Exemple #1
0
        public void MutationalEmptyTest()
        {
            var config = new MutationConfig();

            var data = new byte[200];

            for (byte x = 0; x < data.Length; x++)
            {
                data[x] = x;
            }

            // Without entry

            using (var copy = new MemoryStream())
                using (var stream = new FuzzingStream(config, data))
                {
                    stream.CopyTo(copy, 64);

                    CollectionAssert.AreEqual(data, copy.ToArray());
                }

            // With entry

            config.Mutations.Add(new MutationalEntry());

            using (var copy = new MemoryStream())
                using (var stream = new FuzzingStream(config, data))
                {
                    stream.CopyTo(copy, 64);

                    CollectionAssert.AreEqual(data, copy.ToArray());
                }
        }
Exemple #2
0
        public void CleanTest()
        {
            var original = new byte[90];

            byte[] fuzzed;

            using (var mem = new MemoryStream())
                using (var stream = new FuzzingStream(null, original))
                {
                    Assert.AreEqual(stream.CanRead, mem.CanRead);
                    Assert.AreEqual(stream.CanWrite, mem.CanWrite);
                    Assert.AreEqual(stream.CanSeek, mem.CanSeek);
                    Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
                    Assert.AreEqual(stream.Length, original.Length);
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
                    Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout  = 1);
                    Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);

                    stream.CopyTo(mem, 16);
                    fuzzed = mem.ToArray();

                    CollectionAssert.AreEqual(original, fuzzed);
                }
        }
Exemple #3
0
        public void CurrentStreamTest()
        {
            var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[],\"Type\":\"Patch\"}");

            var fuzzed   = new byte[10];
            var original = new byte[114];

            original[0] = 0x01;

            using (var mem = new MemoryStream())
                using (var current = new MemoryStream())
                    using (var stream = new FuzzingStream(cfg, original, current))
                    {
                        Assert.AreEqual(0, current.Position);
                        Assert.AreEqual(0, current.Length);

                        var r = stream.Read(fuzzed, 0, 1);

                        Assert.AreEqual(0x01, fuzzed[0]);
                        Assert.AreEqual(1, current.Position);
                        Assert.AreEqual(1, current.Length);

                        stream.CopyTo(mem, 32);
                        fuzzed = mem.ToArray();
                    }

            CollectionAssert.AreEqual(original.Skip(1).ToArray(), fuzzed);
        }
Exemple #4
0
        void SaveSelectedInputWith(bool toClipbard, IGetPatch config)
        {
            if (gridInput.SelectedRows.Count != 1)
            {
                return;
            }

            FuzzerStat <IFuzzingInput> inp = (FuzzerStat <IFuzzingInput>)gridInput.SelectedRows[0].DataBoundItem;

            if (inp == null)
            {
                return;
            }

            byte[] stream = inp.Source.GetStream();
            if (stream == null)
            {
                return;
            }

            if (toClipbard)
            {
                // Clipboard
                StringBuilder sb = new StringBuilder();

                sb.AppendLine("byte[] payload = new byte[]");
                sb.Append("{");

                PatchChange[] logs = null;
                if (config != null)
                {
                    using (MemoryStream ms = new MemoryStream())
                        using (FuzzingStream fzs = new FuzzingStream(stream, config))
                        {
                            fzs.CopyTo(ms);
                            stream = ms.ToArray();
                            logs   = fzs.Log;
                        }
                }

                for (int x = 0, off = 0, v = 0, m = stream.Length; x < m; x++, v++, off++)
                {
                    byte b = stream[x];
                    if (x != 0)
                    {
                        sb.Append(", ");
                    }

                    if (logs != null)
                    {
                        foreach (PatchChange ch in logs)
                        {
                            if (off == ch.Offset)
                            {
                                off -= ch.Remove;
                                if (ch.Append != null)
                                {
                                    off += ch.Append.Length;
                                }

                                sb.AppendLine();
                                sb.AppendLine("\t/* " +
                                              (string.IsNullOrEmpty(ch.Description) ? "" : ch.Description + " ") +
                                              (ch.Append == null ? "0" : ch.Append.Length.ToString()) + " bytes */");

                                sb.Append("\t" + "".PadLeft(6 * v, ' '));
                            }
                        }
                    }

                    if (v == 0 || v % 20 == 0)
                    {
                        sb.AppendLine();
                        sb.Append("\t");
                        v = 0;
                    }
                    sb.Append("0x" + b.ToString("x2"));
                }

                sb.AppendLine();
                sb.Append("};");
                Clipboard.SetText(sb.ToString());
                return;
            }

            // File
            using (SaveFileDialog s = new SaveFileDialog()
            {
                Filter = "Dat file|*.dat",
                DefaultExt = "*.dat",
            })
            {
                if (s.ShowDialog() != DialogResult.OK)
                {
                    return;
                }

                try
                {
                    if (File.Exists(s.FileName))
                    {
                        File.Delete(s.FileName);
                    }

                    using (FileStream fs = File.OpenWrite(s.FileName))
                    {
                        if (config != null)
                        {
                            using (Stream fzs = new FuzzingStream(stream, config))
                                fzs.CopyTo(fs);
                        }
                        else
                        {
                            fs.Write(stream, 0, stream.Length);
                        }
                    }
                }
                catch (Exception e)
                {
                    MessageBox.Show(e.ToString(), "ERROR", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }
        }
Exemple #5
0
        public void MutationalEntryPeerStreamTest()
        {
            var config = new MutationConfig()
            {
                Description = "Test"
            };
            var entry = new MutationalEntry()
            {
                FuzzPercent     = new FromToValue <double>(100),
                ValidOffset     = new FromToValue <long>(0, long.MaxValue),
                MaxChanges      = new FromToValue <ushort>(50),
                FuzzPercentType = EFuzzingPercentType.PeerStream
            };

            // Config

            config.Mutations.Add(entry);
            entry.Changes.Add(new MutationalChange()
            {
                Weight           = 1,
                Append           = new MutationalFromTo(0x01),
                RemoveLength     = new FromToValue <ushort>(),
                AppendIterations = new FromToValue <ushort>(1)
            });

            // 100% / 50 changes

            var input = new ManualFuzzingInput(new byte[200]);

            using (var copy = new MemoryStream())
                using (var stream = new FuzzingStream(config, input.GetStream()))
                {
                    stream.CopyTo(copy, 200);
                    Assert.AreEqual(50, copy.ToArray().Count(u => u == 0x01));
                }

            // 0%

            entry.FuzzPercent = new FromToValue <double>(0);

            input = new ManualFuzzingInput(new byte[200]);
            using (var copy = new MemoryStream())
                using (var stream = new FuzzingStream(config, input.GetStream()))
                {
                    stream.CopyTo(copy, 200);
                    Assert.AreEqual(200, copy.ToArray().Count(u => u == 0x00));
                }

            // Only offset 5

            entry.FuzzPercent = new FromToValue <double>(100);
            entry.ValidOffset = new FromToValue <long>(5);
            entry.MaxChanges  = new FromToValue <ushort>(1);

            input = new ManualFuzzingInput(new byte[200]);
            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                for (long x = 0; x < 200; x++)
                {
                    var next = entry.Get(stream, x, 0);

                    if (x == 5)
                    {
                        Assert.IsNotNull(next);
                    }
                    else
                    {
                        Assert.IsNull(next);
                    }
                }
            }

            // Max changes 2

            entry.ValidOffset = new FromToValue <long>(0, long.MaxValue);
            entry.MaxChanges  = new FromToValue <ushort>(2);

            input = new ManualFuzzingInput(new byte[200]);
            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                stream.CopyTo(new MemoryStream(), 200);

                Assert.AreEqual(2, stream.Log.Length);
            }
        }
Exemple #6
0
        public void MutationalEntryPeerByteTest()
        {
            var config = new MutationConfig()
            {
                Description = "Test"
            };
            var entry = new MutationalEntry()
            {
                FuzzPercent     = new FromToValue <double>(100),
                ValidOffset     = new FromToValue <long>(0, long.MaxValue),
                MaxChanges      = new FromToValue <ushort>(ushort.MaxValue),
                FuzzPercentType = EFuzzingPercentType.PeerByte
            };

            // Config

            config.Mutations.Add(entry);
            entry.Changes.Add(new MutationalChange()
            {
                Weight           = 5,
                Description      = "Add A",
                Append           = new MutationalFromTo((byte)'A'),
                RemoveLength     = new FromToValue <ushort>(1),
                AppendIterations = new FromToValue <ushort>(1)
            });
            entry.Changes.Add(new MutationalChange()
            {
                // Remmove
                Weight           = 1,
                Description      = "Remove",
                RemoveLength     = new FromToValue <ushort>(1),
                AppendIterations = new FromToValue <ushort>(1)
            });

            // 100%

            var input = new ManualFuzzingInput(new byte[200]);

            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                for (long x = 0; x < 200; x++)
                {
                    Assert.IsNotNull(entry.Get(stream, x, 0));
                }
            }

            // 0%

            entry.FuzzPercent = new FromToValue <double>(0);

            input = new ManualFuzzingInput(new byte[200]);
            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                for (long x = 0; x < 200; x++)
                {
                    Assert.IsNull(entry.Get(stream, x, 0));
                }
            }

            // Argument excepcion

            entry.FuzzPercentType = (EFuzzingPercentType)197;
            Assert.Throws <ArgumentException>(() => entry.Get(null, 0, 0));

            // Only offset 5

            entry.FuzzPercentType = EFuzzingPercentType.PeerByte;
            entry.FuzzPercent     = new FromToValue <double>(100);
            entry.ValidOffset     = new FromToValue <long>(5);

            input = new ManualFuzzingInput(new byte[100]);
            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                for (long x = 0; x < 100; x++)
                {
                    var next = entry.Get(stream, x, 0);

                    if (x == 5)
                    {
                        Assert.IsNotNull(next);
                    }
                    else
                    {
                        Assert.IsNull(next);
                    }
                }
            }

            // Max changes 2

            entry.Changes.RemoveAt(1);
            entry.ValidOffset = new FromToValue <long>(0, long.MaxValue);
            entry.MaxChanges  = new FromToValue <ushort>(2);
            input             = new ManualFuzzingInput(new byte[100]);

            using (var stream = new FuzzingStream(config, input.GetStream()))
            {
                stream.CopyTo(new MemoryStream(), 16);

                Assert.AreEqual(2, stream.Log.Length);
                Assert.AreEqual(0, stream.Log[0].Offset);
                Assert.AreEqual(1, stream.Log[1].Offset);
            }
        }
Exemple #7
0
        public void Test1()
        {
            var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[" +
                                                                            "{\"Offset\":1,\"Remove\":7}," +
                                                                            "{\"Offset\":23,\"Remove\":11,\"Append\":\"XHVEODAwXHVEQzAwe3t9fQ==\"}],\"Type\":\"Patch\"}");

            var original = new byte[90];

            byte[] fuzzed;

            using (var mem = new MemoryStream())
                using (var stream = new FuzzingStream(cfg, original))
                {
                    Assert.AreEqual(stream.CanRead, mem.CanRead);
                    Assert.AreEqual(stream.CanWrite, mem.CanWrite);
                    Assert.AreEqual(stream.CanSeek, mem.CanSeek);
                    Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
                    Assert.AreEqual(stream.Length, original.Length);
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
                    Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout  = 1);
                    Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);

                    stream.CopyTo(mem, 16);
                    fuzzed = mem.ToArray();
                }

            using (var copyRead = new MemoryStream(original))
                using (var copy = new MemoryStream())
                {
                    var buffer = new byte[128];

                    // 1 - Offset

                    copyRead.Read(buffer, 0, 1);
                    copy.Write(buffer, 0, 1);

                    // 1 - Remove

                    copyRead.Read(buffer, 0, 7);

                    // 2 - Offset

                    var l = (int)(23 - copyRead.Position);
                    copyRead.Read(buffer, 0, l);
                    copy.Write(new byte[l], 0, l);

                    // 2 - Remove

                    copyRead.Read(buffer, 0, 11);

                    // 2 - Append

                    var data = Convert.FromBase64String("XHVEODAwXHVEQzAwe3t9fQ==");
                    copy.Write(data, 0, data.Length);

                    // Extra

                    l = (int)(copyRead.Length - copyRead.Position);
                    copyRead.Read(buffer, 0, l);
                    copy.Write(new byte[l], 0, l);

                    var dataCopy = copy.ToArray();
                    CollectionAssert.AreEqual(dataCopy, fuzzed);
                }
        }
Exemple #8
0
        public void Test2()
        {
            var cfg = SerializationHelper.DeserializeFromJson <PatchConfig>("{\"Changes\":[" +
                                                                            "{\"Offset\":16,\"Remove\":18,\"Append\":\"MTg0NDY3NDQwNzM3MDk1NTE2MTV7IiI6MH0=\"}," +
                                                                            "{\"Offset\":84,\"Remove\":0,\"Append\":\"LCIiIiI6\"}," +
                                                                            "{\"Offset\":104,\"Remove\":4,\"Append\":\"WzBd\"}],\"Type\":\"Patch\"}");

            var original = new byte[114];

            byte[] fuzzed;

            using (var mem = new MemoryStream())
                using (var stream = new FuzzingStream(cfg, original))
                {
                    Assert.AreEqual(stream.CanRead, mem.CanRead);
                    Assert.AreEqual(stream.CanWrite, mem.CanWrite);
                    Assert.AreEqual(stream.CanSeek, mem.CanSeek);
                    Assert.AreEqual(stream.CanTimeout, mem.CanTimeout);
                    Assert.AreEqual(stream.Length, original.Length);
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.ReadTimeout; });
                    Assert.Catch <InvalidOperationException>(() => { var x = stream.WriteTimeout; });
                    Assert.Catch <InvalidOperationException>(() => stream.ReadTimeout  = 1);
                    Assert.Catch <InvalidOperationException>(() => stream.WriteTimeout = 1);

                    stream.CopyTo(mem, 32);
                    fuzzed = mem.ToArray();
                }

            using (var copyRead = new MemoryStream(original))
                using (var copy = new MemoryStream())
                {
                    var buffer = new byte[128];

                    // 1 - Offset

                    copyRead.Read(buffer, 0, 16);
                    copy.Write(buffer, 0, 16);

                    // 1 - Remove

                    copyRead.Read(buffer, 0, 18);

                    // 1 - Append

                    var data = Convert.FromBase64String("MTg0NDY3NDQwNzM3MDk1NTE2MTV7IiI6MH0=");
                    copy.Write(data, 0, data.Length);

                    // 2 - Offset

                    var l = (int)(84 - copyRead.Position);
                    copyRead.Read(buffer, 0, l);
                    copy.Write(new byte[l], 0, l);

                    // 2 - Append

                    data = Convert.FromBase64String("LCIiIiI6");
                    copy.Write(data, 0, data.Length);

                    // 3 - Offset

                    l = (int)(104 - copyRead.Position);
                    copyRead.Read(buffer, 0, l);
                    copy.Write(new byte[l], 0, l);

                    // 3 - Remove

                    copyRead.Read(buffer, 0, 4);

                    // 3 - Append

                    data = Convert.FromBase64String("WzBd");
                    copy.Write(data, 0, data.Length);

                    // Extra

                    l = (int)(copyRead.Length - copyRead.Position);
                    copyRead.Read(buffer, 0, l);
                    copy.Write(new byte[l], 0, l);

                    var dataCopy = copy.ToArray();
                    CollectionAssert.AreEqual(dataCopy, fuzzed);
                }
        }