| android_class_shadowing_scanner | ||
| data | ||
| .gitattributes | ||
| .gitignore | ||
| check_smali.sh | ||
| datamine.sh | ||
| digest.sh | ||
| LICENSE.txt | ||
| poetry.lock | ||
| pyproject.toml | ||
| README.md | ||
| scan.sh | ||
| setup.sh | ||
Android class shadowing scanner
Detect if an Android application is in a situation that may lead to class spoofing.
This is the code used to survey in-the-wild applications in chapter 4 of the thesis 'The Woes of Android Reverse Engineering: from Large Scale Analysis to Dynamic Deobfuscation', by Jean-Marie Mineau.
Dependencies
You need apktool to compare the smali bytecode of the applications.
Put apktool.jar in the same folder as run.sh.
To run apktool, you also need java installed (openjdk version "17.0.17" shoud work).
You need an androzoo API key and latest_with-added-date.csv.gz.
Put it in ./ZOO_KEY, in the same folder as run.sh.
You need
You need python3 installed (3.13 should work).
Running the Experiment
The experiment run in 4 steps.
The first one is run with bash scan.sh which download the applications from androzoo and check the classes definitions for shadowing.
Make sure to wait for the 20 workers to finish before running the next steps. This can take some time.
The next step is run with bash digest.sh, it will store the result in a sqlite database.
The next step is run with bash check_smali.sh, it will analyze the smali of the shadowing/shadowed methods in the applications that have them. Make sure to wait for all the workers to finish before running the next steps. This can take some time.
The last step analyze the results and is run with bash datamine.sh.
In the end, the data used in chapter 4 of the thesis is stored in app-2023.out/out_data/
File Location
The default location of files can be changed by edition the variable in setup.sh (make sur the variable are the same time you run a script, e.g. avoid mktemp in setup.sh).