Translate

Tuesday

Converting Dot files into Control Flow Graphs using GraphViz

Generate Control Flow Graph Using Graphviz

To convert android apk into dot files and do analysis by using soot click here

 To generate control flow graph using graphviz, you need dot files which is generated from all methods of android apks. you can find them on sootOutput directory, now you need to go to command line and type following commands if you have already set graph viz path. 

 To convert into pdf:

 > dot Tpdf -o Example.pdf Example.dot

 To convert into png:

 > dot Tpng -o Example.png Example.dot

 Note: if you haven't set path you need to set path (to know how to set path see installation post) or go to bin folder of graph viz installation folder and find dot file from command line and type above commands.

 commands:

 >dot : executable dot file (also MS word old file format for graph)

 > -Tpdf, -Tpng: converting file format

 > -o: Optimization

 > Example.pdf, .png: Name of Control flow graph you wanna give after conversion.

 >Example.dot : Name of dot file you wanna convert
Note: Graphviz not only use dot file format and executable files you can convert various different files into control flow graph. This post is on the context of program analysis of smart phone apps i.e. android apps using Soot as analysis tool.
Posted by at No comments:
Labels: , , , , , , , , , , , , , , ,

Monday

Graphviz - Graph Visualization Software

Installation 

For installation, download latest version of "Graphviz"  from here. You can either download executable file directly and install or zip file and extract zip and put on command line directory.

To use any executable extension like dot from Graphviz you need to set the PATH after installation. For windows

Control panel -> System-> Advance System Setting -> Environment Variables -> PATH

Normally, file will install in Graphviz directory inside program files so path will looks like :


PATH   ->   C:\Program Files\Graphviz2.38\bin\


To test the installation type following from command line :

dot -help

If you haven't the set path yet go to graphviz bin directory from command line and type following :

dot -help

Posted by at 1 comment:
Labels: , , , , , , , , , , , , , , , , , ,

Create Control Flow Graph from Android apk Using Soot

Control Flow Graph(Call graphs) Using Soot

Lets look at command to convert any android apk file into Control flow graph or call graphs using soot as a command line tool. This will creates Jimple files for all the classes from apk and dot files for all the methods which is graphical representation as Control Flow Graph (CFG) or call graphs.
For conversion, you need to:

> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github


Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory

Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:

java -Xmx2g -jar soot-trunk.jar soot.tools.CFGViewer -w -allow-phantom-refs       -android-jars "D:\sdk\platform" -src-prec apk -output-format dex         -process-dir "C:\apkpath\example.apk"

If you have already set CLASSPATH for jar then type following

>java -Xmx2g soot.tools.CFGViewer -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"


Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.

-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.

-W stands for writing

-allow-phantom-refs creates phantom classes for missing or unprocessed classes

-android-jars leads to path for android sdk or jars to process apks

-src-prec represents the file format you are trying to process

-output-format dex is responsible for converting all the classes from apk into dex format
-process-dir shows the path for processing directory or apk located directory


   
This will generate Jimple and dot files in sootOutput directory. The dot files are further used to create control flow graphs by using tools like graphviz .(More about Grphviz click here

Posted by at 1 comment:
Labels: , , , , , , , , , , , , , ,

Friday

How to Convert any Android apk file into dalvik bytecode using soot

How to Convert any Android apk file into dalvik bytecode using soot

Lets look at command to convert any android apk file into Dalvik. 
For conversion, you need to:

> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github


Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory

Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:

java -Xmx2g -jar soot-trunk.jar soot.Main -w -allow-phantom-refs       -android-jars "D:\sdk\platform" -src-prec apk -output-format dex         -process-dir "C:\apkpath\example.apk"

If you have already set CLASSPATH for jar then type following

>java -Xmx2g soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -output-format dex -process-dir "C:\apkpath\example.apk"


Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.

-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.

-W stands for writing

-allow-phantom-refs creates phantom classes for missing or unprocessed classes

-android-jars leads to path for android sdk or jars to process apks

-src-prec represents the file format you are trying to process

-output-format dex is responsible for converting all the classes from apk into dex format
 
-process-dir shows the path for processing directory or apk located directory



Posted by at No comments:
Labels: , , , , , , , , , , ,

How to Convert any Android apk file into Soot's Intermediate Representation Jimple

How to Convert any Android apk file into Soot's Intermediate Representation Jimple

Lets look at command to convert any android apk file into Jimple. 
For conversion, you need to:

> Download any .apk file
> Download android sdk from android developer site or download android jars
> Download Soot's nightly build version from Soot- Github


Before applied command, you need to know right path for android sdk -platforms directory, .apk file located directory and nightly build version of soot at right directory

Set CLASSPATH of Soot.jar or go to the directory that contains Soot.jar file then type following Command:

> java -Xmx2g -jar soot-trunk.jar soot.Main -w -allow-phantom-refs       -android-jars "D:\sdk\platform" -src-prec apk -f jimple -process-dir "C:\apkpath\example.apk"

If you have already set CLASSPATH for jar then type following

>java -Xmx2g soot.Main -w -allow-phantom-refs -android-jars "D:\sdk\platform" -src-prec apk -f jimple -process-dir "C:\apkpath\example.apk"


Details: -Xmx2g it represents memory of 2GB which is normally sufficient for any apk process.

-jar can be replaced by -cp which means CLASSPATH or it represent command prompt's current directory.

-W stands for writing

-allow-phantom-refs creates phantom classes for missing or unprocessed classes

-android-jars leads to path for android sdk or jars to process apks

-src-prec represents the file format you are trying to process

-f jimple or -f J is responsible for converting all the classes from apk into jimple files
-process-dir shows the path for processing directory or apk located directory




Posted by at 3 comments:
Labels: , , , , , , , , , , , , , , , ,

Creating Control Flow Diagram from Java Class files Using Soot.

Creating Control Flow Diagram from Java Class files Using Soot.

In order to create control flow diagram you need to convert Java class file into dot files by using control flow viewer soot tool. You can get HelloWorld.java file from previous posts(here). Convert it in to class file and type following commands on command prompt inside soot directory where HelloWorld is located:

>Java soot.tools.CFGViewer HelloWorld

And if you do not set classpath then type following inside soot directory where HelloWorld  and soot jars are located:

>Java -cp soot-2.5.0.jar soot.tools.CFGViewer HelloWorld

you will see following if it succeed:


It will create graphical representation of control flow graph of dot file format for each method from the class files. 

Java.lang.String[] Method:

digraph "void main(java.lang.String[])" {
    label="void main(java.lang.String[])";
    node [shape=box];
    "0" [style=filled,fillcolor=gray,label="r0 := @parameter0",];
    "1" [label="$r1 = new HelloWorld",];
    "0"->"1";
    "2" [label="specialinvoke $r1.<init>()",];
    "1"->"2";
    "3" [label="HelloWorld.helloObj = $r1",];
    "2"->"3";
    "4" [label="$r2 = java.lang.System.out",];
    "3"->"4";
    "5" [label="$r3 = HelloWorld.helloObj",];
    "4"->"5";
    "6" [label="$r4 = $r3.printMessage()",];
    "5"->"6";
    "7" [label="$r2.println($r4)",];
    "6"->"7";
    "8" [style=filled,fillcolor=lightgray,label="return",];
    "7"->"8";
}
 

Print Message() Method:

digraph "java.lang.String printMessage()" {
    label="java.lang.String printMessage()";
    node [shape=box];
    "0" [style=filled,fillcolor=gray,label="r0 := @this",];
    "1" [label="$r1 = r0.output",];
    "0"->"1";
    "2" [style=filled,fillcolor=lightgray,label="return $r1",];
    "1"->"2";
}



Posted by at 2 comments:
Labels: , , , , , , , , , , ,

Jimple files Codes - Static Analysis of Android Applications Using Soot

Jimple files Codes

From previous example (Click Here  to view)HelloWorld.Jimple contains located at sootOutput directory following: 

public class HelloWorld extends java.lang.Object
{
    java.lang.String output;
    static HelloWorld helloObj;

    public void <init>()
    {
        HelloWorld r0;

  
      r0 := @this: HelloWorld;
        
specialinvoke r0.<java.lang.Object: void <init>()>();
        
r0.<HelloWorld: java.lang.String output> = "";
        
r0.<HelloWorld: java.lang.String output> = "Hello world";
        
return;
    
}

    public java.lang.String printMessage()
    {
        HelloWorld r0;
        
java.lang.String $r1;

        
r0 := @this: HelloWorld;
        
$r1 = r0.<HelloWorld: java.lang.String output>;
        
return $r1;
    
}

    public static void main(java.lang.String[])
    {
    java.lang.String[] r0;
        
HelloWorld $r1, $r3;
        
java.io.PrintStream $r2;
        
java.lang.String $r4;

        r0 := @parameter0: java.lang.String[];
        
$r1 = new HelloWorld;
        
specialinvoke $r1.<HelloWorld: void <init>()>();
        
<HelloWorld: HelloWorld helloObj> = $r1;
        
$r2 = <java.lang.System: java.io.PrintStream out>;
        
$r3 = <HelloWorld: HelloWorld helloObj>;
        
$r4 = virtualinvoke $r3.<HelloWorld: java.lang.String printMessage()>();
       
virtualinvoke $r2.<java.io.PrintStream: void println(java.lang.String)>($r4);
        
return;
    
}
}

Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday

Converting a java Class file to Soot's Intermediate Representation Jimple.

Converting a java Class file to Soot's Intermediate Representation Jimple.

Lets look at example to convert java files to Jimple. Here, I am using HelloWorld. java and convert it to class by using javac and Now i am converting HelloWorld.Class to Jimple file.

HelloWorld.Java Contains:

public class HelloWorld{
String output="";
static HelloWorld helloObj;
public HelloWorld(){
output ="Hello world";
}
public String printMessage(){
return output;
}
public static void main(String[] args)
{
helloObj = new HelloWorld();
System.out.println(helloObj.printMessage());
}

Before try to convert into jimple file make sure the class file (HelloWorld.Class) is in the same directory as command line or you set the class-path properly.

Now, to convert class file to Jimple type following on your command line:

>Java soot.Main -f J HelloWorld

(J can be replaced by jimple)

>Java soot.Main -f jimple HelloWorld

(if your classpath is not set)
>Java -cp soot-2.5.0.jar soot.Main -f -J HelloWorld

If you got errors Like could not load class file, pool error at Line 31 etc.
 >Java -cp soot-2.5.0.jar soot.Main -f J -allow-phantom-refs HelloWorld

 -allow-phantom-refs : This option will generate phantom class of error codes and command. 
-f : represents the format for output 
-J: represents the jimple format
HelloWorld: Java class file
-cp: Classpath

Normally, in command works as: JAVA [JAVA OPTIONS]  SOOT[SOOT OPTIONS]

For result, go to soot directory where jar files are located, here soot automatically creates sootOutput directory and you can find HelloWorld.jimple file.


Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , , ,

Testing Your Soot Installation

Testing Your Soot Installation

To test your soot installation as command line tools do following:
Open command Prompt and type following if you already set Soot's jar class-path :

Java soot.Main -version

If you haven't set classpath yet go to Soot jar located directory from command and type following

Java -cp soot-2.5.0.jar soot.Main -version

it will show following:



For help type --help instead of -version and it will show all the soot related commands for your help.






Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , ,

Soot Installation Guide - Command Line Tool

Soot Installation Guide

Download

Before you install soot your machine must have properly installed java. To install soot as command line tool you can download latest version of Jar file (Soot.Jar) or nightly build version(Soot-trunk.jar) from here. Latest version includes all other jar files so you don't need to download any other jars.

SET CLASSPATH

Before you are able to use soot you must set the classpath to various java jars and soot jar. To set jars on classpath for Windows users go to: 

Control Panel -> System -> Advance System Setting 
-> Environment Variables -> CLASSPATH


 Find your Java installation folder Normally(C:\Program Files\Java\) and set following jars on classpath :

C:\Program Files\Java\jre7\lib\rt.jar;

 C:\Program Files\Java\jdk1.8.0_25\jre\lib\jce.jar;

 C:\Program Files\Java\jdk1.8.0_25\lib\tools.jar;

 C:\Program Files\Java\jdk1.8.0_25\lib\dt.jar;

 C:\soot\soot-2.5.0.jar (This contains your Soot jar file Directory).

soot jar file directory is not necessary, you can use soot jar file directly to your command line.


Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Static Analysis of Android Applications Using Soot

Soot

Soot has two fundamental uses; it can be used as a stand-alone command line tool or as a Java compiler framework. As a command line tool, Soot can:

1. Disassemble class-files
2. Assemble class-files
3. Optimize class-files
4. Android Apps Analysis
5. Davik bytecode
Posted by at No comments:
Labels: , , , , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)