[Soot-list] Partial Evaluator based on Soot
Bodden, Eric
eric.bodden at sit.fraunhofer.de
Fri Jun 28 12:35:41 EDT 2013
Hi Saswat.
There is some de-obfuscation support in dava (which is part of Soot) but it's not meant to be for Android. I am sure it does nothing for reflection. Would be great to have such a tool! Please keep me posted …
Cheers,
Eric
On 14.06.2013, at 01:51, Saswat Anand <saswat78 at gmail.com> wrote:
> Hi,
>
> I wish to analyze obfuscated (android) programs using soot. So I am
> wondering if anybody tried to de-obfuscate programs statically.
> Specifically, what I have in mind is to partially evaluate parts of
> the code and replace those parts with simpler code. The idea is
> similar to what TamiFlex could using dynamic analysis.
>
> For example, to prevent analysis, the following code not only uses
> reflection to call a method, but the strings representing the method
> and class names are obfuscated. In this example, it is possible to
> replace the entire code with one invocation stmt.
>
> Did anybody has any code that can either already do this or serve as a
> starting point?
>
> Thanks,
> Saswat
>
>
> $b142 = 0;
> $b143 = -3;
> $s144 = 285;
> $r238 = staticinvoke <com.android.system.admin.ICICcOCo:
> java.lang.String oCIlCll(int,int,int)>($b142, $b143, $s144);
> $r239 = $r238;
> $r240 = staticinvoke <java.lang.Class: java.lang.Class
> forName(java.lang.String)>($r239);
> $r241 = $r240;
> $b145 = -34;
> $b146 = -1;
> $s147 = 188;
> $r242 = staticinvoke <com.android.system.admin.ICICcOCo:
> java.lang.String oCIlCll(int,int,int)>($b145, $b146, $s147);
> $r243 = $r242;
> $n10 = null;
> $r244 = virtualinvoke $r241.<java.lang.Class:
> java.lang.reflect.Method
> getMethod(java.lang.String,java.lang.Class[])>($r243, $n10);
> $r245 = $r244;
> $n11 = null;
> virtualinvoke $r245.<java.lang.reflect.Method:
> java.lang.Object invoke(java.lang.Object,java.lang.Object[])>($r2,
> $n11);
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
--
Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering Group at EC SPRIDE
Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
More information about the Soot-list
mailing list