Awesome
CS:GO map file fuzzing using AFL in QEMU mode
Author: @_niklasb
See LICENSE.
Prerequisites
$ sudo apt install gdb valgrind build-essential python3-minimal python-minimal
$ cd ~
$ git clone https://github.com/niklasb/gdbinit
$ cd gdbinit
$ ./setup.sh
Then, build AFL with qemu mode support and afl_patches.diff
applied. Set
AFL_PATH
correctly in your .bashrc
.
Setup
git clone https://github.com/niklasb/bspfuzz/ && cd bspfuzz
- Copy over
bin/
andcsgo/
directories from the CS:GO server installation into thebspfuzz
directory - Adapt offsets in
main.cpp
andpatch.py
for your version ./setup.sh
Running
$ cd /path/to/bspfuzz
$ ./run_afl.sh 1
$ ./run_afl.sh 2
$ ./run_afl.sh 3
...
Triaging
$ sudo sysctl -w kernel.randomize_va_space=0
$ cd /path/to/bspfuzz/triage
$ ./triage.sh
$ ./valgrind.sh