AFL + Android / AOAP Porting and Fuzzing

AOSP 를 다운로드 받고, 여기에 AFL 다운로드 받은 후 env 환경 설정 및 설치 진행

AOSP 다운받아보니 약 7.2기가정도 됨, 다운로드 실행시켜두고 다음날 확인했었음

git : https://github.com/ele7enxxh/android-afl

ele7enxxh/android-afl

아래 접힌 내용은 위 git에서 설명 해주는 글 갈무리해둔 것임(영어임)

android-afl

Fuzzing Android program with american fuzzy lop (AFL)

android-afl: Android-enabled version of AFL

android-afl is a modified version of AFL that supports fuzzing on Android, the SHM has been replaced with ASHMEM because of Android disable SHM in the kernel. Extra codes have been added in afl-gcc.c, afl-as.c and afl-as.h to support arm arch. Android.mk has been added to support Android build system and llvm_mode. Please refer to the android-afl.patch for more details.

Requirements

• Android source code(e.g. 6.0.1) is needed.
• llvm-5.0 and clang-5.0 are needed to provide support for llvm_mode on Android, you can install using apt-get install llvm clang on Ubuntu.

Build

first, download and build the Android open-source project (AOSP). then, download all the android-afl source code to AOSP folder:

cd AOSP

git clone https://github.com/ele7enxxh/android-afl

to build:

. build/envsetup.sh

cd android-afl mm

this will produce all afl binaries that you can use on host(e.g. Linux) or Android.

Usage

afl-gcc/afl-g++, afl-clang/afl-clang++ and afl-clang-fast/afl-clang-fast++ are all supported in android-afl. Please refer to android-afl-test for more details.

To fuzz

if you want fuzz on host, you should use the afl-fuzz in the $(HOST_OUT)/bin folder, otherwise you need to use the afl-fuzz in the $(target_OUT)/bin folder. To ingore bind_to_free_cpu, the AFL_NO_AFFINITY=1 should been set. Please refer to AFl README for more details.

Note

not all of the AFL tools have been tested on Android, but afl-fuzz has been working great on android-6.0.1 for me.

adb devices adb push ../out/target/product/generic/system/bin/ /data/local/tmp

 

한글로 간단히,

1) AOSP 다운받고 이 사이트에서 알려준데로 셋팅하고, Android open-source project (AOSP).

2) 'cd AOSP' 로 이동해서,

   AFL 받고,

   git clone https://github.com/ele7enxxh/android-afl

ele7enxxh/android-afl

3) AOSP 폴더 위에서 환경셋 실행하고,

  . build/envsetup.sh

4) AFL을 빌드해준다

   cd android-afl

   mm

 

나는 빌드중에, O_CREAT 오류가 두군데 발생함, afl-fuzz.c, afl-showmap.c 여기서 발생했는데,

오류 내용이 open()함수 사용에서 O_CREAT 플래그 어쩌고 하길래, 그냥 그 플래그를 추가해주고 빌드시킴.

그랬더니, 약간의 수고 끝에 빌드 컴플릿 뜸. AFL 빌드시간 3분 54초 걸렸음.

 

Android 환경 셋 끝~

 

AOSP 다운로드 받고, 이 사이트에서 가이드 해주는게 더 빡센듯;; ㅋㅋ