[Soot-list] String propagation in points-to analyses

Steven Arzt Steven.Arzt at cased.de
Tue Sep 8 02:23:56 EDT 2015 

I'm putting my colleague Siegfried in the loop, he knows more about the current status of availability.

On Sep 8, 2015 1:55 AM, Andrew Bedford <andrew.bedford.1 at ulaval.ca> wrote:
>
>
> Thanks, I'd love to try Harvester out! It says in the technical report that you plan on open-sourcing it. Is it already available somewhere?
>
>
> ________________________________
> From: Steven Arzt <Steven.Arzt at cased.de>
> Sent: September 7, 2015 4:46 AM
> To: Andrew Bedford; 'Ben Holland'
> Cc: soot-list at cs.mcgill.ca
> Subject: AW: [Soot-list] String propagation in points-to analyses
>  
>
> Hi,
>
>  
>
> You might also be interested in the work we have done for de-obfuscating Android apps. There are quite a number of apps that use reflective calls with encrypted targets that only get decrypted at runtime right before the call to hinder analysis tools and make it harder for human analysts. We have found a way to remove such obfuscation in most cases. You can get the Technical Report here: www.bodden.de/pubs/TUD-CS-2015-0031.pdf
>
>  
>
> Best regards,
>
>   Steven
>
>  
>
> Von: soot-list-bounces at CS.McGill.CA [mailto:soot-list-bounces at CS.McGill.CA] Im Auftrag von Andrew Bedford
> Gesendet: Montag, 7. September 2015 01:21
> An: Ben Holland
> Cc: soot-list at cs.mcgill.ca
> Betreff: Re: [Soot-list] String propagation in points-to analyses
>
>  
>
> Thank you! I’ll check it out right away.
>
>  
>
>  
>
>  
>
>
> From: Ben Holland
> Sent: September 6, 2015 2:08 PM
> To: Andrew Bedford
> Cc: soot-list at cs.mcgill.ca
> Subject: Re: [Soot-list] String propagation in points-to analyses
>
>  
>
>  
>
> You might want to check out the Java String Analysis (JSA) work.  It's been used to some cases if reflective invocation.
>
>  
>
> http://www.brics.dk/JSA/
>
> ~Benjamin Holland
>
>
> On Sep 5, 2015, at 5:35 PM, Andrew Bedford <andrew.bedford.1 at ulaval.ca> wrote:
>>
>> Hi!
>>
>>  
>>
>> I am trying to use the points-to analysis of Soot (spark) to statically resolve reflection calls in Android applications. I have a question regarding the string propagation. Let’s suppose that we have the following code:
>>
>>  
>>
>>   String a = “hello”
>>
>>   String b = “world”
>>
>>   String c = a
>>
>>   c = b
>>
>>   String d = a + c
>>
>>  
>>
>> The points-to analysis (with the “string-constants” and “simulate-natives” options turned on) returns something like this:
>>
>> PointsTo(a) = {“hello”}
>>
>> PointsTo(b) = {“world”)
>>
>> PointsTo(c) = {“hello”, “world”}
>>
>> PointsTo(d) = {new Alloc of String}
>>
>>  
>>
>> Is there a way to set it up so that the PointsTo(d) returns instead {“hellohello”, “helloworld”}? Or is another type of analysis required?
>>
>>  
>>
>> Thanks!
>>
>>  
>
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>
>  
>
>  

More information about the Soot-list mailing list