search

zyw-200 / FirmAFL

FIRM-AFL is the first high-throughput greybox fuzzer for IoT firmware.
GNU General Public License v3.0
432 stars 90 forks source link

Timeout while initializing fork server #6

Open DerZc opened 4 years ago

DerZc commented 4 years ago

When I took the last step python start.py 9050, I meat this question:

qemu-system-mipsel: -net nic,vlan=0: 'vlan' is deprecated. Please use 'netdev' instead. File "test.py", line 15 print "[+] sending buffer size", len(buf) ^ SyntaxError: invalid syntax ./afl-fuzz -m none -t 800000+ -Q -i ./inputs -o ./outputs -x keywords afl-fuzz 2.52b by lcamtuf@google.com [+] You have 1 CPU core and 0 runnable tasks (utilization: 0%). [] Setting up output directories... [] Scanning './inputs'... [+] No auto-generated dictionary tokens to reuse. [] Creating hard links for all input files... [] Loading extra dictionary from 'keywords' (level 0)... [+] Loaded 115 extra tokens, size range 4 B to 126 B. [!] WARNING: Some tokens are relatively large (126 B) - consider trimming. [] Validating target binary... [] Attempting dry run with 'id:000000,orig:seed'... dry run:./outputs/queue/id:000000,orig:seed [*] Spinning up the fork server...

[-] PROGRAM ABORT : Timeout while initializing fork server (adjusting -t may help) Location : init_forkserver(), afl-fuzz.c:2129

how can I do? Thank you

kchurch981 commented 4 years ago

I had this same issue and after a few days of trying things I came up with these renditions to the original installation process. If you have not already discovered this, there appears to be an incorrect statically defined function in both the user_mode and qemu_mode directories. The steps to be completed to resolve this issue are as follows:

cd ./FirmAFL/user_mode/
sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-linux-user,mips-linux-user,arm-linux-user --static --disable-werror
make

and 

cd ../qemu_mode/DECAF_qemu_2.10/
 sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-softmmu,mips-softmmu,arm-softmmu --disable-werror
make

The only difference between this and the initial installation is the sed command that is used to remove the static definition of the function causing compilation issues.

Next as an alternative to editing the run.sh file I simply copied the file from the FirmAFL_config directory as follows:

cp ./FirmAFL_config/9050/run.sh ./image_9050/ Now upon running the start.py command my issue was resolved.

DerZc commented 4 years ago

thank you verymuch, but I still meet the question that timeout

kchurch981 commented 4 years ago

Hmm not exactly certain what would be causing if that didn't resolve your issue you could perhaps try to reinstall it I will drop a script i wrote for automating the process just make sure you edit it to your environment.

#!/bin/bash

git clone https://github.com/zyw-200/FirmAFL.git

#Setup User mode
cd ./FirmAFL/user_mode/
sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-linux-user,mips-linux-user,arm-linux-user --static --disable-werror
make

#Setup System mode
cd ../qemu_mode/DECAF_qemu_2.10/
sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-softmmu,mips-softmmu,arm-softmmu --disable-werror
make

#Setup firmadyne
cd ../../
sudo apt-get install busybox-static fakeroot git dmsetup kpartx netcat-openbsd nmap python-psycopg2 python3-psycopg2 snmp uml-utilities util-linux vlan
git clone --recursive https://github.com/firmadyne/firmadyne.git

git clone https://github.com/devttys0/binwalk.git
cd binwalk
sudo ./deps.sh
sudo python ./setup.py install
sudo apt-get install python-lzma
sudo -H pip install git+https://github.com/ahupp/python-magic
sudo -H pip install git+https://github.com/sviehb/jefferson

cd ../firmadyne
sudo apt-get install postgresql
dropdb -U firmadyne -h 127.0.0.1 firmware
sudo -u postgres createuser -P firmadyne
sudo -u postgres createdb -O firmadyne firmware
cd database
cp /home/churchkm/Downloads/data.xz ./ #edit this to the location of the FirmAFL downloaded schema
xz -d data.xz
mv data schema
chmod +x schema
sudo -u postgres psql -d firmware < ./schema
cd ../ 
./download.sh
sed -i '4s/#//' firmadyne.config
sed -i '4s/\/home\/vagrant\/firmadyne\//\/home\/churchkm\/Applications\/FirmAFL\/firmadyne/' firmadyne.config #Edit this to your firmadyne directory
cp ../firmadyne_modify/makeImage.sh ./scripts/
./sources/extractor/extractor.py -b dlink -sql 127.0.0.1 -np -nk "../firmware/DIR-815_FIRMWARE_1.01.ZIP" images
./scripts/getArch.sh ./images/9050.tar.gz
./scripts/makeImage.sh 9050
./scripts/inferNetwork.sh 9050
cd ../ 
python FirmAFL_setup.py 9050 mipsel
cp ./FirmAFL_config/9050/run.sh ./image_9050/

Hopefully this is helpful

Aaron911 commented 4 years ago

I have this same issue in the image_id of "105609", but the image_id od "8050" works well. So have you resolved the issue?

josephKhoury95 commented 3 years ago

Hmm not exactly certain what would be causing if that didn't resolve your issue you could perhaps try to reinstall it I will drop a script i wrote for automating the process just make sure you edit it to your environment.

#!/bin/bash

git clone https://github.com/zyw-200/FirmAFL.git

#Setup User mode
cd ./FirmAFL/user_mode/
sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-linux-user,mips-linux-user,arm-linux-user --static --disable-werror
make

#Setup System mode
cd ../qemu_mode/DECAF_qemu_2.10/
sed -i '40s/static //' util/memfd.c
./configure --target-list=mipsel-softmmu,mips-softmmu,arm-softmmu --disable-werror
make

#Setup firmadyne
cd ../../
sudo apt-get install busybox-static fakeroot git dmsetup kpartx netcat-openbsd nmap python-psycopg2 python3-psycopg2 snmp uml-utilities util-linux vlan
git clone --recursive https://github.com/firmadyne/firmadyne.git

git clone https://github.com/devttys0/binwalk.git
cd binwalk
sudo ./deps.sh
sudo python ./setup.py install
sudo apt-get install python-lzma
sudo -H pip install git+https://github.com/ahupp/python-magic
sudo -H pip install git+https://github.com/sviehb/jefferson

cd ../firmadyne
sudo apt-get install postgresql
dropdb -U firmadyne -h 127.0.0.1 firmware
sudo -u postgres createuser -P firmadyne
sudo -u postgres createdb -O firmadyne firmware
cd database
cp /home/churchkm/Downloads/data.xz ./ #edit this to the location of the FirmAFL downloaded schema
xz -d data.xz
mv data schema
chmod +x schema
sudo -u postgres psql -d firmware < ./schema
cd ../ 
./download.sh
sed -i '4s/#//' firmadyne.config
sed -i '4s/\/home\/vagrant\/firmadyne\//\/home\/churchkm\/Applications\/FirmAFL\/firmadyne/' firmadyne.config #Edit this to your firmadyne directory
cp ../firmadyne_modify/makeImage.sh ./scripts/
./sources/extractor/extractor.py -b dlink -sql 127.0.0.1 -np -nk "../firmware/DIR-815_FIRMWARE_1.01.ZIP" images
./scripts/getArch.sh ./images/9050.tar.gz
./scripts/makeImage.sh 9050
./scripts/inferNetwork.sh 9050
cd ../ 
python FirmAFL_setup.py 9050 mipsel
cp ./FirmAFL_config/9050/run.sh ./image_9050/

Hopefully this is helpful

Hello @kchurch981, I want to use your solution.

  1. But I have a few questions, can you please tell me why you copied data.xz to the database directory in firmadyne? and what's the content of data.xz?
  2. Also, when I execute extractor.py the output image will be created under the image id, which starts by 1, then 2 for the next image, and so on... Do I have to manually rename the image to 9050? can you please give me some help regarding this point?
G4TT0 commented 1 year ago

Hi I have the same issue as DerZc, has anybody found the solution?