1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# Setup: Linux or Mac OS host, Android device, arm64 kernel
Prerequisites:
- go1.8+ toolchain (can be downloaded from [here](https://golang.org/dl/))
- Android NDK (tested with r15 on API24) (can be downloaded from [here](https://developer.android.com/ndk/downloads/index.html))
+ Set the `$NDK` environment variable to point at it
- Android Serial Cable or [Suzy-Q](https://chromium.googlesource.com/chromiumos/platform/ec/+/master/docs/case_closed_debugging.md) device to capture console output is preferable but optional. syzkaller can work with normal USB cable as well, but that can be somewhat unreliable and turn lots of crashes into "lost connection to test machine" crashes with no additional info.
- Build syzkaller
```sh
$ make android
```
- Check the output files are correct
```sh
$ file bin/*
bin/syz-execprog: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, stripped
bin/syz-executor: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, not stripped
bin/syz-fuzzer: ELF 64-bit LSB executable, ARM aarch64, version 1 (SYSV), statically linked, stripped
bin/syz-manager: Mach-O 64-bit executable x86_64
```
- Create config with `"type": "adb"` and specify adb devices to use. For example:
```
{
"target": "linux/arm64",
"http": "localhost:50000",
"workdir": "/gopath/src/github.com/google/syzkaller/workdir",
"syzkaller": "/gopath/src/github.com/google/syzkaller",
"vmlinux": "-",
"sandbox": "none",
"procs": 8,
"type": "adb",
"vm": {
"devices": ["ABCD000010"]
}
}
```
- Start `syz-manager -config adb.cfg` as usual.
If you get issues after `syz-manager` starts, consider running it with the `-debug` flag.
Also see [this page](troubleshooting.md) for troubleshooting tips.
|
