haramel
Questions about reproducing Android 11 vulnerabilities
Since I saw in the paper that using l2fuzz can test Android11 vulnerabilities, I tried to use l2fuzz to fuzz pixel5 (Android11/RQ1D.210105.003), but Bluetooth crash failed after 8 hours of testing. The environment I use has python3.6.9 and scapy2.4.4 installed for the virtual machine (ubuntu18.04.4). I would like to ask some details about this Android11 vulnerability and whether a specific bluetooth adapter is required, it would be better if you can provide the packets or logs where l2fuzz caused the crash. The bluetooth adapter I am using is Cambridge Silicon Radio CSR8510 A10. The following is some test information: ===================Test Informatoin=================== { "starting_time": "2023-02-13 16:39:57.167816", "interface": "Bluetooth_L2CAP", "toolVer": "1.0.0", "bdaddr": "14:C1:4E:FF:56:C5", "OUI": "Google, Inc.", "name": "Pixel 5", "Class of Device Value": "5898764", "Class of Device": { "major": "Phone", "minor": "Smartphone", "service": [ "Telephony", "Object Transfer", "Capturing", "Networking" ] }, "service": "AV Remote Control Target", "protocol": "L2CAP", "port": 23
}
================================================
Start Fuzzing... Please hit Ctrl + C to finish... [+] Tested 0 packets [!] Device is not paired with host('Connection refused - PSM not supported'). [!] Can't test service port that you've selected. Now set port as default PSM, '1'. [+] Tested 30007 packets [+] Tested 60013 packets
