I followed the BKM as is, with 5.5 kernel and the stretch.img downloaded from the site as well as creating one myself.
Things I tried:
- Try with input seeds from seeds/ . Change the input seed from the given set to ones I created.
- Load a usb device image with qemu and loaded.
- Tried running with the bzImage in the repo as well as one I created myself (no special instrumentaion- only the patching recommended in this BKM)
Every trial resulted in the same outcome, show below.
~/fuzz/USBFuzz$ ./USBFuzz --seeddir seeds --kernel_image bzImage --os_image stretch.img
afl-fuzz USBFuzz-Adaption-V1.0 by <lcamtuf@google.com>
[+] Disabling the UI because AFL_NO_UI is set.
[+] You have 96 CPU cores and 5 runnable tasks (utilization: 5%).
[+] Try parallel jobs - see docs/parallel_fuzzing.txt.
[*] Checking CPU core loadout...
[+] Found a free CPU core, binding to #1.
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'seeds'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:usb_s04tbco'...
[*] Spinning up the fork server...
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. Perhaps there is a horrible bug in the
fuzzer. Poke <lcamtuf@coredump.cx> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : init_forkserver(), afl-fuzz.c:2266
I followed the BKM as is, with 5.5 kernel and the stretch.img downloaded from the site as well as creating one myself.
Things I tried:
Every trial resulted in the same outcome, show below.