-1

I am researching how to use AFL to fuzz a binary. I know that it is possible to use qemu mode to achieve it. However, using qemu mode really impact the fuzzing performance.

Thus, I am wondering that what if I reverse the target binary to C code by using IDA PRO, then compile the C code with afl-gcc? Will this idea going to be work? Or it will lead to distortion.

desionxxx
  • 21
  • 3
  • Decompilation isn't always perfect, so you're going to have some problems. See https://reverseengineering.stackexchange.com/questions/2603/decompile-and-recompile-c and https://github.com/NationalSecurityAgency/ghidra/issues/236 – icebp Jan 28 '21 at 08:24
  • Your proposal will not work. But the nearest solution for your purposal is afl-dyninst. – sinkmanu Jan 29 '21 at 09:44

2 Answers2

0

Fuzzing a binary without source code can be done with tools like McSema. It lifts the binary to LLVM bitcode and allows you to fuzz it with libFuzzer. But as user3804799 already said, decompilation isn't perfect.

nevilad
  • 932
  • 1
  • 7
  • 14
0

From my experience the code should be executable to be able to run fuzzing well. In case it is source code and you won't be able to execute it, the fuzzing won't work as expected. However, when you have the source code, you may perform the static code analytics.

Robert Morris
  • 1
  • 1