add collision resolution

1_introduction/main.typ

@@ -4,3 +4,16 @@
 
 #todo[Write an introduction]
 
+/*
+*
+* De tout temps les hommes on fait des apps android ...
+*
+* Introduire la notion de reverseur qui veux analyser une app
+*
+* Les outils d'analyses android sont problématique: 
+* - résulats trop bons sur des datasets faciles
+* - facile a pieger: shadow attacks
+* - savent pas gerer le chargement dyn et reflection
+*
+* Problématique: todo
+*/

2_background/main.typ

@@ -5,3 +5,18 @@
 #todo[Present field background and related work]
 
 #text(fill: luma(75%), lorem(200))
+
+/*
+* Cours generique sur android
+* présenter apk tool, jadx, androguard et flowdroid
+* analyse statique
+* outils avec des datasets un peu trop gentils
+*
+* analyse dynamique
+*
+* process du reverseur
+*
+* Garder les détails du class loading et de la reflection pour les chapitres associés?
+*
+* Analyse dynamique
+*/

5_theseus/1_static_transformation.typ

@@ -1,5 +1,11 @@
 #import "../lib.typ": todo, APK, DEX, JAR, OAT, eg
 
+/*
+* Parler de dex lego et du papier qui encode les resultats d'anger en jimple
+*
+*
+*/
+
 == Code Transformation <sec:th-trans>
 
 #todo[Define code loading and reflection somewhere]
@@ -129,8 +135,6 @@ In those cases, the parameters could be used directly whithout the detour inside
 
 === Code loading <sec:th-trans-cl>
 
-#todo[custom class loaders]
-
 An application can dynamically import code from several format like #DEX, #APK, #JAR or #OAT, either stored in memory or in a file.
 Because it is an internal, platform dependant format, we elected to ignore the #OAT format.
 Practically, #JAR and #APK files are zip files containing #DEX files.
@@ -148,6 +152,24 @@ Specifically, to call dynamically loaded code, an application needs to use refle
 
 === Class Collisions <sec:th-class-collision>
 
+We saw in @sec:cl-obfuscation that having several classes with the same name in the same application can be problematic.
+In @sec:th-trans-cl, we are adding code from another source.
+By doing so, we augment the probability of having class collisions. 
+When loaded dynamically, the classes are in a different classloader, and the class resolution is resolved at runtime like we saw in @sec:cl-loading.
+We decided to restrain our scope to the use of class loader from the Android SDK.
+In the abscence of class collision, those class loader behave seamlessly and adding the classes to application maintains the behavior.
+
+When we detect a collision, we rename one of the classes colliding before injecting it to the application.
+To avoid breaking the application, we then need to rename all references to this specific class, an be carefull not to modify references to the other class.
+To do so, we regroup each classes by the classloaders defining them, then, for each colliding class name and each classloader, we check the actual class used by the classloader.
+If the class has been renamed, we rename all reference to this class in the classes defined by this classloader.
+To find the class used by a classloader, we reproduce the behavior of the different classloaders of the Android SDK.
+This is an important step: remember that the delegation process can lead to situation where the class defined by a classloader is not the class that will be loaded when querying the classloader.
+
+#todo[renamin algo]
+
 === Pitfalls
 
 #todo[interupting try blocks: catch block might expect temporary registers to still stored the saved value]
+#todo[diferenciating the classloaders]
+#todo[changing classloader with class collision]