lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTimTfTsKr4jZe9z3sFCRk9H+Q5UwG_87QjnZPU3G@mail.gmail.com>
Date: Mon, 26 Jul 2010 16:53:28 -0400
From: Dan Rosenberg <drosenberg@...curity.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: FuzzDiff tool

Hello,

I'd like to announce FuzzDiff, a simple tool to help make crash
analysis during file format fuzzing a bit easier.  I'm sure many
people have written similar tools for their own purposes, but I
haven't seen any that are publicly available.  Hopefully at least one
person finds it useful.

When provided with a fuzzed file, a corresponding original un-fuzzed
file, and the path to the targeted program, FuzzDiff will selectively
"un-fuzz" portions of the fuzzed file while re-launching the
application to monitor for crashes.  This will yield a file that still
crashes the target application, but contains a minimum set of changes
from the original, un-fuzzed file.  This can be useful in pinning down
the exact cause of a crash.

The tool is written in Python and currently only works on Unix-based
systems, since it monitors for crashes by checking for SIGSEGV.  It
also assumes that the target program adheres to the syntax "[program]
[args] [input file]".  Both of these limitations can be easily worked
around.  The code is hardly what I'd call production-ready, but it
gets the job done.

The tool is available at:
http://vsecurity.com/resources/tool

Happy hacking,
Dan Rosenberg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ