Skip to content
/ BinderFuzzy Public

An app intended for fuzzing the Android Binder interface and System Services

License

Apache-2.0 license
84 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ChickenHook/BinderFuzzy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
.github
.github
 
 
app
app
 
 
cli
cli
 
 
fastlane/metadata/android/en-US
fastlane/metadata/android/en-US
 
 
gradle/wrapper
gradle/wrapper
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
gradle.properties
gradle.properties
 
 
gradlew
gradlew
 
 
gradlew.bat
gradlew.bat
 
 
publish.jks
publish.jks
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

BinderFuzzy

An App intended for fuzzing the Binder interface and System Services of Android. You can use this Project in order to find bugs and exploits inside the Binder interface or System Services.

Usage

Watch this Youtube Video for a quick introduction

BinderFuzzy

Or this youku video (for Chinese watchers): https://v.youku.com/v_show/id_XNDcwMjk1NzUwMA==.html

Binder fuzzy can be used via the python client or via the App itself. Choose one for your needs.

Documentation

Read the full documentation here

Using the Python script

Prerequisites

  • Python 3.0
  • Ubuntu Linux 18.04

Installation

  1. Download tip here
  2. unzip release.zip
  3. cd bin/

Examples execution

python3 binderFuzzy.py --fuzzy-apk binderfuzzy-release.apk --script startActivity.bf

Configuration

{
	"fields_ordered" : [
	    {
		    "clazz": "android.app.ActivityTaskManager",
		    "field": "IActivityTaskManagerSingleton"
	    },
	    {
	        "clazz": "android.util.Singleton",
	        "field": "mInstance"
	    }
	],
	"call" : {
	    "clazz": "android.app.IActivityTaskManager",
	    "method": "startActivity(",
	    "params":[
	        "auto",
	        "packageNames",
	        "launchIntents",
	        "packageNames",
	        "auto",
	        "packageNames",
	        "auto",
	        "auto",
	        "null",
	        "auto"
	    ]
	}
}

Using the Android App

Prerequisites

  • Android 6 or greater

Installation

  • Download APK here
  • Enable unknown source during installation

See our video:

The Browser

1. Select System Service to attack

First step is to select a System Service we're going to fuzz. After a click on the "NEW" button the list of available Services appears and you can choose one.

2. Select function or objects to create the call

The next screen lists all members: functions and fields.

=> If you click on a field the browser will open the object in a new Window.
=> If you click on a method the browser forwards this to the FuzzCreator.

3. Parameter configuration

Now you have to configure the parameters of the call. Some parameters have special options like integers, strings and intents. You can open a feature request if you need more features here. However, you must click on each parameter and configure how the fuzzer shall gather the values for the call.

Start the test

Once you're finished you can press the START button and the test begins.

Strange findings

Negative UserID

Passing user -3 as parameter will bypass the permission check.

Other Projects

Project Description
ChickenHook A linux / android / MacOS hooking framework
BinderHook Library intended to hook Binder interface and manipulate events
RestrictionBypass Android API restriction bypass for all Android Versions
AndroidManifestBypass Android API restriction bypass for all Android Versions
..

About

An app intended for fuzzing the Android Binder interface and System Services

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

84 stars

Watchers

8 watching

Forks

17 forks
Report repository

Releases 3

v1.0: Merge pull request #2 from 6543-forks/fix-readme Latest
Sep 2, 2020
+ 2 releases

Sponsor this project

Packages

No packages published

Contributors 2

  •  
  •  

Languages