Added Ghidra support for static analysis

README.md

@@ -1,4 +1,4 @@
-VUzzer(64)
+VUzzer(64) Version 1.0
 ===========
 
 About
@@ -21,7 +21,7 @@ The requirements for running VUzzer64 are:
    in /usr/include folder.
 *  BitMagic: http://bmagic.sourceforge.net/ - To install it in your system do ```sudo apt-get install bmagic```
 *  BitVector module for python.
-*  IDA disassembler to run static analysis part of VUzzer. Ashley (a MS student from Grenoble) visited VUSec as intern and developed a 'angr' (http://angr.io/) based static analysis module. The code can be found at https://github.com/ash09/angr-static-analysis-for-vuzzer64 (yet to be populated!). However, it should be noted that we have not tested this script much and one can expect some glitches specially on large complex applications! If you have questions on this script, please direct them to Ashley.
+*  Ghidra RE tool -OR- IDA disassembler to run static analysis part of VUzzer -OR- Ashley (a MS student from Grenoble) visited VUSec as intern and developed a 'angr' (http://angr.io/) based static analysis module. The code can be found at https://github.com/ash09/angr-static-analysis-for-vuzzer64 (yet to be populated!). However, it should be noted that we have not tested this script much and one can expect some glitches specially on large complex applications! If you have questions on this script, please direct them to Ashley.
 
 We have tested VUzzer by running it on Ubuntu 18.04 LTS, Linux 4.15.0 image.   
 

fuzzer-code/config.py

@@ -109,7 +109,7 @@
 BBMAXFREQ=10000
 
 #set max weight to be considered for a BB
-BBMAXWEIGHT=2048 
+BBMAXWEIGHT=65536#2048 
 
 # set the impact of executing error BB on total number of BB. intuitively, it means how many BBs should be nullified by total error BBs. we calculate a negative weight which is based on the total BBs executed by an input and total error BBs detected so far. and the negative weight will be calculated dynamically by using the formula: - len(bbdict)xERRORBBPERCENTAGE/(NumErrorBB) 
 ERRORBBPERCENTAGE=0.5#0.1 #(30%)
@@ -167,8 +167,8 @@
 PROBMUT=0.9#0.8
 
 # set the probability of choosing MOSTCOMMON last value for a offset. Larger the value, more probability of chossing last value (default should be 8)
-MOSTCOMNLAST= 8 #For LAva-M dataset, set this value to <=4
-RANDOMCOMN= False#True # this is to skip setting most common values for a offset sometimes. For LAVA-M, set this value to True.
+MOSTCOMNLAST= 6 #For LAva-M dataset, set this value to <=4
+RANDOMCOMN= True # this is to skip setting most common values for a offset sometimes. For LAVA-M, set this value to True.
 
 # stoping condition "if found a crash, stop"
 STOPONCRASH=False 

fuzzer-code/crash.bin

@@ -1 +1 @@
-110x7fffe45da85a0x7fffe45da8630x7fffe45da8650x7fffe45da86d0x7fffe45da8760x7fffe45da8210x418ad10x418adf0x418afe0x418b0c0x4013000x41a7600x4013000x41a7600x401300
+110x7fffe4134cbb0x7fffe4134ccf0x7fffe41da67b0x7fffe41da6910x7fffe41da57f0x7fffe41da58f0x5555555561ea0x5555555573870x5555555568f00x5555555568fa0x7fffe4132ea00x7fffe41311900x7fffe41b61400x7fffe40c72c80x5555555568f0

fuzzer-code/datatemp/b64/f1.b64

@@ -0,0 +1,71 @@
+KGxwMApjX19idWlsdGluX18Kc2V0CnAxCigobHAyClMnXHgwNFx4MDBceDAwJwpwMwphUyc6XHgw
+MCcKcDQKYVMnOlx4MDEnCnA1CmFTJzpceDAyJwpwNgphUydceDEwXHgwMCcKcDcKYVMnICInCnA4
+CmFTJ1x4MDBceGZmXHhmZicKcDkKYVMnICAnCnAxMAphUydAXHg4MScKcDExCmFTJyApJwpwMTIK
+YVMnQFx4OTInCnAxMwphUydAXHg5MCcKcDE0CmFTJ0BceDkxJwpwMTUKYVMnIFx4MDMnCnAxNgph
+UycgXHgwMCcKcDE3CmFTJyBceDAxJwpwMTgKYVMnIFx4MDYnCnAxOQphUycgXHgwNCcKcDIwCmFT
+JyBceDA1JwpwMjEKYVMnIFxuJwpwMjIKYVMnIFx4MGInCnAyMwphUycgXHgwOCcKcDI0CmFTJyBc
+dCcKcDI1CmFTJ1x4MGNceDAwXHgwMCcKcDI2CmFTJyBceDEyJwpwMjcKYVMnIFx4MTMnCnAyOAph
+UycgXHgxMCcKcDI5CmFTJyBceDExJwpwMzAKYVMnIFx4MTYnCnAzMQphUycgXHgxNycKcDMyCmFT
+JyBceDE0JwpwMzMKYVMnIFx4MWEnCnAzNAphUycgXHgxYicKcDM1CmFTJyBceDE4JwpwMzYKYVMn
+IFx4MTknCnAzNwphUycgXHgxZicKcDM4CmFTJ1x4MDBceGMwJwpwMzkKYVMnXHgwMFx4YTInCnA0
+MAphUydceDAwXHhhMCcKcDQxCmFTJ1x4MDBceGE2JwpwNDIKYVMnXHgwMFx4YTUnCnA0MwphUycj
+XHgwMicKcDQ0CmFTJyNceDAxJwpwNDUKYVMnXHgwMFx4YmYnCnA0NgphUydceDAwXHhjMicKcDQ3
+CmFTJ0BceDAwJwpwNDgKYVMnXHgwMFx4Y2UnCnA0OQphUydceDAwXHhkMicKcDUwCmFTJ1x4MDBc
+eGRlJwpwNTEKYVMnXHgwMFx4ZGYnCnA1MgphUydceDAwXHhlMicKcDUzCmFTJ1x4MDBceGUwJwpw
+NTQKYVMnXHgwMFx4ZTQnCnA1NQphUydceDAwXHhmMicKcDU2CmFTJ1x4MDBceGYwJwpwNTcKYVMn
+XHgwMFx4ZjEnCnA1OAphUydceDAwXHhmOCcKcDU5CmFTJ1x4MDBceGY5JwpwNjAKYVMnXHgwMFx4
+ZmYnCnA2MQphUydgXHgwMCcKcDYyCmFTJ1x4MDBceGZmXHhmZlx4ZmZceGZkJwpwNjMKYVMnXHg4
+MFx4MDAnCnA2NAphUycgIycKcDY1CmFTJ1x4MDBceGZmXHhmZlx4ZmZceGZmJwpwNjYKYVMnICEn
+CnA2NwphUydceDFmXHgwMicKcDY4CmFTJ1x4MWZceDAxJwpwNjkKYVMnXHg4N2cnCnA3MAphUydc
+eDFmXHhmZlx4ZmZceGZlJwpwNzEKYVMnXHg4N2UnCnA3MgphUydceDFmIScKcDczCmFTJ1x4MWYg
+JwpwNzQKYVMiXHgwMnYnYSIKcDc1CmFTJ1x4MDhceDAwXHgwMCcKcDc2CmFTJ1x4MDBceGYxXHhj
+ZScKcDc3CmFTJ1x4MDBceGEwXHgwMCcKcDc4CmFTJyJceDAxJwpwNzkKYVMnMlx4MTAnCnA4MAph
+UydceDg3ZicKcDgxCmFTJ1x4MDFceGU5JwpwODIKYVMnXHg3Zlx4ZmYnCnA4MwphUydceDAwXHhj
+MFx4MDAnCnA4NAphUyc/XHhmZlx4ZmZceGZlJwpwODUKYVMnXHgwMFx4YTAgJwpwODYKYVMnXHgw
+MVx4MDAnCnA4NwphUydceDAxXHgxMCcKcDg4CmFTJyExJwpwODkKYVMnITAnCnA5MAphUychMycK
+cDkxCmFTJyEyJwpwOTIKYVMnITUnCnA5MwphUychNicKcDk0CmFTJyFceDAxJwpwOTUKYVMnXHgw
+M1x4OGU4XHhlMicKcDk2CmFTJyFceDAzJwpwOTcKYVMnIVx4MDInCnA5OAphUychXHgwNScKcDk5
+CmFTJyFceDA3JwpwMTAwCmFTJyFceDA2JwpwMTAxCmFTJyFceDA4JwpwMTAyCmFTJyFceDBiJwpw
+MTAzCmFTJyFcbicKcDEwNAphUychXHInCnAxMDUKYVMnIVx4MGMnCnAxMDYKYVMnIVx4MGYnCnAx
+MDcKYVMnIVx4MGUnCnAxMDgKYVMnIVx4MTEnCnAxMDkKYVMnIVx4MTAnCnAxMTAKYVMnIVx4MTMn
+CnAxMTEKYVMnIVx4MTInCnAxMTIKYVMnIVx4MTUnCnAxMTMKYVMnIVx4MTQnCnAxMTQKYVMnIVx4
+MTcnCnAxMTUKYVMnIVx4MTYnCnAxMTYKYVMnIVx4MTknCnAxMTcKYVMnIVx4MTgnCnAxMTgKYVMn
+QVx4MDEnCnAxMTkKYVMnQVx4MDMnCnAxMjAKYVMnQVx4MDInCnAxMjEKYVMnQVx4MDUnCnAxMjIK
+YVMnQVx4MDQnCnAxMjMKYVMnQVx4MDcnCnAxMjQKYVMnQVx0JwpwMTI1CmFTJ0FceDA4JwpwMTI2
+CmFTJ0FcbicKcDEyNwphUydceDdmXHhmZlx4ZmZceGZmJwpwMTI4CmFTJ1x4N2ZceGZmXHhmZlx4
+ZmUnCnAxMjkKYVMnPlx4OGYnCnAxMzAKYVMnXHgwMFx4ZTJceGNlJwpwMTMxCmF0cDEzMgpScDEz
+MwphZzEKKChscDEzNApTJ1x4MDAnCnAxMzUKYVMnXHgwNCcKcDEzNgphUydceDg3JwpwMTM3CmFT
+J1x4MDgnCnAxMzgKYVMnXHgwYycKcDEzOQphUydceDhmJwpwMTQwCmFTJ1x4MTAnCnAxNDEKYVMn
+XHgxNCcKcDE0MgphUydceDE4JwpwMTQzCmFTJ1x4MWMnCnAxNDQKYVMnICcKcDE0NQphUyckJwpw
+MTQ2CmFTJygnCnAxNDcKYVMnLCcKcDE0OAphUycwJwpwMTQ5CmFTJzQnCnAxNTAKYVMnOCcKcDE1
+MQphUyc8JwpwMTUyCmFTJ1x4YmYnCnAxNTMKYVMnQCcKcDE1NAphUydEJwpwMTU1CmFTJ0gnCnAx
+NTYKYVMnTCcKcDE1NwphUydQJwpwMTU4CmFTJ1QnCnAxNTkKYVMnWCcKcDE2MAphUydcXCcKcDE2
+MQphUydceGRmJwpwMTYyCmFTJ2AnCnAxNjMKYVMnZCcKcDE2NAphUydoJwpwMTY1CmFTJ3AnCnAx
+NjYKYVMndCcKcDE2NwphUyd4JwpwMTY4CmFTJ1x4ZmYnCnAxNjkKYVMnXHg4MCcKcDE3MAphUydc
+eDAzJwpwMTcxCmFTJ1x4ODQnCnAxNzIKYVMnXHgwNycKcDE3MwphUydceDg4JwpwMTc0CmFTJ1x4
+MGInCnAxNzUKYVMnXHgwZicKcDE3NgphUydceDkwJwpwMTc3CmFTJ1x4MTMnCnAxNzgKYVMnXHgx
+NycKcDE3OQphUydceDFiJwpwMTgwCmFTJ1x4MWYnCnAxODEKYVMnXHhhMCcKcDE4MgphUycjJwpw
+MTgzCmFTIiciCnAxODQKYVMnKycKcDE4NQphUycvJwpwMTg2CmFTJzMnCnAxODcKYVMnNycKcDE4
+OAphUyc7JwpwMTg5CmFTJz8nCnAxOTAKYVMnXHhjMCcKcDE5MQphUydDJwpwMTkyCmFTJ0cnCnAx
+OTMKYVMnSycKcDE5NAphUydPJwpwMTk1CmFTJ1MnCnAxOTYKYVMnVycKcDE5NwphUydbJwpwMTk4
+CmFTJ18nCnAxOTkKYVMnXHhlMCcKcDIwMAphUydjJwpwMjAxCmFTJ1x4ZTQnCnAyMDIKYVMnZycK
+cDIwMwphUydrJwpwMjA0CmFTJ28nCnAyMDUKYVMnXHhmMCcKcDIwNgphUydzJwpwMjA3CmFTJ1x4
+ZjgnCnAyMDgKYVMnXHg3ZicKcDIwOQphUydceDgxJwpwMjEwCmFTJ1x4MDInCnAyMTEKYVMnXHgw
+NicKcDIxMgphUydcbicKcDIxMwphUydceDBlJwpwMjE0CmFTJ1x4OTEnCnAyMTUKYVMnXHgxMicK
+cDIxNgphUydceDE2JwpwMjE3CmFTJ1x4MWEnCnAyMTgKYVMnXHgxZScKcDIxOQphUyciJwpwMjIw
+CmFTJ1x4YTUnCnAyMjEKYVMnJicKcDIyMgphUycqJwpwMjIzCmFTJy4nCnAyMjQKYVMnMicKcDIy
+NQphUyc2JwpwMjI2CmFTJzonCnAyMjcKYVMnPicKcDIyOAphUydCJwpwMjI5CmFTJ0YnCnAyMzAK
+YVMnSicKcDIzMQphUydOJwpwMjMyCmFTJ1InCnAyMzMKYVMnVicKcDIzNAphUydaJwpwMjM1CmFT
+J14nCnAyMzYKYVMnYicKcDIzNwphUydmJwpwMjM4CmFTJ1x4ZTknCnAyMzkKYVMnaicKcDI0MAph
+UyduJwpwMjQxCmFTJ1x4ZjEnCnAyNDIKYVMncicKcDI0MwphUyd2JwpwMjQ0CmFTJ1x4ZjknCnAy
+NDUKYVMneicKcDI0NgphUydceGZkJwpwMjQ3CmFTJ34nCnAyNDgKYVMnXHgwMScKcDI0OQphUydc
+eDgyJwpwMjUwCmFTJ1x4MDUnCnAyNTEKYVMnXHg4NicKcDI1MgphUydcdCcKcDI1MwphUydccicK
+cDI1NAphUydceDhlJwpwMjU1CmFTJ1x4MTEnCnAyNTYKYVMnXHg5MicKcDI1NwphUydceDE1Jwpw
+MjU4CmFTJ1x4MTknCnAyNTkKYVMnXHgxZCcKcDI2MAphUychJwpwMjYxCmFTJ1x4YTInCnAyNjIK
+YVMnJScKcDI2MwphUydceGE2JwpwMjY0CmFTJyknCnAyNjUKYVMnLScKcDI2NgphUycxJwpwMjY3
+CmFTJzUnCnAyNjgKYVMnOScKcDI2OQphUyc9JwpwMjcwCmFTJ0EnCnAyNzEKYVMnXHhjMicKcDI3
+MgphUydFJwpwMjczCmFTJ0knCnAyNzQKYVMnTScKcDI3NQphUydceGNlJwpwMjc2CmFTJ1EnCnAy
+NzcKYVMnXHhkMicKcDI3OAphUydVJwpwMjc5CmFTJ1knCnAyODAKYVMnXScKcDI4MQphUydceGRl
+JwpwMjgyCmFTJ2EnCnAyODMKYVMnXHhlMicKcDI4NAphUydlJwpwMjg1CmFTJ2knCnAyODYKYVMn
+bScKcDI4NwphUydceGYyJwpwMjg4CmFTJ3UnCnAyODkKYVMnXHhmZScKcDI5MAphdHAyOTEKUnAy
+OTIKYS4=

fuzzer-code/datatemp/b64/f2.b64

@@ -0,0 +1,26 @@
+iVBORw0KGgoAAAANSUhEUgAAAGYAAABmCAMAAAAOARRQAAAA9lBMVEX////pWQv97+fpVQD88evt
+hlb+8urzzbnkaS/ssZbkWwvvvqjmUgD86+HnknLlWQf58e6oLgCrMgC0OgCiLADDRAa7QQDUTQDo
+TAC0NwDgVQmoKQDLSAepIADtWwvt19DHf2nEcFPUno/z4ty4WkHZp5bJXCXDdV7ESwDdnX+gIgDa
+jmjlhFq9OACvPA/szL3KZTHhvbLTk3y+Vy7bqJTcoovDWivIaj26VzjVjnH73tHweUD0r5P84dbu
+fUr0p4f4wqbylmzpw6/rayjAZDSwQgD3uJrudjjtfE25Yjm3TRn10b/wjlzKgFzgtKHEcEbMWxzI
+OwAMu9LeAAAEbElEQVRoge3abVuiShgHcHVw9BikMAHyIG6bmm65bpht4QOKq+5K6dnv/2XODNqV
++Ig49OJc/t+YiPy650ZglFjsnP9RcrnPUKzBwIoc4ewhyw5tLlqlPwQgHgdg2I/OyLmTPEZIQH7i
+RtQiawCWiAeBSFoEO2k27gub7kDaSj+9Wsp7Qek+VcRt5zeQRYvaLjXEso2tiAcZNp0WwfF6U9Zb
+NKbQotRksynrLZqkTkS6ve1NWW9Rr3sKYmf2jtfKyGXs0FCnfWi8Vkeu3QmFpI5AltDxLeomgzRl
+Dconjxs5rhO0Kf6wmc4Rp4jxkeO1UhBojwMibmhkCQU5/vgP9+Ggg6eIsE3x51CLUr2ApYB8Pg+M
+PQX19uzczGugUgDItPvdcS8T3/1Psa/MbiZ5uBbAZpK2y0AIGWs8aBvs9reA5CkMYNt2n2NgggQy
+0B1fTtht0gkMyINkyuKYxEcg5KzUYLj5trAMaci4i7ebWAsevlR68zohDAPY7G87BZl1YgnRYQA7
+vLywVhFcAUeZYfO9vsXBFQFyTuttBukyAwsuG0Ieua5T+zWSRP0fukzmYjlYeJ9qzMxfI0WUVTWe
+pc4st/dgzqcSIbJkcVQM9/L3nYiUufQd787MmTkzZ+bMnJkzc4iBiU9g8JVTq+J7LQIGXzq1RpLq
+W0yf4Rxzii+c/IupM3e1yl8Zz2FApIOm6v/artu3XycZsBLaTDwr6+LcuYG5XMJKje3B/e92epil
+zuCCZL3+ZDr4kp1MOSHW+uOOS51ZSKO56Swmawsu8cG4tBhPEqd/al3onxaSZ86burH2KTNpLKH5
+DM+plhKe7hRnbyNFp8vg/UHVpak5IzMrCLtO+W0q6esfKQqMV5Je/WM6Xce8noq6us04xNwH+8YG
+S9PmtCp/THc2mfvdTO5WUeO7v/DxSXsIvAlVud39u0vu9tuVqAZz9sRQxatvexmNvxJE4yTIMETh
+itf2MgWex5B8gmPIGOH5wh4m9lDSNAIhOawiI4JoWulhtxKL3ZS/ewXxoVqEm8J7pXwv3+xTcIpf
+Cl5Bgn5siwxD98ZLK3wpHkBIGs+LkROOK8hQF4j23AiAkJRLGi9gSNrxEd8WVcKIwGulckAE5+Yr
+0gRBwDt3sIpwU/DKgqChr4ea4k/xukAgHsmHW2QYMuIJUrgO0hR/GiXBCzo4ciparFkK2hR/Hp9J
+QQI+/uxFRDJcgvb8GArBKZpIU5AiID27Y+SMrI4EvIqGzOPHawWaFxSEkIC2H39wUwT8slKYn4KQ
+OE3Fg7bt3KrkIUrTORHBYR6bxEFI9+/chqp7i5Xm4+4z2DEpmpKCJIQk+eOcZ8RlsgQp0klN8afx
+s44kDzLem0KeSaj+M9xOvCuzJ4kEVRdfqFaR9/RpRhXBYVpPdW/TcjYre3/Un1p0muJP8UX0Nl+t
+eg/iC72m+JJr/KhLImFEqf6jEeFdPRcVUaxWRbFyEZ1BwtUqulipRXw7D451dxf9zUmxz7rV6pzP
+yn+aR5bzLXB2dwAAAABJRU5ErkJggg==

fuzzer-code/datatemp/b64/f3.b64

@@ -0,0 +1,17 @@
+/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBhAIBwgWChALEBYbDRUVDRsQFRAWIB0iIiAd
+Hx8kKDQsJCYxJx8fLT0tMStAOjAuIyszRD8uNzRBLjcBCgoKDQwNGg4PGjclHyU3NC03Nzc0Li41
+NzcrKysrNzctLjc3KysrNysrKysrNysrKysrKysrKysrKysrKysrK//AABEIAEAAQAMBIgACEQED
+EQH/xAAbAAADAQEBAQEAAAAAAAAAAAAEBQYDAgcBAP/EAC8QAAEDAwMBBQcFAAAAAAAAAAECAxEA
+BCEFEjEiBhNBUWEUIzJScZGxB3KS0eH/xAAZAQADAQEBAAAAAAAAAAAAAAAAAQIFAwT/xAAfEQAC
+AgMAAgMAAAAAAAAAAAAAAQIRBBIxAyEUIkH/2gAMAwEAAhEDEQA/AK+8ZCHO/RyDNNtOf3gZwoZF
+Z3Vk402O9EgiCRXFiwW24BmDUJUy200HqPdrINfVu9OPGu3GkOAbl7SK6RbtwPecVRAuvFlPrmjW
+HITFC6jarbIWFbgTmuUOwoCgAi7O6lLjaiqaZuLBTWAKSaLA1uLlwEpUMUM0spUcY8KLWlCx1CsH
+ADhCcRQB8F42gy86Ej1VFGMvoUJSZrzv9RdG1HVLVpGmgShcrExPlVL2WburfR2m7wkuJT1zTr0I
+pndrjZQvhQpE4otPlBMwaZpdCjBpLqgLF7JMheRUvgINU70c0DcXPdiZr8HQU80r1R6EHNSnYyhX
+djbk123cIKcmKlHtSzhUxQqtXjlddBFk9dMt9XxfSuRcIOJiajE6uAvqcz4Csx2ibUspUuIqW6KU
+W+FQ5rVmi/Nom6HeI+NMwQK21ZxFzYt3LK94CowORXnN3dWeq6w2fYt5SepUKkj5Z8RVyh7fZpZW
+IMzxxjihOxyhrRipbiESUY880p1F0qScU3WAkYGw+nFAXDfecpoSJJd/UCkdaYJJigba5XfXnszR
+hR5PyjzpDeXd042QLg5PlxS23vL2xu++ZckxBnxFOSlq9ejjrstuF+rQhMqvc/s/2trTTLa3O5bu
+8jzj8VJI7SukS6M+Nap7RpPKDmsqSzONm/4oYNWi9trphlctIQkkZIQBNM7NSbtQSwd6vFIya8tR
+2gS653bZyo4kgD7mrHs7puqLdRem7TbbSdqR72QREyDH5rrj/IT+3tHDNji6XCrLNdm+UQWSD6iK
+GGn3J5QP5p/uh7kXbadz12HPqSj8GlN3q6WgUNXAZV5tvbz9jXqlPyL8MRto/9k=

fuzzer-code/datatemp/b64/rand.b64

@@ -0,0 +1,3 @@
+3SHbKNgAQMHnoWUJy7MPxgRQm3FcbFsMC5ABPQdK1fahZrPCpazvA0kKmBZP1wsbhMdKw0uVuVX7
+OXbGscFIsW4kKAOrLTnLrnxGeHCJPsoGLJ7Nm33Xzg1qwYRpKRjtmEE9OdnfACxAGgUCftg1FfyF
+wG2oD+4qHDt9mlmOlA==