| OLD | NEW |
|---|
| (Empty) | |
| 1 #!/bin/sh |
| 2 # |
| 3 # american fuzzy lop - QEMU build script |
| 4 # -------------------------------------- |
| 5 # |
| 6 # Written by Andrew Griffiths <agriffiths@google.com> and |
| 7 # Michal Zalewski <lcamtuf@google.com> |
| 8 # |
| 9 # Copyright 2015, 2016 Google Inc. All rights reserved. |
| 10 # |
| 11 # Licensed under the Apache License, Version 2.0 (the "License"); |
| 12 # you may not use this file except in compliance with the License. |
| 13 # You may obtain a copy of the License at: |
| 14 # |
| 15 # http://www.apache.org/licenses/LICENSE-2.0 |
| 16 # |
| 17 # This script downloads, patches, and builds a version of QEMU with |
| 18 # minor tweaks to allow non-instrumented binaries to be run under |
| 19 # afl-fuzz. |
| 20 # |
| 21 # The modifications reside in patches/*. The standalone QEMU binary |
| 22 # will be written to ../afl-qemu-trace. |
| 23 # |
| 24 |
| 25 QEMU_URL="http://wiki.qemu-project.org/download/qemu-2.3.0.tar.bz2" |
| 26 QEMU_SHA384="7a0f0c900f7e2048463cc32ff3e904965ab466c8428847400a0f2dcfe458108a680
12c4fddb2a7e7c822b4fd1a49639b" |
| 27 |
| 28 echo "=================================================" |
| 29 echo "AFL binary-only instrumentation QEMU build script" |
| 30 echo "=================================================" |
| 31 echo |
| 32 |
| 33 echo "[*] Performing basic sanity checks..." |
| 34 |
| 35 if [ ! "`uname -s`" = "Linux" ]; then |
| 36 |
| 37 echo "[-] Error: QEMU instrumentation is supported only on Linux." |
| 38 exit 1 |
| 39 |
| 40 fi |
| 41 |
| 42 if [ ! -f "patches/afl-qemu-cpu-inl.h" -o ! -f "../config.h" ]; then |
| 43 |
| 44 echo "[-] Error: key files not found - wrong working directory?" |
| 45 exit 1 |
| 46 |
| 47 fi |
| 48 |
| 49 if [ ! -f "../afl-showmap" ]; then |
| 50 |
| 51 echo "[-] Error: ../afl-showmap not found - compile AFL first!" |
| 52 exit 1 |
| 53 |
| 54 fi |
| 55 |
| 56 |
| 57 for i in libtool wget python automake autoconf sha384sum bison iconv; do |
| 58 |
| 59 T=`which "$i" 2>/dev/null` |
| 60 |
| 61 if [ "$T" = "" ]; then |
| 62 |
| 63 echo "[-] Error: '$i' not found, please install first." |
| 64 exit 1 |
| 65 |
| 66 fi |
| 67 |
| 68 done |
| 69 |
| 70 if [ ! -d "/usr/include/glib-2.0/" -a ! -d "/usr/local/include/glib-2.0/" ]; the
n |
| 71 |
| 72 echo "[-] Error: devel version of 'glib2' not found, please install first." |
| 73 exit 1 |
| 74 |
| 75 fi |
| 76 |
| 77 if echo "$CC" | grep -qF /afl-; then |
| 78 |
| 79 echo "[-] Error: do not use afl-gcc or afl-clang to compile this tool." |
| 80 exit 1 |
| 81 |
| 82 fi |
| 83 |
| 84 echo "[+] All checks passed!" |
| 85 |
| 86 ARCHIVE="`basename -- "$QEMU_URL"`" |
| 87 |
| 88 CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` |
| 89 |
| 90 if [ ! "$CKSUM" = "$QEMU_SHA384" ]; then |
| 91 |
| 92 echo "[*] Downloading QEMU 2.3.0 from the web..." |
| 93 rm -f "$ARCHIVE" |
| 94 wget -O "$ARCHIVE" -- "$QEMU_URL" || exit 1 |
| 95 |
| 96 CKSUM=`sha384sum -- "$ARCHIVE" 2>/dev/null | cut -d' ' -f1` |
| 97 |
| 98 fi |
| 99 |
| 100 if [ "$CKSUM" = "$QEMU_SHA384" ]; then |
| 101 |
| 102 echo "[+] Cryptographic signature on $ARCHIVE checks out." |
| 103 |
| 104 else |
| 105 |
| 106 echo "[-] Error: signature mismatch on $ARCHIVE (perhaps download error?)." |
| 107 exit 1 |
| 108 |
| 109 fi |
| 110 |
| 111 echo "[*] Uncompressing archive (this will take a while)..." |
| 112 |
| 113 rm -rf "qemu-2.3.0" || exit 1 |
| 114 tar xf "$ARCHIVE" || exit 1 |
| 115 |
| 116 echo "[+] Unpacking successful." |
| 117 |
| 118 echo "[*] Applying patches..." |
| 119 |
| 120 patch -p0 <patches/elfload.diff || exit 1 |
| 121 patch -p0 <patches/cpu-exec.diff || exit 1 |
| 122 patch -p0 <patches/translate-all.diff || exit 1 |
| 123 patch -p0 <patches/syscall.diff || exit 1 |
| 124 |
| 125 echo "[+] Patching done." |
| 126 |
| 127 ORIG_CPU_TARGET="$CPU_TARGET" |
| 128 |
| 129 test "$CPU_TARGET" = "" && CPU_TARGET="`uname -m`" |
| 130 test "$CPU_TARGET" = "i686" && CPU_TARGET="i386" |
| 131 |
| 132 echo "[*] Configuring QEMU for $CPU_TARGET..." |
| 133 |
| 134 cd qemu-2.3.0 || exit 1 |
| 135 |
| 136 CFLAGS="-O3" ./configure --disable-system --enable-linux-user \ |
| 137 --enable-guest-base --disable-gtk --disable-sdl --disable-vnc \ |
| 138 --target-list="${CPU_TARGET}-linux-user" || exit 1 |
| 139 |
| 140 echo "[+] Configuration complete." |
| 141 |
| 142 echo "[*] Attempting to build QEMU (fingers crossed!)..." |
| 143 |
| 144 make || exit 1 |
| 145 |
| 146 echo "[+] Build process successful!" |
| 147 |
| 148 echo "[*] Copying binary..." |
| 149 |
| 150 cp -f "${CPU_TARGET}-linux-user/qemu-${CPU_TARGET}" "../../afl-qemu-trace" || ex
it 1 |
| 151 |
| 152 cd .. |
| 153 ls -l ../afl-qemu-trace || exit 1 |
| 154 |
| 155 echo "[+] Successfully created '../afl-qemu-trace'." |
| 156 |
| 157 if [ "$ORIG_CPU_TARGET" = "" ]; then |
| 158 |
| 159 echo "[*] Testing the build..." |
| 160 |
| 161 cd .. |
| 162 |
| 163 make >/dev/null || exit 1 |
| 164 |
| 165 gcc test-instr.c -o test-instr || exit 1 |
| 166 |
| 167 unset AFL_INST_RATIO |
| 168 |
| 169 echo 0 | ./afl-showmap -m none -Q -q -o .test-instr0 ./test-instr || exit 1 |
| 170 echo 1 | ./afl-showmap -m none -Q -q -o .test-instr1 ./test-instr || exit 1 |
| 171 |
| 172 rm -f test-instr |
| 173 |
| 174 cmp -s .test-instr0 .test-instr1 |
| 175 DR="$?" |
| 176 |
| 177 rm -f .test-instr0 .test-instr1 |
| 178 |
| 179 if [ "$DR" = "0" ]; then |
| 180 |
| 181 echo "[-] Error: afl-qemu-trace instrumentation doesn't seem to work!" |
| 182 exit 1 |
| 183 |
| 184 fi |
| 185 |
| 186 echo "[+] Instrumentation tests passed. " |
| 187 echo "[+] All set, you can now use the -Q mode in afl-fuzz!" |
| 188 |
| 189 else |
| 190 |
| 191 echo "[!] Note: can't test instrumentation when CPU_TARGET set." |
| 192 echo "[+] All set, you can now (hopefully) use the -Q mode in afl-fuzz!" |
| 193 |
| 194 fi |
| 195 |
| 196 exit 0 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2075883002:
Add American Fuzzy Lop (afl) to third_party/afl/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master