[Soot-list] Fwd: Find all calls to a given android API

Steven Arzt steven.arzt at cased.de
Fri Nov 18 05:51:27 EST 2016 

Hi Gian Luca,

Have you double-checked that this APK file contains the class you are 
looking for at all? If the app has been obfuscated, the class might have 
been renamed to something else.

You don't even needto have the class to find calls to methods in it, by 
the way. It's perfectly fine if the class is only a phantom class. I'd 
just iterate over all units in all methods of all classes and check 
whether there is any invoke expression whose getMethod() goes to the 
given class. Since you are dealing with an Android support class from 
which user classes derive their own implementation, you should not have 
to handle any complicated virtual dispatch cases.

Best regards,
   Steven

On 2016-11-08 11:31, Gian Luca Scoccia wrote:
> Hi, I'm new to Soot and I'm having some issues with it.
> I'd like to use soot to find all method calls to a given Android API (
> android.support.v4.app.ActivityCompat to be precise) and then trace
> them back to the originating activity.
> To my understanding, this can be done by building the call graph for
> the application and I am able to do it with the code that follows.
> Still, it seems that soot does not include the class
> android.support.v4.app.ActivityCompat when building the call graph
> neither in the library classes nor in the application classes,
> probably since these classes are excluded to minimize the execution
> time.
> How can I tell soot to include these classes in the analysis? I tried
> with set_no_bodies_for_excluded(false) and set_exclude(null) but no
> success.
> Thanks in advance.
> Gian Luca
> 
> My code:
> 
> File apk = new File("./inputs/org.telegram.messenger.apk");
> 
>  File sAs = new File("./inputs/SourcesAndSinks.txt");
> 
>  File androidJars = new File("/soot/android-jars");
> 
>  File androidCallbacks = new File("./inputs/AndroidCallbacks.txt");
> 
>  soot.G.reset();
> 
>  SetupApplication setupApplication = new
> SetupApplication(androidJars.toString(), apk.toString());
> 
>  setupApplication.calculateSourcesSinksEntrypoints(sAs.toString());
> 
>  Options.v().set_android_jars(androidJars.toString());
> 
>  Options.v().set_src_prec(Options.src_prec_apk);
> 
>  
> Options.v().set_process_dir(Collections.singletonList(apk.toString()));
> 
> 
>  Options.v().set_whole_program(true);
> 
>  Options.v().set_allow_phantom_refs(true);
> 
>  Options.v().set_output_format(Options.output_format_none);
> 
>  Options.v().setPhaseOption("cg.spark", "on");
> 
>  Options.v().set_no_bodies_for_excluded(false);
> 
>  Options.v().set_exclude(null);
> 
>  Scene.v().loadNecessaryClasses();
> 
>  SootMethod entryPoint =
> 
>  setupApplication.getEntryPointCreator().createDummyMain();
> 
>  Options.v().set_main_class(entryPoint.getSignature());
> 
>  Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
> 
>  PackManager.v().runPacks();
> 
>  CallGraph callGraph = Scene.v().getCallGraph();
> 
>  java.util.List<SootMethod> ms =
> Scene.v().getSootClass("ActivityCompat").getMethods();
> 
>  for (SootClass a : Scene.v().getApplicationClasses() ){
> 
>  System.out.println(a.getName());
> 
>  }
> 
>  for (SootClass a : Scene.v().getLibraryClasses() ){
> 
>  System.out.println(a.getName());
> 
>  }
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list

More information about the Soot-list mailing list