search

boschresearch / gdbfuzz

Fuzzing Embedded Systems using Hardware Breakpoints
GNU Affero General Public License v3.0
174 stars 15 forks source link

How to switch to other fuzzers? #2

Open Lawliar opened 1 year ago

Lawliar commented 1 year ago

Hi guys,

Nice work, one quick question, I noticed that in the source code, you used libFuzz as the input generation, can we switch to other fuzzers (e.g., AFL++) and use it for on-device fuzzing too?

Best! Lawliar

JWH-96 commented 1 year ago

Hello dear author, I encountered the following error while following the instructions. What should I do to resolve it?

2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR The AutoImporter could not successfully load /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf with the provided import parameters. Please ensure that any specified processor/cspec arguments are compatible with the loader that is used during import and try again. (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR REPORT: Import failed for file: /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,757 [INFO Ghidra.py:188 start_ghidra_instance()] Ghidra process bridge server has not started yet. Trying again in 3 seconds. Traceback (most recent call last): File "./src/GDBFuzz/main.py", line 179, in raise SystemExit(main()) File "./src/GDBFuzz/main.py", line 173, in main GDBFuzzer(config, args.config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 55, in init self.before_fuzzing(config, config_file_path) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 84, in before_fuzzing self.init_components(config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 113, in init_components self.ghidra = Ghidra( File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 67, in init self.start_ghidra_instance(binary_file, path_to_ghidra, output_directory, ghidra_port) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 179, in start_ghidra_instance raise Exception(f'Ghidra process has unexpectedly ' Exception: Ghidra process has unexpectedly terminated with exit_code=0 stdout=b''

maxeisele commented 1 year ago

Hi guys,

Nice work, one quick question, I noticed that in the source code, you used libFuzz as the input generation, can we switch to other fuzzers (e.g., AFL++) and use it for on-device fuzzing too?

Best! Lawliar

Hi Lawliar,

in principle swiching the fuzzer can be done by changing the call here. For "on-device-fuzzing" you would need to have a working Python interpreter on your embedded device. If so, it should work.

maxeisele commented 1 year ago

Hello dear author, I encountered the following error while following the instructions. What should I do to resolve it?

2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR The AutoImporter could not successfully load /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf with the provided import parameters. Please ensure that any specified processor/cspec arguments are compatible with the loader that is used during import and try again. (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR REPORT: Import failed for file: /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,757 [INFO Ghidra.py:188 start_ghidra_instance()] Ghidra process bridge server has not started yet. Trying again in 3 seconds. Traceback (most recent call last): File "./src/GDBFuzz/main.py", line 179, in raise SystemExit(main()) File "./src/GDBFuzz/main.py", line 173, in main GDBFuzzer(config, args.config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 55, in init self.before_fuzzing(config, config_file_path) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 84, in before_fuzzing self.init_components(config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 113, in init_components self.ghidra = Ghidra( File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 67, in init self.start_ghidra_instance(binary_file, path_to_ghidra, output_directory, ghidra_port) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 179, in start_ghidra_instance raise Exception(f'Ghidra process has unexpectedly ' Exception: Ghidra process has unexpectedly terminated with exit_code=0 stdout=b''

Seems like Ghidra cannot open the firmware file. Have you tried opening Ghidra in GUI mode and analysing the firmware there?

SethGen commented 5 months ago

Hello dear author, I encountered the following error while following the instructions. What should I do to resolve it?

2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR The AutoImporter could not successfully load /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf with the provided import parameters. Please ensure that any specified processor/cspec arguments are compatible with the loader that is used during import and try again. (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,578 [INFO Ghidra.py:183 start_ghidra_instance()] Ghidra process output:b'ERROR REPORT: Import failed for file: /home/ubuntu/Desktop/gdbfuzz-main/./example_firmware/esp32_buggy/firmware.elf (HeadlessAnalyzer) \n' 2023-10-24 00:08:25,757 [INFO Ghidra.py:188 start_ghidra_instance()] Ghidra process bridge server has not started yet. Trying again in 3 seconds. Traceback (most recent call last): File "./src/GDBFuzz/main.py", line 179, in raise SystemExit(main()) File "./src/GDBFuzz/main.py", line 173, in main GDBFuzzer(config, args.config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 55, in init self.before_fuzzing(config, config_file_path) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 84, in before_fuzzing self.init_components(config) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/GDBFuzzer.py", line 113, in init_components self.ghidra = Ghidra( File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 67, in init self.start_ghidra_instance(binary_file, path_to_ghidra, output_directory, ghidra_port) File "/home/ubuntu/Desktop/gdbfuzz-main/src/GDBFuzz/ghidra/Ghidra.py", line 179, in start_ghidra_instance raise Exception(f'Ghidra process has unexpectedly ' Exception: Ghidra process has unexpectedly terminated with exit_code=0 stdout=b''

Likely not going to be useful to you due to the age of your post, but a possible cause of this issue is having a Ghidra bridge instance already running(similar to "Port already in use" errors). To fix this issue, you can terminate all Ghidra bridges.

cd ~/gdbfuzz/.venv/lib/python3.10/site-packages/ghidra_bridge/server
python ghidra_bridge_server_shutdown.py
cd ~/gdbfuzz

This fixed the issue for me. You will know that this is your problem if the Ghidra bridge connects once on startup, but fails every subsequent attempt. This occurs because your previous Fuzz run exited improperly, which leaves a hanging Ghidra bridge that can't easily be reconnected to. The simplest solution is to shutdown the bridge and try fuzzing again.