Tuesday, October 27, 2020

libprotobuf&libfuzz Part 2.

 We just dissect the source code from this guy's repo:https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning


we will use same .proto file to generate the messages

there are two main source code for our interess: 

  • lpm_libfuzz.cc: Convert protobuf to raw data and feed it to the target function 
  • harness.cc: Our target function
0x1.LPM_LIBFUZZER.CC


    
    0x1/0x1.ProtoToData analysis
        It creates a stringstream(a string in ourcase,a lie it creates a hashmap as a string) than he contatenates it resuting in :
    a: 33554433
    b: ""
        After that he just checks if checks to see if PROTO_FUZZER_DUMP_PATH is set so we can save crash files.
    
0x2.Harnesser.cc:
    



    there is out fuzzed function.if the generated data starts with '\x01' it generates a trap signal,and stops the fuzzer

at

3 comments:

  1. TestNovember 20, 2020 at 3:34 AM

    Hi

    It seems that you have not posted relevant posts/entries after continuous assessment.

    Please do not fall behind and keep blogging and updating posts because please do remember the final assessment is solely based on the content of your blog.

    We have to put additional effort to ensure we have more than the minimum required posts, with great detail, references, images, diagrams, tables, charts and even videos.


    Please complete primary research and diagram as we have discussed previously and start working upon case study.

    Many thanks
    Chirag

    ReplyDelete
  2. TestDecember 4, 2020 at 3:43 AM

    Hi

    Please work upon previous feedback and information provided with.
    You can still improve with the use paraphrasing and improve expressing ideas/research.
    Please add full commentary into all relevant posts.

    Many thanks
    Chirag

    ReplyDelete
  3. TestDecember 4, 2020 at 3:43 AM

    Hi

    This is general guide on total number of expected blog posts. please note that it is possible to have more than 30 posts:

    Welcome Post
    Introduction Post
    Current Skills Post
    Initial Idea 1 Post
    Initial Idea 2 Post
    Project Theme Post
    Project Plan
    Gantt Chart
    Computer Ethics 1
    Computer Ethics 2
    Essay (Introduction)
    Essay (Main Body)
    Essay (Conclusion)
    Survey (Questions)
    Survey (Analysis)
    Survey (Analysis)
    Diagram 1
    Diagram 2
    Diagram 3
    Case Study (Introduction)
    Case Study (Literature Review)
    Case Study (Methods)
    Case Study (Discussion)
    Case Study (Conclusion)
    Software (Evaluation)
    Software (Evaluation)
    Software (Example)
    Computer Law
    Models & Methodologies
    Academic Paper Summary (This is an optional blog post)

    Many thanks
    Chirag

    ReplyDelete

Subscribe to: Post Comments (Atom)

libprotobuf&libfuzz Part 2.

 We just dissect the source code from this guy's repo:https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning we will use sam...

  • libprotobuf&libfuzz Part 1.
    0x1.Introduction Protocol Buffers        I s a protocol that serializes data structures.It was developed by Google, and it is a language-ind...
  • Fuzzing with libafl
     Introduction to libFuzzer libFuzzer is part of the LLVM package.It allows you to integrate the coverage-guided fuzzer logic into your C/C++...
  • ESSAY ON WHY DEVELOPERS SHOULD START HACKING
           In the previous years,we have seen a continuous growing of cyber breaches and attack.Most of them arose due to some coding mistake,ei...