This repository has been archived by the owner on May 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 56
Release notes for 2.7 and earlier
Allen D. Householder edited this page Apr 11, 2024
·
3 revisions
Note: Prior to version v2.8, BFF for Windows was known as the Failure Observation Engine (FOE). We've merged the release notes from both products here since they eventually converged in BFF v2.8.
- Switch to Ubuntu from Debian
- Use of PIN to uniquely identify crashes that trash the stack
- Optional feature to recycle crashing test cases as seed files
- Minimization to string defaults to Metasploit string
- Upgraded to MSEC !exploitable 1.6
- Crash uniqueness determined by exception chains - Improved exploitability bucketing of exception chains
- Dynamic timeouts (CPU-usage-driven) for GUI applications
- Zip seed file awareness (fuzz contents, not container)
- New and improved scripts in the tools directory
- Simplified usage
- Optional feature to recycle crashing test cases as seed files
- Minimization to string defaults to Metasploit string
- Various bug fixes and improved error handling
- Incorporated CERT Triage Tools 1.04 to determine exploitability of crashes found.
- Integrated code improvements from FOE 2.0 release
- BFF 2.6 and FOE 2.0.1 use the same certfuzz package
- Improved fuzzing campaign recovery after VM reboot
- Detect and abort minimization if it takes too long (> 1hr)
- Fixed a bug in minimizer crash recycling
- Various bug fixes and improved error handling
- BFF 2.6 and FOE 2.0.1 use the same certfuzz package
- Fixed a bug in minimizer crash recycling
- Various bug fixes and improved error handling
- Upgraded to python 2.7
- Improved support for multiple seed files
- Crashes found during minimization get analyzed as well
- Improved machine learning implementation applied to both seed file selection and rangefinder
- Minimizer tuned for performance
- Optional minimization-to-string feature
- Continues handled exceptions
- Button clicker included
- New
drillresults.py
script for picking out interesting crashes - Added new fuzzers: drop, insert, truncate, verify
- Refactored into object-oriented code
- Merged in many other features from CERT's Basic Fuzzing Framework (BFF) for Linux v2.5
Initial Release
- Upgraded to python 2.7
- Upgraded to gdb 7.2
- BFF now runs on OSX in addition to Linux
- Support for multiple seed files
- Crashes found during minimization get analyzed as well
- Improved machine learning implementation applied to both seed file selection and rangefinder
- Improved crash uniqueness determination on Linux
- Minimizer tuned for performance
- callgrind generated on unique crashers for code coverage analysis
- default gdb output changed to provide additional details
- Basic crash clustering (analysis/callsim.py) using callgrind coverage analysis
- Optional minimization-to-string feature
- Added python libraries: Numpy, Scipy, Matplotlib
- Ported BFF from Perl to Python
- Complete rewrite of crasher minimization using probability-based algorithm
- Added 'rangefinder' capability to automatically discover optimal fuzzing probability range(s)
- Restructured output directory (./crashers), now organized by crash hash
- Added analyzer scripts for visualization & fuzz run analysis
- Updated to Debian Squeeze for newer libraries.
- Installed generic vesa video driver for increased VM compatibility.
- Fixed strip symlink to /bin/true
- Forcibly kill gdb
- Removed unused tty information
- Updated to save SIGABRT crashes, discarding those caused by failed. asserts. Failed asserts can be saved through config option.
- Refactored perl script for increased performance and usability.
- Added crasher minimization script
Initial Release