• Stars
    star
    125
  • Rank 286,335 (Top 6 %)
  • Language
    Python
  • License
    GNU Affero Genera...
  • Created over 5 years ago
  • Updated about 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Grimoire: Synthesizing Structure while Fuzzing

Grimoire is coverage-guided fuzzer for structured input languages. It is built upon Redqueen.

The fuzzer is based on our paper (slides, recording):

@inproceedings{blazytko2019grimoire,
    author = {Tim Blazytko and Cornelius Aschermann and Moritz Schl{\"o}gel and Ali Abbasi and Sergej Schumilo and Simon W{\"o}rner and Thorsten Holz},
    title =  {{GRIMOIRE}: Synthesizing Structure while Fuzzing},,
    year = {2019},
    booktitle = {USENIX Security Symposium} 
}

Setup

  1. Setup Redqueen
  2. Apply Patch qemu.patch to QEMU-PT
  3. Use this python code base instead of Redqueen's kAFL-Fuzzer
  4. Create a string dictionary (for string mutations) via strings -n3 -d <path to binary> | grep -v "\s" | sort | uniq > dict.txt
  5. Prepare binary and fuzz as described here. To use the dictionary, add -I <dict file> to kafl_fuzz.py.

Code

Grimoire can be understood as a patch applied to Redqueen's code base. The published source code contains Redqueen's fuzzing logic, the implementation of Grimoire as well as its interaction with Redqueen.

In detail, Grimoire's is organized as follows:

Inference Logic

The inference logic (paper section 3.1) is contained in fuzzer/technique/grimoire_inference.py.

Mutations

Grimoire's large-scale mutations (paper section 3.2) are contained in fuzzer/technique/grimoire_mutations.py.

Interaction with Redqueen

fuzzer/scheduler.py defines GrimoireScheduler, which is used in Redqueen's InputQueue in file fuzzer/queue.py. Everytime a SlaveProcess (fuzzer/process/slave.py) requests a new input from the queue, a non-generalized input that triggered new coverage will be returned.

This input is then generalized in the state grimoire_inference in FuzzingStateLogic (fuzzer/state_logic.py)

In a later fuzzing stage---during Redqueen's havoc mutation phase---Grimoire's mutations will be applied in FuzzingStateLogic.

More Repositories

1

DroneSecurity

DroneSecurity (NDSS 2023)
Python
945
star
2

kAFL

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Python
550
star
3

redqueen

Python
339
star
4

OMEN

OMEN: Ordered Markov ENumerator - Password Guesser
C
313
star
5

Microcode

Microcode Updates for the USENIX 2017 paper: Reverse Engineering x86 Processor Microcode
Python
297
star
6

syntia

Program synthesis based deobfuscation framework for the USENIX 2017 paper "Syntia: Synthesizing the Semantics of Obfuscated Code"
Python
296
star
7

mobile_sentinel

Python
187
star
8

nyx-net

Python
176
star
9

Nyx

USENIX 2021 - Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types
C
169
star
10

ijon

C
164
star
11

GANDCTAnalysis

Code for the ICML 2020 paper: Leveraging Frequency Analysis for Deep Fake Image Recognition.
Python
161
star
12

nautilus

a grammar based feedback fuzzer
Rust
158
star
13

aurora

Usenix Security 2021 - AURORA: Statistical Crash Analysis for Automated Root Cause Explanation
Rust
146
star
14

loki

Hardening code obfuscation against automated attacks
Python
125
star
15

Password-Guessing-Framework

A Framework for Comparing Password Guessing Strategies
Python
120
star
16

Marx

Uncovering Class Hierarchies in C++ Programs
C++
114
star
17

antifuzz

AntiFuzz: Impeding Fuzzing Audits of Binary Executables
C
101
star
18

EthBMC

The code repository for the 2020 Usenix Security paper "EthBMC: A Bounded Model Checker for Smart Contracts"
Rust
91
star
19

WaveFake

Python
71
star
20

SiemensS7-Bootloader

Client utility for Siemens S7 bootloader special access feature
Python
55
star
21

NEMO

Modeling Password Guessability Using Markov Models
Python
54
star
22

gadget_synthesis

Esorics 2021 - Towards Automating Code-Reuse Attacks Using Synthesized Gadget Chains
Python
54
star
23

EvilCoder

Code for the paper EvilCoder: Automated Bug Insertion at ACSAC 2016
Java
42
star
24

JIT-Picker

Swift
34
star
25

cupid

Cupid: Automatic Fuzzer Selection for Collaborative Fuzzing
C
29
star
26

Probfuscator

An Obfuscation Approach using Probabilistic Control Flows
C#
28
star
27

Hypercube

NDSS 2020 - HYPER-CUBE: High-Dimensional Hypervisor Fuzzing
C
24
star
28

ijon-data

14
star
29

PrimGen

ACSAC 2018 paper: Towards Automated Generation of Exploitation Primitives for Web Browsers
HTML
13
star
30

adversarial-papers

TeX
12
star
31

DroneSecurity-Fuzzer

DroneSecurity Fuzzer (NDSS 2023)
11
star
32

dompteur

C++
10
star
33

we-value-your-privacy

Results and data from the paper "We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy"
9
star
34

VPS

VTable Pointer Separation
C++
7
star
35

APC

Android (Unlock) Pattern Classifier
Kotlin
6
star
36

WindowsVTV

MinGW for 32bit with Vtable pointer verification (VTV)
C++
6
star
37

nyx-net-profuzzbench

Shell
6
star
38

PriDi

Python
5
star
39

xTag-mtalloc

C
5
star
40

SUCI-artifacts

some PCAPs and logs
5
star
41

ASSS

Application-Specific Software Stacks
4
star
42

xTag

4
star
43

MiddleboxProtocolStudy

Auxiliary material for NDSS'20 paper: On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways
Python
4
star
44

Password-Strength-Meter-Accuracy

Measuring the Accuracy of Password Strength Meters
Python
3
star
45

uninformed-consent

Repo for material related to the CCS 2019 paper, "(Un)informed Consent: Studying GDPR Consent Notices in the Field"
3
star
46

be-the-phisher

Code related to the study presented in "Be the Phisher - Understanding Users’ Perception of Malicious Domains" @ AsiaCCS 2020
Jupyter Notebook
2
star
47

symtegrity

Code for the DIMVA 2018 paper "On the Weaknesses of Function Table Randomization"
2
star
48

MastersOfTime

2
star
49

libXSGS

Implementation of Delerablée and Pointcheval's eXtremely Short Group Signatures (XSGS)
Shell
2
star
50

xTag-llvm

C++
1
star
51

MachineCodeTimings

JavaScript
1
star
52

tropyhunter

TODO
Python
1
star
53

GDPR-fines

Supplemental Material for the PETS 2022 Paper "Investigating GDPR Fines in the Light of Data Flows"
Jupyter Notebook
1
star
54

GeneratedMediaSurvey

Jupyter Notebook
1
star