Skip to content

Commit

Permalink
Merge branch 'release-0.26'
Browse files Browse the repository at this point in the history
  • Loading branch information
@k0retux
k0retux committed Apr 6, 2017
2 parents ac491ea + 0ef203a commit ed17a0b
Show file tree
Hide file tree
Showing 77 changed files with 13,937 additions and 10,504 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Expand Up @@ -2,3 +2,4 @@
*.pyc
*~
.idea
.DS_Store
2 changes: 0 additions & 2 deletions TODO
View file
@@ -1,8 +1,6 @@
[NEW FEATURES]

- Add support for automatic creation of Generators that play around scenarios
- Add GDB/PIN/QEMU probes/managers
- Add support for evolutionary fuzzing
- Add FmkDB visualization tools
- Add support for automatic adaptation of fuzz test cases depending on
specific Target meta-data (HW architecture, programming language, ...)
Expand Down
68 changes: 29 additions & 39 deletions data_models/example.py
View file
Expand Up @@ -24,17 +24,12 @@
################################################################################

import sys
import copy
import re
import functools

sys.path.append('.')

from framework.data_model import *
from framework.data_model_helpers import *
from framework.value_types import *

from framework.fuzzing_primitives import *
from framework.basic_primitives import *

class Example_DataModel(DataModel):
Expand Down Expand Up @@ -65,9 +60,10 @@ def build_data_model(self):
ku.set_values(value_type=String(values=tux_subparts_4, codec='utf8'), conf='ALT')

idx = Node('IDX')
idx.set_values(value_type=SINT16_be(mini=4,maxi=40))
idx.set_values(value_type=SINT16_be(min=4,max=40))

tx.set_subnodes_basic([tx_h, idx, ku_h, ku, kv_h, kv])
tx_cpy = tx.get_clone('TX_cpy')

tc = Node('TC')
tc_h = Node('h', values=['/TC'])
Expand All @@ -86,6 +82,8 @@ def build_data_model(self):

tc.add_conf('ALT')
tc.set_subnodes_basic([mark3, tc_h, ku2, kv_h2], conf='ALT')
tc_cpy1= tc.get_clone('TC_cpy1')
tc_cpy2= tc.get_clone('TC_cpy2')

mark = Node('MARK', values=[' [#] '])

Expand All @@ -95,19 +93,20 @@ def build_data_model(self):

# set 'mutable' attribute to False
tux_h.clear_attr(NodeInternals.Mutable)
tux_h_cpy = tux_h.get_clone('h_cpy')

tux.set_subnodes_with_csts([
100, ['u>', [tux_h, 1], [idx2, 1], [mark, 1],
'u=+(1,2)', [tc, 2], [tx, 1, 2],
'u>', [mark, 1], [tx, 1], [tc, 1],
'u=+(1,2)', [tc_cpy2, 2], [tx_cpy, 1, 2],
'u>', [mark, 1], [tx, 1], [tc_cpy1, 1],
'u=..', [tux_h, 1], [idx2, 1]],

1, ['u>', [mark, 1],
's=..', [tux_h, 1, 3], [tc, 3],
's=..', [tux_h_cpy, 1, 3], [tc, 3],
'u>', [mark, 1], [tx, 1], [idx2, 1]],

15, ['u>', [mark, 1],
'u=.', [tux_h, 1, 3], [tc, 3],
'u=.', [tux_h_cpy, 1, 3], [tc, 3],
'u=.', [mark, 1], [tx, 1], [idx2, 1]]
])

Expand Down Expand Up @@ -150,7 +149,7 @@ def build_data_model(self):
evt1.set_fuzz_weight(10)

evt2 = Node('EVT2')
evt2.set_values(value_type=UINT16_le(mini=50, maxi=2**16-1))
evt2.set_values(value_type=UINT16_le(min=50, max=2**16-1))
# evt2.set_values(value_type=UINT16_le())
evt2.set_fuzz_weight(9)

Expand Down Expand Up @@ -212,28 +211,11 @@ def build_data_model(self):

typed_node = Node('TVE', subnodes=[prefix, sub1, sep, sub2, suffix])


e_pre1 = Node('pre1', value_type=UINT32_le(determinist=False))
e_pre2 = Node('pre2', values=[' [1] ', ' [2] ', ' [3] ', ' [4] '])
e_post = Node('post', values=[' [A]', ' [B]', ' [C]', ' [D]'])

e_jpg = self.get_external_node(dm_name='jpg', data_id='jpg')

e_mid = Node('mid', subnodes=[e_pre2, e_jpg, e_post])

e_blend = Node('BLEND')
e_blend.set_subnodes_basic([e_pre1, e_mid])

# Simple

tval1_bottom = Node('TV1_bottom')
vt = UINT16_be(values=[1,2,3,4,5,6])

# vt = BitField(subfield_sizes=[4,4,4],
# subfield_values=[[4,2,1], None, [10,12,13]],
# subfield_val_extremums=[None, [14, 15], None],
# padding=0, lsb_padding=False, endian=VT.BigEndian)

tval1_bottom.set_values(value_type=vt)
tval1_bottom.make_determinist()

Expand All @@ -245,6 +227,7 @@ def build_data_model(self):
tval2_bottom.set_values(value_type=vt)

alt_tag = Node('AltTag', values=[' |AltTag| ', ' +AltTag+ '])
alt_tag_cpy = alt_tag.get_clone('AltTag_cpy')

bottom = Node('Bottom_NT')
bottom.set_subnodes_with_csts([
Expand All @@ -258,15 +241,17 @@ def build_data_model(self):
val1_bottom2.set_values(['=2ALT2_BOTTOM_2=', '**2ALT2_BOTTOM_2**', '~~2ALT2_BOTTOM_2~~'], conf='ALT_2')
val1_bottom2.set_fuzz_weight(2)

val1_bottom2_cpy = val1_bottom2.get_clone('V1_bottom2_cpy')

bottom2 = Node('Bottom_2_NT')
bottom2.set_subnodes_with_csts([
5, ['u>', [sep_bottom, 1], [val1_bottom2, 1]],
1, ['u>', [sep_bottom_alt, 1], [val1_bottom2, 2], [sep_bottom_alt, 1]]
1, ['u>', [sep_bottom_alt, 1], [val1_bottom2_cpy, 2], [sep_bottom_alt, 1]]
])
bottom2.add_conf('ALT')
bottom2.set_subnodes_with_csts([
5, ['u>', [alt_tag, 1], [val1_bottom2, 1], [alt_tag, 1]],
1, ['u>', [alt_tag, 2], [val1_bottom2, 2], [alt_tag, 2]]
1, ['u>', [alt_tag_cpy, 2], [val1_bottom2_cpy, 2], [alt_tag_cpy, 2]]
], conf='ALT')

tval2_bottom3 = Node('TV2_bottom3')
Expand All @@ -281,11 +266,14 @@ def build_data_model(self):
sep_middle = Node('sep_middle', values=[' :: '])
alt_tag2 = Node('AltTag-Mid', values=[' ||AltTag-Mid|| ', ' ++AltTag-Mid++ '])

val1_middle_cpy1 = val1_middle.get_clone('V1_middle_cpy1')
val1_middle_cpy2 = val1_middle.get_clone('V1_middle_cpy2')

middle = Node('Middle_NT')
middle.set_subnodes_with_csts([
5, ['u>', [val1_middle, 1], [sep_middle, 1], [bottom, 1]],
3, ['u>', [val1_middle, 2], [sep_middle, 1], [bottom2, 1]],
1, ['u>', [val1_middle, 3], [sep_middle, 1], [bottom3, 1]]
3, ['u>', [val1_middle_cpy1, 2], [sep_middle, 1], [bottom2, 1]],
1, ['u>', [val1_middle_cpy2, 3], [sep_middle, 1], [bottom3, 1]]
])
middle.add_conf('ALT')
middle.set_subnodes_with_csts([
Expand Down Expand Up @@ -319,21 +307,23 @@ def build_data_model(self):
sep2 = Node('sep2', values=[' -|#|- '])

e_val1 = Node('V1', values=['A', 'B', 'C'])
e_val1_cpy = e_val1.get_clone('V1_cpy')
e_typedval1 = Node('TV1', value_type=UINT16_be(values=[1,2,3,4,5,6]))
e_val2 = Node('V2', values=['X', 'Y', 'Z'])
e_val3 = Node('V3', values=['<', '>'])

e_val_random = Node('Rnd', values=['RANDOM'])
e_val_random2 = Node('Rnd2', values=['RANDOM'])

e_nonterm = Node('NonTerm')
e_nonterm.set_subnodes_with_csts([
100, ['u>', [e_val1, 1, 6], [sep, 1], [e_typedval1, 1, 6],
[sep2, 1],
'u=+(2,3,3)', [e_val1, 1], [e_val2, 1, 3], [e_val3, 1],
'u=+(2,3,3)', [e_val1_cpy, 1], [e_val2, 1, 3], [e_val3, 1],
'u>', [sep2, 1],
'u=..', [e_val1, 1, 6], [sep, 1], [e_typedval1, 1, 6]],
50, ['u>', [e_val_random, 0, 1], [sep, 1], [nt, 1]],
90, ['u>', [e_val_random, 3]]
90, ['u>', [e_val_random2, 3]]
])


Expand Down Expand Up @@ -387,7 +377,7 @@ def build_data_model(self):
{'conf': 'alt1',
'contents': SINT8(values=[1,4,8])},
{'conf': 'alt2',
'contents': UINT16_be(mini=0xeeee, maxi=0xff56),
'contents': UINT16_be(min=0xeeee, max=0xff56),
'determinist': True}]}
]},

Expand All @@ -403,11 +393,11 @@ def build_data_model(self):
]}
]}

mh = ModelHelper(dm=self)
test_node = mh.create_graph_from_desc(test_node_desc)
mb = NodeBuilder(dm=self)
test_node = mb.create_graph_from_desc(test_node_desc)

self.register_nodes(node_ex1, tux, typed_node, e_blend, e_nonterm, e_simple,
val1_middle, middle, e_jpg, test_node)
self.register(node_ex1, tux, typed_node, e_nonterm, e_simple,
val1_middle, middle, test_node)



Expand Down
17 changes: 9 additions & 8 deletions data_models/example_strategy.py
View file
Expand Up @@ -28,7 +28,7 @@

from framework.plumbing import *

from framework.data_model import *
from framework.node import *
from framework.tactics_helpers import *
from framework.fuzzing_primitives import *
from framework.basic_primitives import *
Expand All @@ -39,7 +39,7 @@
class example_02(Generator):

def setup(self, dm, user_input):
self.tux = dm.get_data('TUX')
self.tux = dm.get_atom('TUX')
self.tux_h = self.tux.get_node_by_path('TUX/h$')
self.tx = self.tux.get_node_by_path('TUX/TX$')
self.tc = self.tux.get_node_by_path('TUX/TC$')
Expand All @@ -57,7 +57,7 @@ def setup(self, dm, user_input):

def generate_data(self, dm, monitor, target):
exported_node = Node(self.tux.name, base_node=self.tux)
dm.set_new_env(exported_node)
dm.update_atom(exported_node)
return Data(exported_node)


Expand All @@ -66,25 +66,26 @@ def generate_data(self, dm, monitor, target):
class g_typed_value_example_01(Generator):

def generate_data(self, dm, monitor, target):
return Data(dm.get_data('TVE'))
return Data(dm.get_atom('TVE'))


@generator(tactics, gtype="TVE_w", weight=10)
class g_typed_value_example_02(Generator):

def generate_data(self, dm, monitor, target):
return Data(dm.get_data('TVE'))
return Data(dm.get_atom('TVE'))


@disruptor(tactics, dtype="TVE/basic", weight=4)
class t_fuzz_tve_01(Disruptor):

def disrupt_data(self, dm, target, prev_data):

val = b"NEW_" + rand_string(mini=5, maxi=10, str_set='XYZRVW').encode('latin-1')
val = b"NEW_" + rand_string(min=5, max=10, str_set='XYZRVW').encode('latin-1')

if prev_data.node:
prev_data.node.get_node_by_path('TVE.*EVT1$').set_frozen_value(val)
prev_content = prev_data.content
if isinstance(prev_content, Node):
prev_content.get_node_by_path('TVE.*EVT1$').set_frozen_value(val)

else:
print('DONT_PROCESS_THIS_KIND_OF_DATA')
Expand Down
28 changes: 14 additions & 14 deletions data_models/file_formats/jpg.py
View file
Expand Up @@ -22,9 +22,9 @@
################################################################################

from framework.data_model import *
from framework.data_model_helpers import *
from framework.value_types import *
from framework.global_resources import *
from framework.node_builder import NodeBuilder
from framework.value_types import *

markers = {
'SOF': {0: 0xFFC0,
Expand Down Expand Up @@ -86,7 +86,7 @@ def build_data_model(self):
{'name': 'F_marker',
'contents': UINT16_be(values=[m for m in markers['SOF'].values()])},
{'name': 'Lf',
'contents': MH.LEN(vt=UINT16_be, base_len=8),
'contents': LEN(vt=UINT16_be, base_len=8),
'node_args': 'F_CompGroup',
'alt': [
{'conf': 'ABS',
Expand All @@ -95,26 +95,26 @@ def build_data_model(self):
{'name': 'P',
'contents': UINT8(values=[8,12])},
{'name': 'Y',
'contents': UINT16_be(maxi=65535),
'contents': UINT16_be(max=65535),
'specific_fuzzy_vals': [65500]},
{'name': 'X',
'contents': UINT16_be(mini=1, maxi=65535)},
'contents': UINT16_be(min=1, max=65535)},
{'name': 'Nf',
'contents': UINT8(mini=1, maxi=255)},
'contents': UINT8(min=1, max=255)},
{'name': 'F_CompGroup',
'custo_clear': MH.Custo.NTerm.MutableClone,
'contents': [
{'name': 'F_Comp',
'qty_from': 'Nf',
'contents': [
{'name': 'Cf',
'contents': UINT8(mini=0, maxi=255)},
'contents': UINT8(min=0, max=255)},
{'name': 'H&V',
'contents': BitField(subfield_sizes=[4,4], endian=VT.BigEndian,
subfield_val_extremums=[[1,4], [1,4]],
subfield_descs=['H sampling', 'V sampling'])},
{'name': 'Tq',
'contents': UINT8(mini=0, maxi=3)},
'contents': UINT8(min=0, max=3)},
]}
]},
]},
Expand All @@ -131,14 +131,14 @@ def build_data_model(self):
{'name': 'S_marker',
'contents': UINT16_be(values=[markers['SOS']])},
{'name': 'Ls',
'contents': MH.LEN(vt=UINT16_be, base_len=6),
'contents': LEN(vt=UINT16_be, base_len=6),
'node_args': 'S_CompGroup',
'alt': [
{'conf': 'ABS',
'contents': UINT16_be()}
]},
{'name': 'Ns',
'contents': UINT8(mini=1, maxi=4)},
'contents': UINT8(min=1, max=4)},
{'name': 'S_CompGroup',
'custo_clear': MH.Custo.NTerm.MutableClone,
'contents': [
Expand All @@ -154,9 +154,9 @@ def build_data_model(self):
]}
]},
{'name': 'Ss',
'contents': UINT8(mini=0, maxi=63)},
'contents': UINT8(min=0, max=63)},
{'name': 'Se',
'contents': UINT8(mini=0, maxi=63)},
'contents': UINT8(min=0, max=63)},
{'name': 'Ah&Al',
'contents': BitField(subfield_sizes=[4, 4], endian=VT.BigEndian,
subfield_val_extremums=[[0, 13], [0, 13]],
Expand All @@ -169,8 +169,8 @@ def build_data_model(self):
'absorb_csts': AbsNoCsts()}
]}

mh = ModelHelper(delayed_jobs=True)
self.jpg = mh.create_graph_from_desc(jpg_desc)
mb = NodeBuilder(delayed_jobs=True)
self.jpg = mb.create_graph_from_desc(jpg_desc)

self.jpg_dict = self.import_file_contents(extension='jpg')
self.register(self.jpg, *self.jpg_dict.values())
Expand Down

0 comments on commit ed17a0b

Please sign in to comment.