Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nautilus not synchronising with AFL #67

Open
bendrissou opened this issue Jul 2, 2024 · 5 comments
Open

Nautilus not synchronising with AFL #67

bendrissou opened this issue Jul 2, 2024 · 5 comments

Comments

@bendrissou
Copy link

bendrissou commented Jul 2, 2024
edited
Loading

Hi,

I have been trying to run Nautilus in combination with AFL, as illustrated in the Readme. However the "S" instance is not aware of the "M" instance, and is not importing its entries.

Terminal 1

cargo run --release -- -o findings -- ./test @@

Terminal 2

afl-fuzz -Safl -i seeds -o findings ./test @@
afl-fuzz++4.10a based on afl by Michal Zalewski and a large online community
[+] AFL++ is maintained by Marc "van Hauser" Heuse, Dominik Maier, Andrea Fioraldi and Heiko "hexcoder" Eißfeldt
[+] AFL++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: AFL++ >= v3 has changed defaults and behaviours - see README.md
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE)
[+] Enabled testcache with 50 MB
[+] Generating fuzz data with a length of min=1 max=1048576
[*] Checking core_pattern...
[!] WARNING: Could not check CPU scaling governor
[+] You have 4 CPU cores and 5 runnable tasks (utilization: 125%).
[*] Setting up output directories...
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #3.
[!] WARNING: no -M main node found. It is recommended to run exactly one main instance.

The synchronisation works fine when using an AFL M instance.
@bendrissou
Copy link
Author

Hi @eqv

Can you confirm this issue please?

Thank you.

@eqv
Copy link
Contributor

eqv commented Jul 4, 2024

I don't know, I'm not even seeing that there's no synchronisation? There's just some warning. AFL++ has changed a lot since nautilus was released. If you want to use this feature with a new AFL++ version (which you probably should), please go find the check that AFL++ does before it prints "no -M main node found. It is recommended to run exactly one main instance.". There's probably some .status or something like that, that AFL++ is missing. Just add that to the folder and you should be good.

@bendrissou
Copy link
Author

Hi,

Thank you for your response. AFL++ expects the main node's output directory to have a file named is_main_node. The secondary nodes identify the main node by checking for the existence of this file. This file should ideally be added by Nautilus. To avoid the warning, I had to create this file manually before launching any secondary node:

touch /tmp/workdir/is_main_node

There is a more serious problem: AFL++ second node successfully detects the main node and proceeds to sync test cases. However, after the initial sync, AFL++ does not import any further test cases. After debugging, I found that AFL expects the id of a test case to be six digits. But Nautilus generates 9 digit ids.

Is it possible to make the file naming of Nautilus test cases consistent with that of AFL? Specifically, The id part should be six digits, and a timestamp should be included in the file name.

Thanks.

@eqv
Copy link
Contributor

eqv commented Jul 13, 2024

that should be quite trivial - Nautilus only writes those files for that purpose (well for the and humans), so it should be trivial to change the naming scheme

@bendrissou
Copy link
Author

The issue has been resolved in my fork.
There is a previous PR pending.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eqv @bendrissou