Usage:
Python3 codeins.py [source file.c] [Number of fake blocks] [Number of functions to wrap] [landing space length in bytes]
Modify the source codes of codeins.py.
anti = Antifuzz([sys.argv[1]], instru_detect=False, daemon_process=True, funcchain=False, landingspace=False)
Timing gap detection is controlled by instru_detect, daemon_process for execution rate detection, funcchain and landingspace for the landing space (they should both be set to be True for correct anti-fuzzing defense)
Run the following command to generate the protected dummy program.
python3 codeins.py source/hello.c 100 3 100
Compile output.c to generate the protected binary.
gcc ./output.c -o nofuzz_hello
How to install AFL-QEMU: https://afl-1.readthedocs.io/en/latest/instrumenting.html#instrumenting-binary-only-apps
Create an input folder an empty seed and run with afl-qemu.
mkdir input
echo 1> input/1
afl-fuzz -Q -i input -o output -- ./nofuzz_hello
Run download.sh to get the binutils 2.31. Get the source file of a binary, e.g., the readelf.
./download.sh
tar -xf binutils-2.31.tar.xz
cp binutils-2.31/binutils/readelf.c ./
Add anti-fuzzing protection.
python3 codeins.py readelf.c 100 10 100
Replace the source file with the protected version.
mv ./output.c binutils-2.31/binutils/readelf.c
Compile binutils and get the protected readelf.