I'm trying to build a Fuzzer with Sulley. The protocol I'm using has a one byte control field. the bits which are set in this field determine which fields can follow. Now I'm wondering how to implement this behaviour using the dep parameters in Sulley. The only dep_compare operators available are "==, !=, >, >=, <, <=", but I don't think I can check whether a bit is set in another field with those operators. So how could I do this?
s_byte(0b1000000, "control_field")
# The following block shall be present if bit 7 is set in control_field
# I'd like to use something like
# > control_field & 0b1000000 != 0
# but I don't know how
if s_block_start("something_optional", dep="control_field", dep_compare="?"):
s_short(0x1234, "optional")
s_block_end()
If you only want to check the highest bit, you can use >=, since 0b10000000 is just a number.
if s_block_start("something_optional", dep="control_field", dep_compare=">=", dep_value=0b10000000):
If you want to check lower bits, though, you will need to implement your own operator. In sulley/blocks.py, look for the Block class and its render method. There is a big chunk of if blocks that shouldn't be too hard to modify. E.g.
if self.dep_compare == "&" and self.dep_value & self.request.names[self.dep].value != self.dep_value:
self.rendered = ""
return