[Soot-list] Query Regarding Soot

LOKESH JAIN lokeshjain92 at gmail.com
Tue Aug 26 05:02:02 EDT 2014 

Thanks a lot

Regards
Lokesh Jain


On Mon, Aug 25, 2014 at 6:08 PM, Alexandre Bartel <alexandre.bartel at cased.de
> wrote:

> Hi Lokesh,
>
> Unfortunately, the tools you are referring to are not yet publicly
> available.
>
> I think that using Soot in appropriate for what you want to do. You can
> start by implementing the code in my last email using a Scene
> transformer.
>
> Cheers,
> Alexandre
>
> On Mon, 2014-08-25 at 17:02 +0530, LOKESH JAIN wrote:
> > Hey Alexandre,
> > Thanks for the reply.
> >
> >
> > I need Sensitive API's i.e API's for whom permissions are declared in
> > manifest file for each application. I am referring Pscout paper and
> > the mappings they have provided. They have provided total possible no.
> > of mappings.
> >
> > I want to find the mapping of each application. Or I thought if i
> > could just get the list of all API's used in an .apk file then i would
> > compare it with PScout mapping and find out only the sensitive API's.
> >
> >
> > Currently I have read your paper "Automatically Securing
> > Permission-Based Software By reducing the Attack Surface: An
> > Application to Android" to seek the solution for the same problem. In
> > that you have made "COPES" tool which implements "sniffer" that
> > extracts from application code list of API's used. But I couldn't find
> > the COPES tool on web.
> >
> >
> > Also I don't want to disassemble the .apk file. I want that i
> > give .apk file as input and i get the output list of all api's used in
> > that application and permission it is mapped to. If i get only api's
> > used then also it won't be a problem i would find the permissions
> > associated with it by using Pscout mappings. That is why I thought
> > SOOT would be good option. I you have any other solution please do
> > suggest and if you could please provide me the detailed code to solve
> > the problem.
> >
> >
> >
> > Thanks & Regards
> >
> > Lokesh Jain
> >
> >
> >
> > On Mon, Aug 25, 2014 at 2:05 PM, Alexandre Bartel
> > <alexandre.bartel at cased.de> wrote:
> >         Hi Lokesh,
> >
> >         What you need is a mapping between API methods and
> >         permissions.
> >         You can find such mappings here for instance:
> >         http://pscout.csl.toronto.edu/
> >
> >
> >         With Soot you can get the list of all methods that are called
> >         from an
> >         Android application by going through "statements" of all
> >         methods of all
> >         classes present in the Android apk. The code should look like
> >         this
> >         (within a "Scene Transformer":
> >         http://www.bodden.de/2008/11/26/soot-packs/ ):
> >
> >         for (SootClass sc: Scene.v().getApplicationClasses()) {
> >          for (SootMethod sm: sc.getMethods()) {
> >           if (!sm.isConcrete())
> >            continue;
> >
> >           Body b = sm.getActiveBody();
> >           if (b == null)
> >            continue;
> >           for (Unit u: b.getUnits()) {
> >            Stmt s = (Stmt)u;
> >            if (!s.containsInvokeExpr())
> >             continue;
> >
> >            String methodSig =
> >         s.getInvokeExpr().getMethodRef().toString();
> >            // you keep only methods that are in your mapping
> >           }
> >          }
> >         }
> >
> >         Cheers,
> >         Alexandre
> >
> >
> >
> >         On Sat, 2014-08-23 at 16:05 +0530, LOKESH JAIN wrote:
> >         > Hi,
> >         >
> >         >
> >         > Is there any utility in Soot, that would help me get all the
> >         API's
> >         > used in an application.?
> >         >
> >         >
> >         > I want the list of Sensitive API's that are used in .apk
> >         file i.e
> >         > those API's for whom corresponding permissions are declared
> >         in
> >         > manifest file. If i could get this then it would be awesome
> >         otherwise
> >         > if i can get all API's used in an .apk file that would also
> >         work.
> >         >
> >         >
> >         > Any help would be appreciated.
> >         >
> >         > Thanks & Regards
> >         >
> >         > Lokesh Jain
> >         > MS in CSE
> >         > IIIT Hyderabad
> >         >
> >
> >         > _______________________________________________
> >         > Soot-list mailing list
> >         > Soot-list at CS.McGill.CA
> >         > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
> >
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/daf73ea0/attachment-0001.html

More information about the Soot-list mailing list