Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creating a field containting n bits #101

Open
theVico opened this issue Nov 9, 2015 · 4 comments
Open

Creating a field containting n bits #101

theVico opened this issue Nov 9, 2015 · 4 comments

Comments

@theVico
Copy link

theVico commented Nov 9, 2015

For a protocol I want to fuzz I need to use fields consisting of one or multiple bits. It appears to me that I can only use a full Byte in Sulley. Even the bit_field() will produce a complete Byte. How could I create a single Bit or, say, a four Bit field?
@jtpereyda
Copy link
Contributor

jtpereyda commented Nov 10, 2015
edited
Loading

I ran into the same problem. AFAIK there is no such functionality yet.

A lot of protocols align bit fields on byte boundaries. If you have, say, a 1-bit field, followed by a 3-bit field, followed by a 4-bit field, your easy solution may be to create a byte field and fuzz all combinations. Thankfully there are only 256 combos for a single byte.

@truekonrads
Copy link

You could add a new primitive and an encoding method. I had to add a length-value type field so I extended a dword, specified max size and added an encoding in the render function

@bsmelo
Copy link

bsmelo commented May 16, 2017

@truekonrads Do you have an example of such extension you did?

@truekonrads
Copy link

In render.py, I added:

        elif self.format == "varlenint":
            rendered = enc_varlenint(self.value)
            self.rendered = rendered

in sulley/__init__.py:

def s_varlenint (value, full_range=False, fuzzable=True, name=None):
    '''
    Push a quad word onto the current block stack.
    @see: Aliases: s_double()
    @type  value:      Integer
    @param value:      Default integer value
    @type  endian:     Character
    @param endian:     (Optional, def=LITTLE_ENDIAN) Endianess of the bit field (LITTLE_ENDIAN: <, BIG_ENDIAN: >)
    @type  format:     String
    @param format:     (Optional, def=binary) Output format, "binary" or "ascii"
    @type  signed:     Boolean
    @param signed:     (Optional, def=False) Make size signed vs. unsigned (applicable only with format="ascii")
    @type  full_range: Boolean
    @param full_range: (Optional, def=False) If enabled the field mutates through *all* possible values.
    @type  fuzzable:   Boolean
    @param fuzzable:   (Optional, def=True) Enable/disable fuzzing of this primitive
    @type  name:       String
    @param name:       (Optional, def=None) Specifying a name gives you direct access to a primitive
    '''
    qword = primitives.qword(value, "<", "varlenint", False, full_range, fuzzable, name,max_num=16777215)
    blocks.CURRENT.push(qword)

hope it helps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jtpereyda @truekonrads @bsmelo @theVico