fouzhe / polar-fuzz Goto Github PK

Hello, I want to reproduce your experiment for learning. Can you give a more detailed use case, Thank you very much!

邮箱：[email protected]

Dear fouzhe:

I am a graduate student of East China Normal University. I major in software engineering. Recently, I found one of your articles, titled Polar: Function Code Aware Fuzz Testing of ICS Protocol. I found it may help me achieve my goals in this research field. This would make a really positive contribution to my work.

First， Thank you very much for your help last time.   However, there are still some details about your paper that I would like to ask. In your paper, mentioned that you have fuzzed the libiec61850(MMS, GOOSE, SV).can you offer more details about that， eg， fuzzing all the protocols(MMS， SV, GOOSE), or just one of them? In the examples of the project, there are many examples of servers, which server do you fuzz? if you can  I promise they will be used only for research purposes. If you could give me some code details, I will be very grateful. I promise they will be used only for research purposes.

Thank you very much for your kind consideration and I am looking forward to your early reply.

尊敬的作者你好。
关于Polar的插桩我有一些疑问：

1. 请问插桩代码：’__POLAR_INS((1<<16)+ID); ‘ 是需要自己预先插入在源代码中吗？
   因为我发现对afl-clang-fast.c的修改中似乎是在编译器参数中加入了一段宏，我的理解是自己预先在源代码中插入代码’__POLAR_INS((1<<16)+ID); ‘，然后polar插桩时实际上是生成了一个宏，每当执行到’__POLAR_INS((1<<16)+ID); ‘语句时，都会对(1<<16)+ID处的共享内存+1。
2. 如果我要为脆弱操作进行插桩，是否需要将ID设置为TARGET_SIZE？例如：'__POLAR_INS((1<<16)+TARGET_SIZE)'。因为我阅读polar源码时发现，脆弱操作的共享内存似乎是这样进行统计的：q->hot_hits = trace_bits[MAP_SIZE + TARGET_SIZE];

Dear fouzhe.:

I am a graduate student of East China Normal University. I major in software engineering. Recently, I found one of your articles, titled Polar: Function Code Aware Fuzz Testing of ICS Protocol. I found it may help me achieve my goals in this research field. This would make a really positive contribution to my work.

I am wondering if you could kindly send me the source program and the necessary information about it. due to the function code identification module of Polar is not open-source. I don't know how to make json file(the afl-fuzz json parse is different as your paper describe,just has "start ,end ,candidates" ,shuold also include"source file、variable position etc"). can you offer me the json files of libmodbus and libiec61850 and the version of them. for the readme，I don't understand __POLAR_INS((1<<16)+ID); ,what is the funcID or VunID, like modbus, functionId is (1,2,3,4,etc )func_code? the ID is 1 or 2 or others? It's hard for me to use your code to fuzz libmodbus and libiec61850.I promise they will be used only for research purposed.

Thank you very much for your kind consideration and I am looking forward to your early reply.
my email:[email protected]