Checkout for the fuzzing strategy at
- fixed input fuzzing
- binutils-gdb/readelf (no crash yet)
- libelfmaster /crashes/
- jacob-baines/elfparser /crashes/
- radare2 (1 crash) (suggested fix merged: radareorg/radare2#21504)
- finixbit/elf-parser /crashes/
- relocations 26 crashes
- eliben/pyelftools (unhandled e_version but not accepted)
- lief-project/LIEF (cannot build with afl toolchain, no crashes in dumb mode)
- cea-sec/miasm (fuzzed with py-afl for the meme, exec/sec was 0.12 ran for 2 days nothing found, and at the end my mentality crashed and stopped)
This library helps with Binary Golf. The idea is to get out of your way as soon as possible, and you let you get straight to customizing fields within the ELF and Program header.
Just put your shellcode into an array called buf[] in a shellcode.h file and use the template below. See the examples for more.
Currently Supported:
X86_64ARM32AARCH64
// x86_64 Example
#include "libgolf.h"
#include "shellcode.h"
int main(int argc, char **argv)
{
/*
* Specify architecture - populate 'ehdr' and 'phdr'
* Format: INIT_ELF(ISA, ARCH)
* Supported:
* - ISA: X86_64, ARM32, AARCH64
* - ARCH: 32, 64
*/
INIT_ELF(X86_64,64);
/*
* Customize any fields you'd like here.
*/
ehdr->e_version = 0x13371337
/*
* Generate the ELF file and cleanup
*/
GEN_ELF();
return 0;
}