search

fuzzware-fuzzer / fuzzware

Fuzzware's main repository. Start here to install.
Apache License 2.0
302 stars 51 forks source link

Emulate #30

Closed zhangpwxwk closed 11 months ago

zhangpwxwk commented 11 months ago

Hello: I would like to ask several simple questions. When I want to emulate my own firmware, I need to prepare xxx.bin config.yml and valid_basic_blocks.txt . 1.Is xxx.elf needed?

  1. How to generate config.yml and valid_basic_blocks.txt files, especially when the source code is not avaliable. Do you any good methods and suggestions?

Thank

Scepticz commented 11 months ago
  1. The ELF file is not needed. Only the .bin file. However, an ELF makes it easier to understand the execution of course, as it is easier to reverse engineer and as you may have access to symbols.
  2. config.yml can be generated via fuzzware genconfig or manually. If you generate it manually, you will need to know where the flash is based and which memory regions are mapped. Note that if you use fuzzware genconfig you should still look at the output and sanity check it, as a correct config is not always guaranteed.
  3. valid_basic_blocks.txt is not really required. It is important mostly for coverage comparisons between different fuzzers, which is especially important in the academic context.

Best Tobi

zhangpwxwk commented 11 months ago

Hello Tobi: When I emulate my firmware, some errors occor.

The errors :

should I change the limit of fuzz_consumption_timeout ?
Do you have any good Ideas?

At 2023-09-03 18:20:34, "Tobias Scharnowski" @.***> wrote:

The ELF file is not needed. Only the .bin file. However, an ELF makes it easier to understand the execution of course, as it is easier to reverse engineer and as you may have access to symbols. config.yml can be generated via fuzzware genconfig or manually. If you generate it manually, you will need to know where the flash is based and which memory regions are mapped. Note that if you use fuzzware genconfig you should still look at the output and sanity check it, as a correct config is not always guaranteed. valid_basic_blocks.txt is not really required. It is important mostly for coverage comparisons between different fuzzers, which is especially important in the academic context.

Best Tobi

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>