{"id":17267130,"url":"https://github.com/thypon/androidfuzz","last_synced_at":"2025-08-09T15:07:00.780Z","repository":{"id":15479300,"uuid":"18212851","full_name":"thypon/AndroidFuzz","owner":"thypon","description":"JavaFuzz 4 Android","archived":false,"fork":false,"pushed_at":"2014-03-28T13:29:10.000Z","size":155,"stargazers_count":28,"open_issues_count":1,"forks_count":20,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-27T21:39:06.297Z","etag":null,"topics":["android","apk","fuzz","fuzzing","instrument","java","javafuzz-android"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/thypon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-28T13:26:38.000Z","updated_at":"2024-12-19T06:14:21.000Z","dependencies_parsed_at":"2022-08-04T04:45:25.455Z","dependency_job_id":null,"html_url":"https://github.com/thypon/AndroidFuzz","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thypon%2FAndroidFuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thypon%2FAndroidFuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thypon%2FAndroidFuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/thypon%2FAndroidFuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/thypon","download_url":"https://codeload.github.com/thypon/AndroidFuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248843828,"owners_count":21170488,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","apk","fuzz","fuzzing","instrument","java","javafuzz-android"],"created_at":"2024-10-15T08:09:11.373Z","updated_at":"2025-04-14T08:02:38.680Z","avatar_url":"https://github.com/thypon.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"JavaFuzz Android\n================\n\n\nAndroid JavaFuzz Version. In order to compile type:\n\n    gradle build\n\nInstrument Android APK\n----------------------\n\nIn order to instrument it you need:\n\n- smali\n- zip/unzip\n- aapt\n\nOnce you have obtained the javafuzz.jar you have to dex it:\n\n    dx --dex --output=afuz.dex build/libs/javafuzz-1.0.jar\n\nUncompress it to obtain the necessary java xml resources:\n\n    unzip build/libs/javafuzz-1.0.jar\n\nThen uncompress the apk you need to instruments in the same directory:\n\n    unzip your.apk\n\nInstrument the code:\n\n    baksmali classes.dex\n    baksmali afuz.dex\n    smali out\n    cp out.dex classes.dex\n\nThen build the final instrumented apk:\n\n    aapt remove your.apk classes.dex\n    aapt add your.apk classes.dex\n    aapt add your.apk gnu/getopt/MessagesBundle*\n\n\nRun The Fuzzer\n--------------\n\nTransfer the instrumented apk to the \"device\":\n\n    adb push your.apk /sdcard/\n    mkdir -p /data/local/tmp\n    ANDROID_DATA=/data/local/tmp /system/bin/dalvikvm -Xss256k -Xmx100m \\\n        -Xbootclasspath:/system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar \\\n        -classpath /sdcard/your.apk javafuzz.JavaFuzz -c class.to.Test -v -m\n\n\nManual\n------\n\n    NAME\n         JavaFuzz - Java Class Fuzzer\n\n    SYNOPSIS\n         JavaFuzz.jar [-v] -c class [-e type] [-l StringLength]...\n\n    DESCRIPTION\n         JavaFuzz is a java classes fuzzer based on the the Java Reflection\n         API. The reflection API represents, or reflects, the classes, interfaces,\n         and objects in the current Java Virtual Machine. Using the reflection\n         API JavaFuzz can contruct and invoke any given class (or list of classes).\n         After getting the types that a class accepts will construct the classes using\n         large values.\n\n\n    OPTIONS\n         -v   Verbose - Fully Print Exceptions. Very usuafull and you better use\n              that if you want to spot any weird exceptions.\n\n         -m   Fuzz methods of a Class, Can take Long time to finish\n\n         -c   Classname\n              Input is Class name e.g java.net.URL , you cannot use -f at the same\n              time.\n\n         -f   Read Class names from a file. Classnames should be on in each line.\n\n         -s   You can set the fuzzing String, for example http://www.example.com\n              if you dont want repeats, use it with -l1\n\n         -e   You can set the type you want to overflow with the MAX_VALUE on top\n              for example if you want to pass twice the size of a double to a class\n              which is defined to accept only double you do \"-e double\"\n              Warning: If you do that with an integer it will overflow  and\n              become -2.\n              Values can be : int, double, float, long, short.\n\n         -r   Number of recursions until constructs the class [Default 20]\n              If needs more it will set type to null and consider it Infinite.\n              Usually when trying to construct types that dont get any arguments\n              it will be fine, if it  will try to construct classes that their\n              types accept arguments and so on... JavaFuzz will keep constructing\n              types until it gets the asked types.\n\n         -k   Set the value for int,float,long,short,double\n              e.g. -k int=100  or -k double=20000 or -k int=19,float=49 and so on.\n\n         -a   Set size of used array when fuzzing  [Default 800]\n              This option can be maximum Integer.MAX_VALUE\n\n         -l   Set length of used Strings when fuzzing [Default 1024]\n              This option can be maximum Integer.MAX_VALUE\n\n         -o   Find if a specific class requires a cosntant and brute-force\n              all possible possitions until the constant is in the correct\n              positiont. [This option will add further delays]\n\n         -i   JavaFuzz will ignore the specified method(s) helpful when you found a bug\n              in a method but you want to dig deeper. (Seperate methods with commas)\n              e.g. for java.awt.Image you could use -i getGraphics,getScaledInstance\n\n         -n   JavaFuzz will fuzz the specified method(s) only\n              e.g. for java.awt.Font you could use -n applySize,pDispose\n              NOTE: You cannot use -i at the same time\n\n         -u   Fuzz only high or low values respectively e.g. Integer high is +MAX_VALUE\n              and low value is -MAX_VALUE (or MIN_VALUE) [-u low or -u high]\n\n        - p   Enforce a Constant and bruteforce the position.  Thetype can\n              be int,double,float,short,string   e.g. -p double=1\n\n         -g   Use it when you want to replace a class, for example it could be used to replace\n              abstract classes or interfaces -g org.replace.this=org.with.this\n              the auto replacement mode can be invoked using -g org.replace.this={A}\n              and for complete automation use -ga\n\n\n\n    EXAMPLES\n\n             java -jar JavaFuzz.jar -c java.lang.String -v\n             java -jar JavaFuzz.jar -f classes.txt -v -e int\n             java -jar JavaFuzz.jar -c java.net.URL -e int -s http://www.example.com\n\n    BUGS\n             Version \u003c= 0.3\n             It cannot construct classes with types :\n             a) Multidimensional array that is not int,double,float,short,long,string\n             b) Array that is not int,double,float,short,long,string\n\n    FIXES/UPDATES\n             Version \u003e= 0.7\n             Enforce a Constant and bruteforce the position.  The type can be int,double,float,short,string\n             flag is -p\n\n             Version \u003e= 0.6\n             You can filter in and out method(s) and you can supply multiple types with -k\n             Minor error handling fixes\n\n             Version \u003e= 0.5\n             The bugs listed in \u003c=0.3 are fixed. If you find the same problem let me know\n\n    AUTHOR\n         Emmanouel Kellinis \u003cme at cipher dot org dot uk\u003e\n\n\nLicense\n-------\n\nThe code is under GPLv2 unless specified otherwise in the single files.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthypon%2Fandroidfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthypon%2Fandroidfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthypon%2Fandroidfuzz/lists"}