Robin Vossen wrote:
Awsome :)
I was thinking about something like this the other day.
Like adding a Fuzzer Hack to Radare.. but this is wicked
Well, more than 'adding' a fuzzer. must be 'implementing with', I have
already seen at least two fuzzers written in radare script and lua. It
is not really a hard task, and you can find an example in scripts/fuzzer*
which implements a memory based fuzzer.
- Put a breakpoint at certain address
- dump memory and register contents (!dump)
- continue until another part of the program
- if segfault reached, log the result and dump a log
- else call !restore to recover mem and regs of the 1st point of this list
I would really prefer to write such things in radare scripting, python,
perl or any other scripting language, before writing it as a binary hack
plugin. Because fuzzing is based on testing, and testing requires fine
tunning most of the times :)
The current !inject command is nice for injecting code, but data is no
longer accessible, and current program memory is lost along the execution
of the shellcode. The correct way to implement !inject must would be
to mmap a PIC elf in random memory, and prepare the ELF imports and
allow to choose the symbol to be executed and also being able to define
the function arguments and so.
Actually this approach can be done with r1, but very limited to few cases,
so, the idea in r2 is to be able to do all this stuff with the libr api
(r_bin).
But if you want to inject code to a running process (modying the program
memory), you only have to use any of the available 'w' commands, to write
the conents of a file in program memory or stuff like this.
--pancake
_______________________________________________
radare mailing list
[email protected]
http://lists.nopcode.org/listinfo.cgi/radare-nopcode.org
