[prev in list] [next in list] [prev in thread] [next in thread] 

List:       soot-list
Subject:    [Soot-list] Working on APK call graph
From:       Simone Aonzo <simone.aonzo () gmail ! com>
Date:       2016-02-29 8:36:11
Message-ID: 56D402FB.9080102 () gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi all,
I obtained the call graph of an Android APK with this code:


File apk = new File("./libs/snake.apk");
File sAs = new File("./src/main/resources/SourcesAndSinks.txt");
File androidJar = new File("/home/simo/android-sdk-linux/platforms/");
soot.G.reset();
SetupApplication setupApplication = new 
SetupApplication(androidJar.toString(), apk.toString());
setupApplication.calculateSourcesSinksEntrypoints(sAs.toString());
Options.v().set_src_prec(Options.src_prec_apk);
Options.v().set_soot_classpath("/usr/lib/jvm/java-8-oracle/jre/lib/rt.jar:/usr/lib/jvm/java-8-oracle/jre/lib/jce.jar:.");
 Options.v().set_process_dir(Collections.singletonList(apk.toString()));
Options.v().set_android_jars(androidJar.toString());
Options.v().set_whole_program(true);
Options.v().set_allow_phantom_refs(true);
Options.v().set_output_format(Options.output_format_none);
Options.v().setPhaseOption("cg.spark", "on");
Scene.v().loadNecessaryClasses();
SootMethod entryPoint = 
setupApplication.getEntryPointCreator().createDummyMain();
Options.v().set_main_class(entryPoint.getSignature());
Scene.v().setEntryPoints(Collections.singletonList(entryPoint));
PackManager.v().runPacks();
CallGraph callGraph = Scene.v().getCallGraph();

And I have several questions:

 1. is the right way for obtain the call graph?
 2. how can I get other entry points? (e.g. main activity, content
    provider, broadcast receivers, ecc.)
 3. why there are also classes belonging to the API? can I exclude them
    from the graph creation? i.e. I do not care about arcs that have
    source and destination belonging to API methods


[Attachment #5 (text/html)]

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Hi all,<br>
    <div class="moz-forward-container"> I obtained the call graph of an
      Android APK with this code:<br>
      <br>
      <br>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      File apk = new File("./libs/snake.apk");<br>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      File sAs = new File("./src/main/resources/SourcesAndSinks.txt");<br>
      File androidJar = new
      File("/home/simo/android-sdk-linux/platforms/");<br>
      soot.G.reset();<br>
      SetupApplication setupApplication = new
      SetupApplication(androidJar.toString(), apk.toString());<br>
      setupApplication.calculateSourcesSinksEntrypoints(sAs.toString());<br>
      Options.v().set_src_prec(Options.src_prec_apk);<br>
Options.v().set_soot_classpath("/usr/lib/jvm/java-8-oracle/jre/lib/rt.jar:/usr/lib/jvm/java-8-oracle/jre/lib/jce.jar:.");<br>
 Options.v().set_process_dir(Collections.singletonList(apk.toString()));<br>
      Options.v().set_android_jars(androidJar.toString());<br>
      Options.v().set_whole_program(true);<br>
      Options.v().set_allow_phantom_refs(true);<br>
      Options.v().set_output_format(Options.output_format_none);<br>
      Options.v().setPhaseOption("cg.spark", "on");<br>
      Scene.v().loadNecessaryClasses();<br>
      SootMethod entryPoint =
      setupApplication.getEntryPointCreator().createDummyMain();<br>
      Options.v().set_main_class(entryPoint.getSignature());<br>
      Scene.v().setEntryPoints(Collections.singletonList(entryPoint));<br>
      PackManager.v().runPacks();<br>
      CallGraph callGraph = Scene.v().getCallGraph();<br>
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <meta http-equiv="content-type" content="text/html; charset=utf-8">
      <br>
      And I have several questions:<br>
      <ol>
        <li>is the right way for obtain the call graph?</li>
        <li>how can I get other entry points? (e.g. main activity,
          content provider, broadcast receivers, ecc.)</li>
        <li>why there are also classes belonging to the API? can I
          exclude them from the graph creation? i.e. I do not care about
          arcs that have source and destination belonging to API methods</li>
      </ol>
      <br>
    </div>
    <br>
  </body>
</html>



_______________________________________________
Soot-list mailing list
Soot-list@CS.McGill.CA
https://mailman.CS.McGill.CA/mailman/listinfo/soot-list


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic