//--------------------------------------------------------------------------- /* 010 Editor Script to fuzz a file by overwriting random locations with AAAA... or other (random) bytes. 2013/04/15 v0.0.1 Source code put in public domain by Didier Stevens, no Copyright https://DidierStevens.com Use at your own risk History: 2013/03/31: start development with 010 Editor v4.0.2 2013/04/02: refactoring (RandomNumber) 2013/04/15: cleanup; added hexvalue for fuzz character Todo: Random returns an int (32 bits), while a file position is an int64 */ //--------------------------------------------------------------------------- #define FUZZ_CHARACTER 'A' #define TITLE "Fuzzer" int RandomNumber(int iMinimum, int iMaximum) { return Random(iMaximum - iMinimum + 1) + iMinimum; } int HexDigitToInt(int digit) { if (digit >= '0' && digit <= '9') return digit - '0'; if (digit >= 'a' && digit <= 'f') return digit - 'a' + 10; if (digit >= 'A' && digit <= 'F') return digit - 'A' + 10; return -1; } int HexToInt(string hexvalue) { int iResult; int iHexDigit; if (4 != Strlen(hexvalue)) return -1; if (Strcmp(SubStr(hexvalue, 0, 2), "0x")) return -1; iHexDigit = HexDigitToInt(hexvalue[2]); if (iHexDigit == -1) return -1; iResult = iHexDigit * 0x10; iHexDigit = HexDigitToInt(hexvalue[3]); if (iHexDigit == -1) return -1; return iResult + iHexDigit; } void Main(void) { int64 iStart; int64 iSize; int iCountOverwrites; int iMinimumSize; int iMaximumSize; string sInputFuzzCharacter; int iFlagRandom; int iIter1; int iIter2; int iOverwriteSize; int64 iOverwritePosition; if (FileCount() == 0) { MessageBox(idOk, TITLE, "At least one file needs to be open."); return; } iSize = GetSelSize(); if (0 == iSize) { iStart = 0; iSize = FileSize(); } else iStart = GetSelStart(); iCountOverwrites = InputNumber(TITLE, "Number of times to overwrite random locations", "10"); if (BAD_VALUE == iCountOverwrites) return; if (iCountOverwrites < 1) { MessageBox(idOk, TITLE, "Input error"); return; } iMinimumSize = InputNumber(TITLE, "Minimum number of bytes to overwrite", "1"); if (BAD_VALUE == iMinimumSize) return; if (iMinimumSize < 1) { MessageBox(idOk, TITLE, "Input error"); return; } iMaximumSize = InputNumber(TITLE, "Maximum number of bytes to overwrite", "10"); if (BAD_VALUE == iMaximumSize) return; if (iMaximumSize < 1 || iMaximumSize > iSize || iMaximumSize < iMinimumSize) { MessageBox(idOk, TITLE, "Input error"); return; } iFlagRandom = false; sInputFuzzCharacter = InputString(TITLE, "Fuzz character (use ** for random byte or 0x## for hex byte)", "A"); if ("" == sInputFuzzCharacter) return; else if ("**" == sInputFuzzCharacter) iFlagRandom = true; else if (-1 != HexToInt(sInputFuzzCharacter)) SPrintf(sInputFuzzCharacter, "%c", HexToInt(sInputFuzzCharacter)); else if (1 != Strlen(sInputFuzzCharacter)) { MessageBox(idOk, TITLE, "Error input string."); return; } for (iIter1 = 0; iIter1 < iCountOverwrites; iIter1++) { iOverwriteSize = RandomNumber(iMinimumSize, iMaximumSize); iOverwritePosition = RandomNumber(iStart, iStart + iSize - iOverwriteSize); Printf("0x%08x: overwriting with %d bytes\n", iOverwritePosition, iOverwriteSize); for (iIter2 = 0; iIter2 < iOverwriteSize; iIter2++) WriteByte(iOverwritePosition + iIter2, iFlagRandom ? Random(0x100) : sInputFuzzCharacter[0]); } } Main();