Question 1

How do I set up difuze for a MediaTek kernel?

Accepted Answer

First, compile the kernel using Bear to generate compile_commands.json, then run the run_all.py script with chipset number 1 for MediaTek, specifying paths for bitcode output and ioctl finder, as shown in the example section with the provided mediatek kernel.

Question 2

difuze vs Syzkaller for kernel fuzzing?

Accepted Answer

difuze specializes in automated interface recovery for drivers using LLVM static analysis, making it ideal for targeted driver fuzzing, while Syzkaller is a more general kernel fuzzer with syscall generation but may not handle driver interfaces as precisely without manual configuration.

Question 3

Why is difuze interface recovery so slow?

Accepted Answer

The LLVM bitcode generation and analysis on all drivers are computationally intensive, and the README notes it can take 45-90 minutes depending on kernel size and CPU cores. Using the multiprocessor mode in scripts helps, but it's inherent to the static analysis approach.

Question 4

How to parse the output from difuze for fuzzing?

Accepted Answer

After interface recovery, use the parse_interface_output.py script to convert the raw output into JSON files, which provide structured data on ioctl commands. Then, feed these JSON files into the MangoFuzz engine using runner.py or dev_runner.py for fuzzing.

Question 5

Can difuze work with kernels compiled using clang?

Accepted Answer

Yes, but you need to specify additional flags like -isclang and provide paths to clang and llvm-link binaries in the run_all.py script, as outlined in the 'Kernels built using clang' section of the README.

Question 6

What are the system requirements for running difuze?

Accepted Answer

It requires Ubuntu 14.04 or later, with dependencies like LLVM, libxml2, and Python libraries. The README recommends using Docker for consistency, and sufficient CPU cores and memory are needed due to the heavy analysis and compilation steps.

DIFUZE

What is DIFUZE?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions