skip links for text browsers skip to main | skip to sidebar This is a personal blog. My other stuff: book | home page | Twitter | CNC robotics | electronics lcamtuf's blog google_ad_section_start(name=default) November 07, 2014 Pulling JPEGs out of thin air This is an interesting demonstration of the capabilities of afl ; I was actually pretty surprised that it worked! $ mkdir in_dir $ echo ' hello ' >in_dir/hello $ ./afl-fuzz -i in_dir -o out_dir ./libjpeg-turbo-1.3.1/djpeg In essence, I created a text file containing just "hello" and asked the fuzzer to keep feeding it to a program that expects a JPEG image ( djpeg is a simple utility bundled with libjpeg-turbo ). Of course, my input file does not resemble a valid picture, so it gets immediately rejected by the utility: $ ./djpeg '../out_dir/queue/id:000000,orig:hello' Not a JPEG file: ...