[Soot-list] Problem in Making Call Flow Graph from Class or Java files.
Steven Arzt
Steven.Arzt at cased.de
Sun May 25 06:34:10 EDT 2014
Hi Vishal,
Please be specific about the errors you are getting. “I am getting errors”
is not helping much in understanding what is actually going wrong on your
side. You say that a certain line of code fails. So what happens? Can’t you
compile it? Do you get an exception? What exactly are your issues with the
imported projects?
For Android APK files, generating a callgraph is not as simple as for normal
Java class / source files. The reason lies in how the SPARK callgraph
construction algorithm works. It was designed to start at the program’s
single entry point, look for method calls there, then take all found called
methods, look at what they call, and so on. This way, it builds a precise
graph of what method is (potentially) called where and identifies the
methods which are reachable over all.
For Android, such a single entry point however does not exist. There is no
single method that is called and then (transitively) invokes all the rest of
the program. Instead, Android applications derive classes from certain
pre-defined operating system classes such as “Activity” where they overwrite
certain lifecycle methods. The Android OS instantiates these classes and
calls the respective lifecycle methods at predefined stages during the
execution. For SPARK, this poses a problem: Where to start looking for
method calls? SPARK cannot know that “Activity.onCreate()” will ever be
called since that call is hidden inside the operating system implementation
and not visible to Soot. Respectively, it would not find any method that
ever gets called and your callgraph would be empty.
To solve this problem, we need to create an artificial entry point that
models all these calls the operating system does when actually executing the
application. Your idea of taking a single class file as a custom entry point
is exactly what I have proposed to you. However, you need to analyze your
APK file and then build a suitable entry point for this specific APK file.
There is no single class file you can use for all your APK files. Generating
such tailored entry points is what the AndroidEntryPointCreator class from
FlowDroid does. The reason why you need a bit more is that the analysis
process that needs to be done before you know what to put in your entry
point is not as simple as it sounds; Android is a highly dynamic environment
with callbacks, external configuration files, and the like. You can go ahead
and try to come up with something on your own, but I can tell you that we
have spent considerable effort on the subject and that there is no simple
solution unless you go for really unsound and coarse approximations such as
leaving out all the callbacks.
Best regards,
Steven
Von: Vishal K4 [mailto:vishal.k4 at tcs.com]
Gesendet: Sonntag, 25. Mai 2014 11:29
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: AW: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.
Hello,
I am still facing some problem in this project flow. i am describing my step
which i have done. Please correct me if possible.
Steps:-
1. I imported those two projects into my workspace and then created a new
project with those codes which you included in the mail.
2. After that i am getting errors in my newly created project near calling
of entrypoint. Getting error in the highlighted part.Codes given below
SootMethod entryPoint =
app.getEntryPointCreator().createDummyMain();
3. And i m also facing issues with those two imported inflow android
projects and as well what is their need. Can not we directly create a custom
entry point with a single class file and then make a call graph with the
apk files.
4. Please give me some simple solution i am getting stuck in this one
making CFG and also i have to submit the CFG of apk file in next two days.
So please help me.
I have an apk file and make a CFG . So please just give simple solution and
also anything which i should import.
Hoping for an easy solution.
Thanks & Regards,
Vishal Kumar
-----"Steven Arzt" <Steven.Arzt at cased.de> wrote: -----
To: "'Vishal K4'" <vishal.k4 at tcs.com>
From: "Steven Arzt" <Steven.Arzt at cased.de>
Date: 05/24/2014 09:01PM
Cc: <soot-list at CS.McGill.CA>
Subject: AW: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.
Hi Vishal,
As I explained, you first need to create an artificial main method that
emulates the Android lifecycle before you can create a callgraph from an APK
file. For this, you can use the AndroidEntryPointCreator component from
FlowDroid. You need the following two projects:
https://github.com/secure-software-engineering/soot-infoflow
https://github.com/secure-software-engineering/soot-infoflow-android
You can then use the following code to create a callgraph:
SetupApplication app = new SetupApplication
("D:/Tools/adt-bundle-windows-x86_64-20140321/sdk/platforms",
"D:/Temp/com.tweakersoft.aroundme-1.apk");
app.calculateSourcesSinksEntrypoints("D:/Arbeit/Android
Analyse/soot-infoflow-android/SourcesAndSinks.txt");
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList("D:/Temp/com.tweakerso
ft.aroundme-1.apk"));
Options.v().set_android_jars("D:/Tools/adt-bundle-windows-x86_64-20140321/sd
k/platforms");
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint =
app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
System.out.println(entryPoint.getActiveBody());
PackManager.v().runPacks();
System.out.println(Scene.v().getCallGraph().size());
This example program just prints out the size of the callgraph, but you can
use the CG as you lilke.
If you use our technology in a research project, please cite the FlowDroid
paper which you can find together with lots of other information on the tool
at: http://sseblog.ec-spride.de/tools/flowdroid/
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Vishal K4
Gesendet: Samstag, 24. Mai 2014 14:37
An: Steven Arzt
Cc: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.
Hi,
Thanks for your fast reply. You got me correctly, actually i need to make a
call graph from the apk file. I need to check all the flow of methods and
classes from tha apk file. So please give some idea to make it from apk file
step by step.
Waiting......
Thanks & Regards,
Vishal Kumar
Mobility Security- DESS
Tata Consultancy Services
VYDEHI RC-1 BLOCK
82,EPIP,Whitefield,
Bangalore - 560066,Karnataka
India
Mailto: vishal.k4 at tcs.com
Website: http://www.tcs.com <http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
-----soot-list-bounces at CS.McGill.CA wrote: -----
To: "'Marc-André Laverdière'" <marc-andre.laverdiere-papineau at polymtl.ca>,
<soot-list at CS.McGill.CA>
From: "Steven Arzt"
Sent by: soot-list-bounces at CS.McGill.CA
Date: 05/23/2014 08:47PM
Subject: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.
Hi Vishal,
Are you trying to create a callgraph from a Java file, a Class file or an
APK file? You mention all three sources in your e-mail. Java and Class file
work out-of-the-box just as Marc-André wrote.
For APK files, you need to do some extra work since the Soot callgraph
creator needs an entry point, i.e. a main method. In Android applications,
such a main method does not exist since Android instead tightly integrates
applications into the OS using a lifecycle. Android applications implement
classes inherited from OS classes and then overwrite the lifecycle methods.
There are ways to handle this (AndroidEntryPointCreator in FlowDroid), so
feel free to ask if you need it.
Best regards,
Steven
-----Ursprüngliche Nachricht-----
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA]
Im Auftrag von Marc-André Laverdière
Gesendet: Freitag, 23. Mai 2014 15:27
An: soot-list at CS.McGill.CA
Betreff: Re: [Soot-list] Problem in Making Call Flow Graph from Class or
Java files.
Hello Vishal,
One can build a call graph by running Soot from the command-line with the -w
option. In order to export and visualize the call graph, I recommend using
ProBe (http://plg.uwaterloo.ca/~olhotak/probe/)
Regards,
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 05/23/2014 02:03 AM, Vishal K4 wrote:
> Hi,
>
> I am facing a problem in soot. I have an android apk file and i have
> to make a call graph from the class files or apk files. So can you
> just give me an example that how can we make a CFG from java files.
> Please give me some idea about it. I will be waiting for your reply soon.
>
> I request you to please give an example step by step. Hoping for your
> response soon.
>
> Thanks & Regards,
>
> Vishal Kumar
>
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail message and/or
> attachments to it may contain confidential or privileged information.
> If you are not the intended recipient, any dissemination, use, review,
> distribution, printing or copying of the information contained in this
> e-mail message and/or attachments to it are strictly prohibited. If
> you have received this communication in error, please notify us by
> reply e-mail or telephone and immediately and permanently delete the
> message and any attachments. Thank you
>
>
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140525/ba3a4cbb/attachment-0001.html
More information about the Soot-list
mailing list