Tuesday
Converting Dot files into Control Flow Graphs using GraphViz
Generate Control Flow Graph Using Graphviz
To convert android apk into dot files and do analysis by using soot click here.To generate control flow graph using graphviz, you need dot files which is generated from all methods of android apks. you can find them on sootOutput directory, now you need to go to command line and type following commands if you have already set graph viz path.
To convert into pdf:
> dot Tpdf -o Example.pdf Example.dot
To convert into png:
> dot Tpng -o Example.png Example.dot
Note: if you haven't set path you need to set path (to know how to set path see installation post) or go to bin folder of graph viz installation folder and find dot file from command line and type above commands.
commands:
>dot : executable dot file (also MS word old file format for graph)
> -Tpdf, -Tpng: converting file format
> -o: Optimization
> Example.pdf, .png: Name of Control flow graph you wanna give after conversion.
>Example.dot : Name of dot file you wanna convert
Note: Graphviz not only use dot file format and executable files you can convert various different files into control flow graph. This post is on the context of program analysis of smart phone apps i.e. android apps using Soot as analysis tool.
Monday
Graphviz - Graph Visualization Software
Installation
For installation, download latest version of "Graphviz" from here. You can either download executable file directly and install or zip file and extract zip and put on command line directory.
To use any executable extension
like dot from Graphviz you need to set the PATH
after installation. For windows
Control panel -> System->
Advance System Setting -> Environment Variables -> PATH
Normally, file will install in
Graphviz directory inside program files so path will looks like :
PATH ->
C:\Program Files\Graphviz2.38\bin\
To test the installation type following
from command line :
> dot -help
If you haven't the set path yet
go to graphviz bin directory from command line and type following :
> dot -help
For installation, download latest version of "Graphviz" from here. You can either download executable file directly and install or zip file and extract zip and put on command line directory.
To use any executable extension
like dot from Graphviz you need to set the PATH
after installation. For windows
Control panel -> System->
Advance System Setting -> Environment Variables -> PATH
Normally, file will install in
Graphviz directory inside program files so path will looks like :
PATH ->
C:\Program Files\Graphviz2.38\bin\
To test the installation type following
from command line :
> dot -help
If you haven't the set path yet
go to graphviz bin directory from command line and type following :
> dot -help
Create Control Flow Graph from Android apk Using Soot
Control Flow Graph(Call graphs) Using Soot
Lets look at command to convert any android apk file into Control flow graph or call graphs using soot as a command line tool. This will creates Jimple files for all the classes from apk and dot files for all the methods which is graphical representation as Control Flow Graph (CFG) or call graphs.
For conversion, you need to:
> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github
Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory
Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:
> java -Xmx2g -jar soot-trunk.jar soot.tools.CFGViewer -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"
If you have already set CLASSPATH for jar then type following
>java -Xmx2g soot.tools.CFGViewer -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"
Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.
-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.
-W stands for writing
-allow-phantom-refs creates phantom classes for missing or unprocessed classes
-android-jars leads to path for android sdk or jars to process apks
-src-prec represents the file format you are trying to process
-output-format dex is responsible for converting all the classes from apk into dex format
-process-dir shows the path for processing directory or apk located directory
This will generate Jimple and dot files in sootOutput directory. The dot files are further used to create control flow graphs by using tools like graphviz .(More about Grphviz click here)
Friday
How to Convert any Android apk file into dalvik bytecode using soot
How to Convert any Android apk file into dalvik bytecode using soot
Lets look at command to convert any android apk file into Dalvik.
For conversion, you need to:
> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github
Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory
Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:
> java -Xmx2g -jar soot-trunk.jar soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"
If you have already set CLASSPATH for jar then type following
>java -Xmx2g soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"
Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.
-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.
-W stands for writing
-allow-phantom-refs creates phantom classes for missing or unprocessed classes
-android-jars leads to path for android sdk or jars to process apks
-src-prec represents the file format you are trying to process
-output-format dex is responsible for converting all the classes from apk into dex format
-process-dir shows the path for processing directory or apk located directory
How to Convert any Android apk file into Soot's Intermediate Representation Jimple
How to Convert any Android apk file into Soot's Intermediate Representation Jimple
Lets look at command to convert any android apk file into Jimple.
For conversion, you need to:
> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github
Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory
Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:
> java -Xmx2g -jar soot-trunk.jar soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -f jimple -process-dir "C:\apkpath\example.apk"
If you have already set CLASSPATH for jar then type following
>java -Xmx2g soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -f jimple -process-dir "C:\apkpath\example.apk"
Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.
-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.
-W stands for writing
-allow-phantom-refs creates phantom classes for missing or unprocessed classes
-android-jars leads to path for android sdk or jars to process apks
-src-prec represents the file format you are trying to process
-f jimple or -f J is responsible for converting all the classes from apk into jimple files
-process-dir shows the path for processing directory or apk located directory
Creating Control Flow Diagram from Java Class files Using Soot.
Creating Control Flow Diagram from Java Class files Using Soot.
In order to create control flow diagram you need to convert Java class file into dot files by using control flow viewer soot tool. You can get HelloWorld.java file from previous posts(here). Convert it in to class file and type following commands on command prompt inside soot directory where HelloWorld is located:
>Java soot.tools.CFGViewer HelloWorld
And if you do not set classpath then type following inside soot directory where HelloWorld and soot jars are located:
>Java -cp soot-2.5.0.jar soot.tools.CFGViewer HelloWorld
you will see following if it succeed:
It will create graphical representation of control flow graph of dot file format for each method from the class files.
Java.lang.String[] Method:
digraph
"void main(java.lang.String[])" {
label="void main(java.lang.String[])";
node [shape=box];
"0" [style=filled,fillcolor=gray,label="r0 := @parameter0",];
"1" [label="$r1 = new HelloWorld",];
"0"->"1";
"2" [label="specialinvoke $r1.<init>()",];
"1"->"2";
"3" [label="HelloWorld.helloObj = $r1",];
"2"->"3";
"4" [label="$r2 = java.lang.System.out",];
"3"->"4";
"5" [label="$r3 = HelloWorld.helloObj",];
"4"->"5";
"6" [label="$r4 = $r3.printMessage()",];
"5"->"6";
"7" [label="$r2.println($r4)",];
"6"->"7";
"8" [style=filled,fillcolor=lightgray,label="return",];
"7"->"8";
}
label="void main(java.lang.String[])";
node [shape=box];
"0" [style=filled,fillcolor=gray,label="r0 := @parameter0",];
"1" [label="$r1 = new HelloWorld",];
"0"->"1";
"2" [label="specialinvoke $r1.<init>()",];
"1"->"2";
"3" [label="HelloWorld.helloObj = $r1",];
"2"->"3";
"4" [label="$r2 = java.lang.System.out",];
"3"->"4";
"5" [label="$r3 = HelloWorld.helloObj",];
"4"->"5";
"6" [label="$r4 = $r3.printMessage()",];
"5"->"6";
"7" [label="$r2.println($r4)",];
"6"->"7";
"8" [style=filled,fillcolor=lightgray,label="return",];
"7"->"8";
}
digraph
"java.lang.String printMessage()" {
label="java.lang.String printMessage()";
node [shape=box];
"0" [style=filled,fillcolor=gray,label="r0 := @this",];
"1" [label="$r1 = r0.output",];
"0"->"1";
"2" [style=filled,fillcolor=lightgray,label="return $r1",];
"1"->"2";
}
label="java.lang.String printMessage()";
node [shape=box];
"0" [style=filled,fillcolor=gray,label="r0 := @this",];
"1" [label="$r1 = r0.output",];
"0"->"1";
"2" [style=filled,fillcolor=lightgray,label="return $r1",];
"1"->"2";
}
Jimple files Codes - Static Analysis of Android Applications Using Soot
Jimple files Codes
From previous example (Click Here to view)HelloWorld.Jimple contains located at sootOutput directory following:
public class HelloWorld extends java.lang.Object
{
java.lang.String output;
static HelloWorld helloObj;
public void <init>()
{
HelloWorld r0;
r0 := @this: HelloWorld;
specialinvoke r0.<java.lang.Object: void <init>()>();
r0.<HelloWorld: java.lang.String output> = "";
r0.<HelloWorld: java.lang.String output> = "Hello world";
return;
}
public java.lang.String printMessage()
{
HelloWorld r0;
java.lang.String $r1;
r0 := @this: HelloWorld;
$r1 = r0.<HelloWorld: java.lang.String output>;
return $r1;
}
public static void main(java.lang.String[])
{
java.lang.String[] r0;
HelloWorld $r1, $r3;
java.io.PrintStream $r2;
java.lang.String $r4;
r0 := @parameter0: java.lang.String[];
$r1 = new HelloWorld;
specialinvoke $r1.<HelloWorld: void <init>()>();
<HelloWorld: HelloWorld helloObj> = $r1;
$r2 = <java.lang.System: java.io.PrintStream out>;
$r3 = <HelloWorld: HelloWorld helloObj>;
$r4 = virtualinvoke $r3.<HelloWorld: java.lang.String printMessage()>();
virtualinvoke $r2.<java.io.PrintStream: void println(java.lang.String)>($r4);
return;
}
}
Thursday
Converting a java Class file to Soot's Intermediate Representation Jimple.
Converting a java Class file to Soot's Intermediate Representation Jimple.
Lets look at example to convert java files to Jimple. Here, I am using HelloWorld. java and convert it to class by using javac and Now i am converting HelloWorld.Class to Jimple file.
HelloWorld.Java Contains:
public class HelloWorld{
String output="";
static HelloWorld helloObj;
public HelloWorld(){
output ="Hello world";
}
public String printMessage(){
return output;
}
public static void main(String[] args)
{
helloObj = new HelloWorld();
System.out.println(helloObj.printMessage());
}
}
Before try to convert into jimple file make sure the class file (HelloWorld.Class) is in the same directory as command line or you set the class-path properly.
Now, to convert class file to Jimple type following on your command line:
>Java soot.Main -f J HelloWorld
(J can be replaced by jimple)
>Java soot.Main -f jimple HelloWorld
(if your classpath is not set)
>Java -cp soot-2.5.0.jar soot.Main -f -J HelloWorld
If you got errors Like could not load class file, pool error at Line 31 etc.
>Java -cp soot-2.5.0.jar soot.Main -f J -allow-phantom-refs HelloWorld
-allow-phantom-refs : This option will generate phantom class of error codes and command.
-f : represents the format for output
-J: represents the jimple format
HelloWorld: Java class file
-cp: Classpath
>Java -cp soot-2.5.0.jar soot.Main -f J -allow-phantom-refs HelloWorld
-allow-phantom-refs : This option will generate phantom class of error codes and command.
-f : represents the format for output
-J: represents the jimple format
HelloWorld: Java class file
-cp: Classpath
Normally, in command works as: JAVA [JAVA OPTIONS] SOOT[SOOT OPTIONS]
For result, go to soot directory where jar files are located, here soot automatically creates sootOutput directory and you can find HelloWorld.jimple file.
Testing Your Soot Installation
Testing Your Soot Installation
To test your soot installation as command line tools do following:
Open command Prompt and type following if you already set Soot's jar class-path :
Java soot.Main -version
If you haven't set classpath yet go to Soot jar located directory from command and type following
Java -cp soot-2.5.0.jar soot.Main -version
it will show following:
For help type --help instead of -version and it will show all the soot related commands for your help.
Soot Installation Guide - Command Line Tool
Soot Installation Guide
Download
Before you install soot your machine must have properly installed java. To install soot as command line tool you can download latest version of Jar file (Soot.Jar) or nightly build version(Soot-trunk.jar) from here. Latest version includes all other jar files so you don't need to download any other jars.
SET CLASSPATH
Before you are able to use soot you must set the classpath to various java jars and soot jar. To set jars on classpath for Windows users go to:
Control Panel -> System -> Advance System Setting
-> Environment Variables -> CLASSPATH
Find your Java installation folder Normally(C:\Program Files\Java\) and set following jars on classpath :
C:\Program Files\Java\jre7\lib\rt.jar;
C:\Program Files\Java\jdk1.8.0_25\jre\lib\jce.jar;
C:\Program Files\Java\jdk1.8.0_25\lib\tools.jar;
C:\Program Files\Java\jdk1.8.0_25\lib\dt.jar;
C:\soot\soot-2.5.0.jar (This contains your Soot jar file Directory).
soot jar file directory is not necessary, you can use soot jar file directly to your command line.
Static Analysis of Android Applications Using Soot
Soot
Soot has two fundamental uses; it can be used as a stand-alone command line tool or as a Java compiler framework. As a command line tool, Soot can:
1. Disassemble class-files
2. Assemble class-files
3. Optimize class-files
4. Android Apps Analysis
5. Davik bytecode
Subscribe to:
Posts (Atom)