I recommend that you use a throwaway virtual machine for this, because at one point afl-fuzz learned how to create files in the filesystem! that was a big surprise, waking up to a directory full of filenames like "tesppppppppppppppppppppppppppppptfile"!
First, make sure you can build circuitpython's unix port. The steps are, approximately,
- Clone circuitpython
- git submodule update --init --recursive
- make -C ports/unix -j5 deplibs
- make -C ports/unix -j5
Note that the executable is ports/unix/micropython even when you have cloned circuitpython.
Next, get afl from http://lcamtuf.coredump.cx/afl/. If you can, follow the instructions in llvm_mode/README.llvm to get afl-clang-fast. Now, clean and rebuild:
- make -C ports/unix clean
- make -C ports/unix CC=/path/to/afl-clang-fast -j5 deplibs
- make -C ports/unix CC=/path/to/afl-clang-fast -j5
Prepare the testcases directory for afl-fuzz. I used a number of tests from tests/basic:
- mkdir testcases
- cp tests/basics/*.py testcases
And start the fuzzer:
- /path/to/afl-fuzz -i testcases -o findings -- ports/unix/circuitpython
If you have any good findings, drop by the adafruit circuitpython discord and let us know about them! Even better if you fix them.
Entry first conceived on 26 March 2018, 23:51 UTC, last modified on 27 March 2018, 2:33 UTC
Website Copyright © 2004-2024 Jeff Epler