rasta and some cl

2025-10-19 04:05:54 +02:00 · 2025-10-19 04:05:54 +02:00 · 071a82ea56
commit 071a82ea56
parent 3ffaed4bde
2 changed files with 338 additions and 10 deletions
--- a/slides.typ
+++ b/slides.typ
@ -345,8 +345,17 @@

 #new-section-slide([Tool Reusability])

-#slide[
-  Rasta 1
+#slide(
+  title: [Methodology]
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(100%, get_figure(<fig:rasta-methodo-collection>))
+
+  #v(1em)
+
+  #text(size: 25pt)[22 tools selected, 2 we could not package]
+
  /*
  #stack(dir: ltr,
    scale(40%, reflow: true, get_figure(<tab:rasta-tools>)),
@ -354,23 +363,342 @@
  )*/
 ]

-#slide[
-  Rasta 2
+#slide(
+  title: [Methodology],
+  foreground: place(
+    bottom + left,
+    dx: 88%,
+    dy: -63%,
+  )[
+    #set align(center+horizon)
+    #set text(size: 15pt)
+    62 525 APKs #v(-1.5em) from #v(-1.5em) 2010 to 2023
+  ]
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(90%, get_figure(<fig:rasta-overview>))

+  #text(size: 25pt)[We check if the results *exist* after running a tool]
+]
+
+#slide(
+  title: [Results],
+  foreground: ghost-2(x: 97%, y: 10%)
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(100%, get_figure(<fig:rasta-exit>))
+
+  //#text(size: 25pt)[We check if the results *exist* after running a tool]
+]
+
+#counter("logical-slide").update( n => n - 1 )
+#slide(
+  title: [Results],
+  foreground: {
+    ghost-2(x: 97%, y: 10%)
+
+    let x_0 = 112pt
+    let y_0 = -117pt
+    let w = 21pt
+    let h = 235pt
+    let dx = 33.3
+
+    for i in range(20) {
+      let color = if i in (2, 4, 6, 7, 8, 9, 14, 16, 18, 19) {
+        white.transparentize(100%)
+      } else { 
+        white.transparentize(10%) 
+      }
+      place(
+        bottom + left,
+        dx: x_0 + i*dx*1pt,
+        dy: y_0,
+        rect(
+          width: w, 
+          height: h,
+          //stroke: red,
+          fill: color,
+        )
+      )
+    }
+
+    place(bottom + left, line(
+      start: (x_0 - 20pt, y_0 - h/2),
+      end: (x_0 + dx * 20 * 1pt, y_0 - h/2),
+      stroke: pirat-color.red + 3pt
+    ))
+  }
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(100%, get_figure(<fig:rasta-exit>))
+]
+
+#counter("logical-slide").update( n => n - 1 )
+#slide(
+  title: [Results],
+  foreground: {
+    ghost-2(x: 97%, y: 10%)
+
+    let x_0 = 112pt
+    let y_0 = -117pt
+    let w = 21pt
+    let h = 235pt
+    let dx = 33.3
+
+    for i in range(20) {
+      let color = if i in (3, 10) {
+        white.transparentize(100%)
+      } else { 
+        white.transparentize(10%) 
+      }
+      place(
+        bottom + left,
+        dx: x_0 + i*dx*1pt,
+        dy: y_0,
+        rect(
+          width: w, 
+          height: h,
+          //stroke: red,
+          fill: color,
+        )
+      )
+    }
+
+    place(bottom + left, line(
+      start: (x_0 - 20pt, y_0 - h/2),
+      end: (x_0 + dx * 20 * 1pt, y_0 - h/2),
+      stroke: pirat-color.red + 3pt
+    ))
+  }
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(100%, get_figure(<fig:rasta-exit>))
+]
+
+#slide(
+  title: [Results over Time],
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(150%, get_figure(<fig:rasta-exit-evolution-java>))
+]
+
+#slide(
+  title: [Bytecode Size],
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(120%, get_figure(<fig:rasta-rate-evolution-java-2022>))
+
+  #text(size: 22pt)[Finishing rate as a function of the bytecode size, for APKs discovered in 2022]
+]
+
+#slide(
+  title: [Conclusion]
+)[
+  #set align(center)
+  #item-by-item[
+    - Over 22 tools, 10 are usable (*less than half*)
+    - Newer applications are harder to analyse
+    - Applications with more bytecode are harder to analyse
+    - Applications targetting more recent versions of Android are harder to analyse
+  ]
+]
+
+#slide[
+  #set align(center)
+  #text(size: 22pt)[21st International Conference on Software and Systems Reuse (ICSR 2024)]
+
+  #v(2em)
+
+  #show regex("\[\d+\]"): none
+  #cite(<rasta>, form: "full")
 ]

 #new-section-slide([Class Shadowing])

-#slide[Shadow 1
-
+#slide(
+  title: [Class Loading],
+)[
+  #set align(center)
+  #show: yes-codly
+  #grid(
+    columns: (2fr, 1em, 1fr),
+    scale(70%, reflow: true)[
+      #codly(
+        highlights: (/*
+          (line: 1, start: 0, end: 11, fill: pirat-color.blue),
+          (line: 1, start: 22, end: 43, fill: pirat-color.blue),
+          (line: 3, start: 14, end: 27, fill: pirat-color.blue),
+          (line: 6, start: 32, end: 40, fill: pirat-color.blue),
+        */),
+        ..default-codly
+      )
+      ```java
+      ClassLoader cl = new InMemoryDexClassLoader(
+        ByteBuffer.wrap(Base64.decode(DEX, 2)),
+        Main.class.getClassLoader()
+      );
+  
+      Class<?> loadedClass = this.cl.loadClass(decrypt(className));
+      ```
+    ], [], scale(70%, reflow: true)[
+      #codly(
+        ..default-codly
+      )
+      ```java
+      class A {
+        public static void foo() {
+          B b = new B();
+          b.bar();
+        }
+      }
+      ```
+    ]
+  )
 ]
-#slide[Shadow 2

-]
-#slide[Shadow 3
+#slide(
+  title: [Android Ecosystem]
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #grid(
+    columns: (3fr, 1fr),
+    scale(reflow: true, get_figure(<fig:cl-archisdk>)),
+    [
+      #set align(left)
+      #set text(size: 20pt)
+      #set list(marker: [-])

+      === Types of classes:
+
+      - APK Classes
+      - Platform Classes
+        - SDK Classes
+        - Hidden APIs
+    ]
+  )
+  // TODO: hightlight
 ]

+#slide(
+  title: [Android ClassLoaders]
+)[
+  #set align(center+horizon)
+  #show figure.caption: none
+  #scale(60%, reflow: true, get_figure(<fig:cl-class_loading_classes>))
+]
+
+#slide(
+  title: [MultiDex]
+)[
+  #set align(center + horizon)
+
+  #only(1)[
+    #block(
+      fill: green.lighten(50%),
+      inset: 10pt,
+      radius: 12pt,
+    )[
+      #set align(left+top)
+
+      === `app.apk`
+      #line(length: 30%)
+      ```
+      AndroidManifest.xml
+      resources.arsc
+      META-INF/
+      res/
+      classes.dex
+      ```
+    ]
+  ]
+  #only(2)[
+    #block(
+      fill: green.lighten(50%),
+      inset: 8pt,
+      radius: 8pt,
+    )[
+      #set align(left+top)
+      === `app.apk`
+      #line(length: 50%)
+      #stack(dir: ltr,
+        ```
+        AndroidManifest.xml
+        resources.arsc
+        META-INF/
+        res/
+        classes.dex
+        ```,
+        h(2em),[
+        ```
+        classes2.dex
+        classes3.dex
+        ```
+        ]
+      )
+    ]
+  ]
+  #only(3)[
+    #block(
+      fill: green.lighten(50%),
+      inset: 8pt,
+      radius: 8pt,
+    )[
+      #set align(left+top)
+      === `app.apk`
+      #line(length: 75%)
+      #stack(dir:ltr, 
+        ```
+        AndroidManifest.xml
+        resources.arsc
+        META-INF/
+        res/
+        classes.dex
+        classes2.dex
+        classes3.dex
+        ```, h(2em), 
+        ```
+        classes4.dex
+        classes5.dex
+        classes6.dex
+        classes7.dex
+        classes8.dex
+        classes9.dex
+        classes10.dex
+        ```, h(2em), 
+        ```
+        classes11.dex
+        classes12.dex
+        classes13.dex
+        classes14.dex
+        classes15.dex
+        classes16.dex
+        ...
+        ```
+      )
+    ]
+    #ghost-4(x: 2%, y: 2%, mirror: true)
+  ]
+  
+]
+
+#slide[
+  #set align(center)
+  #text(size: 22pt)[Digital Threats: Research and Practice]
+
+  #v(2em)
+
+  #show regex("\[\d+\]"): none
+  #cite(<classloaderinthemiddle>, form: "full")
+]
+
+
 #new-section-slide([The Application of Theseus])

 #slide[Th 1
--- a/slides/figures.typ
+++ b/slides/figures.typ
@ -6,7 +6,7 @@
  } else if type(body) != content {
    ()
  }else if body.func() == figure {
-    (body,)
+    (body,) + body.fields().values().map(get_figures).flatten()
  } else {
    body.fields().values().map(get_figures).flatten()
  }