# binder2corpus

This tool converts recordings generated by record_binder tool to fuzzer seeds for fuzzService.

# Steps to add corpus:

## Start recording the service binder
ex. record_binder start manager

## Run test on device or keep device idle
ex. atest servicemanager_test

## Stop the recording
record_binder stop manager

## Pull the recording on host
Recordings are present on device at /data/local/recordings/<service_name>. Use adb pull.
Use inspect command of record_binder to check if there are some transactions captured.
ex. record_binder inspect manager

## run corpus generator tool
binder2corpus <recording_path> <dir_to_write_corpus>

## Build fuzzer and sync data directory
ex. m servicemanager_fuzzer && adb sync data

## Push corpus on device
ex. adb push servicemanager_fuzzer_corpus/ /data/fuzz/x86_64/servicemanager_fuzzer/

## Run fuzzer with corpus directory as argument
ex. adb shell /data/fuzz/x86_64/servicemanager_fuzzer/servicemanager_fuzzer /data/fuzz/x86_64/servicemanager_fuzzer/servicemanager_fuzzer_corpus