0

I want a fuzzer that fuzzes, but will not break the file itself. I mean, i want to randomly fuzz the file, but i want to be able to open it and test it afterwards (i don't want corrupted file).

Take zzuf for example, when i use it to fuzz a mp3 or png file, the fuzzed file cannot be opened anymore. So i want to know how i can fuzz the contents and not break the file.

I have a gut feeling that its to do with the -b option that says which bytes to fuzz. But say i try zzuf -b 8- for png file to preserver header, it still doesn't work. Am i not using this correctly?

UPDATE

I tried doing this for mp3, wav, png, jpg and mp4 many many times, and not once is there a openable file. So the fuzzer literally 'breaks' the file?

Mad Program
  • 129
  • 1
  • 1
  • 9
  • It's not clear what you're actually trying to accomplish. What do you mean by "fuzz the contents"? What's the ultimate goal of messing with image or audio data (but not the headers)? – Dave Newton Aug 21 '16 at 14:44
  • I want to "see" a fuzzed image or music file. If it screw up the headers, doesn't this mean it wlll corrupt and i can't open it anymore? At least that's what happening with me now. – Mad Program Aug 23 '16 at 00:02

1 Answers1

0

You can find where the PNG headers and data regions are with a tool like hachoir, but that won't save you, because the problem is not here.

The problem is not only about headers, since you deal with a compressed format (PNG), the "data" region is not a dumb bitmap where bits can be changed and let the file be valid, format-wise.

Compressed data contains some kind of "instructions" that the decompresser algorithm shall process in order to reconstruct the decompressed data. In a way, a compressed data format is a kind of domain-specific binary language, that the decompresser parses and interprets.

Taking a valid program in this language (a valid PNG file with valid compressed data region) and twiddling bits at random can yield to another valid program (another valid PNG) according to this specific language, or not.

For example, the naive RLE algorithm produces a sequence of {byte content, occurrence count} bytes. Change one bit in the "occurrence count" byte, and suddenly the decompressed data has a different number of bytes than the expected number width * height * depth, so the image should reasonably be considered as corrupted.

For a positive ending, if the program refuses to open the fuzzed PNG without crashing, exhausting CPU/memory resources or formatting your hard drive, then the program just behaves correctly, which is a good thing (but remember, not finding any bug doesn't mean there aren't, it only means you didn't find them).

If you really want to fuzz the image data and nothing else, what you need is a fuzzer that works on the decompressed data. I don't know if it exists but then it needs to be fully aware of the formats you want to use it with (PNG, MP3, etc.), it can't be a generic binary fuzzer.

λuser
  • 893
  • 8
  • 14
  • Thank you, i think i get what you are saying. So when I fuzz say a png, I can't tell whether i can still open it or whether it will be corrupted afterwards because it is compressed. Is this the same as for music files like mp3 or image files like jpg, bmp, etc? or is there a way to fuzz and still let me open it afterwards? – Mad Program Aug 22 '16 at 05:38