Master the fundamental concepts of binary exploitation through this focused micro-challenge.
Fuzzing feeds random, malformed, or unexpected inputs to a program to find crashes and security vulnerabilities. Coverage-guided fuzzing uses code coverage feedback to prioritize inputs that explore new program paths.
libFuzzer is an in-process coverage-guided fuzzer from LLVM:
The fuzz target signature:
cLoading…
For example, a parser bug triggered by input \x00\xFF\x42 will be saved as a crashing test case for triage.
You will write a parser with an intentional bug and document the libFuzzer workflow. Coverage-guided fuzzing found thousands of bugs in Chromium and the Linux kernel, and pairing fuzzing with ASan catches memory errors that simple crash detection would miss.
Seed your corpus with valid inputs: protocol headers, file format magic bytes, and minimal valid documents. libFuzzer mutates by flipping bits, inserting bytes, and splicing inputs together. Inputs that reach new code paths are saved to the corpus for future mutations. OSS-Fuzz runs libFuzzer continuously against open-source projects, finding thousands of security bugs before they reach production releases.
Implement a C program with a simple parser that contains a bug.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github