[Soot-list] FlowDroid's handling on dynamically-registered broadcast receivers
Roy Liu
royliudev at gmail.com
Tue Oct 7 23:55:17 EDT 2014
Hi All,
I'm experimenting with FlowDroid by extending it a little bit to print more
information on the input APK.
One issue that I noticed is FlowDroid's handling on dynamically-registered
broadcast receiver(s) within an app.
On an iBanking malware sample that I observed, I notice that there exists a
dynamic registration operation
of a broadcast receiver due to the following statement:
"virtualinvoke $r0.<com.soft360.iService.AService:
android.content.Intent
registerReceiver(android.content.BroadcastReceiver,android.content.IntentFilter)>($r8,
$r7)",
where $r8 is defined in an earlier operation: $r8 = new
com.soft360.iService.SmsReceiver.
The issue is that, when I print all methods that are reachable from the
entry-point classes' methods
(derived from SetupApplication app.getEntrypointClasses()) using the
following code snippet,
the broadcast receiver's declared callback method (e.g. onReceive()) is
still not listed, thus making it
practically unreachable within the app.
appStartingMethods = new LinkedHashSet<SootMethod>();
for (SootClass aClass: appEntryPointClasses.values()) {
for (SootMethod aMethod: aClass.getMethods())
appStartingMethods.add(aMethod);
}
List<MethodOrMethodContext> startingMethodList = new
ArrayList<MethodOrMethodContext>();
startingMethodList.addAll(appStartingMethods);
ReachableMethods rm = new
ReachableMethods(Scene.v().getCallGraph(), startingMethodList);
rm.update();
Iterator<MethodOrMethodContext> allReachableMethods = rm.listener();
while (allReachableMethods.hasNext()) {
SootMethod method = allReachableMethods.next().method();
System.out.println(method.getSignature());
}
Hence, my question is whether such handling of a dynamically-registered
broadcast receiver is currently
omitted within FlowDroid. And if so, how can the receiver somehow be added
into the app's entry points.
Many thanks for any helps on this!
Thanks and regards,
Roy Liu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141008/04b08ffd/attachment.html
More information about the Soot-list
mailing list