Skip to content

Cthulhu

Jump to bottom
CarlOS edited this page Sep 9, 2016 · 2 revisions

The Cthulhu 💀 system implements the different mutation systems:

Dumb fuzzing 🐒

Several dumb mutations implemented

  • random byte substitution
  • swap byte blocks
  • repeat byte blocks

Generation fuzzing 👓

  • LARGE TODO LIST

Methods exposed

I tried to keep this as loosely coupled as possible.

Only two public methods:

  • generate_test_case

    • called by rpc_server.gen_mutation only
    • internally this call two different function depending on the mode:
      • self._yield_mutation
      • self._yield_generation
    • returns a MutationObject

  • test_case_to_file

    • called by rpc_server.process_execution_results only
    • a convenience method, it just copy the mutation contents to a file

Writing new mutations

From the information above, we can see that writing new mutations implies connecting code to two functions:

  • _yield_mutation
    • Add your mutation function to the buffer_mutations list. A random one will be picked and called (see below)
#!python
def _yield_mutation(self, file_contents = None):
    """
    MUTATION ONLY
    @param file_contents: original file contents
    @return: mutated file contents
    """
    if file_contents:
        # Mutations processing our file input are called randomly
        # This is something analogous to an
        # array of function pointers in C/C++
        f_idx = random.randrange(len(self.buffer_mutations))
        fp = self.buffer_mutations[f_idx]

        # Pre-processing of buffer (plugin)
        buf = self._apply_pre_processing(file_contents)

        # "Regular" contents mutation
        if buf:
            mutated_buffer = fp.__call__(buf)

        else:
            # empty buffer
            mutated_buffer = buf

        # Post-processing of mutated buffer (plugin)
        new_file_contents = self._apply_post_processing(mutated_buffer)

        return new_file_contents

    else:
        # Crappy fallback
        # to predefined byte arrays
        return "A" * 1024
  • _yield_generation
    • This is pretty much under construction now :)
#!python
def _yield_generation(self, file_contents = None):
    """
    GENERATION ONLY
    This is based on
    @param file_contents: original file contents
    @return: new file contents
    """

    # PLACEHOLDER
    return "A" * 1024

010 templates

Based on pfp and 010 templates. For binary files with 010 templates available I can process the seeds, get a DOM structure, go through it and mutate the appropriate values.

Homemade generators

For example, making use of libraries like PyRTF

Clone this wiki locally