[Soot-list] Android APK Analysis

Modhi Alsobiehy m99m20 at hotmail.com
Mon Mar 31 20:49:07 EDT 2014 

Eric, Steven,


Thanks for responding;

 I followd the tutorial in CCS2013 slides, this is the code I ran and produced the empty-body jimple files:

------------------------------------------------------

package androidInstrument;


import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import soot.Body;
import soot.G;
import soot.PackManager;
import soot.Scene;
import soot.SootClass;
import soot.Transform;
import soot.options.Options;
import soot.toolkits.graph.ExceptionalUnitGraph;
import soot.toolkits.graph.UnitGraph;



public class AndroidInstrument {
 
 public static void main(String[] args) {
  G.reset();


  final String androidJar = "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms/android-17/android.jar";
  List<String> argsList = new ArrayList<String>(Arrays.asList(args));   
  
  PackManager.v().getPack("jtp").add(new Transform("jtp.myAnalysis", new MyBodyTransformer()));
  
  argsList.addAll(Arrays.asList(new String[] {
    "-process-dir",
    "D:/APKs/calc.apk",
    }));
  
  Options.v().set_allow_phantom_refs(true);
  Options.v().set_android_jars(androidJar);
  Options.v().set_output_format(Options.output_format_jimple);
  
  args = argsList.toArray(new String[0]);
  soot.Main.main(args);
  
 }
-------------------------------------------------
calc is a simple calculator app which I dounloaded from google play. I got the same results with any apk as well!


this is the output in the console window:


Soot started on Mon Mar 31 15:34:18 CDT 2014
Warning: de.underflow.calc.CalculatorPreferenceActivity is a phantom class!
Warning: de.underflow.calc.e is a phantom class!
Warning: de.underflow.calc.d is a phantom class!
Warning: de.underflow.a.a is a phantom class!
Warning: de.underflow.calc.history.CalculatorHistoryActivity is a phantom class!
Warning: org.jared.commons.ui.WorkspaceView is a phantom class!
Warning: org.jared.commons.ui.WorkspaceView$SavedState is a phantom class!
Warning: org.a.a.b is a phantom class!
Warning: org.a.a.c is a phantom class!
Warning: org.a.a.a is a phantom class!
Warning: org.a.a.l is a phantom class!
Warning: org.a.a.m is a phantom class!
Warning: org.a.a.n is a phantom class!
Warning: org.a.a.o is a phantom class!
Warning: org.a.a.p is a phantom class!
Warning: org.a.a.q is a phantom class!
Warning: org.a.a.r is a phantom class!
Warning: org.a.a.s is a phantom class!
Warning: org.a.a.d is a phantom class!
Warning: org.a.a.e is a phantom class!
Warning: org.a.a.f is a phantom class!
Warning: org.a.a.g is a phantom class!
Warning: org.a.a.h is a phantom class!
Warning: org.a.a.i is a phantom class!
Warning: org.a.a.j is a phantom class!
Warning: org.a.a.k is a phantom class!
Warning: de.underflow.a.b is a phantom class!
Warning: de.underflow.a.c is a phantom class!
Warning: de.underflow.a.d is a phantom class!
Warning: de.underflow.a.e is a phantom class!
Warning: de.underflow.calc.constants.c is a phantom class!
Warning: de.underflow.a.f is a phantom class!
Warning: de.underflow.calc.constants.d is a phantom class!
Warning: org.a.a.u is a phantom class!
Warning: org.a.a.t is a phantom class!
Warning: org.a.a.w is a phantom class!
Warning: org.jared.commons.ui.a is a phantom class!
Warning: org.a.a.v is a phantom class!
Warning: org.jared.commons.ui.b is a phantom class!
Warning: org.a.a.y is a phantom class!
Warning: org.a.a.x is a phantom class!
Warning: org.a.a.z is a phantom class!
Warning: de.underflow.calc.b is a phantom class!
Warning: de.underflow.calc.c is a phantom class!
Warning: de.underflow.calc.a is a phantom class!
Warning: org.a.a.ac is a phantom class!
Warning: org.a.a.aa is a phantom class!
Warning: org.a.a.ab is a phantom class!
Warning: de.underflow.calc.constants.b is a phantom class!
Warning: de.underflow.calc.constants.a is a phantom class!
Warning: de.underflow.calc.constants.ConstantsListActivity is a phantom class!
Warning: de.underflow.calc.themechooser.ThemeChooserListPreference is a phantom class!
Warning: de.underflow.calc.CalculatorMainActivity is a phantom class!
Warning: de.underflow.calc.history.a is a phantom class!
Warning: de.underflow.calc.history.c is a phantom class!
Warning: de.underflow.calc.history.b is a phantom class!
Transforming de.underflow.calc.CalculatorPreferenceActivity... 
Transforming de.underflow.calc.e... 
Transforming de.underflow.calc.d... 
Transforming de.underflow.a.a... 
Transforming de.underflow.calc.history.CalculatorHistoryActivity... 
Transforming org.jared.commons.ui.WorkspaceView... 
Transforming org.jared.commons.ui.WorkspaceView$SavedState... 
Transforming org.a.a.b... 
Transforming org.a.a.c... 
Transforming org.a.a.a... 
Transforming org.a.a.l... 
Transforming org.a.a.m... 
Transforming org.a.a.n... 
Transforming org.a.a.o... 
Transforming org.a.a.p... 
Transforming org.a.a.q... 
Transforming org.a.a.r... 
Transforming org.a.a.s... 
Transforming org.a.a.d... 
Transforming org.a.a.e... 
Transforming org.a.a.f... 
Transforming org.a.a.g... 
Transforming org.a.a.h... 
Transforming org.a.a.i... 
Transforming org.a.a.j... 
Transforming org.a.a.k... 
Transforming de.underflow.a.b... 
Transforming de.underflow.a.c... 
Transforming de.underflow.a.d... 
Transforming de.underflow.a.e... 
Transforming de.underflow.calc.constants.c... 
Transforming de.underflow.a.f... 
Transforming de.underflow.calc.constants.d... 
Transforming org.a.a.u... 
Transforming org.a.a.t... 
Transforming org.a.a.w... 
Transforming org.jared.commons.ui.a... 
Transforming org.a.a.v... 
Transforming org.jared.commons.ui.b... 
Transforming org.a.a.y... 
Transforming org.a.a.x... 
Transforming org.a.a.z... 
Transforming de.underflow.calc.b... 
Transforming de.underflow.calc.c... 
Transforming de.underflow.calc.a... 
Transforming org.a.a.ac... 
Transforming org.a.a.aa... 
Transforming org.a.a.ab... 
Transforming de.underflow.calc.constants.b... 
Transforming de.underflow.calc.constants.a... 
Transforming de.underflow.calc.constants.ConstantsListActivity... 
Transforming de.underflow.calc.themechooser.ThemeChooserListPreference... 
Transforming de.underflow.calc.CalculatorMainActivity... 
Transforming de.underflow.calc.history.a... 
Transforming de.underflow.calc.history.c... 
Transforming de.underflow.calc.history.b... 
Writing to sootOutput\de.underflow.calc.CalculatorPreferenceActivity.jimple
Writing to sootOutput\de.underflow.calc.e.jimple
Writing to sootOutput\de.underflow.calc.d.jimple
Writing to sootOutput\de.underflow.a.a.jimple
Writing to sootOutput\de.underflow.calc.history.CalculatorHistoryActivity.jimple
Writing to sootOutput\org.jared.commons.ui.WorkspaceView.jimple
Writing to sootOutput\org.jared.commons.ui.WorkspaceView$SavedState.jimple
Writing to sootOutput\org.a.a.b.jimple
Writing to sootOutput\org.a.a.c.jimple
Writing to sootOutput\org.a.a.a.jimple
Writing to sootOutput\org.a.a.l.jimple
Writing to sootOutput\org.a.a.m.jimple
Writing to sootOutput\org.a.a.n.jimple
Writing to sootOutput\org.a.a.o.jimple
Writing to sootOutput\org.a.a.p.jimple
Writing to sootOutput\org.a.a.q.jimple
Writing to sootOutput\org.a.a.r.jimple
Writing to sootOutput\org.a.a.s.jimple
Writing to sootOutput\org.a.a.d.jimple
Writing to sootOutput\org.a.a.e.jimple
Writing to sootOutput\org.a.a.f.jimple
Writing to sootOutput\org.a.a.g.jimple
Writing to sootOutput\org.a.a.h.jimple
Writing to sootOutput\org.a.a.i.jimple
Writing to sootOutput\org.a.a.j.jimple
Writing to sootOutput\org.a.a.k.jimple
Writing to sootOutput\de.underflow.a.b.jimple
Writing to sootOutput\de.underflow.a.c.jimple
Writing to sootOutput\de.underflow.a.d.jimple
Writing to sootOutput\de.underflow.a.e.jimple
Writing to sootOutput\de.underflow.calc.constants.c.jimple
Writing to sootOutput\de.underflow.a.f.jimple
Writing to sootOutput\de.underflow.calc.constants.d.jimple
Writing to sootOutput\org.a.a.u.jimple
Writing to sootOutput\org.a.a.t.jimple
Writing to sootOutput\org.a.a.w.jimple
Writing to sootOutput\org.jared.commons.ui.a.jimple
Writing to sootOutput\org.a.a.v.jimple
Writing to sootOutput\org.jared.commons.ui.b.jimple
Writing to sootOutput\org.a.a.y.jimple
Writing to sootOutput\org.a.a.x.jimple
Writing to sootOutput\org.a.a.z.jimple
Writing to sootOutput\de.underflow.calc.b.jimple
Writing to sootOutput\de.underflow.calc.c.jimple
Writing to sootOutput\de.underflow.calc.a.jimple
Writing to sootOutput\org.a.a.ac.jimple
Writing to sootOutput\org.a.a.aa.jimple
Writing to sootOutput\org.a.a.ab.jimple
Writing to sootOutput\de.underflow.calc.constants.b.jimple
Writing to sootOutput\de.underflow.calc.constants.a.jimple
Writing to sootOutput\de.underflow.calc.constants.ConstantsListActivity.jimple
Writing to sootOutput\de.underflow.calc.themechooser.ThemeChooserListPreference.jimple
Writing to sootOutput\de.underflow.calc.CalculatorMainActivity.jimple
Writing to sootOutput\de.underflow.calc.history.a.jimple
Writing to sootOutput\de.underflow.calc.history.c.jimple
Writing to sootOutput\de.underflow.calc.history.b.jimple
Soot finished on Mon Mar 31 15:34:26 CDT 2014
Soot has run for 0 min. 7 sec.

----------------------------------------------------------
Thanks for your help!

--modhi






Sent from Windows Mail





From: Steven Arzt
Sent: ‎Monday‎, ‎March‎ ‎31‎, ‎2014 ‎2‎:‎30‎ ‎AM
To: Modhi Alsobeihy, soot-list at sable.mcgill.ca





Hi Modhi,

Soot translates Android APK / dex files to Jimple just as it would do with
Java class or source files. When writing the output, the new APK / dex files
are generated from Jimple just as it would be with Java class files. So the
process of using the Jimple method bodies is no different to the Soot user.
Still, if you want to perform e.g. a static analysis, you have to keep the
Android semantics (i.e. the lifecycle) in mind, but this is a semantic
problem.

If you get empty bodies, something's obviously wrong. Could you provide the
source code you have used? There are quite some tutorials about using Soot
for Android out there... If you need a good one:
http://sseblog.ec-spride.de/tutorials/ Look for the RV2013 paper and the
CCS2013 slides.

Best regards,
  Steven

-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Modhi Alsobiehy
Gesendet: Sonntag, 30. März 2014 16:39
An: Soot list
Betreff: [Soot-list] Android APK Analysis

Hi all,

I have two questions:

1. Once I follow the android instrumentation tutorial, do I use soot
normally as in analyzing java?? i am not sure what i am missing, i literally
copied and pasted the the code provided in the tutorial - with some
adjustments of course- and i noticed that whatever apk file i analyze, the
produced jimple files are empty-body!! 

2. i have been told about JVM TI to analyze dex files. For those who tried
it, in comparison with soot, which one is more powerful if we need insert
some code to monitor data transmission behavior of an app??

-Best,
Modhi
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140401/ffa3fe67/attachment-0001.html

More information about the Soot-list mailing list