How new inputs generated by driller are passed to AFL?

[joyceqi]

Hello, I have been using driller. I look into the schedule of celery, but there is one question confusing me. When driller generates new inputs, it will pass the new input through redis publish/subscribe to AFL output directory, which is binary/sync/driller/queue. But then how can AFL read these inputs? Normally the queue directory here should be binary/sync/fuzzer-master/queue. So, I think maybe you changed the AFL source code. I have noticed that driller-afl is tailored for driller's use in analyzing cgc binaries, which really adds some operation of driller. But, I just want to use driller for unix binary, then how AFL reads inputs from driller? Thanks :)

[salls]

Afl will sync inputs from other /*/queue directories. This is how the multiproces mode works. If the inputs generated by driller are synced you should see in fuzzer-master/queue files with sync driller in the name

[joyceqi]

Thank you very much! I just know a little about AFL. Actually there is another question about celery. It seems that all arguments passed by calling task.function.delay() will be transformed as unicode, but you know the input from afl queue can be like '\xff\xde...' (contains byte that > 127), where directly pass these inputs to delay() will cause: _kombu.exceptions.EncodeError: 'utf8' codec can't decode byte 0xbe in position 0: invalid start byte How should I solve this problem?

[salls]

I don't really know here. I didn't work on the celery setup. I would expect it's not hard to encode before sending it to celery and decide in the receiving process

[joyceqi]

Thank you anyway!

[youngsmartuniverse]

Afl 将同步来自其他 /*/queue 目录的输入。这就是多进程模式的工作方式。如果由 driller 生成的输入已同步，您应该会在 fuzzer-master/queue 文件中看到名称中包含 sync driller 的文件

I want to know how it is implemented. I've been confused for a long time