Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 07 Mar 2015 21:32:17 +0300
From: Alexander Cherepanov <>
Subject: Re: Any advice on how to fuzz john jumbo by AFL

On 2015-03-07 19:22, Kai Zhao wrote:
>> How much exec/sec do you get with unmodified/modified john in afl? How
>> much total paths discovered?
> Both total execs and total paths are 41.

AFL shows "total execs : 41" in the "stage progress" part of its status 
screen after 6 hours of work? That's definitely wrong.

"total paths : 41" is possible if you took one simple hash as input. In 
case of john, afl cannot jump from a hash for one format to a hash for 
another format because most formats have specific tags in their hashes. 
You have to either take hashes for all formats or prepare a dictionary 
of all tags (afl-fuzz -x).

> I modified john by comment the function john_run() in "src/john.c" in order
> to just fuzz the john_init() function which involves format valid.

That's nice.

> On Sun, Mar 8, 2015 at 12:12 AM, Alexander Cherepanov <>
> wrote:
>> On 2015-03-07 16:22, Kai Zhao wrote:
>>> Hi, I fuzzed john jumbo two days but without find any crashes. The fuzz
>>> result indicates that john jumbo is robust or my fuzz test go somewhere
>>> wrong place.

Please don't include a full copy of the email you are replying to unless 
it's necessary for some reason.

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.