All Projects → lifting-bits → Grr

lifting-bits / Grr

Licence: apache-2.0
High-throughput fuzzer and emulator of DECREE binaries

Projects that are alternatives of or similar to Grr

Gopher Boy
🎮 A Game Boy emulator written in Go
Stars: ✭ 206 (-10.04%)
Mutual labels:  emulator
Miasm
Reverse engineering framework in Python
Stars: ✭ 2,649 (+1056.77%)
Mutual labels:  emulator
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (-3.06%)
Mutual labels:  fuzzer
Goboy
Multi-platform Nintendo Game Boy Color emulator written in Go
Stars: ✭ 2,403 (+949.34%)
Mutual labels:  emulator
Emupedia.github.io
The purpose of Emupedia is to serve as a nonprofit meta-resource, hub and community for those interested mainly in video game preservation which aims to digitally collect, archive and preserve games and software to make them available online accessible by a user-friendly UI that simulates several retro operating systems for educational purposes.
Stars: ✭ 206 (-10.04%)
Mutual labels:  emulator
Retropie Extra
A collection of unofficial scripts for adding more emulators/ports/games to RetroPie.
Stars: ✭ 217 (-5.24%)
Mutual labels:  emulator
Freej2me
A free J2ME emulator with libretro, awt and sdl2 frontends.
Stars: ✭ 203 (-11.35%)
Mutual labels:  emulator
Jquery.terminal
jQuery Terminal Emulator - JavaScript library for creating web-based terminals with custom commands
Stars: ✭ 2,623 (+1045.41%)
Mutual labels:  emulator
Bsnes Hd
bsnes fork that adds HD video features
Stars: ✭ 216 (-5.68%)
Mutual labels:  emulator
Emu Docs
Emulator documentation archive
Stars: ✭ 222 (-3.06%)
Mutual labels:  emulator
Chameleonmini Rebooted
Chameleon Mini revE rebooted - Iceman Fork, the ChameleonMini is a versatile contactless smartcard emulator (NFC/RFID)
Stars: ✭ 208 (-9.17%)
Mutual labels:  emulator
Bsnes Plus
debug-oriented fork of bsnes
Stars: ✭ 209 (-8.73%)
Mutual labels:  emulator
Punes
Nintendo Entertaiment System emulator and NSF/NSFe Music Player (Linux, FreeBSD, OpenBSD and Windows)
Stars: ✭ 217 (-5.24%)
Mutual labels:  emulator
Esp32 Obd2 Emulator
Open-source OBD-II emulator based on an ESP32 + CAN transceiver IC, controllable via WiFi through a simple web UI (or via API)
Stars: ✭ 207 (-9.61%)
Mutual labels:  emulator
Binjgb
Gameboy emulator implemented in C
Stars: ✭ 222 (-3.06%)
Mutual labels:  emulator
Codealchemist
Semantics-aware Code Generation for Finding JS engine Vulnerabilities
Stars: ✭ 204 (-10.92%)
Mutual labels:  fuzzer
Rustual Boy
Rustual Boy - A Virtual Boy emulator.
Stars: ✭ 216 (-5.68%)
Mutual labels:  emulator
Yuzu
Nintendo Switch Emulator
Stars: ✭ 17,405 (+7500.44%)
Mutual labels:  emulator
Rustyboy
A Gameboy emulator written in Rust.
Stars: ✭ 224 (-2.18%)
Mutual labels:  emulator
X6502
Yet another 6502 emulator that one day dreams of being an Atari 2600.
Stars: ✭ 220 (-3.93%)
Mutual labels:  emulator

GRR

Build Status Slack Chat

GRR is pronounced with two fists in the air

GRR is an x86 to amd64 binary translator. GRR was created to emulate and fuzz DECREE challenge binaries.

Features

  • Code cache persistence (avoids translation overheads across separate runs).
  • Optimization of the code cache, including the persisted cache.
  • Multi-processing support (allows multiple communicating, 32-bit processes to be emulated within a single 64-bit address space).
  • Built-in fuzzing engine, which includes Radamsa.
  • Support for self-modifying code (e.g. JIT compilers). Self-modified code can also be persisted.

Anti-features

  • Orchestration. GRR does not manage a fuzzing campaign. An external orchestration system can direct GRR to fuzz a program, and identify a minimal set of maximal coverage-producing inputs.

Compiling

Install System dependcies

sudo apt-get install -y git build-essential
sudo apt-get install -y clang llvm-dev libc++1 libc++-dev

Then we can build GRR. This script will create grr-build in the current working directory, and download remaining dependencies.

./grr/scripts/build.sh

Running

There are two steps to running GRR: snapshotting, and record/replaying. Snapshotting creates an initial image of the binary after execve. Record/replaying takes an input testcase and attempts to replay that testcase. The replay can be recorded or mutated as well.

Snapshotting

You can run grrshot on a CGC challenge binary, or on a statically linked 32-bit ELF version of a CGC challenge binary.

./bin/debug_linux_user/grrshot --num_exe=1 --exe_dir=/path --exe_prefix=CADET_000 --snapshot_dir=/tmp/snapshot

This will create a snapshot of /path/CADET_00001 and store the snapshot into the /tmp/snapshot directory.

Replaying

./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase 

Replay + Recording

./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase --output_dir=/tmp/out 

Replay + Recording + Mutating

./bin/debug_linux_user/grrplay --num_exe=1 --snapshot_dir=/tmp/snapshot --persist_dir=/tmp/persist --input=/path/to/testcase --output_dir=/tmp/out --input_mutator=inf_radamsa_spliced

There are many mutators. Some of the mutators are deterministic, and therefore run for a period of time that is proportional to the number of receive system calls in the input testcase. Other mutators are non-deterministic and can run forever. These mutators are prefixed with inf_.

Dependencies

Intel XED

GRR depends on the Intel XED instruction encoder/decoder. XED is licensed under the Apache License.

Radamsa

GRR depends on Radamsa, a high-quality input mutation engine. GRR embeds a version of Radamsa that can be used as a kind of library. Radamsa is licensed under the MIT license.

Other dependencies

GRR depends on gflags.

GRR depends on Frank Thilo's C++ port of the the RSA Data Security, Inc. MD5 Message-Digest Algorithm.

GRR uses Yann Collet's xxHash as part of its code cache index hash table.

History

GRR, short for Granary Record/Replay, is the third iteration of the Granary series of dynamic binary translators. GRR is pgoodman's third dynamic binary translator.

GRR was created for the DARPA Cyber Grand Challenge. It was an essential component of Trail of Bit's CRS. The version of GRR in this repository differs from the CRS version in some important ways.

Don't tread on me!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].