Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 Mar 2015 07:55:00 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Extend AFL to fuzz as you want

> XML is sure not convenient but it is powerful

Sorry I forgot to describe why XML is powerful. XML can handle complex
formats, such as
7z format. The 7z format is as follow:

$7z$0$19$0$1122$8$d1f50227759415890000000000000000$1412385885$ data_length
$112$ data

The valid() function require  strlen(data) == data_length *  2.

Complex hash formats like 7z can be handled with XML. But it's impossible
for the expression
like "$siemens-s7$1$%40h$%40h". I think the expression is good but it can
handle complex
hash format.

If we want to fuzz valid(), the expression like "$siemens-s7$1$%40h$%40h"
is ok.
If we want to fuzz functions after valid(), the expression can not do that.


Thank you,

sincerely

Kai

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.