[Soot-list] Soot and Android

DON evolutiontheory at gmail.com
Tue Oct 2 10:46:22 EDT 2012 

Hello,

We were trying to do a whole program analysis on android jar files from
dex2jar, which converts dex to jar.

Basically we want to do some security analysis on android applications. For
this purpose we were trying to produce a call graph of the various classes.

Here are the problems we faced
1) We had to write a main class which calls various android entry points.
Is there any alternative to this approach? We would like to build an
analysis program which takes in android apks as input. And having to write
a main class each time is a roadblock at least for now. :-)
2) Please see the code below.
public class CallGraphExample {
        Sysout("this output is not coming when running from eclipse");
public static void main(String[] args) {
List<String> argsList = new ArrayList<String>(Arrays.asList(args));
argsList.addAll(Arrays.asList(new String[] { "-w",
"edu.buffalo.analysis.CallGraphs",// main-class which calls onCreate
in ros.disttimer.MainActivity
 }));
 PackManager.v().getPack("wjtp")
.add(new Transform("wjtp.myTrans", new SceneTransformer() {
protected void internalTransform(String phaseName,
Map options) {
CHATransformer.v().transform();
SootClass a = Scene.v().getSootClass("ros.disttimer.MainActivity");

SootMethod src = Scene.v().getMainClass()
.getMethodByName("doStuff");
CallGraph cg = Scene.v().getCallGraph();
 Iterator<MethodOrMethodContext> targets = new Targets(
cg.edgesOutOf(src));
 ReachableMethods reachableMethods = new ReachableMethods(cg, targets);
reachableMethods.update();
QueueReader queueReader = reachableMethods.listener();
 while(queueReader.hasNext()){
System.out.println(queueReader.next());
}
}

}));

args = argsList.toArray(new String[0]);

soot.Main.main(args);
}
}

When I run this program directly, this is working but I had to
give ros.disttimer.MainActivity (android application jar) in build path.
How can I get soot to fetch this jar without giving it as a class path?

3) I tried out running soot by right clicking on CallGraphs.java -> soot ->
process source file->run soot. It produced class files after analysis but I
am not seeing any sysout statement outputs this time. Where did they go to
this time?


Any advice on the above problems will be really appreciated. Also any tips
or links for using soot on android would be a real help.


Thanks in advance and also for the wonderful tool which is soot,
Don Manuel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121002/bedf3037/attachment.html

More information about the Soot-list mailing list