32-bit ELF Binaries?

[bannsec]

I'm having trouble running fuzzer on 32-bit ELF binaries. Looking at the init code, it appears the call to setup which afl to run is:

            p = angr.Project(binary_path)

            self.os = p.loader.main_bin.os

            afl_dir               = shellphish_afl.afl_dir(self.os)

            # the path to AFL capable of calling driller
            self.afl_path         = shellphish_afl.afl_bin(self.os)

            self.afl_path_var     = shellphish_afl.afl_path_var(self.os)

            # set up libraries
            self._export_library_path(p)

Given the os variable really only says "unix", i don't see how this would select the correct distro for 32 vs 64 bit, and default on 64-bit systems will likely be 64 bit QEMU.

[Jacopo]

I'm not 100% sure on the internals of angr, but it should distinguish all the many variations and get the right afl_path (and the right qemu) from the shellphish_afl "package".

For cgc, this is the qemu "port": https://github.com/mechaphish/qemu-cgc

[bannsec]

Just loading up a 32-bit and 64-bit ELF right now, both come back as "unix" based on loader.main_bin.os.

[zardus]

My understanding of what should happen is that, when the OS is unix, the fuzzer module should check the project.arch.qemu_name and use that to build the actual qemu path. That last reference name is a guess, as I just upgraded my system and nothing currently works :-)

[bannsec]

This problem was fixed a while back. Closing.