Steffen Schulz
Steffen Schulz
Try using ansible-lint. Some minor items fixed already, please review + decide if useful :-)
Still a few issues with current deploy playbook. It works fine for normal fresh install but can be buggy when doing partial flows or upgrading existing install: - missing the...
ansible git repos are currently force-cloned as part of default playbook. local changes will be reset when running make or make deploy at the toplevel. at the same time, there...
We should probably also replace the Ghidra install script with an ansible task: https://github.com/IntelLabs/kafl.fuzzer/blob/master/scripts/ghidra_install.sh I guess it can be installed to kafl/ folder to keep everything packaged properly. We can...
kafl_gui.py should warn on stalled/slow execution, non-determinism in the target ('funky' stats counter), empty/overfull bitmap etc. In general there are several incorrect/mocked UI elements can could be filled with life.
Document the flow for obtaining traces of one or more files and visualizing them in Ghidra: - install ghidra and add ghidra_cov_analysis.py to scripts dir - kafl_fuzz.py to create a...
Redqueen frontend in kAFL-Fuzzer/fuzzer/techniques/redqueen was conservatively ported to Python3 but has not been validated/tested beyond checking that LAVA-M bugs still seem to be catched. The -fix-hashes feature is certainly broken...
> @il-steffen does kafl_cov.py requires the ip parameters anymore ? Unfortunately yes. They are needed for the ptdump tool that is called by kafl_cov.py. We should add a feature to...
When fuzzing with -trace and --radamsa, qemu.py does not currently cleanup the corresponding temp files from the workdir. - radamsa.py should be a class with workdir init/free functions - state_logic.py...
When running Q35 setup with >3.2GB ram, the hypercall GET_PAYLOAD() will error out with ``` qemu-system-x86_64: /home/user/kAFL/kafl/qemu/nyx/snapshot/memory/block_list.c:52: snapshot_page_blocklist_add: Assertion `phys_addr < self->phys_area_size' failed. ``` The assert is here: https://github.com/nyx-fuzz/QEMU-Nyx/blob/8a88edc2a1b06cd7b8b0d7954061cbebe9e01f65/nyx/memory_access.h#L33 Reason...