FELIX: Fuzzing emulated Android device drivers

None, None

FELIX: Fuzzing emulated Android device drivers

Master Thesis (2025)

Author(s)

J.C. Botha (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

M. Taouil – Graduation committee member (TU Delft - Computer Engineering)

M.L.J. van Beusekom – Mentor (TU Delft - Computer Engineering)

S.E. Verwer – Graduation committee member (TU Delft - Algorithmics)

Faculty

Electrical Engineering, Mathematics and Computer Science

Android Vulnerability Driver Fuzzing Device Lkm

To reference this document use:

https://resolver.tudelft.nl/uuid:bc54f9bd-4af9-437c-922b-ff26f311a71d

More Info

expand_more

Publication Year

2025

Language

English

Graduation Date

08-12-2025

Awarding Institution

Delft University of Technology

Programme

['Electrical Engineering | Embedded Systems']

Faculty

Electrical Engineering, Mathematics and Computer Science

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

The increased use of mobile phones in security related applications has increased the need to verify device integrity. Consumers use smartphones as a form of online identification. Mobile phones provide law enforcement a useful surface for criminal prosecution. Manufacturers constantly patch vulnerabilities to prevent data leaks. Finding exploitable vulnerabilities, however, is non-trivial due to device encryption. One vector of attack is compromising a device driver to access privileged kernel information.

Finding exploits is difficult, time-consuming, and frequently requires in-depth knowledge of the surface under attack. Furthermore, software developers and manufacturers are continuously patching vulnerabilities and upgrading the interface. This makes finding vulnerabilities prone to errors, even for experts.

This thesis focusses on automating the process of finding vulnerabilities in Android device drivers. Several tools exist that automate part of the process, such as Syzkaller and the Evasion kernel. However, each individual tool leaves gaps in their use that make them impractical for realistic situations. Syzkaller is able to fuzz the Linux kernel, but often lacks the necessary components for fuzzing device drivers. The Evasion framework can emulate Android device drivers, but fuzzing these drivers requires in-depth knowledge of their internals.

Therefore, this thesis presents FELIX: a novel toolchain that is able to instrument and fuzz Android device drivers in an emulated environment. First, FELIX instruments the device driver and kernel in order to emulate the drivers without meeting the hardware requirements. Second, FELIX analyses the device driver to create the interface for a fuzzer. Lastly, FELIX uses Syzkaller to test the driver for vulnerabilities or exploits.

FELIX successfully fuzzed five different Android device drivers. In doing so, FELIX was able to reproduce known vulnerabilities, and managed to reach code that was previously uncovered. This demonstrates the ability of FELIX to discover new vulnerabilities in the future.

Files

MasterThesis.pdf

(pdf | 0 Mb)

License info not available

File under embargo until 08-12-2026