[Soot-list] Generating Android APK CallFlowGraph

Fri Mar 20 04:16:20 EDT 2015

Hi Steven,

Can we work with Android native apps using SOOT, i.e can we construct call
graph from Native Android app's apk ? I couldn't find any tutorial on this
topic.

Thank you.
Regards,
Monika

On Sun, Mar 8, 2015 at 7:04 PM, Monika Mashalkar <monikamashalkar at gmail.com>
wrote:

> Got it !! Thank you Steven :)
>
> On Friday, 6 March 2015 17:12:38 UTC+5:30, Steven Arzt wrote:
>>
>> Hi Monika,
>>
>>
>>
>> You get these warnings because your APK file references classes which are
>> not included in your Android JAR file. This is usually not a problem as
>> long as you do not wish to analyze the code of the Android operating system
>> itself.
>>
>>
>>
>> Best regards,
>>
>>   Steven
>>
>>
>>
>> *Von:* soot-lis... at CS.McGill.CA [mailto:soot-lis... at CS.McGill.CA] *Im
>> Auftrag von *Monika Mashalkar
>> *Gesendet:* Mittwoch, 25. Februar 2015 13:51
>> *An:* Steven Arzt
>> *Cc:* soot... at CS.McGill.CA; soot... at sable.mcgill.ca;
>> soot... at googlegroups.com
>> *Betreff:* Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi Steven,
>>
>>
>>
>> Thanks for your quick reply. I am able to run the code now. But I am
>> getting the warnings as follow :
>>
>>
>>
>> Warning: java.lang.ref.Finalizer is a phantom class!
>>
>> Warning: android.graphics.pdf.PdfDocument$Page is a phantom class!
>>
>> Warning: android.graphics.pdf.PdfDocument$PageInfo is a phantom class!
>>
>> Warning: android.graphics.pdf.PdfDocument is a phantom class!
>>
>> Warning: android.media.RemoteControlClient$OnGetPlaybackPositionListener
>> is a phantom class!
>>
>> Warning: android.media.RemoteControlClient$OnPlaybackPositionUpdateListener
>> is a phantom class!
>>
>> Warning: android.print.PageRange is a phantom class!
>>
>> Warning: android.print.PrintAttributes$Builder is a phantom class!
>>
>> Warning: android.print.PrintAttributes$MediaSize is a phantom class!
>>
>> Warning: android.print.PrintAttributes is a phantom class!
>>
>> Warning: android.print.PrintDocumentAdapter$LayoutResultCallback is a
>> phantom class!
>>
>> Warning: android.print.PrintDocumentAdapter$WriteResultCallback is a
>> phantom class!
>>
>> Warning: android.print.PrintDocumentAdapter is a phantom class!
>>
>> Warning: android.print.PrintDocumentInfo$Builder is a phantom class!
>>
>> Warning: android.print.PrintDocumentInfo is a phantom class!
>>
>> Warning: android.print.PrintJob is a phantom class!
>>
>> Warning: android.print.PrintManager is a phantom class!
>>
>> Warning: android.print.pdf.PrintedPdfDocument is a phantom class!
>>
>> Warning: android.view.ViewTreeObserver$OnWindowAttachListener is a
>> phantom class!
>>
>> Warning: android.view.ViewTreeObserver$OnWindowFocusChangeListener is a
>> phantom class!
>>
>>
>>
>> May I know the reason, why I am getting these warnings ?
>>
>>
>>
>> The command that I am using to run the program is :
>>
>>
>>
>> monika at monika-OptiPlex-990:~$ java -cp .:soot-trunk.jar:soot-
>> infoflow.jar:soot-infoflow-android.jar:slf4j-api-1.7.5.
>> jar:slf4j-simple-1.7.5.jar:axml-2.0.jar:/usr/lib/jvm/
>> java-7-openjdk-i386/jre/lib/rt.jar CFG
>>
>>
>>
>> I am attaching the output file with this mail. Please, tell me I am
>> getting it correct or not.
>>
>>
>>
>> Thanks and regards,
>>
>> Monika
>>
>>
>>
>> On Wed, Feb 25, 2015 at 3:51 PM, Steven Arzt <Steve... at cased.de> wrote:
>>
>> Hi Monika,
>>
>>
>>
>> The CFG class is not part of Soot. It was just written as an example. You
>> need to compile it on your own.
>>
>>
>>
>> Best regards,
>>
>>   Steven
>>
>>
>>
>>
>>
>> M.Sc. M.Sc. Steven Arzt
>>
>> Secure Software Engineering Group (SSE)
>>
>> European Center for Security and Privacy by Design (EC SPRIDE)
>>
>> Rheinstraße 75
>>
>> D-64293 Darmstadt
>>
>> Phone: +49 61 51 869-336
>>
>> Fax: +49 61 51 16-72118
>>
>> eMail: steven.arzt at ec-spride.de
>>
>> Web: http://sse.ec-spride.de
>>
>>
>>
>>
>>
>>
>>
>> *Von:* Monika Mashalkar [mailto:monikam... at gmail.com]
>> *Gesendet:* Mittwoch, 25. Februar 2015 05:30
>> *An:* soot... at googlegroups.com
>> *Cc:* soot... at sable.mcgill.ca; soot... at cs.mcgill.ca; Steve... at cased.de
>>
>> *Betreff:* Re: [Soot-list] Generating Android APK CallFlowGraph
>>
>>
>>
>> Hi Lokesh,
>>
>>
>>
>> I am very new to the SOOT Framework and Flow-droid. I want to find the
>> flow graph from android apk in my project and I am trying to run the code
>> posted in this thread to do the same. I am trying to run the following
>> command on Ubuntu
>>
>> Command : java -cp soot-trunk.jar:soot-infoflow.
>> jar:soot-infoflow-android.jar:slf4j-api-1.7.5.jar:slf4j-simple-1.7.5.jar:axml-2.0.jar
>> -cp .:/usr/lib/jvm/java-7-openjdk-i386/jre/lib/rt.jar CFG
>>
>>
>>
>> but I am getting Error as : Error: Could not find or load main class CFG
>>
>>
>>
>> Could you please tell me the command to execute the CFG program.
>>
>>
>>
>> Thank you,
>>
>> Monika
>>
>>
>> On Monday, 21 July 2014 13:46:37 UTC+5:30, LOKESH JAIN wrote:
>>
>> Hi all,
>>
>>
>>
>> I resolved the issue and finally i am getting the call graph. Thank you
>> all of you for your time and help. :)
>>
>>
>>
>> 1. But Stevan I am still curious to know how to work with QueueReader
>> Object for generating dot format.
>>
>> 2. And why the size of call graph for RV2013.apk is 54. And is there any
>> way to remove unnecessary size.
>>
>>
>>
>> Thanks&Regards
>>
>> Lokesh
>>
>>
>>
>> On Mon, Jul 21, 2014 at 11:38 AM, LOKESH JAIN <lokesh... at gmail.com>
>> wrote:
>>
>> Hi all,
>>
>> Steven I still couldn't figure it out how to work with queuereader object
>> for generating dot format.
>>
>>
>>
>> I have used dot graph class manually as suggested to me by Stefan but,
>>
>> I am getting NullPointerException. I don't know why. I have pasted the
>> complete code.
>>
>> Please help me out.
>>
>>
>>
>> Exception in thread "main" java.lang.NullPointerException
>>
>> at DotGraph.getNode(DotGraph.java:53)
>>
>> at DotGraph.drawNode(DotGraph.java:61)
>>
>> at CFG.visit(CFG.java:114)
>>
>> at CFG.main(CFG.java:94)
>>
>>
>>
>>
>>
>> CFG.java
>>
>>
>>
>> import java.io.BufferedOutputStream;
>>
>> import java.io.FileOutputStream;
>>
>> import java.io.IOException;
>>
>> import java.io.OutputStream;
>>
>> import java.util.Collections;
>>
>> import java.util.HashMap;
>>
>> import java.util.HashSet;
>>
>> import java.util.Iterator;
>>
>> import java.util.LinkedList;
>>
>> import java.util.List;
>>
>>
>>
>> import org.xmlpull.v1.XmlPullParserException;
>>
>>
>>
>> import soot.MethodOrMethodContext;
>>
>> import soot.PackManager;
>>
>> import soot.Scene;
>>
>> import soot.SootMethod;
>>
>> import soot.jimple.infoflow.android.SetupApplication;
>>
>> import soot.jimple.toolkits.callgraph.CallGraph;
>>
>> import soot.jimple.toolkits.callgraph.Targets;
>>
>> import soot.options.Options;
>>
>> import soot.util.dot.DotGraphUtility;
>>
>> import soot.util.dot.Renderable;
>>
>> public class CFG {
>>
>> private static DotGraph dot = new DotGraph("callgraph");
>>
>> private static HashMap <String,Boolean> visited = new
>> HashMap<String,Boolean>();
>>
>> public CFG() {
>>
>>
>>
>>
>>
>> }
>>
>>
>>
>> public static void main(String[] args) {
>>
>>
>>
>> // TODO Auto-generated method stub
>>
>>
>>
>> SetupApplication app = new SetupApplication("/home/
>> lokesh/Desktop/android-sdk-linux/platforms/android-19/
>> android.jar","/home/lokesh/Desktop/android-instrumentation-tutorial-
>> master/app-example/RV2013/bin/RV2013.apk");
>>
>> try {
>>
>>
>>
>> app.calculateSourcesSinksEntrypoints("/home/lokesh/Downloads/
>> soot-infoflow-android-develop/SourcesAndSinks.txt");
>>
>>
>>
>>
>>
>> } catch (IOException e) {
>>
>>
>>
>> // TODO Auto-generated catch block
>>
>>
>>
>> e.printStackTrace();
>>
>>
>>
>> } catch (XmlPullParserException e) {
>>
>>
>>
>> // TODO Auto-generated catch block
>>
>>
>>
>> e.printStackTrace();
>>
>>
>>
>> }
>>
>>
>>
>> soot.G.reset();
>>
>>
>>
>> Options.v().set_src_prec(Options.src_prec_apk);
>>
>>
>>
>> Options.v().set_process_dir(Collections.singletonList("/
>> home/lokesh/Desktop/android-instrumentation-tutorial-
>> master/app-example/RV2013/bin/RV2013.apk"));
>>
>>
>>
>> Options.v().set_force_android_jar("/home/lokesh/Desktop/
>> android-sdk-linux/platforms/android-19/android.jar");
>>
>>
>>
>> Options.v().set_whole_program(true);
>>
>>
>>
>> Options.v().set_allow_phantom_refs(true);
>>
>>
>>
>> Options.v().set_output_format(Options.output_format_none);
>>
>>
>>
>> Options.v().setPhaseOption("cg.spark verbose:true", "on");
>>
>>
>>
>> Scene.v().loadNecessaryClasses();
>>
>>
>>
>> SootMethod entryPoint = app.getEntryPointCreator().createDummyMain();
>>
>>
>>
>> Options.v().set_main_class(entryPoint.getSignature());
>>
>>
>>
>> Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
>>
>>
>>
>> System.out.println("............"+entryPoint.getActiveBody());
>>
>>
>>
>> PackManager.v().runPacks();
>>
>>
>>
>> System.out.println(Scene.v().getCallGraph().size());
>>
>> CallGraph cg = Scene.v().getCallGraph();
>>
>>
>>
>> visit(cg, entryPoint);
>>
>> dot.plot("/home/lokesh/Desktop/soot1"+ dot.DOT_EXTENSION);
>>
>>
>>
>> }
>>
>> private static void visit(CallGraph cg, SootMethod k)
>>
>> {
>>
>> String identifier = k.getName();
>>
>>
>>
>> visited.put(k.getSignature(),true);
>>
>>
>>
>>
>>
>> dot.drawNode(identifier);
>>
>>
>>
>>
>>
>> //iterate over unvisited parents
>>
>> Iterator<MethodOrMethodContext> ptargets = new Targets(cg.edgesInto(k));
>>
>>
>>
>>
>>
>> if(ptargets != null){
>>
>> while(ptargets.hasNext())
>>
>> {
>>
>> SootMethod p = (SootMethod) ptargets.next();
>>
>>
>>
>>
>>
>> if(p == null) System.out.println("p is null");
>>
>>
>>
>>
>>
>> if(!visited.containsKey(p.getSignature()))
>>
>> visit(cg,p);
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>> //iterate over unvisited children
>>
>> Iterator<MethodOrMethodContext> ctargets = new Targets(cg.edgesOutOf(k));
>>
>>
>>
>>
>>
>> if(ctargets != null){
>>
>> while(ctargets.hasNext())
>>
>> {
>>
>> SootMethod c = (SootMethod) ctargets.next();
>>
>> if(c == null) System.out.println("c is null");
>>
>> dot.drawEdge(identifier, c.getName());
>>
>>
>>
>>
>>
>> if(!visited.containsKey(c.getSignature()))
>>
>> visit(cg,c);
>>
>> }
>>
>> }
>>
>> }
>>
>> }
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> DotGraph.java
>>
>>
>>
>> import java.io.BufferedOutputStream;
>>
>> import java.io.FileOutputStream;
>>
>> import java.io.IOException;
>>
>> import java.io.OutputStream;
>>
>> import java.util.HashMap;
>>
>> import java.util.LinkedList;
>>
>> import java.util.List;
>>
>>
>>
>> import soot.util.dot.DotGraphEdge;
>>
>> import soot.util.dot.DotGraphNode;
>>
>> import soot.util.dot.DotGraphUtility;
>>
>> import soot.util.dot.Renderable;
>>
>>
>>
>> public class DotGraph implements Renderable
>>
>> {
>>
>> public final static String DOT_EXTENSION = ".dot";
>>
>> private HashMap<String, DotGraphNode> nodes;
>>
>> private boolean isSubGraph;
>>
>> private List<Renderable> drawElements;
>> ...
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150320/f6f9e042/attachment-0003.html 