nitr0us@chatsubo:~/melkor-v1.0$ ./melkor
 |
 | M e l k o R v1.0 - An ELF File Format Fuzzer
 | by nitr0us
 |
                        '.       ;'       ';       .'
                         ;l,      x,     lc      ;c'
                           ,x;     k;   ol     :o.
                             dk.   ;0. :0.   ,k:
                             .0k   dO.,;0:  .Ok
                             .0O. cO: c dO. cOx
                             .O0ocOo  l .kk;xOd
                             .OO00O;  .  ;O00Ox
                             .cxkkkx:xkolkkkxo.
                               'kkkkkkxxxxxx'
                               .xxxxxxxxxxxxx.
                            .;;:xxxxxxxxxxxxo;;;.
                              ..:dxxdo.ddddd:..
                                 ddl:. .ldd:
                                ldd.    .ddl
                                .cdlc. .ldc.
                                  :o.   .o:
                                   ;     ;

              .-.  .              .    _              .-.
    .-.         /|/|             /      /  _         (_) )-.      .-.
    `-'        / ` |    .-.     /      /-./  .-._.      /   \     `-'
   .-.        /    |  ./--'_   /      /   ) (   )      /     )   .-.
   `-'   .-' /     |  (__.'   /_.-  _/    \  `-'    .-/  `--'    `-'
        (__.'      `.                              (_/     `.
                     `._)                                    `._)

Usage: ./melkor <ELF metadata to fuzz> <ELF file template> [-n num -l likelihood -q]
        <ELF metadata to fuzz>:
                -a  Autodetect (fuzz according to e_type except -H [the header])
                -H  ELF header
                -S  Section Header Table
                -P  Program Header Table
                -D  Dynamic section
                -s  Symbols Table(s)
                -R  Relocations Table(s)
                -N  Notes section
                -Z  Strings Tables
                -A  All of the above (except -a [Autodetect])
                -B  All of the above (except -a [Autodetect] and -H [ELF Header])
        -n  Number of new fuzzed ELF files (orcs) to create (default: 5000)
        -l  Likelihood (given in % from 1-100) of the execution of each fuzzing rule (default: 10%)
        -q  Quiet mode (doesn't print to STDOUT every executed fuzzing rule)
nitr0us@chatsubo:~/melkor-v1.0$ ./melkor -P bin_ls_minix_3.3.0 -n 1000
         ..-.--..
       ,','.-`.-.`.
      :.',;'     `.\.
      ||//----,-.--\|    <<--- bin_ls_minix_3.3.0
    \`:|/-----`-'--||'/
     \\|:  <x>  <X>|:'
      `||    " \   |!  _________________________________
      |!|          ;| / I'll be corrupted  1000 times ! \
      !||:.   --  /|! \_________________________________/
     /||!||:.___.|!||\
    /|!|||!|    |!||!\\:.
 ,'//!||!||!`._.||!||,:\\\
: :: |!|||!|    |!||! |!::
| |! !||!|||`---!|!|| ||!|

[+] Detailed log for this session: 'orcs_bin_ls_minix_3.3.0/Report_bin_ls_minix_3.3.0.txt'

[+] The Likelihood of execution of each rule is: Aprox. 10 % (rand() % 10 < 1)

[+] Press any key to start the fuzzing process...

...
 ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
| Log report for fuzzed files based on bin_ls_minix_3.3                         |
 ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~

How to read this report:

(Fuzzed Metadata) | Corresponding fuzzing rule (docs/Melkor_Fuzzing_Rules.pdf)

SHT[N] REL[E]  = Section Header N type is SHT_REL or SHT_RELA; Relocation entry E within that section was fuzzed.
SHT[N] SYM[E]  = Section Header N type is SHT_SYMTAB or SHT_DYNSYM; Symbol entry E within that section was fuzzed.
SHT[N] DYN[E]  = Section Header N type is SHT_DYNAMIC; Dynamic entry E within that section was fuzzed.
SHT[N] NOTE[E] = Section Header N type is SHT_NOTE; Note entry E within that section was fuzzed.
STRS[N] = Section Header N type is SHT_STRTAB; the String Table within that section was fuzzed.
SHT[N]  = Section Header N was fuzzed.
PHT[N]  = Program Header N was fuzzed.
HDR     = ELF Header was fuzzed.

=================================================================================

[+] Malformed ELF: 'orc_0064':


[+] Fuzzing the Program Header Table with 4 entries
(PHT[0]->p_vaddr = 0x08056919, p_paddr = 0xcafed00d) | PHT[0] rule [03] executed
(PHT[0]->p_flags = 0xf0000005) | PHT[0] rule [10] executed
(PHT[0]->p_flags = 0xfff00005) | PHT[0] rule [15] executed
(PHT[3]->p_type = 0x0) | PHT[3] rule [01] executed
(PHT[3]->p_vaddr = 0x1905af52, p_paddr = 0x1905af52) | PHT[3] rule [03] executed
(PHT[3]->p_type = 0x70031337) | PHT[3] rule [06] executed
(PHT[PT_LOAD].p_vaddr reordered [descending]) | PHT rule [20] executed

=================================================================================

[+] Malformed ELF: 'orc_0090':


[+] Fuzzing the Program Header Table with 4 entries
(PHT[0]->p_offset = 0xffff0000) | PHT[0] rule [02] executed
(PHT[3]->p_type = 0x7defaced) | PHT[3] rule [06] executed

=================================================================================

[+] Malformed ELF: 'orc_0092':


[+] Fuzzing the Program Header Table with 4 entries
(PHT[0]->p_filesz = 0x0004fdec, p_memsz = 0x41424344) | PHT[0] rule [04] executed
(PHT[3]->p_type = 0x6fffffff) | PHT[3] rule [14] executed


 ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
| End of report.                                                                |
 ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~