[Soot-list] Problems with analyzing Android application

Alireza Sadeghi asadeghi at gmu.edu
Wed Oct 23 13:38:14 EDT 2013 

Hi,

I want to use Soot to extract some information form Android apps source
codes. For this purpose, I've implemented the following code:

SootClass sClass = Scene.v().loadClassAndSupport(className);
sClass.setApplicationClass();
List<SootMethod> methods = sClass.getMethods();
for (SootMethod method : methods) {
    Body activeBody = method.retrieveActiveBody();
    PatchingChain<Unit> units = activeBody.getUnits();
    for (Unit unit : units) {

      //Extract something from unit.

    }
}

Also I've set the following Soot options:

 Options.v().set_soot_classpath(ANDROID_JAR_ADDR + ":" + appRootAddress +
"/src:");
Options.v().set_prepend_classpath(true);
Options.v().set_src_prec(Options.src_prec_java);


But, I have couple of problems:

First of all when I run my code, I get different exceptions based on the
target Android application, for example, this exception is thrown:

java.lang.RuntimeException: tried to get nonexistent method
<java.lang.StringBuffer: void <init>()>
at soot.Scene.getMethod(Scene.java:394)
at soot.JastAddJ.AddExpr.eval(AddExpr.java:118)
at soot.JastAddJ.TypeDecl.emitCastTo(TypeDecl.java:1523)
at soot.JastAddJ.VariableDeclaration.jimplify2(VariableDeclaration.java:229)
at soot.JastAddJ.Block.jimplify2(Block.java:134)
at soot.JastAddJ.IfStmt.jimplify2(IfStmt.java:152)
at soot.JastAddJ.Block.jimplify2(Block.java:134)
at soot.JastAddJ.MethodDecl.jimplify2(MethodDecl.java:1032)
at soot.JastAddInitialResolver$1.getBody(JastAddInitialResolver.java:127)
at soot.SootMethod.getBodyFromMethodSource(SootMethod.java:89)
at soot.SootMethod.retrieveActiveBody(SootMethod.java:322)

for this part of Android app code:

String imei = data.getStringExtra("imei");
String text = "The IMEI of this phone is: " + imei;
Toast.makeText(getApplicationContext(), text, Toast.LENGTH_SHORT).show();
Log.i("IMEI", "The IMEI is :" + imei);

I've checked many Soot's sample codes, including the post that Eric Bodden
has provided here<http://www.bodden.de/2013/01/08/soot-android-instrumentation/>.
But, the goal of all of this sample codes is to *instrument* the code and
they have used Transformers. But, I don't want to transform or instrument
the code, I just want to extract some information from the code.

Another problem is with dependencies. In addition to android.jar, many
Andriod applications have imported several libraries and also the R class
(all apps use its own R file, but this file is not included in app's source
code).

So (when I cannot provide these libraries to add to the Soot class path) is
it possible to tell Soot to ignore these reference during analysis and do
not stop its work because of not finding the referred classes. (I've
tried *set_allow_phantom_refs
*option that I thought is designed for this purpose, but it didn't work).


Thanks,
Alireza
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20131023/48bd9417/attachment.html

More information about the Soot-list mailing list