Fuzzing Nim with AFL

2015-05-06

A few months ago I had a lot of fun with AFL fuzzing various open source software and found crashes in WavPack, opus-tools, zsh, Freetype (CFF, T42) and MKVToolNix.

Now I want to revisit AFL to demonstrate how it can be used to fuzz Nim programs. The basic idea is to automatically and easily find security holes in software. For this our binary will be instrumented so that the fuzzer knows when an input triggers a new path through the binary. AFL then mutates the input to find new paths to test.

Let's start by writing a program with a carefully hidden security hole. For AFL it's best if our program is a command line tool that reads some file or stdin:

HookRace - a Nim blog for now Posts Feed DDNet Me

Fuzzing Nim with AFL

Related Posts

Nim binary size from 160 KB to 150 Bytes 2015-05-04

Porting a NES emulator from Go to Nim 2015-05-01

NimES: a NES emulator in Nim 2015-04-30