$ QEMU_LD_PREFIX=./squashfs-root/   /root/桌面/AFLplusplus/afl-fuzz  \-Q \-i bmp-input \-o bmp-output \-- ./squashfs-root/usr/bin/bmp2tiff @@ /dev/null-Q：适用qemu模式
-i：输入文件夹
-o：输出文件夹
@@：表示将用来替换的样本
/dev/null：忽略错误信息

<?xml version="1.0" encoding="UTF-8"?><shiporder orderid="889923" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="shiporder.xsd"><orderperson>John Smith</orderperson><shipto><name>Ola Nordmann</name><address>Langgt 23</address><city>4000 Stavanger</city><country>Norway</country></shipto><item><title>Empire Burlesque</title><note>Special Edition</note><quantity>1</quantity><price>10.90</price></item><item><title>Hide your heart</title><quantity>1</quantity><price>9.90</price></item></shiporder>

$ /root/桌面/my_firmwares/_RV130X_FW_1.0.3.55.bin.extracted/
$ QEMU_LD_PREFIX=./squashfs-root/ /root/桌面/AFLplusplus/afl-fuzz \-Q \-i input-xml/ \-o output-xml/ \-- ./squashfs-root/usr/sbin/xmlparser1 -f @@-Q：在 Qemu 模式下使用 AFL++
-i：输入目录的路径
-o：输出目录的路径。此目录将包含触发二进制文件上有趣行为的文件，例如崩溃或挂起
在运行时，AFL++ 会将@@ 参数替换为输入文件的名称

​​

{"name":"Jason Ray","profession":"Software Engineer","age":31,"address":{"city":"New York","postalCode":64780,"Country":"USA"},"socialProfiles":[{"name":"Twitter","link":"https://twitter.com"},{"name":"Facebook","link":"https://www.facebook.com"}]}

GitHub - AFLplusplus/AFLplusplus: The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Fuzzing IoT binaries with AFL++ - Part I (attify.com)

Fuzzing IoT binaries with AFL++ - Part II (attify.com)

IOT Fuzzing框架AFL++ （上）-安全客 - 安全资讯平台 (anquanke.com)