We made some improvements from Android Kernel Fuzzer v0.2. Also, we have finally tested our fuzzer on the Android Kernel
Changes in fuzzer.h:
- Modified the generation of random unsigned & signed char data
- Increase from 5 sets to 50 sets
- Increase the byte length range from 1024 alone to (256,512,1024,2048,4096)
Changes in mkdir.c:
- All for loops used for fuzzing are organized into separate functions
- fuzzCharData(), fuzzRanCharData(), fuzzRanIntData()
- Removed function pointer
- Declaration of Android’s mkdir():
extern int mkdir(const char *, mode_t);
Screen Shots (Fuzzer output on Android 2.2):
- Although we have increased the range for testing unsigend & signed char data, we still keep it at a fixed length in order to have control over what we have to intend to fuzz.
- We removed function pointer as we have decided to develop individual classes for each syscall in future. This will allow better control as well as customization to fuzzing a particular syscall.
- We used the AVD emulator running Android 2.2. We cross compile our fuzzer as an executable using the Android NDK. Finally, we ran our fuzzer executable using the adb shell.
- Sometimes when fuzzing random unsigned & signed char data, it may hit errno 2 (No such file or directory). Reason being there is a chance that the random data is like “^@bhs/su123″. Because of the ‘/’, they treat the front part as a parent directory, but ended up failing because there is no such parent directory.