iOS support and mmap #8
Comments
hexcoder-
added
enhancement
|
I will do the autodetection magic tomorrow |
|
done! Makefile autodetects if shm_open is availabel or not. plus some other fixes. now we need to check if it is compiles fine on iphones, android, openbsd, MAC OS, etc. |
|
@ALL: testing for IOS and Mac OS X as well as Android is still needed. Please use the master for testing, not the branch |
|
Regarding Android: this needs support of ashmem API. Yet another shared memory interface. |
|
@hexcoder- dont we have mmap and ashmem now? does this still needs to be open? |
|
I think yes until someone will test it on iOS |
|
Yes, but I was not able to verify. |
|
I have Macbooks and jailbroken iPhones lying around, anything in particular I should try? |
|
@domenukk - just see if it compiles and test.sh works :) |
|
@domenukk - I never researched what minimum SDK is needed (and where to get it). Too much on my plate already... |
|
For sure the link in the docu how to disable the MacOS crash daemon is broken... |
|
if it would not be broken very likly it would be outdated too :) |
|
https://github.com/kholia/OSX-KVM |
|
I've tried it on MacOS. Happy to report even Unicorn Mode works. Speed with persistent mode is pretty good. |
|
@domenukk so we can close this? MacOS works? how about iOS? |
|
Mac OS works, however I never got around to test it on iOS as I just don't know how to set this up easily. Will try with my jailbroken phone later. |
|
It works in iOS if the other shmget implementation is used. I hope we get a PR for this. |
This had caused an assert SIGABRT with LibreOffice (see <https://git.libreoffice.org/core/+/ e2c9ac71cec0f205b1d4864538e8158c22558296%5E%21> "ofz#30767 Build-Failure") at > AFLplusplus#3 0x00007ffff7a07026 in __GI___assert_fail (assertion=0x7ffff79c3b98 "isString() && \"Not a string\"", file=0x7ffff79c3800 "~/llvm/inst/include/llvm/IR/Constants.h", line=661, function=0x7ffff79c3bb5 "llvm::StringRef llvm::ConstantDataSequential::getAsString() const") at /usr/src/debug/glibc-2.32-37-g760e1d2878/assert/assert.c:101 > AFLplusplus#4 0x00007ffff79b9dd1 in llvm::ConstantDataSequential::getAsString (this=0xcb75f90) at ~/llvm/inst/include/llvm/IR/Constants.h:661 > AFLplusplus#5 0x00007ffff79b8645 in (anonymous namespace)::AFLdict2filePass::runOnModule (this=0xd175d50, M=...) at ~/AFLplusplus/instrumentation/afl-llvm-dict2file.so.cc:406 > AFLplusplus#6 0x000000000550fb63 in (anonymous namespace)::MPPassManager::runOnModule (M=..., this=<optimized out>) at ~/llvm/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1550 > AFLplusplus#7 llvm::legacy::PassManagerImpl::run (this=0x9925a90, M=...) at ~/llvm/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:541 > AFLplusplus#8 0x000000000550feb9 in llvm::legacy::PassManager::run (this=this@entry=0x7fffffff91c0, M=...) at ~/llvm/llvm-project/llvm/lib/IR/LegacyPassManager.cpp:1677 > AFLplusplus#9 0x000000000653efb3 in (anonymous namespace)::EmitAssemblyHelper::EmitAssembly (this=this@entry=0x7fffffff9670, Action=Action@entry=clang::Backend_EmitObj, OS=std::unique_ptr<llvm::raw_pwrite_stream> = {...}) at ~/llvm/llvm-project/clang/lib/CodeGen/BackendUtil.cpp:1015 > AFLplusplus#10 0x0000000006540856 in clang::EmitBackendOutput (Diags=..., HeaderOpts=..., CGOpts=..., TOpts=..., LOpts=..., TDesc=..., M=0x944b6f0, Action=<optimized out>, OS=...) at /usr/include/c++/10/bits/move.h:76 > AFLplusplus#11 0x000000000689383c in clang::BackendConsumer::HandleTranslationUnit (this=0x944a210, C=...) at ~/llvm/llvm-project/clang/include/clang/Basic/TargetInfo.h:1076 > AFLplusplus#12 0x00000000078fe1c9 in clang::ParseAST (S=..., PrintStats=<optimized out>, SkipFunctionBodies=<optimized out>) at ~/llvm/llvm-project/clang/lib/Parse/ParseAST.cpp:171 > AFLplusplus#13 0x00000000067b9729 in clang::FrontendAction::Execute (this=this@entry=0x941b1a0) at ~/llvm/llvm-project/clang/lib/Frontend/FrontendAction.cpp:949 > AFLplusplus#14 0x00000000066f6586 in clang::CompilerInstance::ExecuteAction (this=this@entry=0x940f390, Act=...) at ~/llvm/llvm-project/clang/lib/Frontend/CompilerInstance.cpp:949 > AFLplusplus#15 0x000000000686ecfb in clang::ExecuteCompilerInvocation (Clang=Clang@entry=0x940f390) at ~/llvm/llvm-project/clang/lib/FrontendTool/ExecuteCompilerInvocation.cpp:278 > AFLplusplus#16 0x00000000039f6f04 in cc1_main (Argv=..., Argv0=0x7fffffffcc0c "~/llvm/inst/bin/clang-13", MainAddr=MainAddr@entry=0x39f0a60 <GetExecutablePath[abi:cxx11](char const*, bool)>) at ~/llvm/llvm-project/clang/tools/driver/cc1_main.cpp:246 > AFLplusplus#17 0x00000000039f054d in ExecuteCC1Tool (ArgV=...) at ~/llvm/llvm-project/clang/tools/driver/driver.cpp:330 > AFLplusplus#18 0x00000000039f25c5 in main (argc_=<optimized out>, argc_@entry=145, argv_=<optimized out>, argv_@entry=0x7fffffffc3d8) at ~/llvm/llvm-project/clang/tools/driver/driver.cpp:407 when (in frame AFLplusplus#5) FuncName is "_ZNKSt17basic_string_viewIDsSt11char_traitsIDsEE4findEPKDsm" (i.e., > std::basic_string_view<char16_t, std::char_traits<char16_t> >::find(char16_t const*, unsigned long) const ) and thus isStdString is true.
This puts most of the pieces in place to run experiments locally except for storage which will require GCS. Once break that dependency and fix a few other minor issues, local experiments should work.
I found the work of Proteas for ios support and expanded a bit on it in this branch.
iOS needs a different API for using shared memory (mmap-based).
I adapted it, refactored some common shared memory handling code into one place, made it the default and tested it for Linux (which has mmap and shmat).
I also extended afl-as.h to support non-llvm-mode (but I am not an assembly programmer).
It would be nice if the adapted programs (afl-as, afl-fuzz, afl-analyze, afl-showmap, afl-tmin, afl-gcc, afl-g++, afl-clang, afl-clang++) could be tested for other platforms (maybe even for iOS).
My hope is that the mmap API is generally more available thus making afl more portable.
TODO: we need to auto detect whether the mmap API is available else fallback to shmat().
The text was updated successfully, but these errors were encountered: