Issue: afl-frida-trace.so crashing all binaries on Android ARM64 (Github #1856)

28 views

Skip to first unread message

Andrew C

unread,

Sep 9, 2023, 12:03:30 PM9/9/23

to afl-users

I am trying to figure out this issue I am having: Running any binary with LD_PRELOAD=afl-frida-trace.so on a rooted Android ARM64 emulator gives an error like:

LD_PRELOAD=afl-frida-trace.so ./fuzz 123

[!] WARNING: SHM_ENV_VAR not set, using dummy for debugging purposes

[-] PROGRAM ABORT : Patch out of range 0x0000FFFD625C9B3C->0x0000FFFFF38C8000 = 0x00000002912FF000
Location : instrument_patch_ardp(), /home/user/AFL/frida_mode/src/instrument/instrument_arm64.c:278

Or:

[!] WARNING: SHM_ENV_VAR not set, using dummy for debugging purposes
Illegal instruction (core dumped)

This can even happen with the same binary when just trying the command twice in a row (both error messages).

I built the afl-frida-trace.so library following the tutorial linked in the official documentation:

https://blog.quarkslab.com/android-greybox-fuzzing-with-afl-frida-mode.html#fn:fuzzing-qemu-android

Reply all

Reply to author

Forward

0 new messages