In an effort to deal with performance & legal challenges in the Android ecosystem, Google has made an investment aiming to fully replace the old JIT Dalvik VM with the brand new AOT (Ahead-Of-Time) ART runtime. It has been more than a year since ART was open-sourced and its first production releases are reaching the market. However, there is currently almost zero public knowledge about the security maturity of ART and its interfacing functionality.
This talk is the first milestone of a greater research effort aiming to analyze all of the new ART runtime internals, depict the exploitation impact of identified bugs in the Android ecosystem and mark the requirements for the development of new tools. To assist this analysis, the first DEX file format smart fuzzing engine has been implemented supporting a series of rulesets mirroring the various fuzzing requirements. The input generation and fuzzing toolset we have developed run directly on Android devices and monitor the investigated processes.
DEX smart fuzzing techniques and evaluation metrics will be presented against the initial target of the ART runtime, which is the bytecode optimization and compilation chain (DEX parser, MIR-to-LIR & code generation) for the ARM architecture. In order to prove the efficiency of our smart fuzzing techniques, we compare our results against dumb fuzzing iterations with identical characteristics.