Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 24 Apr 2015 22:10:53 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Advice on proposal: John the Ripper jumbo robustness

> A week ago, in version 1.69b, afl have got support for deferred
> initialization in LLVM mode. Please try it.

I would have done a lot of useless work without your suggestion, thanks.

I use the latest version: afl-1.71b, and the fuzzing speed can reach 2200
exec/sec. Below are the detailed steps.

1. Install afl-1.71b

$ cd afl-1.71b
$ make && sudo make install
$ cd llvm_mode
$ make

There is an error on my computer and I have reported it to the afl-user
group. Even though there is an error, the afl-clang-fast can be generated
and we can ignore the error currently.

2. Change john.c

Next, insert the following global function declaration somewhere in the
source file:

void __afl_manual_init(void);

...and add a call to this function in the desired location before
recompiling
the project with afl-clang-fast (afl-gcc and afl-clang will *not* work).

Attachment is the patch that change john.c to fuzz faster.

3. Compile john

$ CC=/path/to/afl-clang-fast ./configure --disable-openmp
$ make

3.1 Can we instrumenting only necessary minimum ?

No, I tried but failed.

$ CC=clang ./configure && make && rm 7z_fmt_plug.o john.o
$ make CC=.../path/to/afl-clang-fast

There are a lot of compile errors.

3.2 Why disable openmp?

AFL can't clone thread easily. So we should disable thread before the
__afl_manual_init() function.

4. Fuzz

$ export AFL_DEFER_FORKSRV='1'
$ echo '[Options]' > local.conf
$ echo garbage > test_cases/test.pw
$ afl-fuzz -m none -i test_cases/ -o out ../john @@ --nolog
--skip-self-test --format=7z --config=local.conf

The exec speed is around 2200 exec/sec.

run time            : 0 days, 0 hrs, 23 min, 28 sec
cycles done      : 1
total paths        : 192
total execs        : 3.10M
exec speed      : 2185/sec
favored paths   : 25
new edges on  : 43


Thanks,

Kai

Content of type "text/html" skipped

Download attachment "0001-change-john.c-to-make-it-start-faster.patch" of type "application/octet-stream" (1663 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.