clean up

README.md

@@ -1,3 +1,37 @@
 # Android class shadowing scanner
 
 Detect if an Android application is in a situation that may lead to class spoofing.
+
+This is the code used to survey in-the-wild applications in chapter 4 of the thesis 'The Woes of Android Reverse Engineering: from Large Scale Analysis to Dynamic Deobfuscation', by Jean-Marie Mineau.
+
+## Dependencies
+
+You need [apktool](https://github.com/iBotPeaches/Apktool/commits/main/) to compare the smali bytecode of the applications.
+Put `apktool.jar` in the same folder as `run.sh`.
+To run apktool, you also need java installed (`openjdk version "17.0.17"` shoud work).
+
+You need an [androzoo](https://androzoo.uni.lu/) API key and [latest_with-added-date.csv.gz](https://androzoo.uni.lu/static/lists/latest_with-added-date.csv.gz).
+Put it in `./ZOO_KEY`, in the same folder as `run.sh`.
+
+You need 
+
+You need `python3` installed (`3.13` should work).
+
+## Running the Experiment
+
+The experiment run in 4 steps.
+
+The first one is run with `bash scan.sh` which download the applications from androzoo and check the classes definitions for shadowing.
+Make sure to wait for the 20 workers to finish before running the next steps. This can take some time.
+
+The next step is run with `bash digest.sh`, it will store the result in a sqlite database.
+
+The next step is run with `bash check_smali.sh`, it will analyze the smali of the shadowing/shadowed methods in the applications that have them. Make sure to wait for all the workers to finish before running the next steps. This can take some time.
+
+The last step analyze the results and is run with `bash datamine.sh`.
+
+In the end, the data used in chapter 4 of the thesis is stored in `app-2023.out/out_data/`
+
+## File Location
+
+The default location of files can be changed by edition the variable in `setup.sh` (make sur the variable are the same time you run a script, e.g. avoid `mktemp` in `setup.sh`).