1# Android Platform #
2
3Honggfuzz (as of version 0.6) supports Android OS (NDK cross-compilation) using
4both ptrace() API and POSIX signals interface. When ptrace() API is enabled,
5honggfuzz's engine prevents monitored signals from reaching the debugger (no
6logcat backtraces & tombstones), since the fuzzer's runtime analysis is
7affected.
8
9## Requirements ##
10
11* [Android NDK](https://developer.android.com/ndk/index.html): User has to
12manually install NDK and set environment PATH
13* [libunwind](http://www.nongnu.org/libunwind/download.html): In case of first
14build an upstream git fork is executed followed by required patches
15* [capstone](http://www.capstone-engine.org/download.html): In case of first
16build an upstream git fork is executed
17
18| **Dependency** | **Last Tested Version** |
19|:-------|:-----------|
20| **Android NDK** | r16 with Android API 24 (Nougat 7.0) |
21| **libunwind** | upstream master commit [bc8698f] |
22| **capstone** | 3.0.4 stable version |
23
24## Compatibility list ##
25
26It has been tested under the following CPU architectures:
27
28| **ABI** | **Status** |
29|:-------|:-----------|
30| **armeabi** | ptrace() API & POSIX signal interface |
31| **armeabi-v7a** | ptrace() API & POSIX signal interface |
32| **arm64-v8a** | ptrace() API & POSIX signal interface `*`|
33| **x86** | ptrace() API & POSIX signal interface |
34| **x86_64** | ptrace() API & POSIX signal interface |
35
36_`*`) libunwind fails to extract frames if fuzzing target is 32bit. Prefer a32bit build for such targets._
37
38
39## Cross-Compiling ##
40## Dependencies ##
41
42A series of helper bash scripts have been created under the
43`third_party/android/scripts` directory to automate the dependencies
44configuration & build process. The scripts are automatically invoked from the
45makefile, based on the selected target CPU. Normally you'll not need to manually
46execute or modify them.
47
48## Building
49### All CPUs ###
50For convenience the master makefile defines an `android-all` target that
51automatically builds honggfuzz (and its dependencies) for all the supported
52Android CPUs.
53
54From the root directory execute the following. Build output is available under
55the `libs` directory.
56
57```
58$ make android-all
59...
60$ tree libs/
61libs/
62├── arm64-v8a
63│   ├── android_api.txt
64│   ├── honggfuzz
65│   ├── libhfuzz.a
66│   └── ndk_toolchain.txt
67├── armeabi
68│   ├── android_api.txt
69│   ├── honggfuzz
70│   ├── libhfuzz.a
71│   └── ndk_toolchain.txt
72├── armeabi-v7a
73│   ├── android_api.txt
74│   ├── honggfuzz
75│   ├── libhfuzz.a
76│   └── ndk_toolchain.txt
77├── x86
78│   ├── android_api.txt
79│   ├── honggfuzz
80│   ├── libhfuzz.a
81│   └── ndk_toolchain.txt
82└── x86_64
83    ├── android_api.txt
84    ├── honggfuzz
85    ├── libhfuzz.a
86    └── ndk_toolchain.txt
87
885 directories, 20 files
89```
90
91
92### Specific CPU ###
93To build for a specific CPU use the `android` target with one of the supported
94ABI descriptions. Again the dependencies are automatically build.
95
96```
97$ make android ANDROID_APP_ABI=<arch>
98...
99```
100
101Were `<arch>` can be:
102
103* armeabi
104* armeabi-v7a (**default**)
105* arm64-v8a
106* x86
107* x86_64
108
109
110## Android specific flags ##
111
112| **Flag** | **Options** | **Description** |
113|:----------|:------------|:----------------|
114| **ANDROID_DEBUG_ENABLED** | true, false (default: false) | Enable Android debug builds |
115| **ANDROID_APP_ABI** | armeabi, armeabi-v7a, arm64-v8a, x86, x86_64 (default: armeabi-v7a) | Target CPU |
116| **ANDROID_WITH_PTRACE** | true, false (default: true) `1`| Fuzzing engine backend architecture |
117| **ANDROID_API** | android-21, android-22, ... (default: android-26) `2` | Target Android API |
118| **ANDROID_CLANG** | true, false (default: true) | Android NDK compiler toolchain to use |
119
120_`1`) If false, POSIX signals interface is used instead of PTRACE API_
121
122_`2`) Due to bionic incompatibilities, only APIs >= 21 are supported_
123