syzdescriptor generates syzkaller descriptions by analyzing the code of a compiled
kernel. It uses FTDB for means of
easy static analysis.
It allows the user to generate accurate and fuzzing-ready syzkaller descriptions for a given kernel build.
Requirements:
- Python 3.10
- CAS
- SEAL (if you want fuzzing ready configs, SEAL has to generate mapping between kernel functions and filesystem nodes)
All Python dependencies should be satisifed by installing syzdescriptor with pip.
pip install https://github.com/Samsung/syzdescriptorGenerate configs, filtered by permissions from SEAL. Passing --software-version and --model will generate info.json summary file
$ syzdescriptor vmlinux_db.img --foka foka_v2.json --filter-permissions --arch arm64 -o full_configs/ --software-version 1234 --model PIXEL2Generate configs without paths to nodes, if you don't have SEAL at the time of generation
$ syzdescriptor vmlinux_db.img --arch arm64 -o stub_configs/Replace stub comments with actual open() syscalls (does in place replacement so -o argument must point to a working directory containing previously generated stubs)
$ syzdescriptor vmlinux_db.img --replace -o stub_configs/ --filter-permissions --foka foka_v2.json- Michał Lach
- Mateusz Mańko (Author of original, clang-based
syzdescriptor)
syzdescriptor is an Open Source project released under the term of MIT License