{"id":18457913,"url":"https://github.com/0xor0ne/flipperbit","last_synced_at":"2025-04-08T05:33:48.523Z","repository":{"id":57679959,"uuid":"492922877","full_name":"0xor0ne/flipperbit","owner":"0xor0ne","description":"Corrupted files generator. Random bits flipper.","archived":false,"fork":false,"pushed_at":"2023-10-30T19:09:28.000Z","size":24,"stargazers_count":23,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-23T06:51:06.267Z","etag":null,"topics":["bit-flipping","corruption","dumb-fuzzing","file-corruption","fuzzing"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xor0ne.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-16T16:51:24.000Z","updated_at":"2025-03-12T00:48:09.000Z","dependencies_parsed_at":"2023-01-31T00:45:28.911Z","dependency_job_id":null,"html_url":"https://github.com/0xor0ne/flipperbit","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xor0ne%2Fflipperbit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xor0ne%2Fflipperbit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xor0ne%2Fflipperbit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xor0ne%2Fflipperbit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xor0ne","download_url":"https://codeload.github.com/0xor0ne/flipperbit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247785917,"owners_count":20995641,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bit-flipping","corruption","dumb-fuzzing","file-corruption","fuzzing"],"created_at":"2024-11-06T08:16:03.094Z","updated_at":"2025-04-08T05:33:43.514Z","avatar_url":"https://github.com/0xor0ne.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# FlipperBit\n\n`Flipperbit` generates multiple corrupted variants of an input file by\nrandomly flipping bits in selected byte ranges.\n\n`Flipperbit` allows to specify multiple byte ranges and the bit flipping\nprobabilty.\n\nThe output of `flipperbit` can be used as input to software (E.g., bulk file\nprocessing applications, file parsing utilities) as a form of dumb fuzzing.\n\n## Installing\n\nInstall `flipperbit` using cargo:\n\n```bash\ncargo install flipperbit\n```\n\n## Building\n\nClone the repository and build `flipperbit` with:\n\n```bash\ngit clone https://github.com/0xor0ne/flipperbit \u0026\u0026 cd flipperbit\ncargo build --release\n```\n\n`flipperbit` built executable is located in `./target/release/flipperbit`.\n\n## Usage\n\nHere is the `help` message of `flipperbit`:\n\n```bash\n\u003e\u003e\u003e ./target/release/flipperbit -h\nflipperbit 0.1.0\n0xor0ne\nCorrupted files generator. Random bits flipper.\n\nUSAGE:\n    flipperbit [OPTIONS] --infile \u003cINFILE\u003e --outdir \u003cOUTDIR\u003e\n\nOPTIONS:\n        --fprob \u003cFPROB\u003e      Probability of flipping a bit [default: 0.2]\n    -h, --help               Print help information\n        --infile \u003cINFILE\u003e    Original file\n        --nflips \u003cNFLIPS\u003e    Probability of flipping a bit [default: 1]\n        --outdir \u003cOUTDIR\u003e    Output directory where the corrupted files will be saved\n        --range \u003cRANGES\u003e     Bytes range to corrupt. E.g., '4,30', '4,' or ',30'\n    -V, --version            Print version information\n```\n\n* `--infile`: (mandatory) path to the original file whose content will be\n  randomly corrupted for each output file generated.\n* `--outdir`: (mandatory) output directory where the corrupted files generated\n  by `flipperbit` will be saved.\n* `--nflips`: (optional) number of corrupted file variants to generate. By\n  default only 1 output file is generated.\n* `--fprob`: (optional) probability of flipping a single bit. By default 0.2.\n* `--range`: range of bytes to corrupt (bytes are 0-based indexed). Every bit in\n  the range has a probability of `--fprob` to be flipped. This option can be\n  specified multiple times for defining different byte ranges. A range is\n  specified as two comma separated integers (e.g., \"4,63\"). The first value in\n  the range must be lower or equal to the second. `flipperbit` will corrupt\n  bytes from the first value in the range up to the second value included. If\n  the first value is not specified (e.g., \",63\") `flipperbit` assumes 0. If the\n  second value is not specified (e.g., \"4,\") `flipperbit` assumes input file\n  size minus 1.\n\nNOTE: the files generate by `flipperbit` and saved in `--outdir` will be named\nas `\u003cidx\u003e_\u003cinput_file_name\u003e` where `idx` goes from 0 to `--nflips` - 1. Files\nwith the same name already existing in `--outdir` will be overwritten.\n\n## Examples\n\n### ELF file corruption\n\nThe following example (assuming Linux) shows hot to generate 10000 corrupted\nversion of /bin/ls (ELF file). The 10000 corrupted ELF files are saved in\n`/tmp/elf_ls_corrupted`. This particular example generates ELF files with a\ncorrupted header. The specified byte range skips the first 24 bytes in order to\navoid corrupting the header fields `e_ident`, `e_type`, `e_machine` and\n`e_version`.\n\n```bash\nflipperit --infile /bin/ls \\\n  --outdir /tmp/elf_ls_corrupted \\\n  --range \"24,63\" \\\n  --fprob 0.05 \\\n  --nflips 10000\n```\n\nThe output of `file` command on the generated ELFs shows that they are indeed\ncorrupted:\n\n```bash\n\u003e\u003e\u003e file /tmp/elf_ls_corrupted/*\n...\n/tmp/elf_ls_corrupted/1004_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), corrupted program header size, corrupted section header size\n/tmp/elf_ls_corrupted/1005_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), corrupted program header size, missing section headers at 72057594039114192\n/tmp/elf_ls_corrupted/1006_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), too many program (8207)\n/tmp/elf_ls_corrupted/1007_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 3298535161936, missing section headers at 19140302778533328\n/tmp/elf_ls_corrupted/1008_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), corrupted program header size, corrupted section header size\n/tmp/elf_ls_corrupted/1009_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), can't read elf program headers at 81065892804296768, corrupted section header size\n/tmp/elf_ls_corrupted/100_ls:  ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), corrupted program header size, corrupted section header size\n/tmp/elf_ls_corrupted/1010_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), corrupted program header size, missing section headers at 15764797720238800\n/tmp/elf_ls_corrupted/1011_ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), too many program (16429)\n...\n```\n\nIn the second example instead we corrupt only the 18-th and the 19-th byte which\ncorrespond to the field `e_machine` in the ELF header.\n\n```bash\nflipperit --infile /bin/ls \\\n  --outdir /tmp/elf_ls_corrupted \\\n  --range \"18,19\" \\\n  --fprob 0.3 \\\n  --nflips 10000\n```\n\nthe output of `file` command shows that the \"ELF architecture\" is a random\ndifferent values in each of the generated output file:\n\n```bash\n\u003e\u003e\u003e file /tmp/elf_ls_corrupted/*\n...\n/tmp/elf_ls_corrupted/1001_ls: ELF 64-bit LSB pie executable, *unknown arch 0xffff8e36* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1002_ls: ELF 64-bit LSB pie executable, *unknown arch 0x5033* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1003_ls: ELF 64-bit LSB pie executable, *unknown arch 0x401a* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1004_ls: ELF 64-bit LSB pie executable, *unknown arch 0x4c2a* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1005_ls: ELF 64-bit LSB pie executable, *unknown arch 0x409a* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1006_ls: ELF 64-bit LSB pie executable, *unknown arch 0xffff8c5c* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1007_ls: ELF 64-bit LSB pie executable, *unknown arch 0xcd* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1008_ls: ELF 64-bit LSB pie executable, *unknown arch 0x863* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1009_ls: ELF 64-bit LSB pie executable, *unknown arch 0x226e* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/100_ls:  ELF 64-bit LSB pie executable, *unknown arch 0x293e* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1010_ls: ELF 64-bit LSB pie executable, *unknown arch 0x5ab6* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1011_ls: ELF 64-bit LSB pie executable, *unknown arch 0x1225* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n/tmp/elf_ls_corrupted/1012_ls: ELF 64-bit LSB pie executable, *unknown arch 0xffffb076* version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=6193e7eab54665ca319fbbf164b4e40abdab62bc, for GNU/Linux 4.4.0, stripped\n...\n```\n\n### PCAP file corruption\n\nThis example shows how to use `flipperbit` to generrate corrupted `pcap` files.\nIn this particular case the range `\"20,20\"` is used. This means that only the\n20-th byte of the input file is randomly corrupted. The 20-th byte in the `pcap`\nfile corresponds to the least significant byte of the Data Link Type field.\n\n```bash\nwget https://www.malware-traffic-analysis.net/2022/05/10/2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap.zip\nunzip -Pinfected 2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap.zip\nflipperit --infile 2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap \\\n  --outdir /tmp/pcap_corrupted \\\n  --range \"20,20\" \\\n  --fprob 0.5 \\\n  --nflips 256\n```\n\nthe output of `tcpdump` shows that the data link type is indeed randomized:\n\n```bash\n\u003e\u003e\u003e find /tmp/pcap_corrupted -type f -exec tcpdump -nn -c1 -r {} \\;\n...\nreading from file /tmp/pcap_corrupted/112_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type ARCNET_LINUX (Linux ARCNET), snapshot length 65535\nreading from file /tmp/pcap_corrupted/111_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type NULL (BSD loopback), snapshot length 65535\nreading from file /tmp/pcap_corrupted/110_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type 5, snapshot length 65535\ntcpdump: unknown data link type 5\nreading from file /tmp/pcap_corrupted/109_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type ARCNET_LINUX (Linux ARCNET), snapshot length 65535\nreading from file /tmp/pcap_corrupted/108_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type EN10MB (Ethernet), snapshot length 65535\nreading from file /tmp/pcap_corrupted/107_2022-05-10-Contact-Forms-IcedID-infection-with-Cobalt-Strike.pcap, link-type 5, snapshot length 65535\n...\n```\n\n## TODO\n\n- Improve performance by making files creation async.\n\n## References\n\n- [Fuzzing Radare2 For 0days In About 30 Lines Of Code](https://tmpout.sh/1/5.html).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xor0ne%2Fflipperbit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xor0ne%2Fflipperbit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xor0ne%2Fflipperbit/lists"}