Skip to content

Latest commit

 

History

History
62 lines (44 loc) · 1.49 KB

README.md

File metadata and controls

62 lines (44 loc) · 1.49 KB

No-Fuzz

Usage:

Python3 codeins.py [source file.c] [Number of fake blocks] [Number of functions to wrap] [landing space length in bytes]

Change protection methods

Modify the source codes of codeins.py.

anti = Antifuzz([sys.argv[1]], instru_detect=False, daemon_process=True, funcchain=False, landingspace=False)

Timing gap detection is controlled by instru_detect, daemon_process for execution rate detection, funcchain and landingspace for the landing space (they should both be set to be True for correct anti-fuzzing defense)

Tutorial

Dummy program

Run the following command to generate the protected dummy program.

python3 codeins.py source/hello.c 100 3 100

Compile output.c to generate the protected binary.

gcc ./output.c -o nofuzz_hello
Run with AFL-QEMU

How to install AFL-QEMU: https://afl-1.readthedocs.io/en/latest/instrumenting.html#instrumenting-binary-only-apps

Create an input folder an empty seed and run with afl-qemu.

mkdir input
echo 1> input/1
afl-fuzz -Q -i input -o output -- ./nofuzz_hello

Binutils

Run download.sh to get the binutils 2.31. Get the source file of a binary, e.g., the readelf.

./download.sh
tar -xf binutils-2.31.tar.xz
cp binutils-2.31/binutils/readelf.c ./

Add anti-fuzzing protection.

python3 codeins.py readelf.c 100 10 100

Replace the source file with the protected version.

mv ./output.c binutils-2.31/binutils/readelf.c

Compile binutils and get the protected readelf.