is there some tutorial about using libfuzzer in android

[hackerlib]

Hi, Dor1s, is there some tutorial about using libfuzzer in android? can you give some advice?
thanks.

[Dor1s]

Hi @hackerlib, what particularly are you going to fuzz in Android?

Basically, you need to be able to compile your C/C++ programs for Android platform. You also need to be able to use AddressSanitizer (it's possible: https://source.android.com/devices/tech/debug/asan), and you need -fsanitize-coverage flags (not sure which of them are supported on Android). Last but not least, you need to be able to compile libFuzzer itself. I've seen some discussion: android/ndk#305, and it looks like there are some issues with compilatoin, e.g. you need a fresh clang to build libFuzzer, so I can recommend to monitor threads like that one. Maybe try to compile libFuzzer for your target platform (i's easy, there is build.sh script in libFuzzer repo), to see what kind of problems there are.

[raymontag]

@hackerlib A little bit off-topic but there was a presentation at BlackHat Europe 2015 about using afl to fuzz Android system components like stagefright. You need to apply a patch from Intel to afl, what was done here: https://github.com/ele7enxxh/android-afl

[hackerlib]

Thanks, @Dor1s and @raymontag , when I dig into the build process of libfuzzer, It looks relatively simple, but my first attempt was failed because of my clang version or some other reason, In addition, as raymontag said, may be put the librarys of I want to test into linux platform is better.
Last, I found google release their tool called android vts, it is based on libfuzzer, and body have tried?

[Dor1s]

Interesting, I haven't tried that.

[raymontag]

@hackerlib Thx for the hint. However, with android-afl you will fuzz on the Android device. The guys from Intel had a rig of around 50 Nexus phones IIRC. You can find the paper here: https://www.blackhat.com/eu-15/briefings.html#fuzzing-android-a-recipe-for-uncovering-vulnerabilities-inside-system-components-in-android