kAFL is a hardware-assisted feedback fuzzer designed for fuzzing x86 virtual machine guests, including firmware, kernels, and operating systems. It targets security researchers and developers needing to identify vulnerabilities in complex software environments, offering significant speedups and advanced mutation techniques.

How It Works

kAFL leverages Intel VT, Intel Processor Trace (PT), and Intel Processor Lookaside Buffer (PLB) for efficient execution, snapshotting, and coverage feedback. Its core is a Python-based fuzzer, similar to AFL, optimized for parallel QEMU instances. It integrates advanced mutators like Redqueen (for conditional instruction input extraction) and Grimoire (for keyword-based mutations) to overcome common input validation checks and generate more effective test cases.

Quick Start & Requirements

• Install: sudo apt install python3-venv make git, git clone https://github.com/IntelLabs/kAFL.git, cd kAFl, make deploy
• Prerequisites: Intel Skylake or newer CPU (for Intel PT), patched host kernel (installed via make deploy, requires reboot), recent Debian/Ubuntu.
• Setup Time: Installation requires a kernel update and reboot.
• Docs: nyx-fuzz.com

Highlighted Details

• Achieves 10-30x speedups for targets like Super Mario.
• Successfully used for Intel SGX enclaves, Intel TDX TDVF firmware, Linux kernel hardening, Firefox IPCs, and Windows drivers.
• Integrates Radamsa, Redqueen, and Grimoire for advanced fuzzing strategies.
• Supports flexible VM configuration, logging, and debugging.

Maintenance & Community

• Maintained by Intel Labs contributors (@Wenzel, @il-steffen).
• Further details and community links may be available via nyx-fuzz.com.

Licensing & Compatibility

• License is not explicitly stated in the README.
• Components are provided for research and validation purposes only, use at your own risk.

Limitations & Caveats

The README states all components are for research and validation purposes only, to be used at the user's own risk. Running kAFL inside a VM might work on Ice Lake or later CPUs, but the primary requirement is a Skylake or newer CPU for host-level Intel PT usage.