image
uniFuzzer is a fuzzing tool for closed-source binaries based on Unicorn and LibFuzzer . Currently it supports fuzzing 32-bits LSB ELF files on ARM/MIPS, which are usually seen in IoT devices. 中文介绍 Features very little hack and easy to build can target any specified function or code snippet coverage-guided fuzzing with considerable speed dependence resolved and loaded automatically library function override by PRELOAD Build Reverse the target binary and find interesting functions for fuzzing. Create a .c file in the directory callback , which should contain the following callbacks: void onLibLoad(const char *libName, void *baseAddr, void *ucBaseAddr) : It's invoked each time an dependent library is loaded in Unicorn. int uniFuzzerInit(uc_engine *uc) : It's invoked just after all the binaries been loaded in Unicorn. Stack/heap/registers can be setup up here. int uniFuzzerBeforeExec(uc_engine *uc, const uint8_t *data, size_t len) : It's invoked before each round of fuzzing execution. int uniFuzzerAfterExec(uc_engine *uc) : It's invoked after each round of fuzzing execution. Run make and get the fuzzing tool named uf . Run uniFuzzer uses the following environment variables as parameters: UF_TARGET : Path of the target ELF file UF_PRELOAD : Path of the preload library. Please make sure that the library has the same architecture as the target. UF_LIBPATH : Paths in which the dependent libraries reside. Use : to separate multiple…