[Soot-list] String propagation in points-to analyses

Steven Arzt Steven.Arzt at cased.de
Mon Sep 7 04:46:09 EDT 2015 

Hi,

 

You might also be interested in the work we have done for de-obfuscating Android apps. There are quite a number of apps that use reflective calls with encrypted targets that only get decrypted at runtime right before the call to hinder analysis tools and make it harder for human analysts. We have found a way to remove such obfuscation in most cases. You can get the Technical Report here: www.bodden.de/pubs/TUD-CS-2015-0031.pdf

 

Best regards,

  Steven

 

Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Andrew Bedford
Gesendet: Montag, 7. September 2015 01:21
An: Ben Holland
Cc: soot-list at cs.mcgill.ca
Betreff: Re: [Soot-list] String propagation in points-to analyses

 

Thank you! I’ll check it out right away.

 

 

 


From: Ben Holland
Sent: September 6, 2015 2:08 PM
To: Andrew Bedford
Cc: soot-list at cs.mcgill.ca
Subject: Re: [Soot-list] String propagation in points-to analyses

 

 

You might want to check out the Java String Analysis (JSA) work.  It's been used to some cases if reflective invocation.

 

http://www.brics.dk/JSA/

~Benjamin Holland


On Sep 5, 2015, at 5:35 PM, Andrew Bedford <andrew.bedford.1 at ulaval.ca> wrote:

Hi!

 

I am trying to use the points-to analysis of Soot (spark) to statically resolve reflection calls in Android applications. I have a question regarding the string propagation. Let’s suppose that we have the following code:

 

  String a = “hello”

  String b = “world”

  String c = a

  c = b

  String d = a + c

 

The points-to analysis (with the “string-constants” and “simulate-natives” options turned on) returns something like this:

PointsTo(a) = {“hello”}

PointsTo(b) = {“world”)

PointsTo(c) = {“hello”, “world”}

PointsTo(d) = {new Alloc of String}

 

Is there a way to set it up so that the PointsTo(d) returns instead {“hellohello”, “helloworld”}? Or is another type of analysis required?

 

Thanks!

 

_______________________________________________
Soot-list mailing list
Soot-list at CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20150907/68ef4d97/attachment-0001.html

More information about the Soot-list mailing list