1 # Android Platform # 2 3 Honggfuzz (as of version 0.6) supports Android OS (NDK cross-compilation) using 4 both ptrace() API and POSIX signals interface. When ptrace() API is enabled, 5 honggfuzz's engine prevents monitored signals from reaching the debugger (no 6 logcat backtraces & tombstones), since the fuzzer's runtime analysis is 7 affected. 8 9 ## Requirements ## 10 11 * [Android NDK](https://developer.android.com/ndk/index.html): User has to 12 manually install NDK and set environment PATH 13 * [libunwind](http://www.nongnu.org/libunwind/download.html): In case of first 14 build an upstream git fork is executed followed by required patches 15 * [capstone](http://www.capstone-engine.org/download.html): In case of first 16 build an upstream git fork is executed 17 18 | **Dependency** | **Last Tested Version** | 19 |:-------|:-----------| 20 | **Android NDK** | r16 with Android API 24 (Nougat 7.0) | 21 | **libunwind** | upstream master commit [bc8698f] | 22 | **capstone** | 3.0.4 stable version | 23 24 ## Compatibility list ## 25 26 It has been tested under the following CPU architectures: 27 28 | **ABI** | **Status** | 29 |:-------|:-----------| 30 | **armeabi** | ptrace() API & POSIX signal interface | 31 | **armeabi-v7a** | ptrace() API & POSIX signal interface | 32 | **arm64-v8a** | ptrace() API & POSIX signal interface `*`| 33 | **x86** | ptrace() API & POSIX signal interface | 34 | **x86_64** | ptrace() API & POSIX signal interface | 35 36 _`*`) libunwind fails to extract frames if fuzzing target is 32bit. Prefer a32bit build for such targets._ 37 38 39 ## Cross-Compiling ## 40 ## Dependencies ## 41 42 A series of helper bash scripts have been created under the 43 `third_party/android/scripts` directory to automate the dependencies 44 configuration & build process. The scripts are automatically invoked from the 45 makefile, based on the selected target CPU. Normally you'll not need to manually 46 execute or modify them. 47 48 ## Building 49 ### All CPUs ### 50 For convenience the master makefile defines an `android-all` target that 51 automatically builds honggfuzz (and its dependencies) for all the supported 52 Android CPUs. 53 54 From the root directory execute the following. Build output is available under 55 the `libs` directory. 56 57 ``` 58 $ make android-all 59 ... 60 $ tree libs/ 61 libs/ 62 arm64-v8a 63 android_api.txt 64 honggfuzz 65 libhfuzz.a 66 ndk_toolchain.txt 67 armeabi 68 android_api.txt 69 honggfuzz 70 libhfuzz.a 71 ndk_toolchain.txt 72 armeabi-v7a 73 android_api.txt 74 honggfuzz 75 libhfuzz.a 76 ndk_toolchain.txt 77 x86 78 android_api.txt 79 honggfuzz 80 libhfuzz.a 81 ndk_toolchain.txt 82 x86_64 83 android_api.txt 84 honggfuzz 85 libhfuzz.a 86 ndk_toolchain.txt 87 88 5 directories, 20 files 89 ``` 90 91 92 ### Specific CPU ### 93 To build for a specific CPU use the `android` target with one of the supported 94 ABI descriptions. Again the dependencies are automatically build. 95 96 ``` 97 $ make android ANDROID_APP_ABI=<arch> 98 ... 99 ``` 100 101 Were `<arch>` can be: 102 103 * armeabi 104 * armeabi-v7a (**default**) 105 * arm64-v8a 106 * x86 107 * x86_64 108 109 110 ## Android specific flags ## 111 112 | **Flag** | **Options** | **Description** | 113 |:----------|:------------|:----------------| 114 | **ANDROID_DEBUG_ENABLED** | true, false (default: false) | Enable Android debug builds | 115 | **ANDROID_APP_ABI** | armeabi, armeabi-v7a, arm64-v8a, x86, x86_64 (default: armeabi-v7a) | Target CPU | 116 | **ANDROID_WITH_PTRACE** | true, false (default: true) `1`| Fuzzing engine backend architecture | 117 | **ANDROID_API** | android-21, android-22, ... (default: android-26) `2` | Target Android API | 118 | **ANDROID_CLANG** | true, false (default: true) | Android NDK compiler toolchain to use | 119 120 _`1`) If false, POSIX signals interface is used instead of PTRACE API_ 121 122 _`2`) Due to bionic incompatibilities, only APIs >= 21 are supported_ 123
