In this presentation, we will introduce a new and novel fuzzing method for Android. We present ways to find vulnerabilities from quantitative change to qualitative change and our fuzzer exploits the combinations of function points to find vulnerabilities. Our fuzzing method borrows the ideology of model checking by generating combinations to drive the exploration of the state space in a comprehensive way. Using this new methodology we have found about twenty 0-days on smartOS and other phones and using our fuzzing method we have won the first prize in the Smartisan vulnerability digging competition.
To demonstrate the effectiveness of our method, we will apply it on OEM devices such as Samsung, Huawei and Smartisan OS where we have identified in total 50+ bugs and vulnerabilities, including many severe ones.
Our aim is to inspire the community with those vulnerabilities that have yet been identified and shown by other methods.
