Skip to content
 编辑

Building and installing AFL++

Building and installing AFL++

Linux on x86

An easy way to install AFL++ with everything compiled is available via docker: You can use the Dockerfile or just pull directly from the Docker Hub (for x86_64 and arm64):

docker pull aflplusplus/aflplusplus:latest
docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus

This image is automatically generated when a push to the stable branch happens. You will find your target source code in /src in the container.

Note: you can also pull aflplusplus/aflplusplus:dev which is the most current development state of AFL++.

If you want to build AFL++ yourself, you have many options. The easiest choice is to build and install everything:

NOTE: depending on your Debian/Ubuntu/Kali/… release, replace -14 with whatever llvm version is available. We recommend llvm 13 or newer.

sudo apt-get update
sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools cargo libgtk-3-dev
# try to install llvm 14 and install the distro default if that fails
sudo apt-get install -y lld-14 llvm-14 llvm-14-dev clang-14 || sudo apt-get install -y lld llvm llvm-dev clang
sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev
sudo apt-get install -y ninja-build # for QEMU mode
sudo apt-get install -y cpio libcapstone-dev # for Nyx mode
sudo apt-get install -y wget curl # for Frida mode
sudo apt-get install python3-pip # for Unicorn mode
git clone https://github.com/AFLplusplus/AFLplusplus
cd AFLplusplus
make distrib
sudo make install

It is recommended to install the newest available gcc, clang and llvm-dev possible in your distribution!

Note that make distrib also builds FRIDA mode, QEMU mode, unicorn_mode, and more. If you just want plain AFL++, then do make all. If you want some assisting tooling compiled but are not interested in binary-only targets, then instead choose:

make source-only

These build targets exist:

Unless you are on macOS, you can also build statically linked versions of the AFL++ binaries by passing the PERFORMANCE=1 argument to make:

make PERFORMANCE=1

These build options exist:

e.g.: make LLVM_CONFIG=llvm-config-14

macOS on x86_64 and arm64

macOS has some gotchas due to the idiosyncrasies of the platform.

macOS supports SYSV shared memory used by AFL++‘s instrumentation, but the default settings aren’t sufficient. Before even building, increase them by running the provided script:

sudo afl-system-config

See https://www.spy-hill.com/help/apple/SharedMemory.html for documentation for the shared memory settings and how to make them permanent.

Next, to build AFL++, install the following packages from brew:

brew install wget git make cmake llvm gdb coreutils

Depending on your macOS system + brew version, brew may be installed in different places. You can check with brew info llvm to know where, then create a variable for it:

export HOMEBREW_BASE="/opt/homebrew/opt"

or

export HOMEBREW_BASE="/usr/local/opt"

Set PATH to point to the brew clang, clang++, llvm-config, gmake and coreutils. Also use the brew clang compiler; the Xcode clang compiler must not be used.

export PATH="$HOMEBREW_BASE/coreutils/libexec/gnubin:/usr/local/bin:$HOMEBREW_BASE/llvm/bin:$PATH"
export CC=clang
export CXX=clang++

Then build following the general Linux instructions.

If everything worked, you should then have afl-clang-fast installed, which you can check with:

which afl-clang-fast

Note that afl-clang-lto, afl-gcc-fast and qemu_mode are not working on macOS.

The crash reporting daemon that comes by default with macOS will cause problems with fuzzing. You need to turn it off, which you can do with afl-system-config.

The fork() semantics on macOS are a bit unusual compared to other unix systems and definitely don’t look POSIX-compliant. This means two things:

User emulation mode of QEMU does not appear to be supported on macOS, so black-box instrumentation mode (-Q) will not work. However, FRIDA mode (-O) works on both x86 and arm64 macOS boxes.