search

angr / phuzzer

The new phuzzing framework!
BSD 2-Clause "Simplified" License
148 stars 24 forks source link

Incomplete Documentation for install process #8

Closed SourceCodeDeleted closed 3 years ago

SourceCodeDeleted commented 3 years ago

So I am trying his tool out and I have a few questions , mainly in regards to installation and launching.

When I ran the steps in the README.MD file I had to install additional lib ( libglib2.0-dev) . Anyway I received the following and I assume that I need to install afl.

I made it furthest on ubuntu 18.04 (I have tried 19 and 20.04) and I assume the use of python 3 , but I tried both 2.7 and 3. 3 appears correct , but I wanted to be sure since this project is from when python2 was still supported.

sudo apt-get install build-essential gcc-multilib libtool automake autoconf bison debootstrap debian-archive-keyring libtool-bin
sudo apt-get build-dep qemu

pip install git+https://github.com/shellphish/shellphish-afl
pip install git+https://github.com/shellphish/driller
pip install git+https://github.com/angr/tracer

pip install git+https://github.com/angr/phuzzer

Command that I have run:

python -m phuzzer -i -c 4 -d 2 /home/user/works/qemu/angr-dev/foo

[*] Starting fuzzer...
WARNING | 2021-01-24 05:49:50,095 | phuzzer.phuzzers.afl | No seeds provided - using 'fuzz'
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/usr/local/lib/python3.6/dist-packages/phuzzer/__main__.py", line 196, in <module>
    main()
  File "/usr/local/lib/python3.6/dist-packages/phuzzer/__main__.py", line 118, in main
    fuzzer.start()
  File "/usr/local/lib/python3.6/dist-packages/phuzzer/phuzzers/afl.py", line 144, in start
    master = self._start_afl_instance() # the master fuzzer
  File "/usr/local/lib/python3.6/dist-packages/phuzzer/phuzzers/afl.py", line 434, in _start_afl_instance
    return subprocess.Popen(args, stdout=fp, stderr=fp, close_fds=True, env=my_env)
  File "/usr/lib/python3.6/subprocess.py", line 729, in __init__
    restore_signals, start_new_session)
  File "/usr/lib/python3.6/subprocess.py", line 1364, in _execute_child
    raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/afl-unix/afl-fuzz': '/usr/bin/afl-unix/afl-fuzz'

so I install AFL from here: https://github.com/google/AFL

This I installed with a simple 

make -j 4 ; sudo make install

However the appears to look for the binaries in /usr/bin/afl-unix/afl-fuzz

well, Okey, simple enough I can just symlink them right? So I created a directory in /usr/bin/afl-unix/ and reran the program python -m phuzzer -i -c 4 -d 2 /home/user/works/qemu/angr-dev/foo

It said ipython is not installed - I installed that using pip install ipython

However, when running I am left with what appears to be an Ipython prompt [1] [2] - I am not sure sure what this means , but I want to confirm , did miss anything?

root@8500c3240373:~/angr-dev# python3 -m phuzzer -i -c 4 -d 2 foo

[*] Creating fuzzer...
WARNING | 2021-01-25 09:41:56,632 | phuzzer.phuzzers | creating a dictionary of string references within target "foo"
WARNING | 2021-01-25 09:41:56,668 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2021-01-25 09:41:56,672 | angr.analyses.cfg.cfg_fast | "collect_data_references" is deprecated and will be removed soon. Please use "data_references" instead
WARNING | 2021-01-25 09:41:56,672 | angr.analyses.cfg.cfg_base | _is_region_extremely_sparse: The given region 0x4012b8-0x4012c5 is not a continuous memory region in the memory space. Only the first 13 bytes (0x4012b8-0x4012c4) are processed.
INFO    | 2021-01-25 09:41:56,852 | phuzzer.phuzzers.afl | could resume, but starting over upon request
WARNING | 2021-01-25 09:41:57,237 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
afl_dir /usr/bin/afl-unix
afl_bin=/usr/bin/afl-unix/afl-fuzz
[*] Starting fuzzer...
WARNING | 2021-01-25 09:41:58,023 | phuzzer.phuzzers.afl | No seeds provided - using 'fuzz'
[!]
[!] Launching ipython shell. Relevant variables:
[!]
[!] fuzzer
[!]
Python 3.8.5 (default, Jul 28 2020, 12:59:40) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.19.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]:

And I see in comments there is a docker image.

  1. Is that up to date?
  2. How can I use that?
  3. Or how can I continue with using this?
mahaloz commented 3 years ago

@SourceCodeDeleted Hey sorry for the issues in the install. We used to provide a Dockerfile to do this. We were talking about a more elegant solution, but we will likely add it back. I'll keep you posted and try to fix this today.

SourceCodeDeleted commented 3 years ago

Oh I didn't receive a notification for this. I am happy to hear the news.

I understand that this is more of a library too and not just an executable , am I correct? I was speaking to someone else - Yan I believe.

@mahaloz I tried out a docker install earlier, and it seemed to drop to an Iron python shell. Do you know that that this is used for?

twizmwazin commented 3 years ago

@mahaloz I tried out a docker install earlier, and it seemed to drop to an Iron python shell. Do you know that that this is used for?

What image were you testing? Are you able to test with the dockerfile provided in #9?

mahaloz commented 3 years ago

My bad, this fell through the cracks of things to do. I'll change the dockefile back to angr-dev based for simplicity for now (since I'm having failures with qemu)

SourceCodeDeleted commented 3 years ago

@mahaloz I tried out a docker install earlier, and it seemed to drop to an Iron python shell. Do you know that that this is used for?

What image were you testing? Are you able to test with the dockerfile provided in #9?

I took it from this comment - last comment. Do you need me to retest? https://github.com/angr/phuzzer/issues/4#issuecomment-659171407

I re ran it and it said this

""" Directory './phuzzer' is not installable. File 'setup.py' not found. The command '/bin/sh -c pip3 install ./phuzzer' returned a non-zero code: 1

"""

I can look in a later on to see what errors are happening exactly, but not at this moment.