Skip to content

Project Goal: Improve AFL performance with respect to baseline.

License

Notifications You must be signed in to change notification settings

BinaryResearch/CS419-project

Repository files navigation

CS419-project: AFL

CS419 Computer Security class project. Improve AFL performance with respect to baseline.

Project Description (taken from professor's slides):

  • Improve AFL by any means
    • Seed selection, using metrics other than coverage etc.
  • Test on LAVA-M and Google test suite
  • Compare AFL with your improved version

Corpus Creation via Chosen Test Case Mutation

Corpus generation via mutation

Unfortunately, fuzzing is also relatively shallow; blind, random mutations make it very unlikely to reach certain code paths in the tested code, leaving some vulnerabilities firmly outside the reach of this technique.

There have been numerous attempts to solve this problem. One of the early approaches - pioneered by Tavis Ormandy - is corpus distillation. The method relies on coverage signals to select a subset of interesting seeds from a massive, high-quality corpus of candidate files, and then fuzz them by traditional means. The approach works exceptionally well, but requires such a corpus to be readily available. 1

Often, no such corpus is available when fuzz testing a binary. Ready-made test cases may also not be available. Using Radamsa (or any other program that can function as a mutation engine), a single well-chosen initial test case can be mutated repeatedly to create a corpus tailored specifically to the program to be fuzzed. When combined with other techniques, such as using a custom dictionary, this can result in AFL discovering a greater number of unique crashes or bugs when fuzzing the target.

  1. https://github.com/google/AFL/blob/master/README.md

Example Results

CGC Results

About

Project Goal: Improve AFL performance with respect to baseline.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published