actually fuzzing inputs?

[jbachell]

Hi! I've currently been looking at your code and you don't take in any inputs.

Does your original code work for fuzzing?

I have modified the code (sort of) to work with ARM and also tried to actually fuzz inputs (adding an input directory to the command line). It doesn't seem to work. I'm not sure if this is an issue with the additions I've made, or if it's an issue with adding it to afl-unicorn. I don't fully understand the use of a loop at the end of the unicorn_loader.cpp. What did your original tests actually do?

Note: The C++ version of this compared to python is significantly faster, maybe about 8 times faster (if I can get it working)

[kirasys]

Sorry for the late reply. "unicorn_loader.cpp" is a harness file for fuzzing and "tests" folder just takes a binary for testing. I don't think you understand about afl-unicorn completely. Please check this post. (afl-unicorn: Fuzzing Arbitrary Binary Code)

ps. I've updated the project. If any problem is found, please let me know

[jbachell]

I should be sending you a pull request! I updated the harness to how I was using it, as well ARM support. "Dumb fuzzing" works, but the path finding does not work with AFL. AFL cannot distinguish unique errors with this unicorn fuzzer, but with python it can. Do you know why?

[kirasys]

Thank for your PR!! I'll reflect your code on the project soon. Anyway, can you tell me what kind of unique errors it doesn't find? Such as heap corruption or stack overflow. Do you mean the unicorn loader which was built from my project doesn't emit a crash though an edge case is given?

[jbachell]

No, I mean to tell you that the pathfinding is broken. For the python fuzzer, the program can detect where it is in the program and find ways to fully explore the program to get full coverage. I believe that I have the test I was using in my arm branch which was forked from yours. I'm not currently working on the project, but I don't mind picking it back up for a little. It shouldn't take that long to just look through my test and new loader and see what it does ... My goal was for it to be the exact same usage as the original AFL Unicorn, just in C++, including the same command line usage.