search

ttdennis / fpicker

fpicker is a Frida-based fuzzing suite supporting various modes (including AFL++ in-process fuzzing)
MIT License
258 stars 25 forks source link

javascript issues #18

Open DirectorX opened 2 years ago

DirectorX commented 2 years ago 
 ✘ u@MBP ~/Code/fpicker <main ±> $ ./fpicker --fuzzer-mode active -e attach -p test -o examples/test/out/ -i examples/test/in/ -f examples/test/test-fuzzer.js
       __       _      _
      / _|     (_)    | |
     | |_ _ __  _  ___| | _____ _ __
     |  _| '_ \| |/ __| |/ / _ \ '__|
     | | | |_) | | (__|   <  __/ |
     |_| | .__/|_|\___|_|\_\___|_|
         | |
         |_|        Frida-Based Fuzzing Suite
- - - - - - - - - - - - - - - - - - - - - - -

Running fpicker using the following configuration:
- fuzzer-mode:          FUZZER_MODE_STANDALONE_ACTIVE
- coverage_mode:        COVERAGE_MODE_STALKER_SUMMARY
- standalone_mutator:       STANDALONE_MUTATOR_NULL
- communication_mode:       COMMUNICATION_MODE_SEND
- input_mode:           INPUT_MODE_IN_PROCESS
- exec_mode:            EXEC_MODE_ATTACH
- device_type:          DEVICE_LOCAL
- process_name:         test
- command:          (null)
- fuzzer_timeout:       500
- fuzzer_sleep:         100
- verbose:          false
- agent_script:         examples/test/test-fuzzer.js
- corpus_dir:           examples/test/in/
- out_dir:          examples/test/out/
- metrics: enabled

[*] Found 2 Frida devices.
[*] Found desired Frida device: Local System(0)
[*] Trying to attach to process test
[*] Found process test with PID 33317
[*] Attached to process test on frida device Local System
[!] Unable to create agent script: Script(line 1): SyntaxError: expecting '('
[!] Error injecting Frida agent script

The code seems to be a bit old and there are issues with the javascript engine

also in order to be able to execute that script I added 

import { createRequire } from 'module';
const require = createRequire(import.meta.url);

before

// Import the fuzzer base class
const Fuzzer = require("../../harness/fuzzer.js");
X1aoR0 commented 1 year ago

I use frida-compile 16.1.4.The compiled agent.js is also the problem. I can't understand why these two sentences are added, and after adding them, my compilation reports an error. Error: unable to resolve: path, readable-stream, stream, util, readable-stream/passthrough, readable-stream/writable, assert, readable-stream/readable, events, os, buffer, process, constants, tty, net, url, crypto

 ✘ u@MBP ~/Code/fpicker <main ±> $ ./fpicker --fuzzer-mode active -e attach -p test -o examples/test/out/ -i examples/test/in/ -f examples/test/test-fuzzer.js
       __       _      _
      / _|     (_)    | |
     | |_ _ __  _  ___| | _____ _ __
     |  _| '_ \| |/ __| |/ / _ \ '__|
     | | | |_) | | (__|   <  __/ |
     |_| | .__/|_|\___|_|\_\___|_|
         | |
         |_|        Frida-Based Fuzzing Suite
- - - - - - - - - - - - - - - - - - - - - - -

Running fpicker using the following configuration:
- fuzzer-mode:            FUZZER_MODE_STANDALONE_ACTIVE
- coverage_mode:      COVERAGE_MODE_STALKER_SUMMARY
- standalone_mutator:         STANDALONE_MUTATOR_NULL
- communication_mode:         COMMUNICATION_MODE_SEND
- input_mode:             INPUT_MODE_IN_PROCESS
- exec_mode:          EXEC_MODE_ATTACH
- device_type:            DEVICE_LOCAL
- process_name:       test
- command:            (null)
- fuzzer_timeout:         500
- fuzzer_sleep:       100
- verbose:            false
- agent_script:       examples/test/test-fuzzer.js
- corpus_dir:             examples/test/in/
- out_dir:            examples/test/out/
- metrics: enabled

[*] Found 2 Frida devices.
[*] Found desired Frida device: Local System(0)
[*] Trying to attach to process test
[*] Found process test with PID 33317
[*] Attached to process test on frida device Local System
[!] Unable to create agent script: Script(line 1): SyntaxError: expecting '('
[!] Error injecting Frida agent script

The code seems to be a bit old and there are issues with the javascript engine

also in order to be able to execute that script I added

import { createRequire } from 'module';
const require = createRequire(import.meta.url);

before

// Import the fuzzer base class
const Fuzzer = require("../../harness/fuzzer.js");
ttdennis commented 1 year ago

~Oh. Yes it seems that some things in frida-compile have changed. For now you should be able to do the following:~

~Then you should be able to run fpicker again. Make sure that you specify the correct compiled JS file (e.g. -f examples/test/harness.js).~

~This is not an ideal solution. I will have to take a better look at this, but in the short term it should at least get fpicker to run.~

Edit: Nevermind, that doesn't work either. I will have to take a closer look...