Futag

• Table of contents
  • 1. Description
  • 2. Installation
  • 3. Examples of use
  • 4. Authors
  • 5. Articles and materials
  • 6. Found errors
  • 7. Results

FUTAG is an automated generation tool for phasing-concrete libertines for software libraries. FUTAG provides the possibility of generating phasesing concentrations both in the absence of contexts of using the tested library, and if any. FUTAG uses, as an external interface, to analyze the source code of libraries tools Clang.

A static analyzer implemented in FUTAG during the assembly of the tested library is performed by:

• search for definitions of entities (types of data, functions, structure, etc.);
• Search for dependencies between entities. The collected information is stored as a knowledge base about the tested library (BZT). In the absence of catteasts of using the library, the FUTAG generator studies BZT and creates a phasesing concrete.

In the presence of use contexts, Futag searches for calls of functions, makes up the dependences between the chases found and draws up the call contexts.

Futag also implements the possibility of obtaining contexts of using the tested library from a tool to determine the surface of the NATCH attack.

Futag's work is illustrated in the following figure:

This project is based on LLVM with a static analysis of Clang and is distributed under the "GPL V3 License" license

You can try to assemble FUTAG with ready-made dock files for Ubuntu OS.

• Download the latest version of Futag-llvm.2.1.0.tar.xz and unzip. As a result, the tool will be installed in the FUTAG-LLVM directory.
• For assembly AFLPLUSPLUS Launch the BuildaflPlusplus.sh script in Futag-llvm

  ~ /futag-llvm$ ./buildAFLplusplus.sh

This instruction allows you to collect a copy of the project and launch it in the Unix-like system.

The FUTAG tool is based on LLVM-Project. For the compilation of the project, it is necessary that the next packages are installed in your system:

• CMAKE> = 3.13.4 CMAKE-3.19.3 -Linux-X86_64.SH-MakeFile/Workspace Generator
• GCC> = 7.1.0 C/C ++ Compiler
• Python> = 3.8 Automated Test Suite.
• Pip> = 22.1.0
• zlib> = 1.2.3.4 Compression Library
• GNU Make 3.79, 3.79.1 Makefile/Build Processor
• Binutils

To obtain more detailed information about the dependencies necessary for the assembly of LLVM, you can familiarize yourself with the documentation under the specified link

The Ubuntu system may need to install packages:

• Python -is-Python3.
• GCC-Multilib
• Binutils-Gold Binutils-Dev

• Clon the project:

  ~ $ git clone https://github.com/ispras/Futag

• Prepare the Custom-volvm directory by launching the script:

  ~ /Futag/custom-llvm$ ./prepare.sh

This script creates the Futag/Build directory and copies the Futag/Custom-llvm/Build.sh script in it

• Run the copied script in Futag/Build:

  ~ /Futag/build$ ./build.sh

• As a result, the tool will be installed in the Futag/Futag-volvm directory

• For assembly AFLPLUSPLUS Launch the BuildaflPlusplus.sh script in Futag/Futag-llvm

  ~ /Futag/futag-llvm$ ./buildAFLplusplus.sh

• Previously, a FUTAG- <Version> .tar.gz package along the way Futag-llvm/Python-package/::

  ~ $ pip install -r futag-llvm/python-package/requirements.txt
  ~ $ pip install futag-llvm/python-package/futag-2.1.0.tar.gz

• Starting assembly, verification and analysis in the condition of the lack of contexts of use

 from futag . preprocessor import *

FUTAG_PATH = "/home/futag/Futag-tests/futag-llvm/"
lib_path = "path/to/library/source/code"
build_test = Builder (
    FUTAG_PATH ,
    lib_path ,
    clean = True , # удалить все папки сгенерированные Futag-ом перед сборкой
    # intercept=True, # запуск компиляции с инструментом "intercept" для анализа compile_command.json
    # processes=4, # количество задач при сборке
    # build_ex_params="--with-openssl --with-mhash" # дополнительные параметры при сборке библиотеки
)
build_test . auto_build ()
build_test . analyze ()

• Generation and compilation of drivers

 from futag . generator import *

FUTAG_PATH = "/home/futag/Futag-tests/futag-llvm/"
lib_path = "path/to/library/source/code"

generator = Generator (
    FUTAG_PATH , # путь к директории "futag-llvm"
    lib_path , # путь к директории содержащей исходные кода исследуемого ПО
    # target_type=AFLPLUSPLUS, 
)

# Генерация фаззинг-оберток 
generator . gen_targets (
    anonymous = False # опция для генерации фаззинг-обертки для функций, которые не имеют публичный доступ
    max_wrappers = 10 # опция для органичения количества сгенерированных фаззинг-оберток для одной функции
)
# Compile fuzz drivers
generator . compile_targets (
    4 , # количество задач при сборке
    # keep_failed=True, # сохранить не скомпилированные цели
    # extra_include="-DHAVE_CONFIG_H", # дополнительные параметры при сборке библиотеки,
    # extra_dynamiclink="-lz", # системные библиотеки для линковки
    # flags="-ferror-limit=1", # значение по умолчанию: ""
)

By defecting, successfully compiled phasing cones for targeted functions are in the Futag-Fuzz-Drivers catalog, where each target function creates its own subscription, which coincides with the name of the target function.

 from futag . preprocessor import *
from futag . generator import * 
from futag . fuzzer import * 

FUTAG_PATH = "/home/futag/Futag/futag-llvm"
library_root = "json-c-json-c-0.16-20220414"
consumer_root = "libstorj-1.0.3"
consumber_builder = ConsumerBuilder (
   FUTAG_PATH , # путь к директории "futag-llvm"
   library_root , # путь к директории содержащей исходные кода тестируемой библиотеки
   consumer_root , # путь к директории содержащей исходные кода потребительской программы
  #  clean=True,
  #  processes=16,
)
consumber_builder . auto_build ()
consumber_builder . analyze ()

context_generator = ContextGenerator (
    FUTAG_PATH , 
    library_root , 
)

context_generator . gen_context () # генерация фаззинг-оберток для контекстов
context_generator . compile_targets ( #компиляция сгенерированных фаззинг-оберток
    keep_failed = True ,
)

If several phasing-cones was generated for the function, the corresponding directory is created in the subcatal of the target function, where the serial number is added to the name of the target function. The documentation of the Python package is on the link

Such information about the work of FUTAG can be read at the link

Starting scripts can be viewed here

A FUTAG testing was created over libraries (JSON-C, PHP, FREMAGE, etc.), you can test with a pre-container.

• Chan Tahien
• Kurmangaleev Shamil
• Ponomarev Dmitry
• Kuznetsov Andrey
• Theodor Arsenij Larionov-Trichkin

• CT Trans and S. Kurmangaleev, "Futag: Automated Fuzz Target Generator for Testware Libraries" 2021 iVannikov Memorial Workem, 2021, PP. 80-85, DOI: 10.1109/IVMEM53963.2021.00021.

• CT Trans, D. Ponomarev and A. Kuznheesov, "Research on Automatic Generation of Fuzz-Target for Software Library Function", 2022 Ivannikov ISPRAS OPEN Conference (ISPRAS), Moscow, Russian Federal, 2022, PP. 95-99, DOI: 10.1109/ISPRAS57371.2022.10076871.

• Studies on automatic generation of phasing concentrations for libraries, open conference of OSP RAS named after V.P. Ivannikova 2022