PTfuzzer is a greybox fuzzer designed for binary-only fuzzing, addressing the limitations of source-code-dependent tools like AFL. It enables fuzzing of closed-source software by leveraging Intel Processor Trace (PT) for accurate and efficient branch coverage feedback, offering a faster alternative to software instrumentation-based methods.

How It Works

PTfuzzer utilizes Intel PT, a hardware feature, to collect precise runtime control flow information without requiring source code or binary instrumentation. This hardware-based feedback mechanism is significantly faster and less intrusive than software-based approaches, providing more accurate coverage data by tracing actual basic block transitions. The fuzzer decodes these PT packets to guide the fuzzing process, enabling effective exploration of program states.

Quick Start & Requirements

• Install via cmake and make after navigating to the ptfuzzer directory.
• Requires Linux kernel >= 4.13.0 (4.15+ needs nopti boot option), Intel CPU (i5/6/7-x000, x >= 5), libcapstone, and python-cle.
• Setup involves compiling the tool and preparing target programs and seed files.
• Official documentation is available at ptfuzzer/afl-pt/doc/.

Highlighted Details

• Leverages Intel Processor Trace (PT) for hardware-accelerated, binary-only fuzzing.
• Offers a faster feedback mechanism compared to software instrumentation methods like QAFL.
• Provides accurate control flow information using runtime addresses of basic blocks.
• Supports configurable branch tracing modes (TNT_MODE, TIP_MODE) and memory limits.

Maintenance & Community

No specific contributors, sponsorships, or community links (Discord/Slack) are mentioned in the README.

Licensing & Compatibility

The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

The project reports several unsolved issues, including "No instrumentation detected," assertion failures, and potential crashes on the first seed. There is no support for several programs, and parallel PT decoding is a future enhancement.