Skip to content

BinderFuzzy - Pentest Android Services

F-Droid

Open source

An App intended for fuzzing the Binder interface and System Services of Android.

Version
1.0
Size
3.6 MB
Updated
Jan 9, 2021
Get from Download APK (v1.0)
Signing certificate on record

About this app

BinderFuzzy is a fuzzer that can generate binder events in order to pentest system services running on the Android operating system (https://developer.android.com/reference/android/os/Binder, https://source.android.com/devices/architecture/hidl/binder-ipc). You can validate if system services have correct error handling or transfer binder objects / tokens of other services in order to validate if the target system service validates binder arguments.

This Project covers following features:

* Browse managers and binder interfaces. * Execute Fuzzy tasks * Configure argument lists for each parameter of the method to fuzz * Read logs of recent tasks * Use python3 cli (optional) to execute fuzzer from desktop. * Define fuzzer script and execute via cli

Enjoy our App!

Licensed under Apache-2.0, by ChickenHook.

OfficialSignature VerifiedOpen Source

What's New in v1.0

Imported from the F-Droid repository index.

  • * initial release

Version history

v1.0Latest
Signature continuous

Jan 9, 2021 · 3.6 MB · Android API 1929 · code 2

Imported from the F-Droid repository index.

  • * initial release
INTERNETMANAGE_ACTIVITY_STACKS

SHA-256 1d21b8068bacd2067d359dbf2b22150ac3402ee45bee58f5c172a519ba2cc2b1

Will it run on your device?

CompatibilityVery likely to run

87%

  • Runs on a broad range of modern Android versions.
  • Multiple CPU architectures are covered.
What changed in this release
Size delta
0 MB
Added permissions
INTERNET, MANAGE_ACTIVITY_STACKS
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be org.chickenhook.binderfuzzy is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

No earlier build is on record for BinderFuzzy - Pentest Android Services, so there is nothing to roll back to yet. When a second version is published, this section will explain how to move between them safely.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of BinderFuzzy - Pentest Android Services, and a listing is removed when the evidence for it stops holding up.

Get BinderFuzzy - Pentest Android Services

Every source we list for org.chickenhook.binderfuzzy is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Security Privacy
Android
API 19+
Architectures
arm64-v8a, armeabi-v7a, x86, x86_64
Version
1.0 (code 2)
Size
3.6 MB
Updated
Jan 9, 2021
Package name
org.chickenhook.binderfuzzy

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v1.0)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

1d21b8068bacd2067d359dbf2b22150ac3402ee45bee58f5c172a519ba2cc2b1

Signing certificate

2bdbdb07d0a6a621170e55da6762443afd210fe3fb522ed8cfda853c52a4dad8

Permissions Required

INTERNET
MANAGE_ACTIVITY_STACKS

Previous Versions

No earlier build is on record — this is the first release we have listed.

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem