diff --git a/0_preamble/acknowledgements.typ b/0_preamble/acknowledgements.typ index c1c650d..9beaac2 100644 --- a/0_preamble/acknowledgements.typ +++ b/0_preamble/acknowledgements.typ @@ -4,4 +4,4 @@ #todo[Acknowledge people] -#text(fill: luma(75%), lorem(400)) +#lorem(400) diff --git a/0_preamble/french_summary.typ b/0_preamble/french_summary.typ index 4f9ada1..4231b44 100644 --- a/0_preamble/french_summary.typ +++ b/0_preamble/french_summary.typ @@ -9,7 +9,7 @@ Write a "Substantial Summary" in french, at least 4 pages: https://ed-matisse.doctorat-bretagne.fr/fr/soutenance-de-these#p-151 ] -#text(fill: luma(75%), lorem(200)) +#lorem(200) /* * Vocabulaire: diff --git a/1_introduction/main.typ b/1_introduction/main.typ index 0b45ff9..bbb0783 100644 --- a/1_introduction/main.typ +++ b/1_introduction/main.typ @@ -4,16 +4,3 @@ #todo[Write an introduction] -/* -* -* De tout temps les hommes on fait des apps android ... -* -* Introduire la notion de reverseur qui veux analyser une app -* -* Les outils d'analyses android sont problématique: -* - résulats trop bons sur des datasets faciles -* - facile a pieger: shadow attacks -* - savent pas gerer le chargement dyn et reflection -* -* Problématique: todo -*/ diff --git a/2_background/main.typ b/2_background/main.typ index 1442111..063241d 100644 --- a/2_background/main.typ +++ b/2_background/main.typ @@ -2,21 +2,6 @@ = Background -#todo[Present field background and related work] +#todo[Present your field background] -#text(fill: luma(75%), lorem(200)) - -/* -* Cours generique sur android -* présenter apk tool, jadx, androguard et flowdroid -* analyse statique -* outils avec des datasets un peu trop gentils -* -* analyse dynamique -* -* process du reverseur -* -* Garder les détails du class loading et de la reflection pour les chapitres associés? -* -* Analyse dynamique -*/ +#lorem(200) diff --git a/3_related_work/main.typ b/3_related_work/main.typ new file mode 100644 index 0000000..1ddb4c3 --- /dev/null +++ b/3_related_work/main.typ @@ -0,0 +1,7 @@ +#import "../lib.typ": todo + += Related Work + +#todo[Do the State of the Art] + +#lorem(200) diff --git a/3_rasta/0_intro.typ b/4_rasta/0_intro.typ similarity index 100% rename from 3_rasta/0_intro.typ rename to 4_rasta/0_intro.typ diff --git a/3_rasta/1_related_work.typ b/4_rasta/1_related_work.typ similarity index 100% rename from 3_rasta/1_related_work.typ rename to 4_rasta/1_related_work.typ diff --git a/3_rasta/2_methodology.typ b/4_rasta/2_methodology.typ similarity index 100% rename from 3_rasta/2_methodology.typ rename to 4_rasta/2_methodology.typ diff --git a/3_rasta/3_experiments.typ b/4_rasta/3_experiments.typ similarity index 100% rename from 3_rasta/3_experiments.typ rename to 4_rasta/3_experiments.typ diff --git a/3_rasta/4_discussion.typ b/4_rasta/4_discussion.typ similarity index 100% rename from 3_rasta/4_discussion.typ rename to 4_rasta/4_discussion.typ diff --git a/3_rasta/5_conclusion.typ b/4_rasta/5_conclusion.typ similarity index 100% rename from 3_rasta/5_conclusion.typ rename to 4_rasta/5_conclusion.typ diff --git a/3_rasta/X_lib.typ b/4_rasta/X_lib.typ similarity index 100% rename from 3_rasta/X_lib.typ rename to 4_rasta/X_lib.typ diff --git a/3_rasta/X_var.typ b/4_rasta/X_var.typ similarity index 100% rename from 3_rasta/X_var.typ rename to 4_rasta/X_var.typ diff --git a/3_rasta/data/average_mem-final.csv b/4_rasta/data/average_mem-final.csv similarity index 100% rename from 3_rasta/data/average_mem-final.csv rename to 4_rasta/data/average_mem-final.csv diff --git a/3_rasta/data/average_number_of_error_by_exec.csv b/4_rasta/data/average_number_of_error_by_exec.csv similarity index 100% rename from 3_rasta/data/average_number_of_error_by_exec.csv rename to 4_rasta/data/average_number_of_error_by_exec.csv diff --git a/3_rasta/data/average_time-final.csv b/4_rasta/data/average_time-final.csv similarity index 100% rename from 3_rasta/data/average_time-final.csv rename to 4_rasta/data/average_time-final.csv diff --git a/3_rasta/data/data-final.csv b/4_rasta/data/data-final.csv similarity index 100% rename from 3_rasta/data/data-final.csv rename to 4_rasta/data/data-final.csv diff --git a/3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg b/4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg diff --git a/3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg b/4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg diff --git a/3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg b/4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg diff --git a/3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg b/4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-bytecode-size-of-apks-detected-in-2022.svg diff --git a/3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg b/4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-discovery-year-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg diff --git a/3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg b/4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg similarity index 100% rename from 3_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg rename to 4_rasta/figs/decorelation/finishing-rate-of-non-java-based-tool-by-min-sdk-of-apks-with-a-bytecode-size-between-4-08-mb-and-5-2-mb.svg diff --git a/3_rasta/figs/exit-status-for-the-drebin-dataset.svg b/4_rasta/figs/exit-status-for-the-drebin-dataset.svg similarity index 100% rename from 3_rasta/figs/exit-status-for-the-drebin-dataset.svg rename to 4_rasta/figs/exit-status-for-the-drebin-dataset.svg diff --git a/3_rasta/figs/exit-status-for-the-rasta-dataset-goodware-malware.svg b/4_rasta/figs/exit-status-for-the-rasta-dataset-goodware-malware.svg similarity index 100% rename from 3_rasta/figs/exit-status-for-the-rasta-dataset-goodware-malware.svg rename to 4_rasta/figs/exit-status-for-the-rasta-dataset-goodware-malware.svg diff --git a/3_rasta/figs/exit-status-for-the-rasta-dataset.svg b/4_rasta/figs/exit-status-for-the-rasta-dataset.svg similarity index 100% rename from 3_rasta/figs/exit-status-for-the-rasta-dataset.svg rename to 4_rasta/figs/exit-status-for-the-rasta-dataset.svg diff --git a/3_rasta/figs/finishing-rate-by-year-of-java-based-tools.svg b/4_rasta/figs/finishing-rate-by-year-of-java-based-tools.svg similarity index 100% rename from 3_rasta/figs/finishing-rate-by-year-of-java-based-tools.svg rename to 4_rasta/figs/finishing-rate-by-year-of-java-based-tools.svg diff --git a/3_rasta/figs/finishing-rate-by-year-of-non-java-based-tools.svg b/4_rasta/figs/finishing-rate-by-year-of-non-java-based-tools.svg similarity index 100% rename from 3_rasta/figs/finishing-rate-by-year-of-non-java-based-tools.svg rename to 4_rasta/figs/finishing-rate-by-year-of-non-java-based-tools.svg diff --git a/3_rasta/figs/repartition-of-error-types-among-tools.svg b/4_rasta/figs/repartition-of-error-types-among-tools.svg similarity index 100% rename from 3_rasta/figs/repartition-of-error-types-among-tools.svg rename to 4_rasta/figs/repartition-of-error-types-among-tools.svg diff --git a/3_rasta/figs/running.svg b/4_rasta/figs/running.svg similarity index 100% rename from 3_rasta/figs/running.svg rename to 4_rasta/figs/running.svg diff --git a/3_rasta/main.typ b/4_rasta/main.typ similarity index 100% rename from 3_rasta/main.typ rename to 4_rasta/main.typ diff --git a/4_class_loader/0_intro.typ b/5_class_loader/0_intro.typ similarity index 100% rename from 4_class_loader/0_intro.typ rename to 5_class_loader/0_intro.typ diff --git a/4_class_loader/1_related_work.typ b/5_class_loader/1_related_work.typ similarity index 100% rename from 4_class_loader/1_related_work.typ rename to 5_class_loader/1_related_work.typ diff --git a/4_class_loader/2_classloading.typ b/5_class_loader/2_classloading.typ similarity index 100% rename from 4_class_loader/2_classloading.typ rename to 5_class_loader/2_classloading.typ diff --git a/4_class_loader/3_obfuscation.typ b/5_class_loader/3_obfuscation.typ similarity index 100% rename from 4_class_loader/3_obfuscation.typ rename to 5_class_loader/3_obfuscation.typ diff --git a/4_class_loader/4_in_the_wild.typ b/5_class_loader/4_in_the_wild.typ similarity index 100% rename from 4_class_loader/4_in_the_wild.typ rename to 5_class_loader/4_in_the_wild.typ diff --git a/4_class_loader/5_ttv.typ b/5_class_loader/5_ttv.typ similarity index 100% rename from 4_class_loader/5_ttv.typ rename to 5_class_loader/5_ttv.typ diff --git a/4_class_loader/6_conclusion.typ b/5_class_loader/6_conclusion.typ similarity index 100% rename from 4_class_loader/6_conclusion.typ rename to 5_class_loader/6_conclusion.typ diff --git a/4_class_loader/X_var.typ b/5_class_loader/X_var.typ similarity index 100% rename from 4_class_loader/X_var.typ rename to 5_class_loader/X_var.typ diff --git a/4_class_loader/data/redef_sdk_16.csv b/5_class_loader/data/redef_sdk_16.csv similarity index 100% rename from 4_class_loader/data/redef_sdk_16.csv rename to 5_class_loader/data/redef_sdk_16.csv diff --git a/4_class_loader/data/redef_sdk_7minus.csv b/5_class_loader/data/redef_sdk_7minus.csv similarity index 100% rename from 4_class_loader/data/redef_sdk_7minus.csv rename to 5_class_loader/data/redef_sdk_7minus.csv diff --git a/4_class_loader/data/redef_sdk_8.csv b/5_class_loader/data/redef_sdk_8.csv similarity index 100% rename from 4_class_loader/data/redef_sdk_8.csv rename to 5_class_loader/data/redef_sdk_8.csv diff --git a/4_class_loader/data/results_50k.csv b/5_class_loader/data/results_50k.csv similarity index 100% rename from 4_class_loader/data/results_50k.csv rename to 5_class_loader/data/results_50k.csv diff --git a/4_class_loader/data/results_only.csv b/5_class_loader/data/results_only.csv similarity index 100% rename from 4_class_loader/data/results_only.csv rename to 5_class_loader/data/results_only.csv diff --git a/4_class_loader/figs/architecture_SDK-crop.svg b/5_class_loader/figs/architecture_SDK-crop.svg similarity index 100% rename from 4_class_loader/figs/architecture_SDK-crop.svg rename to 5_class_loader/figs/architecture_SDK-crop.svg diff --git a/4_class_loader/figs/call_graph_expected.svg b/5_class_loader/figs/call_graph_expected.svg similarity index 100% rename from 4_class_loader/figs/call_graph_expected.svg rename to 5_class_loader/figs/call_graph_expected.svg diff --git a/4_class_loader/figs/call_graph_obf.svg b/5_class_loader/figs/call_graph_obf.svg similarity index 100% rename from 4_class_loader/figs/call_graph_obf.svg rename to 5_class_loader/figs/call_graph_obf.svg diff --git a/4_class_loader/figs/classloaders-crop.svg b/5_class_loader/figs/classloaders-crop.svg similarity index 100% rename from 4_class_loader/figs/classloaders-crop.svg rename to 5_class_loader/figs/classloaders-crop.svg diff --git a/4_class_loader/figs/redef_sdk_relative_min_sdk.svg b/5_class_loader/figs/redef_sdk_relative_min_sdk.svg similarity index 100% rename from 4_class_loader/figs/redef_sdk_relative_min_sdk.svg rename to 5_class_loader/figs/redef_sdk_relative_min_sdk.svg diff --git a/4_class_loader/main.typ b/5_class_loader/main.typ similarity index 100% rename from 4_class_loader/main.typ rename to 5_class_loader/main.typ diff --git a/5_theseus/1_static_transformation.typ b/6_theseus/1_static_transformation.typ similarity index 84% rename from 5_theseus/1_static_transformation.typ rename to 6_theseus/1_static_transformation.typ index 1e3e001..911fffe 100644 --- a/5_theseus/1_static_transformation.typ +++ b/6_theseus/1_static_transformation.typ @@ -1,11 +1,5 @@ #import "../lib.typ": todo, APK, DEX, JAR, OAT, eg -/* -* Parler de dex lego et du papier qui encode les resultats d'anger en jimple -* -* -*/ - == Code Transformation #todo[Define code loading and reflection somewhere] @@ -135,6 +129,8 @@ In those cases, the parameters could be used directly whithout the detour inside === Code loading +#todo[custom class loaders] + An application can dynamically import code from several format like #DEX, #APK, #JAR or #OAT, either stored in memory or in a file. Because it is an internal, platform dependant format, we elected to ignore the #OAT format. Practically, #JAR and #APK files are zip files containing #DEX files. @@ -152,24 +148,6 @@ Specifically, to call dynamically loaded code, an application needs to use refle === Class Collisions -We saw in @sec:cl-obfuscation that having several classes with the same name in the same application can be problematic. -In @sec:th-trans-cl, we are adding code from another source. -By doing so, we augment the probability of having class collisions. -When loaded dynamically, the classes are in a different classloader, and the class resolution is resolved at runtime like we saw in @sec:cl-loading. -We decided to restrain our scope to the use of class loader from the Android SDK. -In the abscence of class collision, those class loader behave seamlessly and adding the classes to application maintains the behavior. - -When we detect a collision, we rename one of the classes colliding before injecting it to the application. -To avoid breaking the application, we then need to rename all references to this specific class, an be carefull not to modify references to the other class. -To do so, we regroup each classes by the classloaders defining them, then, for each colliding class name and each classloader, we check the actual class used by the classloader. -If the class has been renamed, we rename all reference to this class in the classes defined by this classloader. -To find the class used by a classloader, we reproduce the behavior of the different classloaders of the Android SDK. -This is an important step: remember that the delegation process can lead to situation where the class defined by a classloader is not the class that will be loaded when querying the classloader. - -#todo[renamin algo] - === Pitfalls #todo[interupting try blocks: catch block might expect temporary registers to still stored the saved value] -#todo[diferenciating the classloaders] -#todo[changing classloader with class collision] diff --git a/5_theseus/3_results.typ b/6_theseus/3_results.typ similarity index 100% rename from 5_theseus/3_results.typ rename to 6_theseus/3_results.typ diff --git a/5_theseus/4_ttv.typ b/6_theseus/4_ttv.typ similarity index 100% rename from 5_theseus/4_ttv.typ rename to 6_theseus/4_ttv.typ diff --git a/5_theseus/main.typ b/6_theseus/main.typ similarity index 100% rename from 5_theseus/main.typ rename to 6_theseus/main.typ diff --git a/abstract.typ b/abstract.typ index ed4ae95..7b4ca40 100644 --- a/abstract.typ +++ b/abstract.typ @@ -4,6 +4,6 @@ #let keywords-fr = ("Android", "analyse de maliciels", "analyse statique", "chargement de classe", "brouillage de code") -#let abstract-en = text(fill: luma(75%), lorem(175)) +#let abstract-en = lorem(175) -#let abstract-fr = text(fill: luma(75%), lorem(175)) +#let abstract-fr = lorem(175) diff --git a/main.typ b/main.typ index 7fab6ce..15641e0 100644 --- a/main.typ +++ b/main.typ @@ -13,19 +13,6 @@ } else { true } -#let paper_draft = if "paper" in sys.inputs { - assert( - sys.inputs.paper == "true" or sys.inputs.paper == "false", - message: "If --input paper= is set, must be 'true', or 'false'" - ) - assert( - draft, - message: "paper can only be set if --input draft=true is set" - ) - sys.inputs.draft == "true" -} else { - false -} #show: matisse-thesis.with( title-fr: todo[Find a title], @@ -82,23 +69,17 @@ #counter(page).update(1) -// Augment interline when compiling to paper draft -#show par: set par(leading: 1.5em) if paper_draft -#show par: set par(spacing: 1.5em) if paper_draft -// Keep interline in table -#show table: set par(leading: 0.65em) if paper_draft - - #include("1_introduction/main.typ") #include("2_background/main.typ") -#include("3_rasta/main.typ") -#include("4_class_loader/main.typ") -#include("5_theseus/main.typ") +#include("3_related_work/main.typ") +#include("4_rasta/main.typ") +#include("5_class_loader/main.typ") +#include("6_theseus/main.typ") = Conclusion #todo[Conclude] -#text(fill: luma(75%), lorem(500)) +#lorem(500) #bibliography("bibliography.bib")