From dddbcd17b701db3fd02305ee6c8e9b9357d92da0 Mon Sep 17 00:00:00 2001 From: Jean-Marie 'Histausse' Mineau Date: Wed, 17 Sep 2025 00:30:34 +0200 Subject: [PATCH] new tab wip --- 5_theseus/4_results.typ | 20 +++++++++++++++++++- 5_theseus/X_var.typ | 14 ++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/5_theseus/4_results.typ b/5_theseus/4_results.typ index 3b05af2..ed688bf 100644 --- a/5_theseus/4_results.typ +++ b/5_theseus/4_results.typ @@ -106,7 +106,7 @@ The remaining #num(nb_bytecode_collected - nb_google - nb_appsflyer - nb_faceboo caption: [Most common dynamically loaded files] ) -=== Impact on Analysis Tools Finishing Rate +=== Impact on Analysis Tools Unfortunately, our implementation of the transformation is imperfect and does fails some time. Over the #num(dyn_res.all.nb - dyn_res.all.nb_failed), #num(nb_patched) were patched. @@ -134,6 +134,24 @@ We run the tools on the #APK before and after patching, and compared the finishi #jfl-note[Combien d'app tranforme? on parle des 888? on fait les 2 tranformation sur chaque apk? ca reussit tout le temps?] +#todo[Finish @tab:th-compare-cg] +#figure({ + let nb_col = 3 + table( + columns: (2fr, 2fr, 1fr), + table.header( + //[SHA 256], [Original CG edges], [New CG edges], [Edges added], [Reflection edges added], + [SHA 256], [CG Edges added], [Reflection edges added], + ), + ..compared_callgraph.map( + //(e) => ([#lower(e.sha256).slice(0, 10)...], num(e.edges_before), num(e.edges_after), num(e.added), num(e.added_ref_only)) + (e) => ([#lower(e.sha256).slice(0, 10)...], [#num(e.added) #h(.5em) #text(fill: luma(75))[(#num(e.edges_after) - #num(e.edges_before))]], num(e.added_ref_only)) + ).flatten(), + [#lower("5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE").slice(0, 10)...], table.cell(colspan: nb_col - 1)[Instrumentation Crached] + )}, + caption: [] +) + === Example We use on our approach on a small #APK. diff --git a/5_theseus/X_var.typ b/5_theseus/X_var.typ index 54ac6e7..41c877b 100644 --- a/5_theseus/X_var.typ +++ b/5_theseus/X_var.typ @@ -100,6 +100,20 @@ (1, "0a446677e3eb0e015827f3d2d67df23ed9042e436bb5bab5cc9fae961e20600f", "", DEX), ) +#let compared_callgraph = csv( + bytes("sha256,edges_before,edges_after,added,added_ref_only +0019D7FB6ADDA0619C0BEFC8DE53E2E59139B3BC0DE62E30BB0E2AB5B2C6D79D,641,60170,59529,1 +274B677449ACB313396C833475183E384D69C611F5FCA0DFCA4E415FB057C012,537613,540674,3061,26 +34599C24994658C0FE3D40A67E655584AF657408C803595B771DCAC58A6A7F02,336740,339616,2876,29 +35065C683441E62C59C0DA0D86E6793256E33E54834E22AD0F70F44C99419E2F,343245,346694,3449,26 +E7B2FB02FF14706D989BE662CEE89954FD49CFBAB3CEEE449CD215188EECA433,464642,465389,747,91 +EFECECC03CBD7EE7B73F80CCB2ABD6A5F59C7E33150D336AD7BF8601CFB9A4EF,243647,243925,278,23 +F34CE1E7A81F935A5BB2D0B2B3FE81E62C1C8B906C92253C9CA467DA9BB3C9D1,704095,706576,2481,28 +"), +// 5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE,,,, + row-type: dictionary +) + // #let nb_bytecode_collected = 640 #let nb_bytecode_collected = bytecode_hashes.map((e) => e.at(0)).sum() #let nb_google = bytecode_hashes.filter((e) => "google" in e.at(2)).map((e) => e.at(0)).sum()