[Soot-list] Any way to get the body of callback methods (not android default handlers) ?
Steven Arzt
Steven.Arzt at cased.de
Thu Feb 19 04:16:09 EST 2015
Hi Xinxin,
One possibility would be to extract them from the APK, place them on disk and add them to the Soot classpath.
Best regards,
Steven
Von: Xinxin Jin [mailto:xinxinjin89 at gmail.com]
Gesendet: Donnerstag, 19. Februar 2015 10:15
An: Steven Arzt
Cc: Dacong Yan; Soot list
Betreff: Re: [Soot-list] Any way to get the body of callback methods (not android default handlers) ?
Hi Steven,
Thank you very much ! Finally I got the reason...
In this case, how can I include the required jar into my analysis ?
On Thu, Feb 19, 2015 at 12:54 AM, Steven Arzt <Steven.Arzt at cased.de> wrote:
Hi all,
Soot at the moment does not load any additional JAR files from the APK, so the library will be missing and the callgraph will be incomplete. In the long run, we should have an option to merge all JAR files (and additional dex files as well) contained in the APK into the Scene.
Best regards,
Steven
Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Xinxin Jin
Gesendet: Donnerstag, 19. Februar 2015 02:08
An: Dacong Yan
Cc: Soot list
Betreff: Re: [Soot-list] Any way to get the body of callback methods (not android default handlers) ?
Hi Dacong,
I didn't modify any soot options related with Volley library. The library jar is included in the app's apk, so I think soot should be able to decompile it.
Thanks a lot !
On Wed, Feb 18, 2015 at 4:59 PM, Dacong Yan <tonywinslow1986 at gmail.com> wrote:
Purely based on code search:
The call sites for onResponse() and onErrorResponse() are inside the
Volley library: line 60 at
<https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/toolbox/StringRequest.java>
and line 517 at
<https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/Request.java>.
Did you include the Volley library code in your call graph
construction? You may want to check that, but I'm not saying you
should or should not include it.
On Wed, Feb 18, 2015 at 1:55 PM, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
> As a follow up, I manually checked the jimple files generated from the apk.
> And in "VolleyActivity$1.jimple ", I can clearly see the method body of
> onResponse(). That means there is no problem with jimple file, but why it
> is not parsed by soot (FlowDroid)?
>
> Thanks,
>
> On Wed, Feb 18, 2015 at 1:43 PM, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
>>
>> Hi Eric,
>>
>> Thanks for your reply. I checked all the reachable methods and found no
>> place invoking onResponse and onErrorResponse.
>>
>> The statement that invokes StringRequest() method is :
>>
>> <com.android.volley.toolbox.StringRequest: void
>> <init>(int,java.lang.String,com.android.volley.Response$Listener,com.android.volley.Response$ErrorListener)>(
>> "http://www.google.com", $r7, $r8)
>>
>> Here parameters $r7, $r8 correspond to Response.Listener() and
>> Response.ErrorListener(). Then I continued to track the definition of r7:
>>
>> $r7 = new edu.ucsd.mytest.VolleyActivity$1
>>
>> But there is no useful statement in edu.ucsd.mytest.VolleyActivity$1 ....
>>
>> Any ideas ?
>>
>> Thank you a lot !!
>>
>> On Wed, Feb 18, 2015 at 11:47 AM, Bodden, Eric
>> <eric.bodden at sit.fraunhofer.de> wrote:
>>>
>>> Hi Xinxin.
>>>
>>> I think the problem is that the bytecode's structure differs from the
>>> source code's. Although in the source the two anonymous subclasses of
>>> Listener resp. ErrorListener are lexically contained in the constructor
>>> call, they are not in the bytecode. Please inspect the call to
>>> StringRequest.<init>. You should see references the second and third
>>> parameter both being initialized with instances of classes such as
>>> Response.Listener$1. You have to inspect the bodies of the onResponse
>>> methods in those classes.
>>>
>>> Hope that helps,
>>> Eric
>>>
>>> > On 18.02.2015, at 18:21, Xinxin Jin <xinxinjin89 at gmail.com> wrote:
>>> >
>>> > Hi all,
>>> >
>>> > I have an application which calls new StringRequest()of Volley library:
>>> >
>>> >
>>> > StringRequest request = new StringRequest(url,
>>> > new Response.Listener() {
>>> > @Override
>>> > public void onResponse(Object response) {
>>> > Log.d(TAG, "response " + ((String)
>>> > response).substring(0,500));
>>> > }
>>> > }, new Response.ErrorListener() {
>>> > @Override
>>> > public void onErrorResponse(VolleyError error) {
>>> > Log.d(TAG, "error message");
>>> > }
>>> > });
>>> >
>>> >
>>> > It contains two callbacks as its parameters: Response.Listener() and
>>> > Response.ErrorListener().
>>> >
>>> > When I parse reached methods of this application, it can only reach
>>> > SootMethod StringRequest: <init>, but when I examine all the statements in
>>> > this method, I cannot find bodies of the two registered listeners. Is there
>>> > any way to get the method body of onResponse() ?
>>> >
>>> > Thank you for your help !
>>> >
>>> > --
>>> > Xinxin
>>> >
>>> >
>>> > _______________________________________________
>>> > Soot-list mailing list
>>> > Soot-list at CS.McGill.CA
>>> > https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>>>
>>> --
>>> Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
>>> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and
>>> EC SPRIDE
>>> Tel: +49 6151 16-75422 <tel:%2B49%206151%2016-75422> Fax: +49 6151 869-127 <tel:%2B49%206151%20869-127>
>>> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt
>>>
>>
>>
>>
>> --
>> Xinxin
>
>
>
>
> --
> Xinxin
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
--
Xinxin
--
Xinxin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150219/12f3aabc/attachment-0001.html
More information about the Soot-list
mailing list