View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006442Kali LinuxQueued Tool Additionpublic2020-06-07 22:202020-09-01 21:41
Reporterfunker2020 Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Summary0006442: BinderFuzzy - An tool intended for fuzzing the Binder interface and System Services of Android.
Description

You can use this Project in order to find bugs and exploits inside the Binder interface or System Services.

BinderFuzzy is a fuzzer that can generate binder events in order to pentest system services running on the Android operating system (https://developer.android.com/reference/android/os/Binder). You can validate if system services have correct error handling or transfer binder objects / tokens of other services in order to validate if the target system service validates binder arguments.

This Project covers following features:

Browse managers and binder interfaces.
Execute Fuzzy tasks
Configure argument lists for each parameter of the method to fuzz
Read logs of recent tasks
Use python3 cli (optional) to execute fuzzer from desktop.
Define fuzzer script and execute via cli

Steps To Reproduce

Prerequisites

Linux (tested on Ubuntu 20.04)
Python 3
ADB available via PATH (see here: https://stackoverflow.com/questions/2517493/adb-command-not-found-in-linux-environment)

Installation

  1. Download https://github.com/ChickenHook/BinderFuzzy/releases/download/c2/release.zip
  2. unzip release.zip
  3. cd bin/

The CLI will offer the following options:
python3 binderfuzzy.py --help
Launching BinderFuzzy version: 1.0
usage: binderfuzzy.py [-h] [--fuzzy-apk [APK_PATH]] [--script [SCRIPT_PATH]]
[--pull-logs]

Process paths.

optional arguments:
-h, --help show this help message and exit
--fuzzy-apk [APK_PATH]
path to binderfuzzy-release.apk
--script [SCRIPT_PATH]
path to action script
--pull-logs just pull the test results

And here is a typical start routine:
python3 binderfuzzy.py --fuzzy-apk ../apps/release/app-release.apk --script ./examples/startActivity.bf

This will crash Android 10 devices.

Additional Information

Read more using this links:

https://androidreverse.wordpress.com/2020/06/06/binderfuzzy/
https://github.com/ChickenHook/BinderFuzzy
https://www.youtube.com/watch?v=4uXdXq7E2Uw

If you're going to add my tool I'll package it into a deb if wanted.

Activities

g0tmi1k

g0tmi1k

2020-09-01 21:41

administrator   ~0013368

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Issue History

Date Modified Username Field Change
2020-06-07 22:20 funker2020 New Issue
2020-09-01 21:41 g0tmi1k Note Added: 0013368
2020-09-01 21:41 g0tmi1k Status new => acknowledged
2020-09-01 21:41 g0tmi1k Category New Tool Requests => Queued Tool Addition
2020-09-01 21:41 g0tmi1k Summary BinderFuzzy, An tool intended for fuzzing the Binder interface and System Services of Android. => BinderFuzzy - An tool intended for fuzzing the Binder interface and System Services of Android.