AFL++ is a powerful fuzzing tool that can be used as an alternative or complement to Syzkaller for targeting specific kernel subsystems like the binder.
sudo apt-get update
sudo apt-get install -y build-essential python3-dev automake cmake git flex bison libglib2.0-dev libpixman-1-dev python3-setuptools
git clone https://github.com/AFLplusplus/AFLplusplus.git
cd AFLplusplus
make all
sudo make installsudo dnf install -y gcc gcc-c++ git clang python3-devel glib2-devel pixman-devel
git clone https://github.com/AFLplusplus/AFLplusplus.git
cd AFLplusplus
make all
sudo make installsudo pacman -S gcc make git clang python glib2 pixman
git clone https://github.com/AFLplusplus/AFLplusplus.git
cd AFLplusplus
make all
sudo make installsudo zypper install -y gcc gcc-c++ git clang python3-devel glib2-devel libpixman-1-0-devel
git clone https://github.com/AFLplusplus/AFLplusplus.git
cd AFLplusplus
make all
sudo make installcd ~/android-kernel-exploitation-lab/fuzzer
afl-clang-fast -o binder_fuzzer binder_fuzzer.cmkdir -p ~/android-kernel-exploitation-lab/afl_input
cd ~/android-kernel-exploitation-lab/
# Create a simple seed file
echo -ne "\x00\x00\x00\x00\x00\x00\x00\x00" > afl_input/seed1
# Create a more targeted seed file for binder operations
cat > afl_input/seed2 << EOF
\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00
\x00\x00\x00\x00\x00\x00\x00\x00
EOFemulator -avd CVE-2019-2215 -kernel ~/android-kernel-exploitation-lab/android-kernel/out/kasan/dist/bzImage -no-snapshot -show-kerneladb push binder_fuzzer /data/local/tmp/
adb shell chmod 755 /data/local/tmp/binder_fuzzerafl-fuzz -i afl_input -o afl_output -n -- fuzzer/fuzzer_wrapper.sh @@