There has been a long time since the release of ptfuzzer, and the work principle is still unclear. Seems close to "Harnessing Intel Processor Trace for Vulnerability Discovery" (2016), instead that integrate itself into AFL, if I grasped the README. I've got two questions:
Did it avoid all modifications to the binary as well as the OS, just run and fuzz the raw binary at run time reside in the original OS?
If say, we had the source code of the binary, could the coverage info it collected for blackbox fuzzing compete with the code coverage collected from the source code itself for a whitebox fuzzing?
PTfuzzer aims to fuzz binaries without source code. Of course you can get much higher code coverage in white-box since you can use a wide varity of program analysis technologies such as control flow or data flow analysis.
Interesting project!
There has been a long time since the release of ptfuzzer, and the work principle is still unclear. Seems close to "Harnessing Intel Processor Trace for Vulnerability Discovery" (2016), instead that integrate itself into AFL, if I grasped the README. I've got two questions:
Did it avoid all modifications to the binary as well as the OS, just run and fuzz the raw binary at run time reside in the original OS?
If say, we had the source code of the binary, could the coverage info it collected for blackbox fuzzing compete with the code coverage collected from the source code itself for a whitebox fuzzing?