-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AFL++ gets stuck in forkserver initialization #26
Comments
Hi, It's likely that your modem is not fully supported and hangs somewhere during bootup/initial emulation. To debug this issue, I would recommend to enable debug output by modifying the commandline as follows:
|
Thanks for replying. The In addition, the output when
|
The main problem is that breakpoint at |
`ShannonEMU` also requires breakpoint (https://github.com/FirmWire/FirmWire/blob/490163e6263edeebde11961d7b4a4f3690d5f4d0/firmwire/vendor/shannon/machine.py#L827), if execution is stopped, the execution will hang at breakpoint forever. This solves issue FirmWire#26.
`ShannonEMU` also requires breakpoint here. https://github.com/FirmWire/FirmWire/blob/490163e6263edeebde11961d7b4a4f3690d5f4d0/firmwire/vendor/shannon/machine.py#L827 If `qemu.protocols.execution` is stopped, the execution will hang at breakpoint forever. This solves issue FirmWire#26.
Thanks for looking into it more! Please see my comment in #28 for further discussion |
Hello! Was there ever a resolution to this issue? I'm stuck at the same point trying to fuzz a Shannon BP. When I run AFL with fuzz-triage, the issue seems to be resolved, but debugging is then of course output, which I'd assume worsens performance. |
The workaround here is to create a snapshot as fuzzing base, after initialization. The reason is that in fuzzing (non-triage) mode, firmwire can not deal with breakpoints, but these are needed during init for some of the basebands. So, the workflow is:
|
Great, thank you! How do I know what value to pass to |
it's a tuple of More about snapshots here: https://firmwire.github.io/docs/workspaces.html |
Hello, we are trying to use FirmWire for fuzzing. Based on the docker image provided, we also compile AFL++ with unicorn mode enabled as shown below.
However, running command
/AFLplusplus/afl-fuzz -i in/ -o /tmp/out -U -- ./firmwire.py --fuzz gsm_cc --fuzz-input @@ ./modem/modem.bin
according to documentation with largeAFL_FORKSRV_INIT_TMOUT
gets stuck in forkserver initialization for more than 12 hours. I would like to know how such situation can be solved.Thank you very much.
The text was updated successfully, but these errors were encountered: