Dear author:
Issue Description
I am encountering two issues while using Fuzzware for firmware simulation:
Issue 1: Unexpected Files in base_inputs Directory
After specifying the fuzz testing input, the files in the base_inputs directory within the session directory are not the ones I specified. Instead, the directory contains the files 01_base_input_512_ones and 02_base_input_512_zeroes. I have not been able to identify the cause of this issue. The command I used is as follows:
fuzzware pipeline targetdir -i targetdir/base_inputs –run-for 24:00:0
Issue 2: Signa6 Error During Crash Input Analysis
When analyzing a crash input after fuzz testing, the input generated a signa6 error. The command I used is as follows:
fuzzware replay -M -t targetdir/fuzzware-project/main001/fuzzers/fuzzer1/crashes/id:000000,sig:06,src:000000,op:havoc,rep:128
The final write operation traced is as follows:
Write: addr= 0x00000000e000ed0c size=4 data=0x05fa0304 (pc 0x08002326)
Upon inspecting the assembly code using a disassembler, I found that this operation writes to the Application Interrupt and Reset Control Register (AIRCR) as per the Cortex-M4 Technical Reference Manual.
In the cortexm_nvic.c file, I found the following two lines of code:
uc_hook_add(uc, &hook_mmio_write_handle, UC_HOOK_MEM_WRITE, hook_sysctl_mmio_write, NULL, SYSCTL_MMIO_BASE, SYSCTL_MMIO_END);
uc_hook_add(uc, &hook_mmio_read_handle, UC_HOOK_MEM_READ, hook_sysctl_mmio_read, NULL, SYSCTL_MMIO_BASE, SYSCTL_MMIO_END);
These lines add a Unicorn hook function for read/write operations to this address range. Why does a signa6 error still occur?
Dear author:
Issue Description
I am encountering two issues while using Fuzzware for firmware simulation:
Issue 1: Unexpected Files in base_inputs Directory
After specifying the fuzz testing input, the files in the
base_inputsdirectory within thesessiondirectory are not the ones I specified. Instead, the directory contains the files01_base_input_512_onesand02_base_input_512_zeroes. I have not been able to identify the cause of this issue. The command I used is as follows:fuzzware pipeline targetdir -i targetdir/base_inputs –run-for 24:00:0
Issue 2: Signa6 Error During Crash Input Analysis
When analyzing a crash input after fuzz testing, the input generated a signa6 error. The command I used is as follows:
fuzzware replay -M -t targetdir/fuzzware-project/main001/fuzzers/fuzzer1/crashes/id:000000,sig:06,src:000000,op:havoc,rep:128
The final write operation traced is as follows:
Write: addr= 0x00000000e000ed0c size=4 data=0x05fa0304 (pc 0x08002326)
Upon inspecting the assembly code using a disassembler, I found that this operation writes to the Application Interrupt and Reset Control Register (AIRCR) as per the Cortex-M4 Technical Reference Manual.
In the
cortexm_nvic.cfile, I found the following two lines of code:uc_hook_add(uc, &hook_mmio_write_handle, UC_HOOK_MEM_WRITE, hook_sysctl_mmio_write, NULL, SYSCTL_MMIO_BASE, SYSCTL_MMIO_END);
uc_hook_add(uc, &hook_mmio_read_handle, UC_HOOK_MEM_READ, hook_sysctl_mmio_read, NULL, SYSCTL_MMIO_BASE, SYSCTL_MMIO_END);
These lines add a Unicorn hook function for read/write operations to this address range. Why does a signa6 error still occur?