environment_setup.md

March 26, 2025 · View on GitHub

Environment Setup

Prerequisites

Before starting, ensure you have the necessary tools installed on your system:

  • Git
  • Android repo tool
  • Build essentials
  • Android studio

Clone Repository

git clone https://github.com/0xbinder/android-kernel-exploitation-lab.git ~/android-kernel-exploitation-lab
cd ~/android-kernel-exploitation-lab

Kernel Build Environment Setup

  1. Create a directory for the kernel source:
mkdir -p android-kernel
cd android-kernel
  1. Initialize the repository:
repo init --depth=1 -u https://android.googlesource.com/kernel/manifest -b q-goldfish-android-goldfish-4.14-dev
  1. Replace the default manifest:
cp ~/android-kernel-exploitation-lab/custom-manifest/goldfish-android10-manifest.xml .repo/manifests/default.xml
  1. Sync the kernel source:
repo sync -c --no-tags --no-clone-bundle -j$(nproc)
  1. Patch the vulnerability:
cd goldfish/
git apply ~/android-kernel-exploitation-lab/patches/android-binder-cve-2019-2215-patch.patch
git status
  1. Build the kernel:
android-kernel-exploitation-lab/android-kernel on main [!?] 
 BUILD_CONFIG=../kernel-build-configs/x86_64_kasan_build.sh build/build.sh

Troubleshooting Common Errors If you encounter the following linker error during compilation:

/sbin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here

This occurs due to a variable declaration conflict in the Device Tree Compiler source files. Fix it with:

sed -i 's/YYLTYPE yylloc;/extern YYLTYPE yylloc;/' ~/android-kernel-exploitation-lab/android-kernel/goldfish/scripts/dtc/dtc-lexer.lex.c_shipped

This command modifies the lexer source file to declare yylloc as an external variable, resolving the multiple definition error. After applying the fix, rerun the build command to continue the kernel compilation process.

Launch the Emulator with Custom Kernel

Before launching the emulator, ensure your environment is properly configured:

Set up Android SDK environment variables:

# Add these lines to your ~/.bashrc or ~/.zshrc
export ANDROID_SDK_ROOT=$HOME/Android/Sdk   # Change this path as needed
export PATH=$PATH:$ANDROID_SDK_ROOT/emulator
export PATH=$PATH:$ANDROID_SDK_ROOT/platform-tools
export PATH=$PATH:$ANDROID_SDK_ROOT/cmdline-tools/latest/bin

Then reload your shell configuration:

source ~/.bashrc  # or source ~/.zshrc

Create an appropriate AVD:

Verify your available system images first:

sdkmanager --list | grep system-images

Install the required system image if not already present:

sdkmanager "system-images;android-29;google_apis_playstore;x86_64"

Create an AVD specifically for testing the kernel vulnerability:

avdmanager create avd \
  --name "CVE-2019-2215" \
  --package "system-images;android-29;google_apis_playstore;x86_64" \
  --device "pixel"

Verify your AVD was created:

avdmanager list avd

Start the emulator using your custom-built kernel:

emulator -show-kernel -no-snapshot -wipe-data -avd CVE-2019-2215 -kernel ~/android-kernel-exploitation-lab/android-kernel/out/kasan/dist/bzImage

This command:

  • Shows kernel logs in the terminal (-show-kernel)
  • Starts with a clean state (-no-snapshot -wipe-data)
  • Uses your custom kernel with KASAN debugging enabled