[Soot-list] Working on APK call graph
Simone Aonzo
simone.aonzo at gmail.com
Fri Feb 26 10:48:08 EST 2016
Hi all,
I obtained the call graph of an Android APK with this code:
File apk = new File("./libs/snake.apk");
File sAs = new File("./src/main/resources/SourcesAndSinks.txt");
File androidJar = new File("/home/simo/android-sdk-linux/platforms/");
soot.G.reset();
SetupApplication setupApplication = new
SetupApplication(androidJar.toString(), apk.toString());
setupApplication.calculateSourcesSinksEntrypoints(sAs.toString());
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_soot_classpath("/usr/lib/jvm/java-8-oracle/jre/lib/rt.jar:/usr/lib/jvm/java-8-oracle/jre/lib/jce.jar:.");
Options.v().set_process_dir(Collections.singletonList(apk.toString()));
Options.v().set_android_jars(androidJar.toString());
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint =
setupApplication.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
PackManager.v().runPacks();
CallGraph callGraph = Scene.v().getCallGraph();
And I have several questions:
1. is the right way for obtain the call graph?
2. how can I get other entry points? (e.g. main activity, content
provider, broadcast receivers, ecc.)
3. why there are also classes belonging to the API? can I exclude them
from the graph creation? i.e. I do not care about arcs that have
source and destination belonging to API methods
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20160226/7107aa00/attachment.html
More information about the Soot-list
mailing list