CERT Basic Fuzzing Framework (BFF) Significant changes
BFF 2.7 (September 23, 2013)
Virtual Machine changes
Switch to Ubuntu from Debian
Code changes
Use of PIN to uniquely identify crashes that trash the stack
Optional feature to recycle crashing test cases as seed files
Minimization to string defaults to Metasploit string
BFF 2.6 (October 19, 2012)
Code changes
Incorporated CERT Triage Tools 1.04 to determine exploitability of crashes found.
Integrated code improvements from FOE 2.0 release
BFF 2.6 and FOE 2.0.1 use the same certfuzz package
Improved fuzzing campaign recovery after VM reboot
Detect and abort minimization if it takes too long (> 1hr)
Fixed a bug in minimizer crash recycling
Various bug fixes and improved error handling
BFF 2.5 (October 26, 2011)
Virtual Machine changes
Upgraded to python 2.7
Upgraded to gdb 7.2
Code changes
BFF now runs on OSX in addition to Linux
Support for multiple seed files
Crashes found during minimization get analyzed as well
Improved machine learning implementation applied to both seed file selection and rangefinder
Improved crash uniqueness determination on Linux
Minimizer tuned for performance
callgrind generated on unique crashers for code coverage analysis
default gdb output changed to provide additional details
Basic crash clustering (analysis/callsim.py) using callgrind coverage analysis
Optional minimization-to-string feature
BFF 2.0 (February 14, 2011)
Virtual Machine changes
Added python libraries: Numpy, Scipy, Matplotlib
Code changes
Ported BFF from Perl to Python
Complete rewrite of crasher minimization using probability-based algorithm
Added 'rangefinder' capability to automatically discover optimal fuzzing probability range(s)
Restructured output directory (./crashers), now organized by crash hash
Added analyzer scripts for visualization & fuzz run analysis
BFF 1.1 (September 21, 2010)
Virtual Machine changes
Updated to Debian Squeeze for newer libraries.
Installed generic vesa video driver for increased VM compatibility.
Fixed strip symlink to /bin/true .
Code changes
Forcibly kill gdb
Removed unused tty information
Updated to save SIGABRT crashes, discarding those caused by failed. asserts. Failed asserts can be saved through config option.
Refactored perl script for increased performance and usability.
Added crasher minimization script
BFF 1.0 (May 17, 2010)
Initial Release