Hello, my name is Anestis Bechtsoudis and I’m a security engineer at CENSUS.
I recently gave a talk on Android ART runtime fuzzing techniques at the
Hack-in-the-Box 2015 Amsterdam security conference. The talk entitled “Fuzzing Objects d’ART — Digging Into the New Android L Runtime Internals”, analyzed a series of DEX smart fuzzing techniques targeting the bytecode optimization
and compilation components of the new Android ART runtime.
The talk’s abstract was:
In an effort to deal with performance challenges in the Android ecosystem, Google
has made an investment aiming to fully replace the old JIT Dalvik VM with the brand
new AOT (Ahead-Of-Time) ART runtime. It has been more than a year since ART was
open-sourced and its first production releases are reaching the market. However,
there is currently almost zero public knowledge about the security maturity of ART
and its interfacing functionality.
This talk is the first milestone of a greater research effort aiming to analyze all
of the new ART runtime internals, depict the exploitation impact of identified bugs
in the Android ecosystem and mark the requirements for the development of new tools.
To assist this analysis, the first DEX file format smart fuzzing engine has been
implemented supporting a series of rulesets mirroring the various fuzzing requirements.
The input generation and fuzzing toolset we have developed run directly on Android
devices and monitor the investigated processes.
DEX smart fuzzing techniques and evaluation metrics will be presented against the
initial target of the ART runtime, which is the bytecode optimization and compilation
chain (DEX parser, IR processing & code generation) for the ARM architecture.
In order to prove the efficiency of our smart fuzzing techniques, we compare our
results against dumb fuzzing iterations with identical characteristics.
You may find the related presentation material below:
We would like to specially thank Dhillon Andrew Kannabhiran, the conference organizing
committee and volunteers for their warm welcome and outstanding support services.