DEVHIDE
Login Or Sign up

AFL++ Patch out of range

74 Views Asked by At

Good day, I did everything as provided here https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html

I was able to run fuzzer, but it works really slow and constantly spam errors, it would be really long log so I will provide a video for you to understand what is happening. The basic error looks like this:

Video: https://streamable.com/37ji53

Source code: https://github.com/quarkslab/android-fuzzing/tree/main/wlinked_jni

dreamlte:/data/local/tmp/harness # ./afl-fuzz-new -O -G 256 -i in -o out ./fuzz
[+] Enabled environment variable AFL_DEBUG with value 1
[+] Enabled environment variable AFL_SKIP_BIN_CHECK with value 1
[+] Enabled environment variable AFL_DEBUG with value 1
afl-fuzz++4.06c based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: afl++ >= v3 has changed defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=256
[*] Checking core_pattern...
[*] Checking CPU scaling governor...
[+] Injecting ./afl-frida-trace.so ...
[+] You have 8 CPU cores and 4 runnable tasks (utilization: 50%).
[+] Try parallel jobs - see docs/fuzzing_in_depth.md#c-using-multiple-cores
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #7.
[*] Scanning 'in'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:tt.txt'...
[*] Spinning up the fork server...
DEBUG: debug enabled
DEBUG: (1) id_str 9, __afl_area_ptr 0x73b87d74e0, __afl_area_initial 0x73b87d74e0, __afl_area_ptr_dummy 0x73b87d74e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
DEBUG: (2) id_str 9, __afl_area_ptr 0x73b8dca000, __afl_area_initial 0x73b87d74e0, __afl_area_ptr_dummy 0x73b87d74e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
DEBUG: cmplog id_str <null>
[+] All right - fork server is up.
[*] Extended forkserver functions received (c201ffff).
[*] Target map size: 65536
[D] DEBUG: calibration stage 1/7
DEBUG: debug enabled
DEBUG: (1) id_str 9, __afl_area_ptr 0x7fb671a4e0, __afl_area_initial 0x7fb671a4e0, __afl_area_ptr_dummy 0x7fb671a4e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
DEBUG: (2) id_str 9, __afl_area_ptr 0x7fb6c2b000, __afl_area_initial 0x7fb671a4e0, __afl_area_ptr_dummy 0x7fb671a4e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
DEBUG: cmplog id_str <null>
[*] Starting FRIDA config for PID: 8614
Exclude: 0x7d1a940000-0x7d1a956000 libstagefright_xmlparser.so
Exclude: 0x7d1a99e000-0x7d1a9ba000 [email protected]
Exclude: 0x7d1a9e6000-0x7d1aa27000 libstatspull.so
Exclude: 0x7d1aa44000-0x7d1aa7c000 libEGL.so
    DEBUG: debug enabled
    DEBUG: (1) id_str 9, __afl_area_ptr 0x7fb691b4e0, __afl_area_initial 0x7fb691b4e0, __afl_area_ptr_dummy 0x7fb691b4e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
    DEBUG: (2) id_str 9, __afl_area_ptr 0x7fb6c2b000, __afl_area_initial 0x7fb691b4e0, __afl_area_ptr_dummy 0x7fb691b4e0, __afl_map_addr 0x0, MAP_SIZE 65536, __afl_final_loc 0, __afl_map_size 65536, max_size_forkserver 8388608/0x800000
    [-] PROGRAM ABORT : Patch out of range 0x0000007D1F89F644->0x0000007FB6C2B000 = 0x000000029738C000
             Location : instrument_patch_ardp(), /opt/AFLplusplus-4.06c/frida_mode/src/instrument/instrument_arm64.c:278

    Exclude: 0x7d1a958000-0x7d1a95c000 libprocinfo.so
    Exclude: 0x7d1a998000-0x7d1a9bb000 [email protected]
    Exclude: 0x7d1a9d0000-0x7d1aa11000 libstatspull.so
    Exclude: 0x7d1aa52000-0x7d1aa6d000 libselinux.so
    Exclude: 0x7d1aa85000-0x7d1aaba000 [email protected]
    Exclude: 0x7d1aac2000-0x7d1af83000 libpdfium.so
    Exclude: 0x7d1afd9000-0x7d1affb000 libexpat.so
    Exclude: 0x7d1b009000-0x7d1b1be000 libicuuc.so
    Exclude: 0x7d1b1c9000-0x7d1b23b000 [email protected]
    Exclude: 0x7d1b24e000-0x7d1b278000 [email protected]
    Exclude: 0x7d1b2aa000-0x7d1b2ae000 [email protected]
    Exclude: 0x7d1b2d4000-0x7d1b2dd000 libGLESv1_CM.so
    Exclude: 0x7d1b321000-0x7d1b325000 android.hardware.common-V1-ndk_platform.so
    Exclude: 0x7d1b344000-0x7d1b357000 libnativedisplay.so
    Exclude: 0x7d1b38e000-0x7d1b3a3000 [email protected]
    Exclude: 0x7d1b3c1000-0x7d1b4b7000 libgui.so
    Exclude: 0x7d1b4dd000-0x7d1b4e0000 libmedia_jni_utils.so
android c++ jvm fuzzing
Original Q&A
0

There are 0 best solutions below

Related Questions in ANDROID

Related Questions in C++

Related Questions in JVM

Related Questions in FUZZING

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.