• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2
3. ./test-pre.sh
4
5$ECHO "$BLUE[*] Testing: frida_mode"
6test -z "$AFL_CC" && {
7  if type gcc >/dev/null; then
8    export AFL_CC=gcc
9  else
10    if type clang >/dev/null; then
11      export AFL_CC=clang
12    fi
13  fi
14}
15
16test -e ../afl-frida-trace.so && {
17  cc -no-pie -o test-instr ../test-instr.c
18  cc -o test-compcov test-compcov.c
19  test -e test-instr -a -e test-compcov && {
20    {
21      mkdir -p in
22      echo 00000 > in/in
23      $ECHO "$GREY[*] running afl-fuzz for frida_mode, this will take approx 10 seconds"
24      {
25        AFL_DEBUG=1 AFL_FRIDA_VERBOSE=1 ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr >>errors 2>&1
26      } >>errors 2>&1
27      test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && {
28        $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode"
29        RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'`
30      } || {
31        echo CUT------------------------------------------------------------------CUT
32        cat errors
33        echo CUT------------------------------------------------------------------CUT
34        $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode"
35        CODE=1
36      }
37      rm -f errors
38
39      test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && {
40        $ECHO "$GREY[*] running afl-fuzz for frida_mode cmplog, this will take approx 10 seconds"
41        {
42          ../afl-fuzz -m none -V10 -O -c 0 -i in -o out -- ./test-compcov >>errors 2>&1
43        } >>errors 2>&1
44        test -n "$( ls out/default/queue/id:000003* 2>/dev/null )" && {
45          $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode cmplog"
46        } || {
47          echo CUT------------------------------------------------------------------CUT
48          cat errors
49          echo CUT------------------------------------------------------------------CUT
50          $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode cmplog"
51          CODE=1
52        }
53        rm -f errors
54      } || {
55       $ECHO "$YELLOW[-] not an intel or arm platform, cannot test frida_mode cmplog"
56      }
57
58      test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && {
59        $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds"
60        {
61          #if file test-instr | grep -q "32-bit"; then
62          #else
63          #fi
64          export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep -Ei "T _main|T main" | awk '{print $1}'`
65          $ECHO "Info: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')"
66          env|grep AFL_|sort
67          file test-instr
68          export AFL_DEBUG_CHILD=1
69          export AFL_FRIDA_VERBOSE=1
70          ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr
71          nm test-instr | grep -i "main"
72          unset AFL_FRIDA_PERSISTENT_ADDR
73        } >>errors 2>&1
74        test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && {
75          $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent frida_mode"
76          RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'`
77          test -n "$RUNTIME" -a -n "$RUNTIMEP" && {
78            DIFF=`expr $RUNTIMEP / $RUNTIME`
79            test "$DIFF" -gt 1 && { # must be at least twice as fast
80              $ECHO "$GREEN[+] persistent frida_mode was noticeable faster than standard frida_mode"
81            } || {
82              $ECHO "$YELLOW[-] persistent frida_mode was not noticeable faster than standard frida_mode"
83            }
84          } || {
85            $ECHO "$YELLOW[-] we got no data on executions performed? weird!"
86          }
87        } || {
88          echo CUT------------------------------------------------------------------CUT
89          cat errors
90          echo CUT------------------------------------------------------------------CUT
91          $ECHO "$RED[!] afl-fuzz is not working correctly with persistent frida_mode"
92          CODE=1
93        }
94        rm -rf in out errors
95      } || {
96       $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent frida_mode"
97      }
98
99    }
100  } || {
101    $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??"
102    CODE=1
103  }
104
105  rm -f test-instr test-compcov
106} || {
107  $ECHO "$YELLOW[-] frida_mode is not compiled, cannot test"
108  INCOMPLETE=1
109}
110
111. ./test-post.sh
112