// ReSharper disable once UnusedParameter.Local #pragma warning disable IDE0060 // Remove unused parameter private static async Task Main(string[] args) #pragma warning restore IDE0060 // Remove unused parameter { #region REMOVE //byte[] data = File.ReadAllBytes(@"C:\Users\DEU208215\Desktop\Crashinput.txt"); //CancellationTokenSource cts=new CancellationTokenSource(); //IfFuzzer.SendData(data, cts.Token); //return; #endregion #region NLog Configuration var config = new NLog.Config.LoggingConfiguration(); var logfile = new FileTarget("logfile") { FileName = "Logbook.log" }; // Log targets var coloredConsoleTarget = new ColoredConsoleTarget { UseDefaultRowHighlightingRules = true }; coloredConsoleTarget.Layout = "${longdate}|${level:uppercase=true:padding=-6}|${logger:shortName=true:padding=-16} [${threadid:padding=-2}] | ${message}"; // Rules for mapping loggers to targets config.AddRule(LogLevel.Info, LogLevel.Fatal, coloredConsoleTarget); config.AddRule(LogLevel.Trace, LogLevel.Fatal, logfile); // Apply config LogManager.Configuration = config; #endregion Logger.Info("embeddedAFL Started...!"); IfTargetState targetState = new IfTargetState(); int sessioncounter = 0; while (true) { #region Print parameters Logger.Info("Debug: {0}", Parameters.Debug); Logger.Info("AggressiveMode: {0}", Parameters.EnableAggressiveMode); Logger.Info("SkipPrepare: {0}", Parameters.SkipPreparation); Logger.Info("ShortCircuit: {0}", Parameters.ShortCircuitTesting); #endregion CancellationTokenSource cts = new CancellationTokenSource(); if (Parameters.Debug) { byte[] data = Encoding.ASCII.GetBytes("TEST"); IfKelinci.KelinciData kelinciData = new IfKelinci.KelinciData(0, data.Length, data); Logger.Trace("{0:000000} REC KELINCI: Mode: {1}, Length: {2}, Data: {3}", 0, kelinciData.Mode, kelinciData.Length, kelinciData.Data); cts.CancelAfter(Parameters.TimeoutStartStateMachineAsync); try { StateMachine.StartStateMachineAsync(sessioncounter, kelinciData.Data, targetState, cts.Token).Wait(cts.Token); } catch (Exception e) { // This area should never be reached Logger.Fatal(e); Logger.Fatal("embeddedAFL Restarted after crash!"); Alarms.PlayAlarmInfinite(); } sessioncounter++; } else { try { Logger.Trace("Start IfKelinci"); cts.CancelAfter(Parameters.TimeoutInterfaceKelinciAsync); await IfKelinci.StartKelinciInterface(Parameters.KelinciInterfacePort, targetState); } catch (Exception e) { // This area should never be reached Logger.Fatal(e); Logger.Fatal("embeddedAFL Restarted after crash!"); Alarms.PlayAlarmInfinite(); } } } // ReSharper disable once FunctionNeverReturns }
public static async Task <DataTypes.FuzzingResult> StartStateMachineAsync(int sessionCounter, byte[] fuzzingData, IfTargetState targetState, CancellationToken token) { #region Initialize long tmPrepare = 0, tmTraceOn = 0, tmFuzz = 0, tmTraceOff = 0, tmBitmap = 0, tmReinit = 0; Stopwatch sw = new Stopwatch(); DataTypes.FuzzingResult fuzzingResult = new DataTypes.FuzzingResult(DataTypes.FuzzingStatusEnum.StatusSuccess, new byte[65536]); Logger.Trace("{0:000000} StateMachine started", sessionCounter); #endregion while (!token.IsCancellationRequested) { CancellationTokenSource cts = CancellationTokenSource.CreateLinkedTokenSource(token); try { #region Prepare with exception handling try { try { #region Prepare sw.Restart(); if (!Parameters.SkipPreparation) { if (targetState.TargetState == DataTypes.TargetStateEnum.Unknown) { //Wait for target reset to be available while (!IfTargetReset.TargetResetIsAvailable) { Thread.Sleep(Parameters.TimeoutWaitForResetAvailability); } //Reboot the target Logger.Info("{0:000000} Target will be rebooted", sessionCounter); cts.CancelAfter(Parameters.TimeoutWaitAfterReboot); ExecuteAndWaitForTargetState(IfTargetReset.ResetTarget, targetState, DataTypes.TargetStateEnum.Ready, cts.Token); Logger.Info("{0:000000} Wait {1}ms after rebooting the target", sessionCounter, Parameters.SleepAfterDeviceRebooted); Thread.Sleep(Parameters.SleepAfterDeviceRebooted); ExecuteAndWaitForTargetState(targetState.ToTargetStateTASK_INITIALIZED, targetState, DataTypes.TargetStateEnum.TracingInitialized, cts.Token); } } tmPrepare = sw.ElapsedMilliseconds; #endregion } #region Handle InnerExceptions catch (AggregateException ae) { // This may contain multiple exceptions, which you can iterate with a foreach foreach (var exception in ae.InnerExceptions) { throw exception; } } #endregion } // if a timeout is exceeded, loop again if it is not related to a crash catch (OperationCanceledException oce) { Logger.Trace("Current State: {0}", targetState.TargetState); Logger.Fatal(oce); //Reset the target state to unknown so the target will be reset and start over targetState.TargetState = DataTypes.TargetStateEnum.Unknown; if (CrashDetected) { Logger.Fatal("CRASH detected"); fuzzingResult.FuzzingStatus = DataTypes.FuzzingStatusEnum.StatusCrash; CrashDetected = false; Alarms.PlayAlarm(1.0f); return(fuzzingResult); } continue; } #endregion if (sessionCounter < 40) { return(fuzzingResult); } try { #region TraceOn if (!Parameters.EnableAggressiveMode) { sw.Restart(); Logger.Trace("{0:000000} START TRACING", sessionCounter); cts.CancelAfter(12000); ExecuteAndWaitForTargetState(targetState.ToTargetStateTRACING_ON, targetState, DataTypes.TargetStateEnum.TracingOn, cts.Token); tmTraceOn = sw.ElapsedMilliseconds; } #endregion #region Fuzz sw.Restart(); Thread.Sleep(Parameters.TimeoutWaitBetweenFuzzingSteps); Logger.Trace("{0:000000} FUZZ", sessionCounter); cts.CancelAfter(Parameters.TimeoutSendFuzzingToTarget); await IfFuzzer.SendDataAsync(fuzzingData, cts.Token, sessionCounter); tmFuzz = sw.ElapsedMilliseconds; #endregion #region TraceOff if (!Parameters.EnableAggressiveMode) { sw.Restart(); Thread.Sleep(Parameters.TimeoutWaitBetweenFuzzingSteps); Logger.Trace("{0:000000} STOP TRACING", sessionCounter); cts.CancelAfter(Parameters.TimeoutStopTracing); ExecuteAndWaitForTargetState(targetState.ToTargetStateTRACING_OFF, targetState, DataTypes.TargetStateEnum.TracingOff, cts.Token); tmTraceOff = sw.ElapsedMilliseconds; } #endregion #region GetBitmap sw.Restart(); Thread.Sleep(Parameters.TimeoutWaitBetweenFuzzingSteps); Logger.Trace("{0:000000} GET BITMAP", sessionCounter); cts.CancelAfter(Parameters.TimeoutGetBitmap); do { fuzzingResult.Bitmap = await IfBitmap.Get_BitmapAsync(Parameters.TargetBitmapIpAddress, Parameters.TargetBitmapPort, cts.Token); //Finish even though not the complete bitmap is loaded for the test cases } while ((fuzzingResult.Bitmap.Length != 65536) && (!Parameters.EnableAggressiveMode)); tmBitmap = sw.ElapsedMilliseconds; #endregion #region ReInit sw.Restart(); Thread.Sleep(Parameters.TimeoutWaitBetweenFuzzingSteps); Logger.Trace("{0:000000} REINIT TRACING", sessionCounter); cts.CancelAfter(Parameters.TimeoutReinitTracing); ExecuteAndWaitForTargetState(targetState.ToTargetStateTRACING_INITIALIZED, targetState, DataTypes.TargetStateEnum.TracingInitialized, cts.Token); tmReinit = sw.ElapsedMilliseconds; #endregion #region Write Stopwatch if (Parameters.WriteStopwatchResultToLog) { using (var timeWriter = File.AppendText(".\\Stopwatch.log")) { timeWriter.WriteLine("{0},{1},{2},{3},{4},{5}", tmPrepare, tmTraceOn, tmFuzz, tmTraceOff, tmBitmap, tmReinit); } } #endregion #region Crash detection if (CrashDetected) { Logger.Fatal("CRASH detected"); fuzzingResult.FuzzingStatus = DataTypes.FuzzingStatusEnum.StatusCrash; CrashDetected = false; Alarms.PlayAlarm(1.0f); } #endregion return(fuzzingResult); } #region Handle InnerExceptions catch (AggregateException ae) { // This may contain multiple exceptions, which you can iterate with a foreach foreach (var exception in ae.InnerExceptions) { throw exception; } } #endregion } // if a timeout is exceeded, loop again if it is not related to a crash catch (OperationCanceledException) { Logger.Trace("Current State: {0}", targetState.TargetState); //Reset the target state to unknown so the target will be reset and start over targetState.TargetState = DataTypes.TargetStateEnum.Unknown; // if a crash is detected return with crash signal to kelinci if (CrashDetected) { Logger.Fatal("CRASH detected"); fuzzingResult.FuzzingStatus = DataTypes.FuzzingStatusEnum.StatusCrash; CrashDetected = false; return(fuzzingResult); } fuzzingResult.FuzzingStatus = DataTypes.FuzzingStatusEnum.StatusTimeout; Alarms.PlayAlarm(0.2f); return(fuzzingResult); } // if a normal exception occured, log exception and loop again catch (Exception e) { Logger.Error("{0:000000} ERROR: {1}", sessionCounter, e.Message); } // cancel all running tasks finally { cts.Cancel(); } } fuzzingResult.FuzzingStatus = DataTypes.FuzzingStatusEnum.StatusQueueFull; Logger.Warn("{0:000000} QUEUE FULL -> Kelinci will try again", sessionCounter); Alarms.PlayAlarm(1.0f); return(fuzzingResult); }