[Soot-list] Android APK Analysis
Steven Arzt
Steven.Arzt at cased.de
Tue Apr 1 03:28:05 EDT 2014
Hi Modhi,
in general, I do not recommend mixing Soot options set through Options.v() with ones passed in through the command line (i.e. soot.Main). You should choose one of the two and stay with it.
There seems to be a problem with your Android JAR path: You can either specify the “platforms” directory inside your Android SDK (the folder path, not a concrete file) and use the android-jars option in which case Soot will automatically pick the appropriate platform version for you, or you can force the tool to use a specific version (i.e. android.jar file) with the force-android-jar option. You however cannot use a specific single file with the –android-jars option.
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Modhi Alsobiehy
Gesendet: Dienstag, 1. April 2014 02:49
An: soot-list at sable.mcgill.ca
Betreff: Re: [Soot-list] Android APK Analysis
Eric, Steven,
Thanks for responding;
I followd the tutorial in CCS2013 slides, this is the code I ran and produced the empty-body jimple files:
------------------------------------------------------
package androidInstrument;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import soot.Body;
import soot.G;
import soot.PackManager;
import soot.Scene;
import soot.SootClass;
import soot.Transform;
import soot.options.Options;
import soot.toolkits.graph.ExceptionalUnitGraph;
import soot.toolkits.graph.UnitGraph;
public class AndroidInstrument {
public static void main(String[] args) {
G.reset();
final String androidJar = "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms/android-17/android.jar";
List<String> argsList = new ArrayList<String>(Arrays.asList(args));
PackManager.v().getPack("jtp").add(new Transform("jtp.myAnalysis", new MyBodyTransformer()));
argsList.addAll(Arrays.asList(new String[] {
"-process-dir",
"D:/APKs/calc.apk",
}));
Options.v().set_allow_phantom_refs(true);
Options.v().set_android_jars(androidJar);
Options.v().set_output_format(Options.output_format_jimple);
args = argsList.toArray(new String[0]);
soot.Main.main(args);
}
-------------------------------------------------
calc is a simple calculator app which I dounloaded from google play. I got the same results with any apk as well!
this is the output in the console window:
Soot started on Mon Mar 31 15:34:18 CDT 2014
Warning: de.underflow.calc.CalculatorPreferenceActivity is a phantom class!
Warning: de.underflow.calc.e is a phantom class!
Warning: de.underflow.calc.d is a phantom class!
Warning: de.underflow.a.a is a phantom class!
Warning: de.underflow.calc.history.CalculatorHistoryActivity is a phantom class!
Warning: org.jared.commons.ui.WorkspaceView is a phantom class!
Warning: org.jared.commons.ui.WorkspaceView$SavedState is a phantom class!
Warning: org.a.a.b is a phantom class!
Warning: org.a.a.c is a phantom class!
Warning: org.a.a.a is a phantom class!
Warning: org.a.a.l is a phantom class!
Warning: org.a.a.m is a phantom class!
Warning: org.a.a.n is a phantom class!
Warning: org.a.a.o is a phantom class!
Warning: org.a.a.p is a phantom class!
Warning: org.a.a.q is a phantom class!
Warning: org.a.a.r is a phantom class!
Warning: org.a.a.s is a phantom class!
Warning: org.a.a.d is a phantom class!
Warning: org.a.a.e is a phantom class!
Warning: org.a.a.f is a phantom class!
Warning: org.a.a.g is a phantom class!
Warning: org.a.a.h is a phantom class!
Warning: org.a.a.i is a phantom class!
Warning: org.a.a.j is a phantom class!
Warning: org.a.a.k is a phantom class!
Warning: de.underflow.a.b is a phantom class!
Warning: de.underflow.a.c is a phantom class!
Warning: de.underflow.a.d is a phantom class!
Warning: de.underflow.a.e is a phantom class!
Warning: de.underflow.calc.constants.c is a phantom class!
Warning: de.underflow.a.f is a phantom class!
Warning: de.underflow.calc.constants.d is a phantom class!
Warning: org.a.a.u is a phantom class!
Warning: org.a.a.t is a phantom class!
Warning: org.a.a.w is a phantom class!
Warning: org.jared.commons.ui.a is a phantom class!
Warning: org.a.a.v is a phantom class!
Warning: org.jared.commons.ui.b is a phantom class!
Warning: org.a.a.y is a phantom class!
Warning: org.a.a.x is a phantom class!
Warning: org.a.a.z is a phantom class!
Warning: de.underflow.calc.b is a phantom class!
Warning: de.underflow.calc.c is a phantom class!
Warning: de.underflow.calc.a is a phantom class!
Warning: org.a.a.ac is a phantom class!
Warning: org.a.a.aa is a phantom class!
Warning: org.a.a.ab is a phantom class!
Warning: de.underflow.calc.constants.b is a phantom class!
Warning: de.underflow.calc.constants.a is a phantom class!
Warning: de.underflow.calc.constants.ConstantsListActivity is a phantom class!
Warning: de.underflow.calc.themechooser.ThemeChooserListPreference is a phantom class!
Warning: de.underflow.calc.CalculatorMainActivity is a phantom class!
Warning: de.underflow.calc.history.a is a phantom class!
Warning: de.underflow.calc.history.c is a phantom class!
Warning: de.underflow.calc.history.b is a phantom class!
Transforming de.underflow.calc.CalculatorPreferenceActivity...
Transforming de.underflow.calc.e...
Transforming de.underflow.calc.d...
Transforming de.underflow.a.a...
Transforming de.underflow.calc.history.CalculatorHistoryActivity...
Transforming org.jared.commons.ui.WorkspaceView...
Transforming org.jared.commons.ui.WorkspaceView$SavedState...
Transforming org.a.a.b...
Transforming org.a.a.c...
Transforming org.a.a.a...
Transforming org.a.a.l...
Transforming org.a.a.m...
Transforming org.a.a.n...
Transforming org.a.a.o...
Transforming org.a.a.p...
Transforming org.a.a.q...
Transforming org.a.a.r...
Transforming org.a.a.s...
Transforming org.a.a.d...
Transforming org.a.a.e...
Transforming org.a.a.f...
Transforming org.a.a.g...
Transforming org.a.a.h...
Transforming org.a.a.i...
Transforming org.a.a.j...
Transforming org.a.a.k...
Transforming de.underflow.a.b...
Transforming de.underflow.a.c...
Transforming de.underflow.a.d...
Transforming de.underflow.a.e...
Transforming de.underflow.calc.constants.c...
Transforming de.underflow.a.f...
Transforming de.underflow.calc.constants.d...
Transforming org.a.a.u...
Transforming org.a.a.t...
Transforming org.a.a.w...
Transforming org.jared.commons.ui.a...
Transforming org.a.a.v...
Transforming org.jared.commons.ui.b...
Transforming org.a.a.y...
Transforming org.a.a.x...
Transforming org.a.a.z...
Transforming de.underflow.calc.b...
Transforming de.underflow.calc.c...
Transforming de.underflow.calc.a...
Transforming org.a.a.ac...
Transforming org.a.a.aa...
Transforming org.a.a.ab...
Transforming de.underflow.calc.constants.b...
Transforming de.underflow.calc.constants.a...
Transforming de.underflow.calc.constants.ConstantsListActivity...
Transforming de.underflow.calc.themechooser.ThemeChooserListPreference...
Transforming de.underflow.calc.CalculatorMainActivity...
Transforming de.underflow.calc.history.a...
Transforming de.underflow.calc.history.c...
Transforming de.underflow.calc.history.b...
Writing to sootOutput\de.underflow.calc.CalculatorPreferenceActivity.jimple
Writing to sootOutput\de.underflow.calc.e.jimple
Writing to sootOutput\de.underflow.calc.d.jimple
Writing to sootOutput\de.underflow.a.a.jimple
Writing to sootOutput\de.underflow.calc.history.CalculatorHistoryActivity.jimple
Writing to sootOutput\org.jared.commons.ui.WorkspaceView.jimple
Writing to sootOutput\org.jared.commons.ui.WorkspaceView$SavedState.jimple
Writing to sootOutput\org.a.a.b.jimple
Writing to sootOutput\org.a.a.c.jimple
Writing to sootOutput\org.a.a.a.jimple
Writing to sootOutput\org.a.a.l.jimple
Writing to sootOutput\org.a.a.m.jimple
Writing to sootOutput\org.a.a.n.jimple
Writing to sootOutput\org.a.a.o.jimple
Writing to sootOutput\org.a.a.p.jimple
Writing to sootOutput\org.a.a.q.jimple
Writing to sootOutput\org.a.a.r.jimple
Writing to sootOutput\org.a.a.s.jimple
Writing to sootOutput\org.a.a.d.jimple
Writing to sootOutput\org.a.a.e.jimple
Writing to sootOutput\org.a.a.f.jimple
Writing to sootOutput\org.a.a.g.jimple
Writing to sootOutput\org.a.a.h.jimple
Writing to sootOutput\org.a.a.i.jimple
Writing to sootOutput\org.a.a.j.jimple
Writing to sootOutput\org.a.a.k.jimple
Writing to sootOutput\de.underflow.a.b.jimple
Writing to sootOutput\de.underflow.a.c.jimple
Writing to sootOutput\de.underflow.a.d.jimple
Writing to sootOutput\de.underflow.a.e.jimple
Writing to sootOutput\de.underflow.calc.constants.c.jimple
Writing to sootOutput\de.underflow.a.f.jimple
Writing to sootOutput\de.underflow.calc.constants.d.jimple
Writing to sootOutput\org.a.a.u.jimple
Writing to sootOutput\org.a.a.t.jimple
Writing to sootOutput\org.a.a.w.jimple
Writing to sootOutput\org.jared.commons.ui.a.jimple
Writing to sootOutput\org.a.a.v.jimple
Writing to sootOutput\org.jared.commons.ui.b.jimple
Writing to sootOutput\org.a.a.y.jimple
Writing to sootOutput\org.a.a.x.jimple
Writing to sootOutput\org.a.a.z.jimple
Writing to sootOutput\de.underflow.calc.b.jimple
Writing to sootOutput\de.underflow.calc.c.jimple
Writing to sootOutput\de.underflow.calc.a.jimple
Writing to sootOutput\org.a.a.ac.jimple
Writing to sootOutput\org.a.a.aa.jimple
Writing to sootOutput\org.a.a.ab.jimple
Writing to sootOutput\de.underflow.calc.constants.b.jimple
Writing to sootOutput\de.underflow.calc.constants.a.jimple
Writing to sootOutput\de.underflow.calc.constants.ConstantsListActivity.jimple
Writing to sootOutput\de.underflow.calc.themechooser.ThemeChooserListPreference.jimple
Writing to sootOutput\de.underflow.calc.CalculatorMainActivity.jimple
Writing to sootOutput\de.underflow.calc.history.a.jimple
Writing to sootOutput\de.underflow.calc.history.c.jimple
Writing to sootOutput\de.underflow.calc.history.b.jimple
Soot finished on Mon Mar 31 15:34:26 CDT 2014
Soot has run for 0 min. 7 sec.
----------------------------------------------------------
Thanks for your help!
--modhi
Sent from Windows Mail
From: Steven Arzt <mailto:Steven.Arzt at cased.de>
Sent: Monday, March 31, 2014 2:30 AM
To: Modhi Alsobeihy <mailto:m99m20 at hotmail.com> , soot-list at sable.mcgill.ca
Hi Modhi,
Soot translates Android APK / dex files to Jimple just as it would do with
Java class or source files. When writing the output, the new APK / dex files
are generated from Jimple just as it would be with Java class files. So the
process of using the Jimple method bodies is no different to the Soot user.
Still, if you want to perform e.g. a static analysis, you have to keep the
Android semantics (i.e. the lifecycle) in mind, but this is a semantic
problem.
If you get empty bodies, something's obviously wrong. Could you provide the
source code you have used? There are quite some tutorials about using Soot
for Android out there... If you need a good one:
http://sseblog.ec-spride.de/tutorials/ Look for the RV2013 paper and the
CCS2013 slides.
Best regards,
Steven
-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Modhi Alsobiehy
Gesendet: Sonntag, 30. März 2014 16:39
An: Soot list
Betreff: [Soot-list] Android APK Analysis
Hi all,
I have two questions:
1. Once I follow the android instrumentation tutorial, do I use soot
normally as in analyzing java?? i am not sure what i am missing, i literally
copied and pasted the the code provided in the tutorial - with some
adjustments of course- and i noticed that whatever apk file i analyze, the
produced jimple files are empty-body!!
2. i have been told about JVM TI to analyze dex files. For those who tried
it, in comparison with soot, which one is more powerful if we need insert
some code to monitor data transmission behavior of an app??
-Best,
Modhi
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140401/564a3957/attachment-0001.html
More information about the Soot-list
mailing list