Alright, so I decided to mess around with AFL and see if I could fuzz a program that parses, let’s say, “golf ball” data. Sounds weird, I know, but it’s a good way to learn this stuff. I’ve messed with fuzzing before, but never really got it, you know?
Getting Started
First, I needed a simple target program. Something that would take some input and, ideally, do something interesting with it. I cooked up a super basic C program that just checks if the input starts with “golf” and then maybe checks a few other characters after that. Nothing fancy, really. Just enough to have some branches for AFL to play with.
Next up, I installed AFL. It was pretty straightforward – just followed the instructions on their site. It involves a bunch of compiling and stuff, but nothing too crazy.
The First Fuzz
- Compiling with afl-gcc: This was key. I had to compile my little program using `afl-gcc` instead of regular `gcc`. This instruments the code so AFL can track what’s going on. I just ran something like `afl-gcc -o golfball_fuzzer golfball.c`
- Creating a seed input: AFL needs a starting point. I just made a tiny text file named `in` with the word “golf” inside. That way, it had something to work with.
- Running AFL: Then I launched the beast! I think the command was something like `afl-fuzz -i in -o out ./golfball_fuzzer @@`. The `@@` is where AFL puts the input file.
I let it run for a bit. At first, it was finding new paths super fast! The little AFL interface is pretty cool; it shows you all these stats about crashes, unique paths, and stuff. It’s kinda mesmerizing, like watching a weird, digital ant farm.
Digging Deeper
After a while, the new paths started to slow down. I figured my initial input was too simple. So I created a few more seed inputs, some with “golf” and some with slightly different variations, like “golff” or “golfballz”. I put these in a directory called `in_dir` and changed the AFL command to `-i in_dir`.
This seemed to help. AFL started finding more interesting paths again. It even found a couple of crashes! I looked at the crashing inputs (AFL saves them), and it turned out my little program had a buffer overflow. Oops! Goes to show, even simple code can have bugs.
The Realization
Honestly, the most interesting thing was seeing how quickly AFL could find problems. I mean, my program was super simple, but I still managed to mess it up. It made me realize how important fuzzing is for bigger, more complex software. Think of all the hidden bugs lurking in stuff we use every day!
I’m definitely going to keep playing with AFL. I want to try it on something a bit more complicated next time. Maybe a program that parses JSON or something. It’s a surprisingly fun way to learn about code quality and security.
It is kind of a clumsy process, but finally I have a better understanding.
