BinderFuzzy

An App intended for fuzzing the Binder interface and System Services of Android. You can use this Project in order to find bugs and exploits inside the Binder interface or System Services.

Usage

Watch this Youtube Video for a quick introduction

Or this youku video (for Chinese watchers): https://v.youku.com/v_show/id_XNDcwMjk1NzUwMA==.html

Binder fuzzy can be used via the python client or via the App itself. Choose one for your needs.

Documentation

Read the full documentation here

Using the Python script

Prerequisites

Python 3.0
Ubuntu Linux 18.04

Installation

Download tip here
unzip release.zip
cd bin/

Examples execution

python3 binderFuzzy.py --fuzzy-apk binderfuzzy-release.apk --script startActivity.bf

Configuration

{
	"fields_ordered" : [
	    {
		    "clazz": "android.app.ActivityTaskManager",
		    "field": "IActivityTaskManagerSingleton"
	    },
	    {
	        "clazz": "android.util.Singleton",
	        "field": "mInstance"
	    }
	],
	"call" : {
	    "clazz": "android.app.IActivityTaskManager",
	    "method": "startActivity(",
	    "params":[
	        "auto",
	        "packageNames",
	        "launchIntents",
	        "packageNames",
	        "auto",
	        "packageNames",
	        "auto",
	        "auto",
	        "null",
	        "auto"
	    ]
	}
}

Using the Android App

Prerequisites

Android 6 or greater

Installation

Download APK here
Enable unknown source during installation

See our video:

The Browser

1. Select System Service to attack

First step is to select a System Service we're going to fuzz. After a click on the "NEW" button the list of available Services appears and you can choose one.

2. Select function or objects to create the call

The next screen lists all members: functions and fields.

=> If you click on a field the browser will open the object in a new Window.
=> If you click on a method the browser forwards this to the FuzzCreator.

3. Parameter configuration

Now you have to configure the parameters of the call. Some parameters have special options like integers, strings and intents. You can open a feature request if you need more features here. However, you must click on each parameter and configure how the fuzzer shall gather the values for the call.

Start the test

Once you're finished you can press the START button and the test begins.

Strange findings

Negative UserID

Passing user -3 as parameter will bypass the permission check.

Other Projects

Project	Description
ChickenHook	A linux / android / MacOS hooking framework
BinderHook	Library intended to hook Binder interface and manipulate events
RestrictionBypass	Android API restriction bypass for all Android Versions
AndroidManifestBypass	Android API restriction bypass for all Android Versions
..

clintonkildepstein / binderfuzzy Goto Github PK

binderfuzzy's Introduction

BinderFuzzy

Usage

Documentation

Using the Python script

Prerequisites

Installation

Examples execution

Configuration

Using the Android App

Prerequisites

Installation

The Browser

1. Select System Service to attack

2. Select function or objects to create the call

3. Parameter configuration

Start the test

Strange findings

Negative UserID

Other Projects

binderfuzzy's People

Contributors

Recommend Projects

Recommend Topics

Recommend Org