Internship - Fuzzing native code in Android applications

Mobile, crypto & protections · Paris, Paris
Department Mobile, crypto & protections
Employment Type Stage
Minimum Experience Entry-level
Compensation 1800€ gross / month (1550€ net)

In addition to Java/Kotlin languages, Android offers the application developers the possibility of writing some parts of their code natively, in C or C++. Those functions can be called from the Dalvik side through an interface called 'JNI'. At build time, the native code is compiled and put into one or several shared libraries, which are embedded in the application's APK file.


Without having the source code, finding software vulnerabilities in native code is quite a difficult and tedious task. Fortunately, fuzzing can be of great help, especially if we need to effectively uncover bugs in a short time. However, when it comes to assessing code in such a specific environment, open-source projects may turn out to be not well fitted — in other words, they are too generic and cannot be used out of the box. As a result, we need to build our own adapted solution that suits our needs.


This internship consists of enhancing the native fuzzer for closed-source Android applications we have developed at Quarkslab in order to find vulnerabilities in targets you will wisely chose with the help of the team.


Required skills:

  • Familiar with automated vulnerability research
  • Good understanding of Android runtime
  • Experience in native reverse engineering and instrumentation of Android applications (Frida, QBDI, etc.)
  • Plus if already proficient in C++


What you will do:

You will have to experiment, weigh up the pros and the cons of the different options we have and figure the best approach out for efficiently finding vulnerabilities in JNI libraries. As well, you will need to wisely pick out some targets you will run the fuzzer on in order to carry out the testing stage.


Location:

Paris/Rennes


Duration:

6 months


Assignment:

Pick out an open-source library that parses buffers (e.g. image rendering) and can be compiled with the Android NDK.
Write a harness function for fuzzing a piece of code you find interesting using libFuzzer, compile it and run it on an Android emulator or a physical device.

 

Answer those questions:

  • What is your executable doing internally while fuzzing?
  • What would it take to make it work on a closed-source target library?
  • Applied to the Android application ecosystem and especially JNI functions, what challenges would we face?


More info here: https://blog.quarkslab.com/internship-offers-for-the-2021-2022-season.html#fuzzing-native-code-in-android-applications

Thank You

Your application was submitted successfully.

  • Location
    Paris, Paris
  • Department
    Mobile, crypto & protections
  • Employment Type
    Stage
  • Minimum Experience
    Entry-level
  • Compensation
    1800€ gross / month (1550€ net)