BinderFuzzy - Pentest Android Services

An App intended for fuzzing the Binder interface and System Services of Android.
AppID:org.chickenhook.binderfuzzy
Author:ChickenHook
License:Apache-2.0
Donation:Webpage
InRepoSince:2021-01-09
LastRepoUpdate:2021-01-09
LastAppUpdate:Unknown
LastVersion:1.0
Categories:Security
APK source:Github
Google Play:Check if it's there
icon BinderFuzzy is a fuzzer that can generate binder events in order to pentest system services running on the Android operating system (https://developer.android.com/reference/android/os/Binder, https://source.android.com/devices/architecture/hidl/binder-ipc). You can validate if system services have correct error handling or transfer binder objects / tokens of other services in order to validate if the target system service validates binder arguments.

This Project covers following features:

* Browse managers and binder interfaces.
* Execute Fuzzy tasks
* Configure argument lists for each parameter of the method to fuzz
* Read logs of recent tasks
* Use python3 cli (optional) to execute fuzzer from desktop.
* Define fuzzer script and execute via cli

Enjoy our App!

WhatsNew:

* initial release

Download Source Issues ChangeLog
Screenshot_20200530_153519_org.chickenhook.binderfuzzy.jpg Screenshot_20200603_181349_org.chickenhook.binderfuzzy.jpg Screenshot_20200603_181354_org.chickenhook.binderfuzzy.jpg Screenshot_20200603_181407_org.chickenhook.binderfuzzy.jpg Screenshot_20200603_181445_org.chickenhook.binderfuzzy.jpg Screenshot_20200603_212647_org.chickenhook.binderfuzzy.jpg
While you can download the APKs here directly, you should preferably use an F-Droid client so the app stays up-to-date on your device.

Packages

Version 1.0 (2021-01-09) no RB details available help icon

Android Versions:
  • Target: 10.0
  • MinVer: 4.4
  • ABIs: arm64-v8a, armeabi-v7a, x86, x86_64
Permissions: help icon

Download (3.6 M)