Versions Compared

Old Version 2

changes.mady.by.user Allen D. Householder

Saved on

compared with

New Version 3

changes.mady.by.user user-9a25e

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

CERT Basic Fuzzing Framework (BFF) Significant changes

Table of Contents

BFF 2.7 (September 23, 2013)

Virtual Machine changes

  • Switch to Ubuntu from Debian

Code changes

  • Use of PIN to uniquely identify crashes that trash the stack
  • Optional feature to recycle crashing test cases as seed files
  • Minimization to string defaults to Metasploit string

BFF 2.6 (October 19, 2012)

Code changes

  • Incorporated CERT Triage Tools 1.04 to determine exploitability of crashes found.
  • Integrated code improvements from FOE 2.0 release
  • BFF 2.6 and FOE 2.0.1 use the same certfuzz package
  • Improved fuzzing campaign recovery after VM reboot
  • Detect and abort minimization if it takes too long (> 1hr)
  • Fixed a bug in minimizer crash recycling
  • Various bug fixes and improved error handling

BFF 2.5 (October 26, 2011)

Virtual Machine changes

  • Upgraded to python 2.7
  • Upgraded to gdb 7.2

Code changes

  • BFF now runs on OSX in addition to Linux
  • Support for multiple seed files
  • Crashes found during minimization get analyzed as well
  • Improved machine learning implementation applied to both seed file selection and rangefinder
  • Improved crash uniqueness determination on Linux
  • Minimizer tuned for performance
  • callgrind generated on unique crashers for code coverage analysis
  • default gdb output changed to provide additional details
  • Basic crash clustering (analysis/callsim.py) using callgrind coverage analysis
  • Optional minimization-to-string feature

BFF 2.0 (February 14, 2011)

Virtual Machine changes

  • Added python libraries: Numpy, Scipy, Matplotlib

Code changes

  • Ported BFF from Perl to Python
  • Complete rewrite of crasher minimization using probability-based algorithm
  • Added 'rangefinder' capability to automatically discover optimal fuzzing probability range(s)
  • Restructured output directory (./crashers), now organized by crash hash
  • Added analyzer scripts for visualization & fuzz run analysis

BFF 1.1 (September 21, 2010)

Virtual Machine changes

  • Updated to Debian Squeeze for newer libraries.
  • Installed generic vesa video driver for increased VM compatibility.
  • Fixed strip symlink to /bin/true . 

Code changes

  • Forcibly kill gdb
  • Removed unused tty information
  • Updated to save SIGABRT crashes, discarding those caused by failed. asserts. Failed asserts can be saved through config option.
  • Refactored perl script for increased performance and usability. 
  • Added crasher minimization script

BFF 1.0 (May 17, 2010)

  • Initial Release