[Soot-list] Inserting Log.i() in jimple..
Modhi Alsobiehy
m99m20 at hotmail.com
Wed Sep 3 15:36:57 EDT 2014
Hi Steven,
The following is the full source code, I attached the files involved as well..
Thank you,,
Modhi,,
Full Code:
------------------
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import android.provider.Settings;
import soot.Body;
import soot.G;
import soot.Local;
import soot.PackManager;
import soot.PatchingChain;
import soot.RefType;
import soot.Scene;
import soot.SootClass;
import soot.SootMethod;
import soot.Transform;
import soot.Unit;
import soot.Value;
import soot.jimple.AbstractStmtSwitch;
import soot.jimple.InvokeStmt;
import soot.jimple.Jimple;
import soot.jimple.StringConstant;
import soot.options.Options;
import soot.util.Chain;
public class AndroidInstrument {
static String output="";
static ArrayList<String> logLines = new ArrayList<String>();
public static void main(String[] args) {
try {
logLines = infoflowResults();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
soot.G.reset();
final String androidJar = "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms/";
List<String> argsList = new ArrayList<String>(Arrays.asList(args));
//Scene.v().loadClassAndSupport("android.util.Log");
Scene.v().addBasicClass("android.util.Log",SootClass.SIGNATURES);
Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new MyBodyTransformer()
{
@Override
protected void internalTransform(final Body b, String phaseName, Map options)
{
final PatchingChain<Unit> units = b.getUnits();
//important to use snapshotIterator here
for(Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext();)
{
final Unit u = iter.next();
u.apply(new AbstractStmtSwitch()
{
public void caseInvokeStmt(InvokeStmt stmt)
{
if(logLines.contains(stmt.toString()))
{
Local tmpRef = addTmpRef(b);
System.out.println("tmpRef"+tmpRef.toString());
Local tmpString1 = addTmpString1(b);
Local tmpString2 = addTmpString2(b);
System.out.println("tmpString1"+tmpString1.toString());
System.out.println("tmpString2"+tmpString2.toString());
// insert "tmpRef = android.util.Log.i;"
units.insertAfter(Jimple.v().newAssignStmt(
tmpRef, Jimple.v().newStaticFieldRef(
Scene.v().getField("<android.util.Log: int i>").makeRef())), u);
// insert "tmpString = 'stmt.getUseBoxes().toString()';"
String stmtStr = stmt.getUseBoxes().toString();
units.insertAfter(Jimple.v().newAssignStmt(tmpString1,
StringConstant.v(stmtStr)), u);
stmtStr = stmt.getUseBoxes().get(1).getValue().toString();
units.insertAfter(Jimple.v().newAssignStmt(tmpString2,
StringConstant.v(stmtStr)), u);
// insert "tmpRef.i(tmpString);"
SootMethod toCall = Scene.v().getSootClass("android.util.Log").getMethod("int i(java.lang.String,java.lang.String");
units.insertAfter(Jimple.v().newInvokeStmt(
Jimple.v().newVirtualInvokeExpr(tmpRef, toCall.makeRef(), tmpString1, tmpString2 )), u);
//check that we did not mess up the Jimple
b.validate();
}
}//caseInvokeStmt
} // anbstractStmtSwitch
);// apply
} // for iterator
}// internalTransformer closed
}));
argsList.addAll(Arrays.asList(new String[] {
"-cp" , androidJar
}));
String apk = "D:/simpleCal.apk";
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList(apk));
Options.v().set_android_jars(androidJar);
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().force_android_jar();
args = argsList.toArray(new String[0]);
soot.Main.main(args);
// to check output of soot
}
// ===============================================================
static Local addTmpRef(Body body)
{
Local tmpRef = Jimple.v().newLocal("tmpRef", RefType.v("android.util.Log"));
body.getLocals().add(tmpRef);
return tmpRef;
}
//--------------------------------------------------
static Local addTmpString1(Body body)
{
Local tmpString = Jimple.v().newLocal("tmpString1", RefType.v("java.lang.String"));
body.getLocals().add(tmpString);
return tmpString;
}
//--------------------------------------------------
static Local addTmpString2(Body body)
{
Local tmpString = Jimple.v().newLocal("tmpString2", RefType.v("java.lang.String"));
body.getLocals().add(tmpString);
return tmpString;
}
//--------------------------------------------------
static ArrayList<String> infoflowResults() throws IOException
{
ArrayList<String> logLine = new ArrayList<String>();
FileReader fr = new FileReader("D:/FlowDroid/FlowDroidResults.txt");
BufferedReader txtReader = new BufferedReader(fr);
String line = txtReader.readLine();
while(!(line== null))
{
if(line.matches("\\s*Found a flow to sink .*, from the following sources:.*"))
{
line = line.replaceFirst(".*Found\\sa\\sflow\\sto\\ssink\\s", "");
line = line.replaceFirst("(on line\\s\\d+)*\\, from the following sources:", "");
logLine.add(line);
}// end if
line=txtReader.readLine();
}// end while
fr.close();
return logLine;
}
}
Sent from Windows Mail
From: Steven Arzt
Sent: Wednesday, September 3, 2014 10:00 AM
To: Modhi Alsobeihy, soot-list at CS.McGill.CA, soot-list at sable.mcgill.ca
Hi Modhi,
Please do provide *full* source code. In your new snippet, you set Soot options, but in the old snippet you call G.reset() which is contradictory. Please send me a full .java file which can be compiled, so that I can really try out what you are doing.
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Modhi Alsobiehy
Gesendet: Dienstag, 2. September 2014 01:15
An: soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca
Betreff: Re: [Soot-list] Inserting Log.i() in jimple..
Hi Steven,
this is just the part of code which after I have added, the exception appeared!
Since snapshotIterator works well without the code responsible for inserting the jimple stmt, I am guessing that I have something wrong with that part!
Thank you!
Modhi,,
the part of code calling soot:
argsList.addAll(Arrays.asList(new String[] {
"-cp" , androidJar // soot does not run if I didn’t provide any arg!!
}));
String apk = "D:/simpleCal.apk";
Options.v().set_allow_phantom_refs(true);
Options.v().set_android_jars(androidJar);
Options.v().set_process_dir(Collections.singletonList(apk));
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_output_format(Options.output_format_none);
Options.v().force_android_jar();
args = argsList.toArray(new String[0]);
soot.Main.main(args);
Sent from Windows Mail
From: Steven Arzt
Sent: Monday, September 1, 2014 9:28 AM
To: Modhi Alsobeihy, soot-list at CS.McGill.CA, soot-list at sable.mcgill.ca
Hi Modhi,
Your code seems to be incomplete. How do you actually invoke Soot? Where do you use “argsList”? What are the contents of that list?
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Modhi Alsobiehy
Gesendet: Montag, 1. September 2014 09:16
An: soot-list at CS.McGill.CA; soot-list at sable.mcgill.ca
Betreff: [Soot-list] Inserting Log.i() in jimple..
Hi all,
I am trying to insert jimple statement to log some calls in android apks.
the statement is a regular andoid Log.i() statement,,
I followed the following tutorials:
http://www.sable.mcgill.ca/soot/tutorial/profiler/
http://www.bodden.de/2013/01/08/soot-android-instrumentation/
However, I'm getting the following exceptions, the first one occurs when I remove loadClassAndSupport("android.util.Log") call,,
the second exception occurs when the loadClassAndSupport("android.util.Log") statement is present.
I checked the classpath and every required jar is present in the buildpath of the project [recent soot-trunk and android jars],,
1- is the code I am using to insert the Log.i() statement correct??
2- if it correct, why I'm getting these exceptions?
Your quick response is highly appreciated!
Thank you,,
Modhi
Exceptions:
------------
1) Exception in thread "main" java.lang.RuntimeException: tried to get nonexistent field <android.util.Log: int i>
at soot.Scene.getField(Scene.java:611)
at androidInstrument.AndroidInstrument$1$1.caseInvokeStmt(AndroidInstrument.java:78)
at soot.jimple.internal.JInvokeStmt.apply(JInvokeStmt.java:100)
at androidInstrument.AndroidInstrument$1.internalTransform(AndroidInstrument.java:60)
at soot.BodyTransformer.transform(BodyTransformer.java:51)
at soot.Transform.apply(Transform.java:105)
at soot.BodyPack.internalApply(BodyPack.java:49)
at soot.Pack.apply(Pack.java:126)
at soot.PackManager.runBodyPacks(PackManager.java:903)
at soot.PackManager.runBodyPacks(PackManager.java:583)
at soot.PackManager.runBodyPacks(PackManager.java:486)
at soot.PackManager.runPacksNormally(PackManager.java:463)
at soot.PackManager.runPacks(PackManager.java:389)
at soot.Main.run(Main.java:203)
at soot.Main.main(Main.java:146)
at androidInstrument.AndroidInstrument.main(AndroidInstrument.java:126)
2) Exception in thread "main" soot.SootResolver$SootClassNotFoundException: couldn't find class: android.util.Log (is your soot-class-path set properly?)
at soot.SootResolver.bringToHierarchy(SootResolver.java:219)
at soot.SootResolver.bringToSignatures(SootResolver.java:255)
at soot.SootResolver.processResolveWorklist(SootResolver.java:168)
at soot.SootResolver.resolveClass(SootResolver.java:129)
at soot.Scene.loadClass(Scene.java:673)
at soot.Scene.loadClassAndSupport(Scene.java:658)
at androidInstrument.AndroidInstrument.main(AndroidInstrument.java:40)
Code snippets:
----------------
G.reset();
final String androidJar = "D:/AndroidADT/adt-bundle-windows-x86_64-20131030/sdk/platforms/";
List<String> argsList = new ArrayList<String>(Arrays.asList(args));
Scene.v().loadClassAndSupport("android.util.Log");
Scene.v().addBasicClass("android.util.Log",SootClass.SIGNATURES);
Scene.v().addBasicClass("java.lang.System",SootClass.SIGNATURES);
PackManager.v().getPack("jtp").add(new Transform("jtp.myInstrumenter", new MyBodyTransformer()
{
@Override
protected void internalTransform(final Body b, String phaseName, Map options)
{
final PatchingChain<Unit> units = b.getUnits();
//using snapshotIterator
for(Iterator<Unit> iter = units.snapshotIterator(); iter.hasNext();)
{
final Unit u = iter.next();
u.apply(new AbstractStmtSwitch()
{
public void caseInvokeStmt(InvokeStmt stmt)
{
if(stmt.toString().equals(targetStmt))
{
Local tmpRef = addTmpRef(b);
Local tmpString1 = addTmpString1(b);
Local tmpString2 = addTmpString2(b);
// inserting "tmpRef = android.util.Log.i;"
units.insertAfter(Jimple.v().newAssignStmt(
tmpRef, Jimple.v().newStaticFieldRef(
Scene.v().getField("<android.util.Log: int i>").makeRef())), u);
// inserting "tmpString1 = stmt.getUseBoxes().toString();"
String stmtStr = stmt.getUseBoxes().toString();
units.insertAfter(Jimple.v().newAssignStmt(tmpString1,
StringConstant.v(stmtStr)), u);
// inserting "tmpString2 = stmt.getUseBoxes().get(1).getValue().toString();"
stmtStr = stmt.getUseBoxes().get(1).getValue().toString();
units.insertAfter(Jimple.v().newAssignStmt(tmpString2,
StringConstant.v(stmtStr)), u);
// insert "tmpRef.i(tmpString1,tmpString2);"
SootMethod toCall = Scene.v().getSootClass("android.util.Log").getMethod("int i(java.lang.String,java.lang.String");
units.insertAfter(Jimple.v().newInvokeStmt(
Jimple.v().newVirtualInvokeExpr(tmpRef, toCall.makeRef(), tmpString1, tmpString2 )), u);
//check that we did not mess up the Jimple
b.validate();
---------------
Other methods:
---------------
static Local addTmpRef(Body body)
{
Local tmpRef = Jimple.v().newLocal("tmpRef", RefType.v("android.util.Log"));
body.getLocals().add(tmpRef);
return tmpRef;
}
static Local addTmpString1(Body body)
{
Local tmpString = Jimple.v().newLocal("tmpString1", RefType.v("java.lang.String"));
body.getLocals().add(tmpString);
return tmpString;
}
static Local addTmpString2(Body body)
{
Local tmpString = Jimple.v().newLocal("tmpString2", RefType.v("java.lang.String"));
body.getLocals().add(tmpString);
return tmpString;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140903/f9ada3bc/attachment-0003.html
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FlowDroidResults.txt
Url: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140903/f9ada3bc/attachment-0003.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: simpleCal.apk
Type: application/octet-stream
Size: 287781 bytes
Desc: =?utf-8?Q?simpleCal.apk?=
Url : http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140903/f9ada3bc/attachment-0003.obj
More information about the Soot-list
mailing list