[Soot-list] Query Regarding Soot
LOKESH JAIN
lokeshjain92 at gmail.com
Tue Aug 26 05:02:02 EDT 2014
Thanks a lot
Regards
Lokesh Jain
On Mon, Aug 25, 2014 at 6:08 PM, Alexandre Bartel <alexandre.bartel at cased.de
> wrote:
> Hi Lokesh,
>
> Unfortunately, the tools you are referring to are not yet publicly
> available.
>
> I think that using Soot in appropriate for what you want to do. You can
> start by implementing the code in my last email using a Scene
> transformer.
>
> Cheers,
> Alexandre
>
> On Mon, 2014-08-25 at 17:02 +0530, LOKESH JAIN wrote:
> > Hey Alexandre,
> > Thanks for the reply.
> >
> >
> > I need Sensitive API's i.e API's for whom permissions are declared in
> > manifest file for each application. I am referring Pscout paper and
> > the mappings they have provided. They have provided total possible no.
> > of mappings.
> >
> > I want to find the mapping of each application. Or I thought if i
> > could just get the list of all API's used in an .apk file then i would
> > compare it with PScout mapping and find out only the sensitive API's.
> >
> >
> > Currently I have read your paper "Automatically Securing
> > Permission-Based Software By reducing the Attack Surface: An
> > Application to Android" to seek the solution for the same problem. In
> > that you have made "COPES" tool which implements "sniffer" that
> > extracts from application code list of API's used. But I couldn't find
> > the COPES tool on web.
> >
> >
> > Also I don't want to disassemble the .apk file. I want that i
> > give .apk file as input and i get the output list of all api's used in
> > that application and permission it is mapped to. If i get only api's
> > used then also it won't be a problem i would find the permissions
> > associated with it by using Pscout mappings. That is why I thought
> > SOOT would be good option. I you have any other solution please do
> > suggest and if you could please provide me the detailed code to solve
> > the problem.
> >
> >
> >
> > Thanks & Regards
> >
> > Lokesh Jain
> >
> >
> >
> > On Mon, Aug 25, 2014 at 2:05 PM, Alexandre Bartel
> > <alexandre.bartel at cased.de> wrote:
> > Hi Lokesh,
> >
> > What you need is a mapping between API methods and
> > permissions.
> > You can find such mappings here for instance:
> > http://pscout.csl.toronto.edu/
> >
> >
> > With Soot you can get the list of all methods that are called
> > from an
> > Android application by going through "statements" of all
> > methods of all
> > classes present in the Android apk. The code should look like
> > this
> > (within a "Scene Transformer":
> > http://www.bodden.de/2008/11/26/soot-packs/ ):
> >
> > for (SootClass sc: Scene.v().getApplicationClasses()) {
> > for (SootMethod sm: sc.getMethods()) {
> > if (!sm.isConcrete())
> > continue;
> >
> > Body b = sm.getActiveBody();
> > if (b == null)
> > continue;
> > for (Unit u: b.getUnits()) {
> > Stmt s = (Stmt)u;
> > if (!s.containsInvokeExpr())
> > continue;
> >
> > String methodSig =
> > s.getInvokeExpr().getMethodRef().toString();
> > // you keep only methods that are in your mapping
> > }
> > }
> > }
> >
> > Cheers,
> > Alexandre
> >
> >
> >
> > On Sat, 2014-08-23 at 16:05 +0530, LOKESH JAIN wrote:
> > > Hi,
> > >
> > >
> > > Is there any utility in Soot, that would help me get all the
> > API's
> > > used in an application.?
> > >
> > >
> > > I want the list of Sensitive API's that are used in .apk
> > file i.e
> > > those API's for whom corresponding permissions are declared
> > in
> > > manifest file. If i could get this then it would be awesome
> > otherwise
> > > if i can get all API's used in an .apk file that would also
> > work.
> > >
> > >
> > > Any help would be appreciated.
> > >
> > > Thanks & Regards
> > >
> > > Lokesh Jain
> > > MS in CSE
> > > IIIT Hyderabad
> > >
> >
> > > _______________________________________________
> > > Soot-list mailing list
> > > Soot-list at CS.McGill.CA
> > > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
> >
> >
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/daf73ea0/attachment-0001.html
More information about the Soot-list
mailing list