[Soot-list] FlowDroid callback extraction in obfuscated library
Faridah Akinotcho
faridath.akinotcho at yahoo.fr
Wed Jul 28 13:59:53 EDT 2021
Dear Mr Arzt,
Thank you for your reply and the clarification. I will look into library detection as you suggested.
Best regards,Faridah Akinotcho
Sent from Yahoo Mail on Android
On Wed, Jul 28, 2021 at 1:31, Arzt, Steven<steven.arzt at sit.fraunhofer.de> wrote: Dear Faridah,
FlowDroid matches the class name inside the "AndroidCallbacks.txt" against the
parameter types of registration methods inside the app. This works fine for
classes from the Android SDK, i.e., the classes installed on the phone. For
Android support classes compiled into the app, on the other hand, it might not
work, since these apps may be obfuscated and the classes may be renamed. In
that case, the matching fails and the callback will not be found.
By default, FlowDroid does not have any mechanism to detect obfuscated
callbacks. Maybe some of the work that has been done on library detection in
obfuscated apps can be adapted to detect obfuscated callbacks. If you want to
work on that, merge requests are always welcome.
Best regards,
Steven
-----Original Message-----
From: Soot-list <soot-list-bounces at CS.McGill.CA> On Behalf Of Faridah
Akinotcho
Sent: Mittwoch, 28. Juli 2021 03:52
To: Soot-list <soot-list at cs.mcgill.ca>
Subject: [Soot-list] FlowDroid callback extraction in obfuscated library
Hi,
My name is Faridah Akinotcho and I am currently using FlowDroid to build
static app models. For this purpose, there are specific callbacks which I need
to parse and analyze. In particular, I extended the AndroidCallbacks.txt file,
with 'android.support.design.widget.NavigationView$OnNavigationItemSelected'
in order to obtain the callback 'boolean onNavigationItemSelected(MenuItem
menuItem)'
The APK that I am working with obfuscate some of the library methods by
renaming, as shown in the picture:
My understanding was that, since FlowDroid parses bytecode, it would find and
parse NavigationView$OnNavigationItemSelected, then extract its interface
methods. However, logs show that FlowDroid extract NavigationView$a (the
obfuscated version of the interface), which results in callbacks not being
found.
I was hoping I could get some clarification on whether this is the expected
behavior and if so, I would greatly appreciate any pointers on how to solve
this issue. Please note that, building an exhaustive list of all the
obfuscated APIs and adding them to AndroidCallbacks.txt wouldn't be feasible,
as the analysis I am trying to perform, will involve multiple apps, with
potentially different obfuscated methods.
Best regards,
Faridah Akinotcho
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20210728/349e391c/attachment.html>
More information about the Soot-list
mailing list