[Soot-list] Generating Android APK CallFlowGraph
LOKESH JAIN
lokeshjain92 at gmail.com
Sun Jul 20 03:44:40 EDT 2014
I have tried DotGraph class from the soot.util.dot package but it's giving
me null pointer exception. Following is the tried code.
I have converted QueueReader object into string as DotGraph takes only
string argument. It's getting complicated. Please suggest some simple
solution.
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.xmlpull.v1.XmlPullParserException;
import soot.PackManager;
import soot.Scene;
import soot.SootMethod;
import soot.jimple.infoflow.android.SetupApplication;
import soot.options.Options;
import soot.util.dot.DotGraphUtility;
import soot.util.dot.Renderable;
public class CFG {
//private static Map options;
static DotGraph dg;
public CFG() {
//this.options=options;
// TODO Auto-generated constructor stub
}
/*public DotGraph createSubGraph(String label)
{
DotGraph createSubGraph =
DotGraph.createSubGraph(Scene.v().getCallGraph().listener().toString());
}*/
public static void main(String[] args) {
// TODO Auto-generated method stub
SetupApplication app = new
SetupApplication("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar","/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk");
try {
app.calculateSourcesSinksEntrypoints("/home/lokesh/Downloads/soot-infoflow-android-develop/SourcesAndSinks.txt");
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (XmlPullParserException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList("/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk"));
Options.v().set_force_android_jar("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar");
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().setPhaseOption("cg.spark verbose:true", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
System.out.println("............"+entryPoint.getActiveBody());
PackManager.v().runPacks();
System.out.println(Scene.v().getCallGraph().size());
String label = Scene.v().getCallGraph().listener().toString();
dg.createSubGraph(label);
}
}
import java.io.IOException;
import java.io.OutputStream;
import java.util.LinkedList;
import java.util.List;
import soot.util.dot.DotGraphUtility;
import soot.util.dot.Renderable;
public class DotGraph implements Renderable
{
private boolean isSubGraph;
private List<Renderable> drawElements;
private String graphname;
public DotGraph(String graphname)
{
this.drawElements = new LinkedList<Renderable>();
}
public DotGraph createSubGraph(String label)
{
DotGraph subgraph = new DotGraph(label);
subgraph.isSubGraph = true;
this.drawElements.add(subgraph);
System.out.println(subgraph);
return subgraph;
}
@Override
public void render(OutputStream out, int indent) throws IOException {
String graphname = this.graphname;
if (!isSubGraph) {
DotGraphUtility.renderLine(out, "digraph \""+graphname+"\" {",
indent);
} else {
DotGraphUtility.renderLine(out, "subgraph \""+graphname+"\" {", indent);
}
}
}
Thanks & Regards
Lokesh
On Sat, Jul 19, 2014 at 10:57 PM, Stefan Gommer <gommeriphone at googlemail.com
> wrote:
> Hi Lokesh,
>
> you could use the DotGraph class from the soot.util.dot package and build
> a Graph on your own while traversing through the cfg. I don’t know if there
> is a method to do this automatically.
>
> Stefan
>
>
> Am 19.07.2014 um 15:16 schrieb LOKESH JAIN <lokeshjain92 at gmail.com>:
>
> Hi Steven,
> this Scene.v().getCallgraph().listener() is giving me QueueReader object.
> But I am not able to create a dot file from it. I have tried dump_cfg and
> various others options but all are of no help.
>
> 1. Please can you tell me how do i print a dot file out of QueueReader
> object?
>
> Also I am getting the call graph size as 54 for the general example apk
> "RV2013.apk".
>
> 2. How come call graph size is 54?
>
>
>
> On Fri, Jul 18, 2014 at 9:37 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>
>> Hi Lokesh,
>>
>>
>>
>> You can manually iterate over the callgraph using
>> Scene.v().getCallgraph().listener() and print it out in dot format which
>> should be fairly simple as it is just a QueueReader over the edges. Still,
>> I think Soot can also directly do that, but I have never used the dot
>> visualizer for callgraphs.
>>
>>
>>
>> Afterwards, you can visualize the dot file using GraphViz.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>> *Von:* LOKESH JAIN [mailto:lokeshjain92 at gmail.com]
>> *Gesendet:* Freitag, 18. Juli 2014 18:04
>> *An:* Steven Arzt
>> *Cc:* Modhi Alsobiehy; soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca;
>> soot-list at googlegroups.com
>>
>> *Betreff:* Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi,
>>
>> A gentle reminder. Please reply fast. I need it for my research project.
>>
>>
>>
>> Regards
>>
>> Lokesh
>>
>>
>>
>> On Thu, Jul 17, 2014 at 9:21 PM, LOKESH JAIN <lokeshjain92 at gmail.com>
>> wrote:
>>
>> Thanks a lot Steven and Modhi. It worked.
>>
>> It is showing call graph in words. How can I graphically see the call
>> graph for apk files as we see for java files??
>>
>>
>>
>> Regards
>>
>> Lokesh Jain
>>
>>
>>
>> On Thu, Jul 17, 2014 at 6:11 PM, Steven Arzt <Steven.Arzt at cased.de>
>> wrote:
>>
>> Hi Lokesh,
>>
>>
>>
>> It seems that you are missing the axml-2.0.jar library on your Java
>> classpath.
>>
>>
>>
>> Best regards,
>>
>> Steven
>>
>>
>>
>> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
>> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Modhi Alsobiehy
>> *Gesendet:* Donnerstag, 17. Juli 2014 14:39
>> *An:* LOKESH JAIN
>> *Cc:* soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca;
>> soot-list at googlegroups.com
>> *Betreff:* Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi Lokesh,
>>
>>
>>
>> Open the folder of your project and add the call back file into it.
>>
>>
>>
>> -Best,
>>
>> Modhi
>>
>>
>> On Jul 17, 2014, at 12:03 PM, "LOKESH JAIN" <lokeshjain92 at gmail.com>
>> wrote:
>>
>> Hi all,
>>
>> Modhi, I am using your code for generating call graph for apk file. But,
>> I am getting following error
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> pxb/android/axml/NodeVisitor
>> at
>> soot.jimple.infoflow.android.manifest.ProcessManifest.handle(Unknown Source)
>> at
>> soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>> at
>> soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown Source)
>> at
>> soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown
>> Source)
>> at
>> soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown
>> Source)
>> at CFG.main(CFG.java:33)
>> Caused by: java.lang.ClassNotFoundException: pxb.android.axml.NodeVisitor
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
>> at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:308)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
>> ... 6 more
>>
>> It's pretty much the same error that you were getting. Though I had
>> checked , there is no duplicate library added. Also there is already
>> AndroidCallbacks.txt in soot-infoflow-android, i haven't understood how to
>> add it into my project.
>> Any help would be appreciated. Thank You
>> Regards
>> Lokesh
>>
>>
>> On Saturday, 5 July 2014 23:04:49 UTC+5:30, Modhi Alsobiehy wrote:
>>
>> Hi all,
>>
>> I need to traverse the call flow graph of android apps( apk files).
>>
>> I understand that I must set an entry point so to start, I tried the
>> following code :
>>
>>
>>
>>
>> ----------------------------------------------------------------------------------------------------
>>
>> *mport* java.io.IOException;
>>
>> *import* java.util.Collections;
>>
>> *import* org.xmlpull.v1.XmlPullParserException;
>>
>> *import* soot.PackManager;
>>
>> *import* soot.Scene;
>>
>> *import* soot.SootMethod;
>>
>> *import* soot.jimple.infoflow.android.SetupApplication;
>>
>> *import* soot.options.Options;
>>
>> *public* *class* CFG {
>>
>> *public* CFG() {
>>
>> // *TODO* Auto-generated constructor stub
>>
>> }
>>
>> *public* *static* *void* main(String[] args) {
>>
>> // *TODO* Auto-generated method stub
>>
>> SetupApplication app = *new* SetupApplication(
>> "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms",
>> "D:/APKs/location.apk");
>>
>> *try* {
>>
>> app.calculateSourcesSinksEntrypoints("D:/FlowDroid/SourcesAndSinks.txt");
>>
>> } *catch* (IOException e) {
>>
>> // *TODO* Auto-generated catch block
>>
>> e.printStackTrace();
>>
>> } *catch* (XmlPullParserException e) {
>>
>> // *TODO* Auto-generated catch block
>>
>> e.printStackTrace();
>>
>> }
>>
>> soot.G.*reset*();
>>
>> Options.*v*().set_src_prec(Options.*src_prec_apk*);
>>
>> Options.*v*().set_process_dir(Collections.*singletonList*(
>> "D:/APKs/location.apk"));
>>
>> Options.*v*().set_android_jars(
>> "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms");
>>
>> Options.*v*().set_whole_program(*true*);
>>
>> Options.*v*().set_allow_phantom_refs(*true*);
>>
>> Options.*v*().set_output_format(Options.*output_format_none*);
>>
>> Options.*v*().setPhaseOption("cg.spark", "on");
>>
>> Scene.*v*().loadNecessaryClasses();
>>
>> SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
>>
>> Options.*v*().set_main_class(entryPoint.getSignature());
>>
>> Scene.*v*().setEntryPoints(Collections.*singletonList*(entryPoint));
>>
>> System.*out*.println(entryPoint.getActiveBody());
>>
>> PackManager.*v*().runPacks();
>>
>> System.*out*.println(Scene.*v*().getCallGraph().size());
>>
>> }
>>
>> }
>>
>>
>> ---------------------------------------------------------------------------------------------------------------------
>>
>> Unfortunately, I am getting the following error:
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> pxb/android/axml/NodeVisitor
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.handle(Unknown
>> Source)
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown
>> Source)
>>
>> at soot.jimple.infoflow.android.manifest.ProcessManifest.<init>(Unknown
>> Source)
>>
>> at
>> soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown
>> Source)
>>
>> at
>> soot.jimple.infoflow.android.SetupApplication.calculateSourcesSinksEntrypoints(Unknown
>> Source)
>>
>> at apkCFG.CFG.main(*CFG.java:25*)
>>
>> Caused by: *java.lang.ClassNotFoundException*:
>> pxb.android.axml.NodeVisitor
>>
>> at java.net.URLClassLoader$1.run(Unknown Source)
>>
>> at java.net.URLClassLoader$1.run(Unknown Source)
>>
>> at java.security.AccessController.doPrivileged(*Native Method*)
>>
>> at java.net.URLClassLoader.findClass(Unknown Source)
>>
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>>
>> at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
>>
>> at java.lang.ClassLoader.loadClass(Unknown Source)
>>
>> ... 6 more
>>
>>
>>
>> Any help or advise on how to do that would be deeply appreciated!
>>
>> Thanx!!
>>
>>
>>
>>
>>
>> Sent from Windows Mail
>>
>>
>>
>>
>>
>>
>>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140720/623dabbc/attachment-0003.html
More information about the Soot-list
mailing list