpack(&cwd).expect("Libpng extraction failed");
}
if !zlib_path.is_dir() && !Path::new(&zlib_tar).is_file() {
println!("cargo:warning=Zlib not found, downloading...");
// Download Zlib
let mut resp = reqwest::blocking::get(ZLIB_URL).expect("Zlib download failed");
let mut out = File::create(&zlib_tar).expect("Zlib download failed");
io::copy(&mut resp, &mut out).expect("Zlib downlaod failed");
let tar_gz = File::open(&zlib_tar).expect("Zlib extraction failed");
let tar = GzDecoder::new(tar_gz);
let mut archive = Archive::new(tar);
archive.unpack(&cwd).expect("Zlib extraction failed");
rename(zlib_1_2_11, zlib).expect("Zlib extraction failed");
}
println!("cargo:warning=Now compile libpng with either visual studio or msys2");
} else {
let out_dir = env::var_os("OUT_DIR").unwrap();
let cwd = env::current_dir().unwrap().to_string_lossy().to_string();
let out_dir = out_dir.to_string_lossy().to_string();
let out_dir_path = Path::new(&out_dir);
std::fs::create_dir_all(&out_dir)
.unwrap_or_else(|_| panic!("Failed to create {}", &out_dir));
println!("cargo:rerun-if-changed=build.rs");
println!("cargo:rerun-if-changed=../libfuzzer_runtime/rt.c",);
println!("cargo:rerun-if-changed=harness.cc");
build_dep_check(&["clang", "clang++", "wget", "tar", "make"]);
let libpng = format!("{}/libpng-1.6.37", &out_dir);
let libpng_path = Path::new(&libpng);
let libpng_tar = format!("{}/libpng-1.6.37.tar.xz", &cwd);
// Enforce clang for its -fsanitize-coverage support.
let clang = match env::var("CLANG_PATH") {
Ok(path) => path,
Err(_) => "clang".to_string(),
};
let clangpp = format!("{}++", &clang);
std::env::set_var("CC", &clang);
std::env::set_var("CXX", &clangpp);
let ldflags = match env::var("LDFLAGS") {
Ok(val) => val,
Err(_) => "".to_string(),
};
// println!("cargo:warning=output path is {}", libpng);
if !libpng_path.is_dir() {
if !Path::new(&libpng_tar).is_file() {
println!("cargo:warning=Libpng not found, downloading...");
// Download libpng
Command::new("wget")
.arg("-c")
.arg(LIBPNG_URL)
.arg("-O")
.arg(&libpng_tar)
.status()
.unwrap();
}
Command::new("tar")
.current_dir(&out_dir_path)
.arg("xvf")
.arg(&libpng_tar)
.status()
.unwrap();
Command::new("./configure")
.current_dir(&libpng_path)
.args(&[
"--disable-shared",
&format!("--host={}", env::var("TARGET").unwrap())[..],
])
.env("CC", &clang)
.env("CXX", &clangpp)
.env(
"CFLAGS",
"-O3 -g -D_DEFAULT_SOURCE -fPIC -fno-omit-frame-pointer",
)
.env(
"CXXFLAGS",
"-O3 -g -D_DEFAULT_SOURCE -fPIC -fno-omit-frame-pointer",
)
.env(
"LDFLAGS",
//format!("-g -fPIE -fsanitize=address {}", ldflags),
format!("-g -fPIE {}", ldflags),
)
.status()
.unwrap();
Command::new("make")
.current_dir(&libpng_path)
.status()
.unwrap();
}
let status = cc::Build::new()
.cpp(true)
.get_compiler()
.to_command()
.current_dir(&cwd)
.arg("-I")
.arg(&libpng)
//.arg("-D")
//.arg("HAS_DUMMY_CRASH=1")
.arg("-fPIC")
.arg("-shared")
.arg("-O3")
//.arg("-fomit-frame-pointer")
.arg(if env::var("CARGO_CFG_TARGET_OS").unwrap() == "android" {
"-static-libstdc++"
} else {
""
})
.arg("-o")
.arg(format!("{}/libpng-harness.so", &out_dir))
.arg("./harness.cc")
.arg(format!("{}/.libs/libpng16.a", &libpng))
.arg("-l")
.arg("z")
.status()
.unwrap();
assert!(status.success());
}
}