1# Android Platform # 2 3Honggfuzz (as of version 0.6) supports Android OS (NDK cross-compilation) using 4both ptrace() API and POSIX signals interface. When ptrace() API is enabled, 5honggfuzz's engine prevents monitored signals from reaching the debugger (no 6logcat backtraces & tombstones), since the fuzzer's runtime analysis is 7affected. 8 9## Requirements ## 10 11* [Android NDK](https://developer.android.com/ndk/index.html): User has to 12manually install NDK and set environment PATH 13* [libunwind](http://www.nongnu.org/libunwind/download.html): In case of first 14build an upstream git fork is executed followed by required patches 15* [capstone](http://www.capstone-engine.org/download.html): In case of first 16build an upstream git fork is executed 17 18| **Dependency** | **Last Tested Version** | 19|:-------|:-----------| 20| **Android NDK** | r16 with Android API 24 (Nougat 7.0) | 21| **libunwind** | upstream master commit [bc8698f] | 22| **capstone** | 3.0.4 stable version | 23 24## Compatibility list ## 25 26It has been tested under the following CPU architectures: 27 28| **ABI** | **Status** | 29|:-------|:-----------| 30| **armeabi** | ptrace() API & POSIX signal interface | 31| **armeabi-v7a** | ptrace() API & POSIX signal interface | 32| **arm64-v8a** | ptrace() API & POSIX signal interface `*`| 33| **x86** | ptrace() API & POSIX signal interface | 34| **x86_64** | ptrace() API & POSIX signal interface | 35 36_`*`) libunwind fails to extract frames if fuzzing target is 32bit. Prefer a32bit build for such targets._ 37 38 39## Cross-Compiling ## 40## Dependencies ## 41 42A series of helper bash scripts have been created under the 43`third_party/android/scripts` directory to automate the dependencies 44configuration & build process. The scripts are automatically invoked from the 45makefile, based on the selected target CPU. Normally you'll not need to manually 46execute or modify them. 47 48## Building 49### All CPUs ### 50For convenience the master makefile defines an `android-all` target that 51automatically builds honggfuzz (and its dependencies) for all the supported 52Android CPUs. 53 54From the root directory execute the following. Build output is available under 55the `libs` directory. 56 57``` 58$ make android-all 59... 60$ tree libs/ 61libs/ 62├── arm64-v8a 63│ ├── android_api.txt 64│ ├── honggfuzz 65│ ├── libhfuzz.a 66│ └── ndk_toolchain.txt 67├── armeabi 68│ ├── android_api.txt 69│ ├── honggfuzz 70│ ├── libhfuzz.a 71│ └── ndk_toolchain.txt 72├── armeabi-v7a 73│ ├── android_api.txt 74│ ├── honggfuzz 75│ ├── libhfuzz.a 76│ └── ndk_toolchain.txt 77├── x86 78│ ├── android_api.txt 79│ ├── honggfuzz 80│ ├── libhfuzz.a 81│ └── ndk_toolchain.txt 82└── x86_64 83 ├── android_api.txt 84 ├── honggfuzz 85 ├── libhfuzz.a 86 └── ndk_toolchain.txt 87 885 directories, 20 files 89``` 90 91 92### Specific CPU ### 93To build for a specific CPU use the `android` target with one of the supported 94ABI descriptions. Again the dependencies are automatically build. 95 96``` 97$ make android ANDROID_APP_ABI=<arch> 98... 99``` 100 101Were `<arch>` can be: 102 103* armeabi 104* armeabi-v7a (**default**) 105* arm64-v8a 106* x86 107* x86_64 108 109 110## Android specific flags ## 111 112| **Flag** | **Options** | **Description** | 113|:----------|:------------|:----------------| 114| **ANDROID_DEBUG_ENABLED** | true, false (default: false) | Enable Android debug builds | 115| **ANDROID_APP_ABI** | armeabi, armeabi-v7a, arm64-v8a, x86, x86_64 (default: armeabi-v7a) | Target CPU | 116| **ANDROID_WITH_PTRACE** | true, false (default: true) `1`| Fuzzing engine backend architecture | 117| **ANDROID_API** | android-21, android-22, ... (default: android-26) `2` | Target Android API | 118| **ANDROID_CLANG** | true, false (default: true) | Android NDK compiler toolchain to use | 119 120_`1`) If false, POSIX signals interface is used instead of PTRACE API_ 121 122_`2`) Due to bionic incompatibilities, only APIs >= 21 are supported_ 123