def run():
"""
Run target fuzzer
:return:
"""
logger.debug("Starting LG GPad 7 Media Scanner Fuzzer (!)")
_test_cases = ["png", "jpg", "gif", "doc", "docx", "pdf", "ppt"]
for test_case in _test_cases:
logger.debug("Available Test-Case : {0}".format(test_case))
# Get target test-case
target = raw_input(
t.yellow("(DroidFuzzer) Select" + t.white(" Test-Case: ")))
# Clear logcat before running test-cases
ProcessManagement.clear()
processes = list()
# Clear existing tombstones
Utils.clear_tombstones()
for test_case in _test_cases:
log_id = randint(0, 10000)
if target == test_case:
# Always return a random sample of the generate test-cases
for item in sample(
listdir("".join(
[getcwd(), "/test-cases/{0}".format(target)])),
len(
listdir("".join(
[getcwd(),
"/test-cases/{0}".format(target)])))):
logger.debug("Fuzzing : {0}".format(item))
try:
# Push the selected test-case on to the device
pusher = ProcessManagement.execute("".join([
getcwd(), "/bin/adb push ",
"{0}/test-cases/{1}/{2}".format(
getcwd(), target, item), " /sdcard/"
]))
processes.append(pusher)
time.sleep(5)
# Execute the target parser
viewer = ProcessManagement.execute("".join([
getcwd(), "/bin/adb shell su -c 'am broadcast ",
"-a android.intent.action.MEDIA_SCANNER_SCAN_FILE ",
"-d file:///sdcard/{0}'".format(item)
]))
processes.append(viewer)
time.sleep(10)
# Log the test-case
log = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb shell log -p v -t 'Filename' {0}".format(
item)
]))
processes.append(log)
time.sleep(3)
# Log any SIGSEGV
fatal = ProcessManagement.execute("".join([
getcwd(), "/bin/adb logcat -v time *:F > ",
"logs/lg_gpad_7/media_scanner/{0}/lg_gpad_7_media_scanner_{1}_{2}_logs"
.format(target, item, log_id)
]))
processes.append(fatal)
time.sleep(3)
# Log the test-case that triggered the SIGSEGV
logcat = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb logcat -v time *:F -s 'Filename' > ",
"logs/lg_gpad_7/media_scanner/{0}/lg_gpad_7_media_scanner_{1}_{2}_logs"
.format(target, item, log_id)
]))
processes.append(logcat)
time.sleep(3)
# Remove the selected test-case
remove = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb shell su '-c rm /sdcard/{0}'".format(
item)
]))
ret = remove.wait()
# Make sure we have received a return code before proceeding
if ret:
processes.append(remove)
time.sleep(3)
# Recursively kill all child processes
ProcessManagement.kill(processes)
ProcessManagement.clear()
except CalledProcessError as called_process_error:
raise called_process_error
except Exception as e:
# Handle this ...
if e.message == "[Errno 35] Resource temporarily unavailable":
logger.error(e.message)
def run():
"""
Run target fuzzer
:return:
"""
logger.debug("Starting LG GPad 7 Gallery Fuzzer (!)")
_test_cases = [
"gif",
"jpg"
]
for test_case in _test_cases:
logger.debug("Available Test-Case : {0}".format(test_case))
# Get target test-case
target = raw_input(t.yellow("(DroidFuzzer) Select" + t.white(" Test-Case: ")))
# Clear logcat before running test-cases
ProcessManagement.clear()
processes = list()
# Clear existing tombstones
Utils.clear_tombstones()
for test_case in _test_cases:
log_id = randint(0, 10000)
if target == test_case:
# Always return a random sample of the generate test-cases
for item in sample(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])),
len(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])))):
logger.debug("Fuzzing : {0}".format(item))
try:
# Push the selected test-case on to the device
pusher = ProcessManagement.execute("".join([getcwd(),
"/bin/adb push ",
"{0}/test-cases/{1}/{2}".format(getcwd(),
target,
item),
" /sdcard/"]))
processes.append(pusher)
time.sleep(5)
# Execute the target parser
viewer = ProcessManagement.execute("".join([getcwd(),
"/bin/adb shell su -c 'am start ",
"-a android.intent.action.VIEW ",
"-t image/gif "
"-n com.android.gallery3d/.app.Gallery "
"-d file:///storage/emulated/0/{0}'".format(item)]))
processes.append(viewer)
time.sleep(10)
# Log the test-case
log = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb shell log -p v -t 'Filename' {0}".format(item)]))
processes.append(log)
time.sleep(3)
# Log any SIGSEGV
fatal = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F > ",
"logs/lg_gpad_7/gallery/{0}/lg_gpad_7_gallery_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(fatal)
time.sleep(3)
# Log the test-case that triggered the SIGSEGV
logcat = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F -s 'Filename' > ",
"logs/lg_gpad_7/gallery/{0}/lg_gpad_7_gallery_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(logcat)
time.sleep(3)
# Remove the selected test-case
remove = ProcessManagement.execute(
"".join([getcwd(), "/bin/adb shell su '-c rm /sdcard/{0}'".format(item)]))
processes.append(remove)
time.sleep(3)
# Kill the target parser
ProcessManagement.execute(
"".join([getcwd(), "/bin/adb shell am force-stop com.android.gallery3d"]))
# Recursively kill all child processes
ProcessManagement.kill(processes)
ProcessManagement.clear()
except CalledProcessError as called_process_error:
raise called_process_error
except Exception as e:
# Handle this ...
if e.message == "[Errno 35] Resource temporarily unavailable":
logger.error(e.message)
def run():
"""
Run target fuzzer
:return:
"""
logger.debug("Starting Samsung Core Prime Document Viewer Fuzzer (!)")
_test_cases = [
"docx",
"doc",
"pdf"
]
for test_case in _test_cases:
logger.debug("Available Test-Case : {0}".format(test_case))
# Get target test-case
target = raw_input(t.yellow("(DroidFuzzer) Select" + t.white(" Test-Case: ")))
# Clear logcat before running test-cases
ProcessManagement.clear()
processes = list()
# Clear existing tombstones
Utils.clear_tombstones()
for test_case in _test_cases:
log_id = randint(0, 10000)
if target == test_case:
# Always return a random sample of the generate test-cases
for item in sample(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])),
len(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])))):
logger.debug("Fuzzing : {0}".format(item))
try:
# Push the selected test-case on to the device
pusher = ProcessManagement.execute("".join([getcwd(),
"/bin/adb push ",
"{0}/test-cases/{1}/{2}".format(getcwd(),
target, item)," /data/local/tmp"]))
processes.append(pusher)
time.sleep(5)
# Execute the target parser
viewer = ProcessManagement.execute("".join([getcwd(),
"/bin/adb shell su '-c am start ",
"-n com.hancom.office.viewer/com.tf.thinkdroid.write.ni.viewer.WriteViewPlusActivity ",
"-d file:///data/local/tmp/{0}'".format(item)]))
processes.append(viewer)
time.sleep(10)
# Log the test-case
log = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb shell log -p v -t 'Filename' {0}".format(item)]))
processes.append(log)
time.sleep(3)
# Log any SIGSEGV
fatal = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F > ",
"logs/samsung_core_prime/document_viewer/{0}/samsung_core_prime_document_viewer_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(fatal)
time.sleep(3)
# Log the test-case that triggered the SIGSEGV
logcat = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F -s 'Filename' > ",
"logs/samsung_core_prime/document_viewer/{0}/samsung_core_prime_document_viewer_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(logcat)
time.sleep(3)
# Remove the selected test-case
remove = ProcessManagement.execute(
"".join([getcwd(), "/bin/adb shell su '-c rm /data/local/tmp/{0}'".format(item)]))
ret = remove.wait()
# Make sure we have received a return code before proceeding
if ret:
processes.append(remove)
time.sleep(3)
# Kill the target parser
ProcessManagement.execute(
"".join([getcwd(), "/bin/adb shell am force-stop com.hancom.office.viewer"]))
# Recursively kill all child processes
ProcessManagement.kill(processes)
ProcessManagement.clear()
except CalledProcessError as called_process_error:
raise called_process_error
except Exception as e:
# Handle this ...
if e.message == "[Errno 35] Resource temporarily unavailable":
logger.error(e.message)
def run():
"""
Run target fuzzer
:return:
"""
logger.debug("Starting Samsung Core Prime Document Viewer Fuzzer (!)")
_test_cases = ["docx", "doc", "pdf"]
for test_case in _test_cases:
logger.debug("Available Test-Case : {0}".format(test_case))
# Get target test-case
target = raw_input(
t.yellow("(DroidFuzzer) Select" + t.white(" Test-Case: ")))
# Clear logcat before running test-cases
ProcessManagement.clear()
processes = list()
# Clear existing tombstones
Utils.clear_tombstones()
for test_case in _test_cases:
log_id = randint(0, 10000)
if target == test_case:
# Always return a random sample of the generate test-cases
for item in sample(
listdir("".join(
[getcwd(), "/test-cases/{0}".format(target)])),
len(
listdir("".join(
[getcwd(),
"/test-cases/{0}".format(target)])))):
logger.debug("Fuzzing : {0}".format(item))
try:
# Push the selected test-case on to the device
pusher = ProcessManagement.execute("".join([
getcwd(), "/bin/adb push ",
"{0}/test-cases/{1}/{2}".format(
getcwd(), target, item), " /data/local/tmp"
]))
processes.append(pusher)
time.sleep(5)
# Execute the target parser
viewer = ProcessManagement.execute("".join([
getcwd(), "/bin/adb shell su '-c am start ",
"-n com.hancom.office.viewer/com.tf.thinkdroid.write.ni.viewer.WriteViewPlusActivity ",
"-d file:///data/local/tmp/{0}'".format(item)
]))
processes.append(viewer)
time.sleep(10)
# Log the test-case
log = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb shell log -p v -t 'Filename' {0}".format(
item)
]))
processes.append(log)
time.sleep(3)
# Log any SIGSEGV
fatal = ProcessManagement.execute("".join([
getcwd(), "/bin/adb logcat -v time *:F > ",
"logs/samsung_core_prime/document_viewer/{0}/samsung_core_prime_document_viewer_{1}_{2}_logs"
.format(target, item, log_id)
]))
processes.append(fatal)
time.sleep(3)
# Log the test-case that triggered the SIGSEGV
logcat = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb logcat -v time *:F -s 'Filename' > ",
"logs/samsung_core_prime/document_viewer/{0}/samsung_core_prime_document_viewer_{1}_{2}_logs"
.format(target, item, log_id)
]))
processes.append(logcat)
time.sleep(3)
# Remove the selected test-case
remove = ProcessManagement.execute("".join([
getcwd(),
"/bin/adb shell su '-c rm /data/local/tmp/{0}'".
format(item)
]))
ret = remove.wait()
# Make sure we have received a return code before proceeding
if ret:
processes.append(remove)
time.sleep(3)
# Kill the target parser
ProcessManagement.execute("".join([
getcwd(),
"/bin/adb shell am force-stop com.hancom.office.viewer"
]))
# Recursively kill all child processes
ProcessManagement.kill(processes)
ProcessManagement.clear()
except CalledProcessError as called_process_error:
raise called_process_error
except Exception as e:
# Handle this ...
if e.message == "[Errno 35] Resource temporarily unavailable":
logger.error(e.message)
def run():
"""
Run target fuzzer
:return:
"""
logger.debug("Samsung Core Prime Media Scanner Fuzzer (!)")
_test_cases = [
"jpg",
"gif"
]
for test_case in _test_cases:
logger.debug("Available Test-Case : {0}".format(test_case))
# Get target test-case
target = raw_input(t.yellow("(DroidFuzzer) Select" + t.white(" Test-Case: ")))
# Clear logcat before running test-cases
ProcessManagement.clear()
processes = list()
# Clear existing tombstones
Utils.clear_tombstones()
for test_case in _test_cases:
log_id = randint(0, 10000)
if target == test_case:
# Always return a random sample of the generate test-cases
for item in sample(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])),
len(listdir("".join([getcwd(), "/test-cases/{0}".format(target)])))):
logger.debug("Fuzzing : {0}".format(item))
try:
# Push the selected test-case on to the device
pusher = ProcessManagement.execute("".join([getcwd(),
"/bin/adb push ",
"{0}/test-cases/{1}/{2}".format(getcwd(),
target,
item),
" /sdcard/"]))
processes.append(pusher)
time.sleep(5)
# Execute the target parser
viewer = ProcessManagement.execute("".join([getcwd(),
"/bin/adb shell am broadcast ",
"-a android.intent.action.MEDIA_MOUNTED ",
"-d file:///mnt/shell/emulated/0/"]))
processes.append(viewer)
time.sleep(10)
# Log the test-case
log = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb shell log -p v -t 'Filename' {0}".format(item)]))
processes.append(log)
time.sleep(3)
# Log any SIGSEGV
fatal = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F > ",
"logs/samsung_core_prime/media_scanner/{0}/samsung_core_prime_media_scanner_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(fatal)
time.sleep(3)
# Log the test-case that triggered the SIGSEGV
logcat = ProcessManagement.execute(
"".join([getcwd(),
"/bin/adb logcat -v time *:F -s 'Filename' > ",
"logs/samsung_core_prime/media_scanner/{0}/samsung_core_prime_media_scanner_{1}_{2}_logs"
.format(target, item, log_id)]))
processes.append(logcat)
time.sleep(3)
# Remove the selected test-case
remove = ProcessManagement.execute(
"".join([getcwd(), "/bin/adb shell rm /sdcard/{0}".format(item)]))
ret = remove.wait()
# Make sure we have received a return code before proceeding
if ret:
processes.append(remove)
time.sleep(3)
# Recursively kill all child processes
ProcessManagement.kill(processes)
ProcessManagement.clear()
except CalledProcessError as called_process_error:
raise called_process_error
except Exception as e:
# Handle this ...
if e.message == "[Errno 35] Resource temporarily unavailable":
logger.error(e.message)