Scepticz
commented
1 year ago Hi 3kywa1ke2,
it is the second option. The input bytes are mutated in the vanilla AFL/AFL++ way.
Best Tobi
Closed 3kywa1ke2 closed 11 months ago
Scepticz
commented
1 year ago Hi 3kywa1ke2,
it is the second option. The input bytes are mutated in the vanilla AFL/AFL++ way.
Best Tobi
3kywa1ke2
commented
12 months ago Hi Tobi,
Thank you for your reply!
So essentially, the access model has the info about how many bytes are accessed and the fuzzer will fuzz those bytes as a consecutive sequence of bytes. is this statement correct?
Thank you again for your time!
Scepticz
commented
12 months ago Hi there,
Yes, that statement is correct. You may state it that way in your paper submission if you like. ;-)
Best Tobi
Hi,
I have a question about fuzzer's mutation. My understanding is that the access model will guide the fuzzer's mutation, such that the fuzzer only mutates the input bytes specified in the access model. Or, does the fuzzer only performs random mutations on all input bytes (vanilla AFL/AFL++) and the emulator use the access model to choose which bytes in the input to consume from fuzzer generated inputs. Please let me know if this is correct and if so, can you pinpoint the related code?
Thank you in advance!