blob: e7ba1788c5c53243ae3547639af4b96d5a55cbd5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
# Setup: Linux host, Android device, arm64 kernel
Prerequisites:
- go1.8+ toolchain (can be downloaded from [here](https://golang.org/dl/))
- Android NDK (tested with r12b) (can be downloaded from [here](https://developer.android.com/ndk/downloads/index.html))
- [Suzy-Q](https://chromium.googlesource.com/chromiumos/platform/ec/+/master/docs/case_closed_debugging.md) device to capture console output (support for other development boards is possible, but it not implemented yet)
From `syzkaller` checkout:
- Build `syz-manager` for host:
```
go build -o bin/syz-manager ./syz-manager
```
- Build `syz-fuzzer` and `syz-execprog` for arm64:
```
GOARCH=arm64 go build -o bin/syz-fuzzer ./syz-fuzzer
GOARCH=arm64 go build -o bin/syz-execprog ./tools/syz-execprog
```
- Build `syz-executor` for arm64:
```
/android-ndk-r12b/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/bin/aarch64-linux-android-g++ \
-I/android-ndk-r12b/sources/cxx-stl/llvm-libc++/libcxx/include \
--sysroot=/android-ndk-r12b/platforms/android-22/arch-arm64 \
executor/executor.cc -O1 -g -Wall -static -o bin/syz-executor
```
- Create config with `"type": "adb"` and specify adb devices to use. For example:
```
{
"http": "localhost:50000",
"workdir": "/gopath/src/github.com/google/syzkaller/workdir",
"syzkaller": "/gopath/src/github.com/google/syzkaller",
"vmlinux": "-",
"sandbox": "none",
"procs": 8,
"type": "adb",
"vm": {
"devices": ["ABCD000010"]
}
}
```
- Start `syz-manager -config adb.cfg` as usual.
|
