1#!/bin/sh 2 3. ./test-pre.sh 4 5$ECHO "$BLUE[*] Testing: frida_mode" 6test -z "$AFL_CC" && { 7 if type gcc >/dev/null; then 8 export AFL_CC=gcc 9 else 10 if type clang >/dev/null; then 11 export AFL_CC=clang 12 fi 13 fi 14} 15 16test -e ../afl-frida-trace.so && { 17 cc -no-pie -o test-instr ../test-instr.c 18 cc -o test-compcov test-compcov.c 19 test -e test-instr -a -e test-compcov && { 20 { 21 mkdir -p in 22 echo 00000 > in/in 23 $ECHO "$GREY[*] running afl-fuzz for frida_mode, this will take approx 10 seconds" 24 { 25 AFL_DEBUG=1 AFL_FRIDA_VERBOSE=1 ../afl-fuzz -m ${MEM_LIMIT} -V07 -O -i in -o out -- ./test-instr >>errors 2>&1 26 } >>errors 2>&1 27 test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { 28 $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode" 29 RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` 30 } || { 31 echo CUT------------------------------------------------------------------CUT 32 cat errors 33 echo CUT------------------------------------------------------------------CUT 34 $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode" 35 CODE=1 36 } 37 rm -f errors 38 39 test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { 40 $ECHO "$GREY[*] running afl-fuzz for frida_mode cmplog, this will take approx 10 seconds" 41 { 42 ../afl-fuzz -m none -V07 -O -c 0 -l 3 -i in -o out -- ./test-compcov >>errors 2>&1 43 } >>errors 2>&1 44 test -n "$( ls out/default/queue/id:000003* 2>/dev/null )" && { 45 $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode cmplog" 46 } || { 47 echo CUT------------------------------------------------------------------CUT 48 cat errors 49 echo CUT------------------------------------------------------------------CUT 50 $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode cmplog" 51 CODE=1 52 } 53 rm -f errors 54 } || { 55 $ECHO "$YELLOW[-] not an intel or arm platform, cannot test frida_mode cmplog" 56 } 57 58 test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { 59 $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds" 60 { 61 #if file test-instr | grep -q "32-bit"; then 62 #else 63 #fi 64 export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep -Ei "T _main|T main" | awk '{print $1}'` 65 $ECHO "Note: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" 66 env|grep AFL_|sort 67 file test-instr 68 export AFL_DEBUG_CHILD=1 69 export AFL_FRIDA_VERBOSE=1 70 ../afl-fuzz -m ${MEM_LIMIT} -V07 -O -i in -o out -- ./test-instr 71 nm test-instr | grep -i "main" 72 unset AFL_FRIDA_PERSISTENT_ADDR 73 } >>errors 2>&1 74 test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { 75 $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent frida_mode" 76 RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` 77 test -n "$RUNTIME" -a -n "$RUNTIMEP" && { 78 DIFF=`expr $RUNTIMEP / $RUNTIME` 79 test "$DIFF" -gt 1 && { # must be at least twice as fast 80 $ECHO "$GREEN[+] persistent frida_mode was noticeable faster than standard frida_mode" 81 } || { 82 $ECHO "$YELLOW[-] persistent frida_mode was not noticeable faster than standard frida_mode" 83 } 84 } || { 85 $ECHO "$YELLOW[-] we got no data on executions performed? weird!" 86 } 87 } || { 88 echo CUT------------------------------------------------------------------CUT 89 cat errors 90 echo CUT------------------------------------------------------------------CUT 91 $ECHO "$RED[!] afl-fuzz is not working correctly with persistent frida_mode" 92 CODE=1 93 } 94 rm -rf in out errors 95 } || { 96 $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent frida_mode" 97 } 98 99 } 100 } || { 101 $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" 102 CODE=1 103 } 104 105 rm -f test-instr test-compcov 106} || { 107 $ECHO "$YELLOW[-] frida_mode is not compiled, cannot test" 108 INCOMPLETE=1 109} 110 111. ./test-post.sh 112