This is an old revision of the document!
03. [30p] AFL
The purpose of this exercise is to identify where bottlenecks appear in a program. For this we will use perf and American Fuzzy Lop (AFL).
Perf is a linux performance analysis tool that we will use to analyze what events occur when running a program.
AFL is a fuzzing tool from google. Fuzzers are used to test programs and applications, using as input all kinds of random data, valid or invalid to map the behavior of the program. To this end, monitoring where and in which area of the program crashes or errors occur. Valid input data is altered little by little, in order to discover as many branches as possible for the given the program.
[5p] Task A - Install Prerequisites and AFL
Before getting started, install and download all the needed tools.
$ sudo apt-get update $ sudo apt-get install clang llvm
$ git clone https://github.com/google/AFL $ cd AFL $ cd llvm_mode && make && cd .. $ cd libdislocator && make && sudo cp libdislocator.so /usr/local/lib/ && cd .. $ sudo make install
[10p] Task B - Fuzzing a program
The target program will be fuzzgoat, a vulnerable program made to be an example for fuzzing. To prepare the program for fuzzing, the source code has to be compiled with the appropriate compiler offerd by AFL:
$ git clone https://github.com/fuzzstati0n/fuzzgoat.git $ cd fuzzgoat $ export CC=afl-clang-fast $ make # creates the fuzzable executable
afl-fuzz -i <input directory> -o <output directory> -- <path to program> @@
$ mkdir afl_out $ afl-fuzz -i in -o afl_out -- ./fuzzgoat/fuzzgoat @@
[15p] Task C - Run perf over it
We will analyze the fuzzing by recording the cpu cycles as main event with perf.
$ perf record -e <event> <command recorded>
$ perf record -e cycles afl-fuzz -i afl_in -o afl_out -- ./fuzzgoat/fuzzgoat @@ #and let it run for a few minutes $ perf report #to print the recorded info
As a result you should get a report showing a list of the most used functions. Make sure to add a ss of it.
