You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Sarah Jamie Lewis f4b677d52a Initial Commit of nesfuzz 1 year ago
fuzzimages Initial Commit of nesfuzz 1 year ago
pics vertical scroll bug fixed, mmc3 fixed, pics, readme 3 years ago
src Initial Commit of nesfuzz 1 year ago
.gitignore Initial Commit of nesfuzz 1 year ago
Cargo.toml Initial Commit of nesfuzz 1 year ago
README.md Initial Commit of nesfuzz 1 year ago

README.md

nesfuzz

nesfuzz is a fuzzer for Nes Games by @SarahJamieLewis

nessfuzz built on top of the nestur emulator by @spieglt.

Usage & Methodology

To begin fuzzing you will need a rom file, and a sample input file. For sample inputs see TasVids.

nessfuzz <rom> <tas file> nessfuzz smb.rom happylee-supermariobros,warped.fm2

nesfuzz uses the same input to see novel RAM configurations and search the possible input space. It will also tile 28 (by default), windows to allow you to see the fuzzing happen.

Parameters

Found at the top of main.rs a few parameters control the types and effectiveness of fuzzing.

// The number of cpu instances to spawn..
const NUM_THREADS: usize = 28;

// The number of frames to fuzz and process
// A small number exploits the current point more at the expense of
// large exploration - and vice versa.
const FRAMES_TO_CONSIDER: usize = 400;

// Same input should generate the same output...
// (I make no guarantee of that at the moment)
const RNG_SEED: u32 = 0x5463753;

// If set to a low number, this disables start presses after the given frame
// Useful for some games where pausing does nothing to advance the game...
const DISABLE_START_PRESSES_AFTER: usize = 50;

// The rate at which seed inputs become corrupted..
const MUTATION_RATE: f64 = 0.1;

// The rate at which seed inputs may become soft resets..
const MUTATION_RATE_SOFT_RESET: f64 = 0.000;

Known Issues

The only game that really works as expected is Super Mario Bros. with the happylee-supermariobros,warped.fm2 input. This is probably because of issues in the underlying emulator / differences in the expected behaviour of the system the tas inputs are produced for v.s. the emulator.

Other games like Legend of Zelda, Megaman, Super Mario Bros. 3, Final Fantasy II etc. will run, but I have had any tas inputs from them quickly become out of sync with the actual gameplay. Further research is needed to as to why that is. Help appreciated.