i try use "make" command in dir qemu_mode but there was an error

GEN config-host.h make all-recursive Making all in pixman make[3]: Nothing to be done for 'all'. Making all in demos make[3]: Nothing to be done for 'all'. Making all in test make[3]: Nothing to be done for 'all'. CHK version_gen.h LEX convert-dtsv0-lexer.lex.c make[1]: flex: Command not found LEX dtc-lexer.lex.c make[1]: flex: Command not found make: *** No rule to make target 'trace/generated-tcg-tracers.h', needed by 'Makefile'. Stop.

i search in google but still nothing, what should i do?

Hello,

I am trying to make FirmAFL running, but I am having a hard time with these below issues:

1. I have firmadyne inside the FirmAFL directory, and I am able to execute all the guidance from firmadyne correctly, but the image when extracted is named 1.tar.gz not 9050.tar.gz. Subsequently, the created image directory in FirmAFL directory is named image_1
2. I mentioned the previous point because when running python FirmAFL_setup.py 9050 mipsel it does not work. Also when I tried to execute the command with 1 like this: python FirmAFL_setup.py 1 mipsel an error pop saying directory /1/ does not exist
3. Ok, I tried to do a workaround and rename 1 to 9050, and I even created /1/ similar to the /9050/ directory inside FirmAFL_config directory and went into each file and replaced all 9050 values with 1.
4. After doing this workaround it seems it is working even tho I do not find it correct to do it. Now, I go to /image_1/ and I execute sudo python start.py 1, it will display sending buffer size 3158 then an error pop saying socket.error: [Error 110] Connection timed out the execution, however, continues running and at the end, it is stuck on Spinning up the fork server...

Can you please help me with the aforementioned concerns, or correct me in case I have a misunderstanding. Thank you

Hello Sir First of all, thank you for realizing this awesome tool.

Would you mind if I give a few questions?

1. Does FirmAFL emulate only 10 firmware that stored in FIRMWARE folder? How we can emulate other firmware that not included in FIRMWARE folder

2. Is it possible to fuzz that emulated firmware binary out of the FirmAFL folder if I install AFL QEMU mode?

Thank you very much for sharing your time!

Makefile:226: recipe for target '/home/test/tools/FirmAFL/qemu_mode/DECAF_qemu_2.10/shared/sleuthkit/lib/libtsk.so' failed make: *** [/home/test/tools/FirmAFL/qemu_mode/DECAF_qemu_2.10/shared/sleuthkit/lib/libtsk.so] Error 2

The command is followed the Readme file. The detaild error is :

I have followed the step to setup the DIR-815 fuzzing environment. Eventually I executed python start.py. However after full system launched, the afl-fuzz failed to handshake with fork server. It seems that you chroot afl-fuzz into a folder and give it a /bin/busybox as program? I'm confused with this part. Neither can I chroot nor can I find busybox. Could you please explain a little bit about this?

When I run the test case I meet the question in step 3. this is the output: sudo ./scripts/makeImage.sh 9050 Querying database for architecture... Password for user firmadyne: mipsel ----Running---- ----Copying Filesystem Tarball---- Error: Cannot find tarball of root filesystem for 9050!

can you help me

i try to start fuzz, but AFL need input file, i download fuzz data from 'https://github.com/MozillaSecurity/fuzzdata' but there was a lot of fuzz data, i don't know which kind of fuzz data should i put in, should i put all in?

I've tried fuzzing my miniupnpd for 161160 images, but when the crash is triggered the process terminates, it doesn't isolate the crashing input.

FIRM-AFL is good at isolating the crashing input from other firmwares, but only the 16116 firmware does not isolate the crashing input. In other words, the stability of the emulator is poor.

When signal 11 occurs in the target program, we are constantly looking for a way to bring the emulator back to the fork point and isolate that crashing input.

Any hints and help for me would be appreciated. Thank you.

root@ubuntu:/home/sv/Documents/FirmAFL/image_2540# ./run.sh Creating TAP device tap2540_0... Set 'tap2540_0' persistent and owned by uid 0 Bringing up TAP device... Adding route to 192.168.0.100... Starting firmware emulation... use Ctrl-a + x to exit qemu-system-mips: -net nic,vlan=0: 'vlan' is deprecated. Please use 'netdev' instead. ./vmlinux.mips_3.2.1: No such file or directory qemu-system-mips: qemu: could not load kernel './vmlinux.mips_3.2.1': Failed to load ELF Deleting route... Bringing down TAP device... Deleting TAP device tap2540_0... Set 'tap2540_0' nonpersistent

I tried a lot ways to fix this problems. is this about qume version?

The following error occurred when I was running sudo. /run.sh:

init started: BusyBox v1.14.1 (2011-05-10 18:37:43 CST) starting pid 54, tty '': '/etc/init.d/rcS' [/etc/init.d/S10init.sh] free(): double free detected in tcache 2 ./run.sh: line 75: 107492 Abandoned(core dumped) ${QEMU} -m 256 -mem-prealloc -mem-path ${MEM_FILE} -M ${QEMU_MACHINE} -kernel ${KERNEL} -drive if=ide,format=raw,file=${IMAGE} -append "root=${QEMU_ROOTFS} console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0" -nographic -net nic,vlan=0 -net socket,vlan=0,listen=:2000 -net nic,vlan=1 -net socket,vlan=1,listen=:2001 -net nic,vlan=0 -net tap,vlan=0,id=net0,ifname=${TAPDEV_0},script=no -net nic,vlan=3 -net socket,vlan=3,listen=:2003 Deleting route... Bringing down TAP device... Deleting TAP device tap9050_0... Set 'tap9050_0' nonpersistent

My virtual machine environment is Ubuntu 18.04 Does anyone know what a mistake that is? Thank you very much

Hello! There is a error2 when I am making System mode in Setup step. The error messages are as follows:

Building Sleuthkit, please wait... GEN Sleuthkit Makefile:226: recipe for target '/home/algorithm/FirmAFL/qemu_mode/DECAF_qemu_2.10/shared/sleuthkit/lib/libtsk.so' failed make: *** [/home/algorithm/FirmAFL/qemu_mode/DECAF_qemu_2.10/shared/sleuthkit/lib/libtsk.so] Error 2

There is no 'lib' in folder /sleuthkit. I try to run makefile in /sleuthkit and another error occurred.

Is it due to a problem with the sleuthkit version? Where do I look for the contents of the lib file in this area?

I am trying to get the tplink 940 firmware working

when running run.sh I get the error

Creating TAP device tap105568_0...
Set 'tap105568_0' persistent and owned by uid 1000
Bringing up TAP device...
Adding route to 192.168.0.1...
Starting firmware emulation... use Ctrl-a + x to exit
afl-fuzz 2.52b by <[email protected]>
[+] Looks like we're not running on a tty, so I'll be a bit less verbose.
[+] You have 1 CPU core and 3 runnable tasks (utilization: 300%).
[*] Checking core_pattern...

[-] Hmm, your system is configured to send core dump notifications to an
    external utility. This will cause issues: there will be an extended delay
    between stumbling upon a crash and having this information relayed to the
    fuzzer via the standard waitpid() API.

    To avoid having crashes misinterpreted as timeouts, please log in as root
    and temporarily modify /proc/sys/kernel/core_pattern, like so:

    echo core >/proc/sys/kernel/core_pattern

[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
         Location : check_crash_handling(), afl-fuzz.c:7289

Deleting route...
Bringing down TAP device...
Deleting TAP device tap105568_0...
Set 'tap105568_0' nonpersistent

if I take out the AFL line from

${AFL} \
 ${QEMU} -m 256  -M ${QEMU_MACHINE} -kernel ${KERNEL} \

I get the output

Creating TAP device tap105568_0...
Set 'tap105568_0' persistent and owned by uid 1000
Bringing up TAP device...
Adding route to 192.168.0.1...
Starting firmware emulation... use Ctrl-a + x to exit
Could not create fifo ../image_105600/user_cpu_state
Deleting route...
Bringing down TAP device...
Deleting TAP device tap105568_0...
Set 'tap105568_0' nonpersistent

if i replace QEMU="./qemu-system-mips" with QEMU="get_qemu ${ARCHEND}" the VM starts up but it hangs on [*] Spinning up the fork server... when running the start.py script.

has anyone encountered this? I feel like i am at the last hurdle of getting this thing working

when I run the example run.sh,I got the crash like this. ./run.sh: line 71: 53030 Segmentation fault (core dumped) ${QEMU} -m 256 -mem-prealloc -mem-path ${MEM_FILE} -M ${QEMU_MACHINE} -kernel ${KERNEL} -drive if=ide,format=raw,file=${IMAGE} -append "root=${QEMU_ROOTFS} console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0" -nographic -net nic,vlan=0 -net socket,vlan=0,listen=:2000 -net nic,vlan=1 -net socket,vlan=1,listen=:2001 -net nic,vlan=0 -net tap,vlan=0,id=net0,ifname=${TAPDEV_0},script=no -net nic,vlan=3 -net socket,vlan=3,listen=:2003 It seems to trigger a double free.Has anyone ever encountered this problem?Thanks