Concepts#
Before we dive into a specific target, we need to introduce the concept of a kAFL Agent that will used at the next step of the tutorial
We assume you are already familiar with fuzzing vocabulary (Google’s fuzzing glossary can be helpful here).
kAFL Agent#
The term kAFL Agent simply refers to the implementation of a fuzzing harness in the guest.
The Agent is responsible for both instrumenting and overseeing a specific portion of the SUT (System Under Test) through a set of hypercalls.
Considering that these hypercalls constitues a communication channel with the external virtual machine environment, the term agent has been employed, akin to a guest agent.
// 🤝 kAFL handshake
kAFL_hypercall(HYPERCALL_KAFL_ACQUIRE, 0);
kAFL_hypercall(HYPERCALL_KAFL_RELEASE, 0);
// allocate kAFL payload buffer
kAFL_payload *payload_buffer = malloc(PAYLOAD_SIZE);
// kAFL configuration, filters, etc...
// 🟢 Enable feedback collection
kAFL_hypercall(KAFL_HYPERCALL_ACQUIRE);
// ⚡call target func ...
target(payload_buffer->data, payload_buffer->size);
// ⚪ Disable feedback collection
kAFL_hypercall(KAFL_HYPERCALL_RELEASE);
Pick a Target !#
Now you are ready to configure one of our pre-baked kAFL targets, and start the fuzzer !
➡️ Continue by fuzzing Linux targets
➡️ Continue by fuzzing Windows programs