POSTED BY: Anestis Bechtsoudis / 18.06.2015

Fuzzing Objects d’ART — Hack In The Box 2015 Amsterdam

Hello, my name is Anestis Bechtsoudis and I’m a security engineer at CENSUS. I recently gave a talk on Android ART runtime fuzzing techniques at the Hack-in-the-Box 2015 Amsterdam security conference. The talk entitled “Fuzzing Objects d’ART — Digging Into the New Android L Runtime Internals”, analyzed a series of DEX smart fuzzing techniques targeting the bytecode optimization and compilation components of the new Android ART runtime.

The talk’s abstract was:

In an effort to deal with performance challenges in the Android ecosystem, Google has made an investment aiming to fully replace the old JIT Dalvik VM with the brand new AOT (Ahead-Of-Time) ART runtime. It has been more than a year since ART was open-sourced and its first production releases are reaching the market. However, there is currently almost zero public knowledge about the security maturity of ART and its interfacing functionality.

This talk is the first milestone of a greater research effort aiming to analyze all of the new ART runtime internals, depict the exploitation impact of identified bugs in the Android ecosystem and mark the requirements for the development of new tools. To assist this analysis, the first DEX file format smart fuzzing engine has been implemented supporting a series of rulesets mirroring the various fuzzing requirements. The input generation and fuzzing toolset we have developed run directly on Android devices and monitor the investigated processes.

DEX smart fuzzing techniques and evaluation metrics will be presented against the initial target of the ART runtime, which is the bytecode optimization and compilation chain (DEX parser, IR processing & code generation) for the ARM architecture. In order to prove the efficiency of our smart fuzzing techniques, we compare our results against dumb fuzzing iterations with identical characteristics.

You may find the related presentation material below:

We would like to specially thank Dhillon Andrew Kannabhiran, the conference organizing committee and volunteers for their warm welcome and outstanding support services.