This commit is contained in:
Jean-Marie Mineau
parent
1d55be1853
commit
7371f454a9
GPG key ID:
B66AEEDA9B645AD2
2 changed files with 102 additions and 93 deletions
|
|
@ -141,17 +141,21 @@ We run the tools on the #APK before and after patching, and compared the finishi
|
|||
let nb_col = 3
|
||||
table(
|
||||
columns: (2fr, 2fr, 1fr),
|
||||
align: center+horizon,
|
||||
stroke: none,
|
||||
table.header(
|
||||
//[SHA 256], [Original CG edges], [New CG edges], [Edges added], [Reflection edges added],
|
||||
[SHA 256], [CG Edges added], [Reflection edges added],
|
||||
),
|
||||
table.hline(),
|
||||
..compared_callgraph.map(
|
||||
//(e) => ([#lower(e.sha256).slice(0, 10)...], num(e.edges_before), num(e.edges_after), num(e.added), num(e.added_ref_only))
|
||||
(e) => ([#lower(e.sha256).slice(0, 10)...], [#num(e.added) #h(.5em) #text(fill: luma(75))[(#num(e.edges_after) - #num(e.edges_before))]], num(e.added_ref_only))
|
||||
).flatten(),
|
||||
[#lower("5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE").slice(0, 10)...], table.cell(colspan: nb_col - 1)[Instrumentation Crached]
|
||||
[#lower("5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE").slice(0, 10)...], table.cell(colspan: nb_col - 1)[_Instrumentation Crached_],
|
||||
table.hline(),
|
||||
)},
|
||||
caption: []
|
||||
caption: [Edges added to the call graphes computed by Androguard by instrumenting the applications]
|
||||
) <tab:th-compare-cg>
|
||||
|
||||
=== Example
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ strict digraph "" {
|
|||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"MainActivity-><init>()V" -> "Activity-><init>()V";
|
||||
#"MainActivity->onCreate(Bundle)V" [accessflags=protected,
|
||||
# classname="MainActivity",
|
||||
# descriptor="(Bundle)V",
|
||||
|
|
@ -23,78 +22,32 @@ strict digraph "" {
|
|||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=main];
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Main->main()V";
|
||||
#"Activity->onCreate(Bundle)V" [classname="Activity",
|
||||
# descriptor="(Bundle)V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=onCreate];
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Activity->onCreate(Bundle)V";
|
||||
#"Main-><init>(Activity)V" [accessflags="public constructor",
|
||||
# classname="Main",
|
||||
# descriptor="(Activity)V",
|
||||
# entrypoint=False,
|
||||
# external=False,
|
||||
# methodname="<init>"];
|
||||
#"MainActivity->onCreate(Bundle)V" -> #"Main-><init>(Activity)V";
|
||||
#"Log->i(String String Throwable)I" [classname="Log",
|
||||
# descriptor="(String String Throwable)I",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=i];
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Log->i(String String Throwable)I";
|
||||
"Main->decrypt(String)String" [accessflags=public,
|
||||
classname="Main",
|
||||
descriptor="(String)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=decrypt];
|
||||
"Main->main()V" -> "Main->decrypt(String)String";
|
||||
"ClassLoader->loadClass(String)Class" [classname="ClassLoader",
|
||||
descriptor="(String)Class",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=loadClass];
|
||||
"Main->main()V" -> "ClassLoader->loadClass(String)Class";
|
||||
"Malicious->get_data(String Activity)String" [accessflags="public static",
|
||||
classname="Malicious",
|
||||
descriptor="(String Activity)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=get_data,
|
||||
style=filled,
|
||||
fillcolor=salmon];
|
||||
"Main->main()V" -> "Malicious->get_data(String Activity)String";
|
||||
"Method->invoke(Object [Object)Object" [classname="Method",
|
||||
descriptor="(Object [Object)Object",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=invoke];
|
||||
"Main->main()V" -> "Method->invoke(Object [Object)Object";
|
||||
"Malicious->send_data(String Activity)String" [accessflags="public static",
|
||||
classname="Malicious",
|
||||
descriptor="(String Activity)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=send_data,
|
||||
style=filled,
|
||||
fillcolor=salmon];
|
||||
"Main->main()V" -> "Malicious->send_data(String Activity)String";
|
||||
"T->check_is_Malicious_get_data(Method)Z" [accessflags="public static final",
|
||||
classname="T",
|
||||
descriptor="(Method)Z",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=check_is_Malicious_get_data,
|
||||
style=filled,
|
||||
fillcolor=lightgrey];
|
||||
"Main->main()V" -> "T->check_is_Malicious_get_data(Method)Z";
|
||||
"Class->getMethod(String [Class)Method" [classname="Class",
|
||||
descriptor="(String [Class)Method",
|
||||
"ClassLoader->loadClass(String)Class" [classname="ClassLoader",
|
||||
descriptor="(String)Class",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=getMethod];
|
||||
"Main->main()V" -> "Class->getMethod(String [Class)Method";
|
||||
methodname=loadClass];
|
||||
"T->check_is_Malicious_send_data(Method)Z" [accessflags="public static final",
|
||||
classname="T",
|
||||
descriptor="(Method)Z",
|
||||
|
|
@ -103,56 +56,82 @@ strict digraph "" {
|
|||
methodname=check_is_Malicious_send_data,
|
||||
style=filled,
|
||||
fillcolor=lightgrey];
|
||||
"Main->main()V" -> "T->check_is_Malicious_send_data(Method)Z";
|
||||
"T->check_is_Malicious_get_data(Method)Z" [accessflags="public static final",
|
||||
classname="T",
|
||||
descriptor="(Method)Z",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=check_is_Malicious_get_data,
|
||||
style=filled,
|
||||
fillcolor=lightgrey];
|
||||
"Class->getMethod(String [Class)Method" [classname="Class",
|
||||
descriptor="(String [Class)Method",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=getMethod];
|
||||
"Main->decrypt(String)String" [accessflags=public,
|
||||
classname="Main",
|
||||
descriptor="(String)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=decrypt];
|
||||
"Malicious->send_data(String Activity)String" [accessflags="public static",
|
||||
classname="Malicious",
|
||||
descriptor="(String Activity)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=send_data,
|
||||
style=filled,
|
||||
fillcolor=salmon];
|
||||
"Malicious->get_data(String Activity)String" [accessflags="public static",
|
||||
classname="Malicious",
|
||||
descriptor="(String Activity)String",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=get_data,
|
||||
style=filled,
|
||||
fillcolor=salmon];
|
||||
#"Object-><init>()V" [classname="Object",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"Main-><init>(Activity)V" -> "Object-><init>()V";
|
||||
#"ByteBuffer->wrap([B)ByteBuffer" [classname="ByteBuffer",
|
||||
# descriptor="([B)ByteBuffer",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=wrap];
|
||||
#"Main-><init>(Activity)V" -> "ByteBuffer->wrap([B)ByteBuffer";
|
||||
#"Class->getClassLoader()ClassLoader" [classname="Class",
|
||||
# descriptor="()ClassLoader",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getClassLoader];
|
||||
#"Main-><init>(Activity)V" -> "Class->getClassLoader()ClassLoader";
|
||||
#"SecretKeySpec-><init>([B String)V" [classname="SecretKeySpec",
|
||||
# descriptor="([B String)V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"Main-><init>(Activity)V" -> "SecretKeySpec-><init>([B String)V";
|
||||
"Base64->decode(String I)[B" [classname="Base64",
|
||||
descriptor="(String I)[B",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=decode];
|
||||
#"Main-><init>(Activity)V" -> "Base64->decode(String I)[B";
|
||||
#"InMemoryDexClassLoader-><init>(ByteBuffer ClassLoader)V" [classname="InMemoryDexClassLoader",
|
||||
# descriptor="(ByteBuffer ClassLoader)V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"Main-><init>(Activity)V" -> "InMemoryDexClassLoader-><init>(ByteBuffer ClassLoader)V";
|
||||
#"String->getBytes()[B" [classname="String",
|
||||
# descriptor="()[B",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getBytes];
|
||||
#"Main-><init>(Activity)V" -> "String->getBytes()[B";
|
||||
#"Utils-><init>()V" [accessflags="public constructor",
|
||||
# classname="Utils",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=False,
|
||||
# methodname="<init>"];
|
||||
#"Utils-><init>()V" -> "Object-><init>()V";
|
||||
#"Utils->popup(Activity String String)V" [accessflags="public static",
|
||||
# classname="Utils",
|
||||
# descriptor="(Activity String String)V",
|
||||
|
|
@ -164,38 +143,32 @@ strict digraph "" {
|
|||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=setMessage];
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->setMessage(CharSequence)AlertDialog$Builder";
|
||||
#"AlertDialog$Builder->setTitle(CharSequence)AlertDialog$Builder" [classname="AlertDialog$Builder",
|
||||
# descriptor="(CharSequence)AlertDialog$Builder",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=setTitle];
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->setTitle(CharSequence)AlertDialog$Builder";
|
||||
#"AlertDialog$Builder->create()AlertDialog;" [classname="AlertDialog$Builder",
|
||||
# descriptor="()AlertDialog;",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=create];
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->create()AlertDialog;";
|
||||
#"AlertDialog$Builder-><init>(Landroid/content/Context;)V" [classname="AlertDialog$Builder",
|
||||
# descriptor="(Landroid/content/Context;)V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder-><init>(Landroid/content/Context;)V";
|
||||
#"AlertDialog;->show()V" [classname="AlertDialog;",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=show];
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog;->show()V";
|
||||
"Utils->sink(Activity String)V" [accessflags="public static",
|
||||
classname="Utils",
|
||||
descriptor="(Activity String)V",
|
||||
entrypoint=False,
|
||||
external=False,
|
||||
methodname=sink];
|
||||
#"Utils->sink(Activity String)V" -> "Utils->popup(Activity String String)V";
|
||||
"Utils->source(String)String" [accessflags="public static",
|
||||
classname="Utils",
|
||||
descriptor="(String)String",
|
||||
|
|
@ -207,97 +180,135 @@ strict digraph "" {
|
|||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=append];
|
||||
#"Utils->source(String)String" -> "StringBuilder->append(String)StringBuilder";
|
||||
#"StringBuilder-><init>()V" [classname="StringBuilder",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname="<init>"];
|
||||
#"Utils->source(String)String" -> "StringBuilder-><init>()V";
|
||||
#"StringBuilder->toString()String" [classname="StringBuilder",
|
||||
# descriptor="()String",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=toString];
|
||||
#"Utils->source(String)String" -> "StringBuilder->toString()String";
|
||||
"Main->decrypt(String)String" -> "Base64->decode(String I)[B";
|
||||
"String-><init>([B)V" [classname="String",
|
||||
descriptor="([B)V",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname="<init>"];
|
||||
"Main->decrypt(String)String" -> "String-><init>([B)V";
|
||||
"Cipher->doFinal([B)[B" [classname="Cipher",
|
||||
descriptor="([B)[B",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=doFinal];
|
||||
"Main->decrypt(String)String" -> "Cipher->doFinal([B)[B";
|
||||
"Cipher->init(I Key)V" [classname="Cipher",
|
||||
descriptor="(I Key)V",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=init];
|
||||
"Main->decrypt(String)String" -> "Cipher->init(I Key)V";
|
||||
"Cipher->getInstance(String)Cipher" [classname="Cipher",
|
||||
descriptor="(String)Cipher",
|
||||
entrypoint=False,
|
||||
external=True,
|
||||
methodname=getInstance];
|
||||
"Main->decrypt(String)String" -> "Cipher->getInstance(String)Cipher";
|
||||
#"Main->encrypt(String)String" [accessflags=public,
|
||||
# classname="Main",
|
||||
# descriptor="(String)String",
|
||||
# entrypoint=False,
|
||||
# external=False,
|
||||
# methodname=encrypt];
|
||||
#"Main->encrypt(String)String" -> "String->getBytes()[B";
|
||||
#"Main->encrypt(String)String" -> "Cipher->doFinal([B)[B";
|
||||
#"Main->encrypt(String)String" -> "Cipher->init(I Key)V";
|
||||
#"Main->encrypt(String)String" -> "Cipher->getInstance(String)Cipher";
|
||||
#"Base64->encodeToString([B I)String" [classname="Base64",
|
||||
# descriptor="([B I)String",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=encodeToString];
|
||||
#"Main->encrypt(String)String" -> "Base64->encodeToString([B I)String";
|
||||
"Malicious->get_data(String Activity)String" -> "Utils->source(String)String";
|
||||
"Malicious->send_data(String Activity)String" -> "Utils->sink(Activity String)V";
|
||||
#"Class->descriptorString()String" [classname="Class",
|
||||
# descriptor="()String",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=descriptorString];
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Class->descriptorString()String";
|
||||
#"Method->getName()String" [classname="Method",
|
||||
# descriptor="()String",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getName];
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getName()String";
|
||||
#"String->equals(Object)Z" [classname="String",
|
||||
# descriptor="(Object)Z",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=equals];
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "String->equals(Object)Z";
|
||||
#"Method->getDeclaringClass()Class" [classname="Method",
|
||||
# descriptor="()Class",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getDeclaringClass];
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getDeclaringClass()Class";
|
||||
#"Method->getParameterTypes()[Class" [classname="Method",
|
||||
# descriptor="()[Class",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getParameterTypes];
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getParameterTypes()[Class";
|
||||
#"Method->getReturnType()Class" [classname="Method",
|
||||
# descriptor="()Class",
|
||||
# entrypoint=False,
|
||||
# external=True,
|
||||
# methodname=getReturnType];
|
||||
#"Malicious-><init>()V" [accessflags="public constructor",
|
||||
# classname="Malicious",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=False,
|
||||
# methodname="<init>"];
|
||||
|
||||
{rank = same; "Main->main()V"}
|
||||
{rank = same; "ClassLoader->loadClass(String)Class"; "Class->getMethod(String [Class)Method"; "Method->invoke(Object [Object)Object"; "Malicious->get_data(String Activity)String"}
|
||||
{rank = same; "Main->decrypt(String)String"; "T->check_is_Malicious_get_data(Method)Z"; "T->check_is_Malicious_send_data(Method)Z"; "Utils->source(String)String"; "Utils->sink(Activity String)V"}
|
||||
|
||||
#"MainActivity-><init>()V" -> "Activity-><init>()V";
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Main->main()V";
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Activity->onCreate(Bundle)V";
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Main-><init>(Activity)V";
|
||||
#"MainActivity->onCreate(Bundle)V" -> "Log->i(String String Throwable)I";
|
||||
"Main->main()V" -> "Main->decrypt(String)String";
|
||||
"Main->main()V" -> "ClassLoader->loadClass(String)Class";
|
||||
"Main->main()V" -> "Malicious->get_data(String Activity)String";
|
||||
"Main->main()V" -> "Method->invoke(Object [Object)Object";
|
||||
"Main->main()V" -> "Malicious->send_data(String Activity)String";
|
||||
"Main->main()V" -> "T->check_is_Malicious_get_data(Method)Z";
|
||||
"Main->main()V" -> "Class->getMethod(String [Class)Method";
|
||||
"Main->main()V" -> "T->check_is_Malicious_send_data(Method)Z";
|
||||
#"Main-><init>(Activity)V" -> "Object-><init>()V";
|
||||
#"Main-><init>(Activity)V" -> "ByteBuffer->wrap([B)ByteBuffer";
|
||||
#"Main-><init>(Activity)V" -> "Class->getClassLoader()ClassLoader";
|
||||
#"Main-><init>(Activity)V" -> "SecretKeySpec-><init>([B String)V";
|
||||
#"Main-><init>(Activity)V" -> "Base64->decode(String I)[B";
|
||||
#"Main-><init>(Activity)V" -> "InMemoryDexClassLoader-><init>(ByteBuffer ClassLoader)V";
|
||||
#"Main-><init>(Activity)V" -> "String->getBytes()[B";
|
||||
#"Utils-><init>()V" -> "Object-><init>()V";
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->setMessage(CharSequence)AlertDialog$Builder";
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->setTitle(CharSequence)AlertDialog$Builder";
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder->create()AlertDialog;";
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog$Builder-><init>(Landroid/content/Context;)V";
|
||||
#"Utils->popup(Activity String String)V" -> "AlertDialog;->show()V";
|
||||
#"Utils->sink(Activity String)V" -> "Utils->popup(Activity String String)V";
|
||||
#"Utils->source(String)String" -> "StringBuilder->append(String)StringBuilder";
|
||||
#"Utils->source(String)String" -> "StringBuilder-><init>()V";
|
||||
#"Utils->source(String)String" -> "StringBuilder->toString()String";
|
||||
"Main->decrypt(String)String" -> "Base64->decode(String I)[B";
|
||||
"Main->decrypt(String)String" -> "String-><init>([B)V";
|
||||
"Main->decrypt(String)String" -> "Cipher->doFinal([B)[B";
|
||||
"Main->decrypt(String)String" -> "Cipher->init(I Key)V";
|
||||
"Main->decrypt(String)String" -> "Cipher->getInstance(String)Cipher";
|
||||
#"Main->encrypt(String)String" -> "String->getBytes()[B";
|
||||
#"Main->encrypt(String)String" -> "Cipher->doFinal([B)[B";
|
||||
#"Main->encrypt(String)String" -> "Cipher->init(I Key)V";
|
||||
#"Main->encrypt(String)String" -> "Cipher->getInstance(String)Cipher";
|
||||
#"Main->encrypt(String)String" -> "Base64->encodeToString([B I)String";
|
||||
"Malicious->get_data(String Activity)String" -> "Utils->source(String)String";
|
||||
"Malicious->send_data(String Activity)String" -> "Utils->sink(Activity String)V";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Class->descriptorString()String";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getName()String";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "String->equals(Object)Z";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getDeclaringClass()Class";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getParameterTypes()[Class";
|
||||
#"T->check_is_Malicious_get_data(Method)Z" -> "Method->getReturnType()Class";
|
||||
#"T->check_is_Malicious_send_data(Method)Z" -> "Class->descriptorString()String";
|
||||
#"T->check_is_Malicious_send_data(Method)Z" -> "Method->getName()String";
|
||||
|
|
@ -305,11 +316,5 @@ strict digraph "" {
|
|||
#"T->check_is_Malicious_send_data(Method)Z" -> "Method->getDeclaringClass()Class";
|
||||
#"T->check_is_Malicious_send_data(Method)Z" -> "Method->getParameterTypes()[Class";
|
||||
#"T->check_is_Malicious_send_data(Method)Z" -> "Method->getReturnType()Class";
|
||||
#"Malicious-><init>()V" [accessflags="public constructor",
|
||||
# classname="Malicious",
|
||||
# descriptor="()V",
|
||||
# entrypoint=False,
|
||||
# external=False,
|
||||
# methodname="<init>"];
|
||||
#"Malicious-><init>()V" -> "Object-><init>()V";
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue