I want a fuzzer that fuzzes, but will not break the file itself. I mean, i want to randomly fuzz the file, but i want to be able to open it and test it afterwards (i don't want corrupted file).
Take zzuf for example, when i use it to fuzz a mp3 or png file, the fuzzed file cannot be opened anymore. So i want to know how i can fuzz the contents and not break the file.
I have a gut feeling that its to do with the -b option that says which bytes to fuzz. But say i try zzuf -b 8- for png file to preserver header, it still doesn't work. Am i not using this correctly?
UPDATE
I tried doing this for mp3, wav, png, jpg and mp4 many many times, and not once is there a openable file. So the fuzzer literally 'breaks' the file?
You can find where the PNG headers and data regions are with a tool like hachoir, but that won't save you, because the problem is not here.
The problem is not only about headers, since you deal with a compressed format (PNG), the "data" region is not a dumb bitmap where bits can be changed and let the file be valid, format-wise.
Compressed data contains some kind of "instructions" that the decompresser algorithm shall process in order to reconstruct the decompressed data. In a way, a compressed data format is a kind of domain-specific binary language, that the decompresser parses and interprets.
Taking a valid program in this language (a valid PNG file with valid compressed data region) and twiddling bits at random can yield to another valid program (another valid PNG) according to this specific language, or not.
For example, the naive RLE algorithm produces a sequence of {byte content, occurrence count} bytes. Change one bit in the "occurrence count" byte, and suddenly the decompressed data has a different number of bytes than the expected number
width * height * depth, so the image should reasonably be considered as corrupted.For a positive ending, if the program refuses to open the fuzzed PNG without crashing, exhausting CPU/memory resources or formatting your hard drive, then the program just behaves correctly, which is a good thing (but remember, not finding any bug doesn't mean there aren't, it only means you didn't find them).
If you really want to fuzz the image data and nothing else, what you need is a fuzzer that works on the decompressed data. I don't know if it exists but then it needs to be fully aware of the formats you want to use it with (PNG, MP3, etc.), it can't be a generic binary fuzzer.