[Soot-list] Generating Android APK CallFlowGraph
Steven Arzt
Steven.Arzt at cased.de
Fri Mar 20 04:17:36 EDT 2015
Hi Monika,
Soot only has frontends for Dalvik and Java bytecode and source code, not for native X86 or ARM code. You will thus not be able to analyze a .so file contained in an APK file with Soot.
Best regards,
Steven
Von: Monika Mashalkar [mailto:monikamashalkar at gmail.com]
Gesendet: Freitag, 20. März 2015 09:16
An: soot-list at googlegroups.com
Cc: Monika Mashalkar; soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca; Steven Arzt
Betreff: Re: [Soot-list] Generating Android APK CallFlowGraph
Hi Steven,
Can we work with Android native apps using SOOT, i.e can we construct call graph from Native Android app's apk ? I couldn't find any tutorial on this topic.
Thank you.
Regards,
Monika
On Sun, Mar 8, 2015 at 7:04 PM, Monika Mashalkar <monikamashalkar at gmail.com> wrote:
Got it !! Thank you Steven :)
On Friday, 6 March 2015 17:12:38 UTC+5:30, Steven Arzt wrote:
Hi Monika,
You get these warnings because your APK file references classes which are not included in your Android JAR file. This is usually not a problem as long as you do not wish to analyze the code of the Android operating system itself.
Best regards,
Steven
Von: soot-lis... at CS.McGill.CA [mailto:soot-lis... at CS.McGill.CA] Im Auftrag von Monika Mashalkar
Gesendet: Mittwoch, 25. Februar 2015 13:51
An: Steven Arzt
Cc: soot... at CS.McGill.CA; soot... at sable.mcgill.ca; soot... at googlegroups.com
Betreff: Re: [Soot-list] Generating Android APK CallFlowGraph
Hi Steven,
Thanks for your quick reply. I am able to run the code now. But I am getting the warnings as follow :
Warning: java.lang.ref.Finalizer is a phantom class!
Warning: android.graphics.pdf.PdfDocument$Page is a phantom class!
Warning: android.graphics.pdf.PdfDocument$PageInfo is a phantom class!
Warning: android.graphics.pdf.PdfDocument is a phantom class!
Warning: android.media.RemoteControlClient$OnGetPlaybackPositionListener is a phantom class!
Warning: android.media.RemoteControlClient$OnPlaybackPositionUpdateListener is a phantom class!
Warning: android.print.PageRange is a phantom class!
Warning: android.print.PrintAttributes$Builder is a phantom class!
Warning: android.print.PrintAttributes$MediaSize is a phantom class!
Warning: android.print.PrintAttributes is a phantom class!
Warning: android.print.PrintDocumentAdapter$LayoutResultCallback is a phantom class!
Warning: android.print.PrintDocumentAdapter$WriteResultCallback is a phantom class!
Warning: android.print.PrintDocumentAdapter is a phantom class!
Warning: android.print.PrintDocumentInfo$Builder is a phantom class!
Warning: android.print.PrintDocumentInfo is a phantom class!
Warning: android.print.PrintJob is a phantom class!
Warning: android.print.PrintManager is a phantom class!
Warning: android.print.pdf.PrintedPdfDocument is a phantom class!
Warning: android.view.ViewTreeObserver$OnWindowAttachListener is a phantom class!
Warning: android.view.ViewTreeObserver$OnWindowFocusChangeListener is a phantom class!
May I know the reason, why I am getting these warnings ?
The command that I am using to run the program is :
monika at monika-OptiPlex-990:~$ java -cp .:soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar:/usr/lib/jvm/java-7-openjdk-i386/jre/lib/rt.jar CFG
I am attaching the output file with this mail. Please, tell me I am getting it correct or not.
Thanks and regards,
Monika
On Wed, Feb 25, 2015 at 3:51 PM, Steven Arzt <Steve... at cased.de> wrote:
Hi Monika,
The CFG class is not part of Soot. It was just written as an example. You need to compile it on your own.
Best regards,
Steven
M.Sc. M.Sc. Steven Arzt
Secure Software Engineering Group (SSE)
European Center for Security and Privacy by Design (EC SPRIDE)
Rheinstraße 75
D-64293 Darmstadt
Phone: +49 61 51 869-336
Fax: +49 61 51 16-72118
eMail: steven.arzt at ec-spride.de
Web: http://sse.ec-spride.de <http://sse.ec-spride.de/>
Von: Monika Mashalkar [mailto:monikam... at gmail.com]
Gesendet: Mittwoch, 25. Februar 2015 05:30
An: soot... at googlegroups.com
Cc: soot... at sable.mcgill.ca; soot... at cs.mcgill.ca; Steve... at cased.de
Betreff: Re: [Soot-list] Generating Android APK CallFlowGraph
Hi Lokesh,
I am very new to the SOOT Framework and Flow-droid. I want to find the flow graph from android apk in my project and I am trying to run the code posted in this thread to do the same. I am trying to run the following command on Ubuntu
Command : java -cp soot-trunk.jar:soot-infoflow.jar:soot-infoflow-android.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar -cp .:/usr/lib/jvm/java-7-openjdk-i386/jre/lib/rt.jar CFG
but I am getting Error as : Error: Could not find or load main class CFG
Could you please tell me the command to execute the CFG program.
Thank you,
Monika
On Monday, 21 July 2014 13:46:37 UTC+5:30, LOKESH JAIN wrote:
Hi all,
I resolved the issue and finally i am getting the call graph. Thank you all of you for your time and help. :)
1. But Stevan I am still curious to know how to work with QueueReader Object for generating dot format.
2. And why the size of call graph for RV2013.apk is 54. And is there any way to remove unnecessary size.
Thanks&Regards
Lokesh
On Mon, Jul 21, 2014 at 11:38 AM, LOKESH JAIN <lokesh... at gmail.com> wrote:
Hi all,
Steven I still couldn't figure it out how to work with queuereader object for generating dot format.
I have used dot graph class manually as suggested to me by Stefan but,
I am getting NullPointerException. I don't know why. I have pasted the complete code.
Please help me out.
Exception in thread "main" java.lang.NullPointerException
at DotGraph.getNode(DotGraph.java:53)
at DotGraph.drawNode(DotGraph.java:61)
at CFG.visit(CFG.java:114)
at CFG.main(CFG.java:94)
CFG.java
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.xmlpull.v1.XmlPullParserException;
import soot.MethodOrMethodContext;
import soot.PackManager;
import soot.Scene;
import soot.SootMethod;
import soot.jimple.infoflow.android.SetupApplication;
import soot.jimple.toolkits.callgraph.CallGraph;
import soot.jimple.toolkits.callgraph.Targets;
import soot.options.Options;
import soot.util.dot.DotGraphUtility;
import soot.util.dot.Renderable;
public class CFG {
private static DotGraph dot = new DotGraph("callgraph");
private static HashMap <String,Boolean> visited = new HashMap<String,Boolean>();
public CFG() {
}
public static void main(String[] args) {
// TODO Auto-generated method stub
SetupApplication app = new SetupApplication("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar","/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk");
try {
app.calculateSourcesSinksEntrypoints("/home/lokesh/Downloads/soot-infoflow-android-develop/SourcesAndSinks.txt");
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (XmlPullParserException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
soot.G.reset();
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_process_dir(Collections.singletonList("/home/lokesh/Desktop/android-instrumentation-tutorial-master/app-example/RV2013/bin/RV2013.apk"));
Options.v().set_force_android_jar("/home/lokesh/Desktop/android-sdk-linux/platforms/android-19/android.jar");
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().setPhaseOption("cg.spark verbose:true", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
System.out.println("............"+entryPoint.getActiveBody());
PackManager.v().runPacks();
System.out.println(Scene.v().getCallGraph().size());
CallGraph cg = Scene.v().getCallGraph();
visit(cg, entryPoint);
dot.plot("/home/lokesh/Desktop/soot1"+ dot.DOT_EXTENSION);
}
private static void visit(CallGraph cg, SootMethod k)
{
String identifier = k.getName();
visited.put(k.getSignature(),true);
dot.drawNode(identifier);
//iterate over unvisited parents
Iterator<MethodOrMethodContext> ptargets = new Targets(cg.edgesInto(k));
if(ptargets != null){
while(ptargets.hasNext())
{
SootMethod p = (SootMethod) ptargets.next();
if(p == null) System.out.println("p is null");
if(!visited.containsKey(p.getSignature()))
visit(cg,p);
}
}
//iterate over unvisited children
Iterator<MethodOrMethodContext> ctargets = new Targets(cg.edgesOutOf(k));
if(ctargets != null){
while(ctargets.hasNext())
{
SootMethod c = (SootMethod) ctargets.next();
if(c == null) System.out.println("c is null");
dot.drawEdge(identifier, c.getName());
if(!visited.containsKey(c.getSignature()))
visit(cg,c);
}
}
}
}
DotGraph.java
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import soot.util.dot.DotGraphEdge;
import soot.util.dot.DotGraphNode;
import soot.util.dot.DotGraphUtility;
import soot.util.dot.Renderable;
public class DotGraph implements Renderable
{
public final static String DOT_EXTENSION = ".dot";
private HashMap<String, DotGraphNode> nodes;
private boolean isSubGraph;
private List<Renderable> drawElements;
...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150320/08e75527/attachment-0003.html
More information about the Soot-list
mailing list