Here you can find an example of a fuzzer implementation for the library liblinkparser.so of Rakuten Viber for Android and the harness.
-
Install the Android NDK
-
Make sure that the paths to cross-compiler are listed in the
PATHenvironment variable. -
rustup target add x86_64-linux-android -
cargo build --release --target=x86_64-linux-android -
Copy the shared dependency libraries to the
lib/x86_64directory. -
Build the harness:
- For fuzzing:
$ cmake -B build -S . -DANDROID_PLATFORM=${YOUR_ANDROID_PLATFORM_NUMBER_HERE} \ -DCMAKE_TOOLCHAIN_FILE=${SPECIFIC_ANDROID_NDK_TOOLCHAIN_PATH_HERE}/build/cmake/android.toolchain.cmake \ -DANDROID_ABI=x86_64 $ cmake --build build
- For triaging and debugging:
$ cmake -B build_triage -S . -DTRIAGE -DANDROID_PLATFORM=${YOUR_ANDROID_PLATFORM_NUMBER_HERE} \ -DCMAKE_TOOLCHAIN_FILE=${SPECIFIC_ANDROID_NDK_TOOLCHAIN_PATH_HERE}/build/cmake/android.toolchain.cmake \ -DANDROID_ABI=x86_64 $ cmake --build build_triage
-
Copy everything to the device or the emulator:
adb push ./corpus ./lib/x86_64/* ./build*/*harness* ./target/x86_64-linux-android/release/frida_fuzzer /data/local/tmpSee cargo run -- --help.
For example,
./frida_fuzzer -c 0-6 -H ./libharness.so -F fuzz -l ./libharness.so -l ./liblinkparser.soor debug mode:
RUST_BACKTRACE=1 LIBAFL_DEBUG_OUTPUT=1 ./frida_fuzzer -H ./libharness.so -F fuzz -l ./libharness.so -l ./liblinkparser.so