Fuzzing the Android Middleware

ARTist was enhanced to be able to instrument the Android-Middleware (system server) as an important stepping stone that enabled this projects. With this new capability we now utilized American Fuzzy Lop (AFL) to generate random fuzzing inputs and by instrumenting the Android middleware with AFL's required fuzzing feedback code, AFL now worked. This setup ran in an Android emulator, which was a necessity in order to do this on a larger scale later on.

In order to automate the whole process, we wrote Python automation scripts and were then able to fully automate the fuzzing of the Android middleware. The findings of AFL were also verified by reusing them as inputs in order to reproduce the results on an Android emualtor

In order for this whole setup to work, many solutions to problems had to get found, which besides other nice tools, spawned dexterous, a tool to merge and sign the code of multiple dex files, while still respecting the dex-file's method limit.

This work continued in the project Monkey-Troop.

The results of this project were published together with the Monkey-Troop project in the paper "Towards a Principled Approach for Dynamic Analysis of Android's Middleware".