Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Mar 2015 00:22:13 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Any advice on how to fuzz john jumbo by AFL

> How much exec/sec do you get with unmodified/modified john in afl? How
much total paths discovered?

Both total execs and total paths are 41.

I modified john by comment the function john_run() in "src/john.c" in order
to just fuzz the john_init() function which involves format valid.

On Sun, Mar 8, 2015 at 12:12 AM, Alexander Cherepanov <ch3root@...nwall.com>
wrote:

> On 2015-03-07 16:22, Kai Zhao wrote:
>
>> Hi, I fuzzed john jumbo two days but without find any crashes. The fuzz
>> result indicates that john jumbo is robust or my fuzz test go somewhere
>> wrong place.
>>
>> My fuzz testing steps as follows:
>>
>>    1. fuzz unshallow
>>        1.1 fuzz time about 6 hours
>>        1.2 no crash
>>
>>    2. fuzz john without any change
>>        2.1 the input test is copy from the test cases in the
>> src/*_fmt_plug.c
>>        2.2 fuzz time about 20 hours
>>        2.3 fuzz slow because the john try to crack the input files
>>        2.4 no crash
>>
>>   3. fuzz john with change source code
>>       3.1 I comment the line:  john_run() in src/john.c in order to only
>> test the
>>             john_init function which involves format valid
>>       3.2 fuzz time about 6 hours
>>       3.3 fuzz fast
>>       3.4 no crash
>>
>
> How much exec/sec do you get with unmodified/modified john in afl? How
> much total paths discovered?
>
>  Maybe you have some good advice on how to fuzz john. Thank you.
>>
>
> There are some john options to play with, e.g. --max-run-time=N and
> --skip-self-tests. Then there are some general things to try: build the
> program with hardening, build 32-bit version, try AddressSanitizer (but
> there are caveats -- see notes_for_asan.txt in afl) etc.
>
> As for code reviews, don't forget code analyzers, e.g. cppcheck, Clang
> Static Analyzer.
>
> --
> Alexander Cherepanov
>



-- 
loverszhaokai
motto:You got a dream and you gotta protect it.
github:https://github.com/loverszhaokai
blog:http://www.cnblogs.com/lovers/

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.