these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

feedbacks
All checks were successful
/ test_checkout (push) Successful in 1m50s
Details

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-10-27 22:36:39 +01:00
parent d63b6a6f53
commit 1b461338b7
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
2 changed files with 82 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

96
slides.typ
View file

@ -17,6 +17,8 @@
) )
#codly-disable() #codly-disable()
#let analyse-apk = move(dx: -50pt, image("slides/imgs/apk-analysis.svg", width: 300pt))
#set text(lang: "en") #set text(lang: "en")
#set list(marker: none) #set list(marker: none)
#set par(leading: 0.2em) #set par(leading: 0.2em)
@ -148,6 +150,10 @@
- *Dynamic Code Loading* - *Dynamic Code Loading*
- *Reflection* - *Reflection*
/*
* Low effort yet efficiant, commonly found
*/
] ]
] ]
@ -263,6 +269,15 @@
) )
] ]
#slide(
title: [Analysis Methods],
foreground: eye-3(x: 3%, y: 5%)
)[
#set align(center+horizon)
#analyse-apk
]
#counter("logical-slide").update( n => n - 1 )
#slide( #slide(
foreground: ghost-5(x: 10%, y: 7%) foreground: ghost-5(x: 10%, y: 7%)
)[ )[
@ -296,19 +311,42 @@
] ]
#slide( #slide(
title: [Analysing Applications: Which Tools?], title: [Which Tools?],
foreground: eye-3(x: 3%, y: 5%) foreground: eye-3(x: 3%, y: 5%)
)[ )[
#set align(center+horizon) #set align(center+horizon)
#move(dx: -50pt, image("slides/imgs/apk-analysis.svg", width: 300pt)) #analyse-apk
]
#counter("logical-slide").update( n => n - 1 )
#slide(
title: [Which Tools are Working?],
foreground: eye-3(x: 3%, y: 5%)
)[
#set align(center+horizon)
#analyse-apk
] ]
#slide( #slide(
title: [Problem Statement 1], title: [Problem Statement 1],
)[ )[
#item-by-item[
- Which tool to use?
- Are they easy to install?
- Are they working?
]
#highlight-block(pb1-text) #highlight-block(pb1-text)
] ]
#slide(
title: [How does Class Loading works?],
foreground: eye-3(x: 3%, y: 5%)
)[
#set align(center+horizon)
#analyse-apk
]
#counter("logical-slide").update( n => n - 1 )
#slide( #slide(
title: [Class Loading], title: [Class Loading],
)[ )[
@ -362,15 +400,17 @@
- Doubious documentation - Doubious documentation
- Not studied in the context of Android Static Analysis - Not studied in the context of Android Static Analysis
] ]
]
#counter("logical-slide").update( n => n - 1 )
#slide(
title: [Problem Statement 3],
)[
#highlight-block(pb2-text) #highlight-block(pb2-text)
] ]
#slide(
title: [Can we Deobfuscate?],
foreground: eye-3(x: 3%, y: 5%)
)[
#set align(center+horizon)
#analyse-apk
]
#counter("logical-slide").update( n => n - 1 )
#slide( #slide(
title: [Deobuscation], title: [Deobuscation],
)[ )[
@ -394,10 +434,16 @@
) )
] ]
#counter("logical-slide").update( n => n - 1 ) //#counter("logical-slide").update( n => n - 1 )
#slide( #slide(
title: [Problem Statement 3], title: [Problem Statement 3],
)[ )[
#item-by-item[
- Dynamic analysis is good against DCL and reflection
- Dynamic analysis is limited by code coverage
- Static analysis is not
- How to use existing tools without modifying them?
]
#highlight-block(pb3-text) #highlight-block(pb3-text)
] ]
@ -448,14 +494,14 @@
title: [State of the Art], title: [State of the Art],
)[ )[
#set list(spacing: 0.5em) #set list(spacing: 0.5em)
Li #etal: Li #etal (2017):
#v(0pt) #v(0pt)
#item-by-item[ #item-by-item[
- Systematic literature review for Android static analysis - Systematic literature review for Android static analysis
- Lists open-sourced tools - Lists open-sourced tools
- Does not test the tools - Does not test the tools
] ]
#uncover("4-")[Reaves #etal:] #uncover("4-")[Reaves #etal (2016):]
#v(0pt) #v(0pt)
#item-by-item(start: 4)[ #item-by-item(start: 4)[
- Tests 7 Android analysis tools - Tests 7 Android analysis tools
@ -517,10 +563,11 @@
ghost-2(x: 97%, y: 10%) ghost-2(x: 97%, y: 10%)
let x_0 = 112pt let x_0 = 112pt
let y_0 = -117pt let y_0 = -116pt
let w = 21pt let w = 21pt
let h = 235pt let h = 236pt
let dx = 33.3 let dx = 33.3
let h_legend = 60pt
for i in range(20) { for i in range(20) {
let color = if i in (2, 4, 6, 7, 8, 9, 14, 16, 18, 19) { let color = if i in (2, 4, 6, 7, 8, 9, 14, 16, 18, 19) {
@ -528,6 +575,24 @@
} else { } else {
white.transparentize(10%) white.transparentize(10%)
} }
if i == 1 {
place(
bottom + left,
dx: x_0 + i*dx*1pt + w/2,
dy: y_0,
rect(
width: w/2,
height: h_legend,
//stroke: red,
fill: color,
)
)
}
let (y_0, h) = if i in (0, 1) {
(y_0 - h_legend, h - h_legend)
} else {
(y_0, h)
}
place( place(
bottom + left, bottom + left,
dx: x_0 + i*dx*1pt, dx: x_0 + i*dx*1pt,
@ -626,6 +691,7 @@
- Newer applications are harder to analyse - Newer applications are harder to analyse
- Applications with more bytecode are harder to analyse - Applications with more bytecode are harder to analyse
- Applications targetting more recent versions of Android are harder to analyse - Applications targetting more recent versions of Android are harder to analyse
- Confirms and extends Reaves #etal
] ]
#v(1fr) #v(1fr)
#align(center, text(fill: pirat-color.blue.darken(30%))[International Conference on Software and Systems Reuse (ICSR 2024)]) #align(center, text(fill: pirat-color.blue.darken(30%))[International Conference on Software and Systems Reuse (ICSR 2024)])
@ -681,8 +747,8 @@
)[ )[
#set list(spacing: 3em) #set list(spacing: 3em)
#item-by-item[ #item-by-item[
- Previous contributions focus on Java runtime - Previous contributions focus on Java runtime (#eg Gong 1998)
- Android related contributions focus on Dynamic Code Loading - Android related contributions focus on Dynamic Code Loading (#eg Zhang #etal 2015)
] ]
] ]

1
slides/lib.typ
View file

@ -22,6 +22,7 @@ pirat-color.red,
) )
#let etal = [_et al._] #let etal = [_et al._]
#let eg = [_e.g._]
#let highlight-block(body) = { #let highlight-block(body) = {
set text(fill: white) set text(fill: white)