[Soot-list] Query Regarding Soot
Alexandre Bartel
alexandre.bartel at cased.de
Mon Aug 25 08:38:01 EDT 2014
Hi Lokesh,
Unfortunately, the tools you are referring to are not yet publicly
available.
I think that using Soot in appropriate for what you want to do. You can
start by implementing the code in my last email using a Scene
transformer.
Cheers,
Alexandre
On Mon, 2014-08-25 at 17:02 +0530, LOKESH JAIN wrote:
> Hey Alexandre,
> Thanks for the reply.
>
>
> I need Sensitive API's i.e API's for whom permissions are declared in
> manifest file for each application. I am referring Pscout paper and
> the mappings they have provided. They have provided total possible no.
> of mappings.
>
> I want to find the mapping of each application. Or I thought if i
> could just get the list of all API's used in an .apk file then i would
> compare it with PScout mapping and find out only the sensitive API's.
>
>
> Currently I have read your paper "Automatically Securing
> Permission-Based Software By reducing the Attack Surface: An
> Application to Android" to seek the solution for the same problem. In
> that you have made "COPES" tool which implements "sniffer" that
> extracts from application code list of API's used. But I couldn't find
> the COPES tool on web.
>
>
> Also I don't want to disassemble the .apk file. I want that i
> give .apk file as input and i get the output list of all api's used in
> that application and permission it is mapped to. If i get only api's
> used then also it won't be a problem i would find the permissions
> associated with it by using Pscout mappings. That is why I thought
> SOOT would be good option. I you have any other solution please do
> suggest and if you could please provide me the detailed code to solve
> the problem.
>
>
>
> Thanks & Regards
>
> Lokesh Jain
>
>
>
> On Mon, Aug 25, 2014 at 2:05 PM, Alexandre Bartel
> <alexandre.bartel at cased.de> wrote:
> Hi Lokesh,
>
> What you need is a mapping between API methods and
> permissions.
> You can find such mappings here for instance:
> http://pscout.csl.toronto.edu/
>
>
> With Soot you can get the list of all methods that are called
> from an
> Android application by going through "statements" of all
> methods of all
> classes present in the Android apk. The code should look like
> this
> (within a "Scene Transformer":
> http://www.bodden.de/2008/11/26/soot-packs/ ):
>
> for (SootClass sc: Scene.v().getApplicationClasses()) {
> for (SootMethod sm: sc.getMethods()) {
> if (!sm.isConcrete())
> continue;
>
> Body b = sm.getActiveBody();
> if (b == null)
> continue;
> for (Unit u: b.getUnits()) {
> Stmt s = (Stmt)u;
> if (!s.containsInvokeExpr())
> continue;
>
> String methodSig =
> s.getInvokeExpr().getMethodRef().toString();
> // you keep only methods that are in your mapping
> }
> }
> }
>
> Cheers,
> Alexandre
>
>
>
> On Sat, 2014-08-23 at 16:05 +0530, LOKESH JAIN wrote:
> > Hi,
> >
> >
> > Is there any utility in Soot, that would help me get all the
> API's
> > used in an application.?
> >
> >
> > I want the list of Sensitive API's that are used in .apk
> file i.e
> > those API's for whom corresponding permissions are declared
> in
> > manifest file. If i could get this then it would be awesome
> otherwise
> > if i can get all API's used in an .apk file that would also
> work.
> >
> >
> > Any help would be appreciated.
> >
> > Thanks & Regards
> >
> > Lokesh Jain
> > MS in CSE
> > IIIT Hyderabad
> >
>
> > _______________________________________________
> > Soot-list mailing list
> > Soot-list at CS.McGill.CA
> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
>
>
More information about the Soot-list
mailing list