todo

2025-12-01 14:17:22 +01:00 · 2025-12-01 14:17:22 +01:00 · 87f9faec6d
commit 87f9faec6d
parent 0fd8b495c0
1 changed files with 20 additions and 18 deletions
--- a/slides.typ
+++ b/slides.typ
@ -3,6 +3,7 @@
 #import "slides/icons.typ" as ico

 #import "@local/codly:1.3.1": *
+#import "lib.typ": todo
 // Require local install, fix needed for highlight-inset
 // TMP="$(mktemp -d)" && curl -L https://github.com/Dherse/codly/archive/refs/tags/v1.3.1.zip -o "${TMP}/c.zip" && unzip -d "${TMP}" "${TMP}/c.zip" && mkdir -p ~/.local/share/typst/packages/local/codly && mv "${TMP}/codly-1.3.1" ~/.local/share/typst/packages/local/codly/1.3.1 && rm -rf "${TMP}"
 #import "@preview/codly-languages:0.1.1": *
@ -149,7 +150,7 @@

  Applications might use *obfuscation* to either:

-  - protect their IP
+  - protect their #todo[Intelectual Properties]
  - hide malicious behaviour 
  
  #v(1em)#uncover(2)[
@ -337,7 +338,7 @@
  title: [Problem Statement 1],
 )[
  #item-by-item[
-    - Which tool to use?
+    - Which static analysis tool to use?
    - Are they easy to install?
    - Are they working?
  ]
@ -389,7 +390,7 @@

 #counter("logical-slide").update( n => n - 1 )
 #slide(
-  title: [Class Loading],
+  title: todo[Pb3],
 )[
  #item-by-item[
    - Used to select classes implementation
@ -397,7 +398,7 @@
    - Doubious documentation
    - Not studied in the context of Android Static Analysis
  ]
-  #highlight-block(pb2-text)
+  #highlight-block(pb2-text) #todo[couleur/italique pas lisible]
 ]

 #slide(
@ -509,7 +510,7 @@
 ]

 #slide(
-  title: [Methodology]
+  title: [Methodology: Packaging Static Analysis Tools]
 )[
  #set align(center+horizon)
  #show figure.caption: none
@ -690,7 +691,7 @@
    - Applications with *more bytecode* are *harder* to analyse
    - Applications targetting more recent versions of Android are harder to analyse
    - Confirms and *extends Reaves #etal*
-    - Docker containers for tool *released*
+    - Docker containers for tools *released*
  ]
  #v(1fr)
  #align(center, text(fill: pirat-color.blue.darken(30%))[International Conference on Software and Systems Reuse (ICSR 2024)])
@ -1072,19 +1073,19 @@
          [Androguard#super[#sym.star]]
        ),
        table.hline(),
-        [`classes.dex`],        [`classes.dex`],   [`classes10.dex`],
+        [`classes.dex`],        [`classes.dex`],   r[`classes10.dex`],
        ..if (i != 0) {(
        [],                    r[`classes1.dex`],  [],
        [],                    r[`classes10.dex`], [],
        )},
-        [`classes2.dex`],       [`classes2.dex`],  [`classes9.dex`],
-        [`classes3.dex`],       [`classes3.dex`],  [`classes8.dex`],
+        [`classes2.dex`],       [`classes2.dex`],  r[`classes9.dex`],
+        [`classes3.dex`],       [`classes3.dex`],  r[`classes8.dex`],
  
        table.cell(colspan: 3, inset: -3pt)[...],
  
-        [`classes9.dex`],       [`classes9.dex`],  [`classes2.dex`],
-        [`classes10.dex`],      [],                [`classes1.dex`],
-        strike[`classes1.dex`], [],                [`classes.dex`],
+        [`classes9.dex`],       [`classes9.dex`],  r[`classes2.dex`],
+        [`classes10.dex`],      [],                r[`classes1.dex`],
+        strike[`classes1.dex`], [],                r[`classes.dex`],
      )}
    )
  ]
@ -1262,9 +1263,9 @@
    #set align(left)
    #align(center)[Pull Requests:]
    #v(-1em)
-    #link("https://github.com/androguard/androguard/pull/1149")[androguard/pull/1149] \
-    #link("https://github.com/soot-oss/soot/pull/2211")[soot/pull/2211] (#text(fill: green)[merged])\
-    #link("https://github.com/skylot/jadx/pull/2702")[jadx/pull/2702] (#text(fill: orange)[\~merged])
+    #link("https://github.com/soot-oss/soot/pull/2211")[soot/pull/2211] (#text(fill: green)[merged]) \
+    #link("https://github.com/skylot/jadx/pull/2702")[jadx/pull/2702] (#text(fill: orange)[\~merged]) \
+    #link("https://github.com/androguard/androguard/pull/1149")[androguard/pull/1149]
  ]
 ]

@ -1363,7 +1364,7 @@
    - #h(2em) Static Analysis Tools did not
    - We introduced obfuscation techniques based on this model
    - We did not find deliberate shadow attacks
-    - #h(2em) Ambiguous cases exists in the wild
+    - #h(2em) Ambiguous cases exist in the wild
  ]
  #v(1fr)
  #align(center, text(fill: pirat-color.blue.darken(30%))[Digital Threats: Research and Practice, vol. 6 (3), 2025])
@ -1831,7 +1832,7 @@
  #set align(center+horizon)
  #show figure.caption: none
  
-  #move(dx: -70pt)[Original #h(2em) Transformed]
+  #move(dx: -70pt)[Original #h(2em) Patched]

  /*
  * JFL bet on a question about SAAF
@ -1861,6 +1862,7 @@
 #slide(title: [Experimentations])[
  #import "lib.typ": num
  #set align(center+horizon)
+  #show table.header: strong // TODO
  #table(
    columns: 4,
    inset: 0.5em,
@ -1872,7 +1874,7 @@
    [RASTA], [20 static analyses], num(62525), [2 months],
    [Class Loading], [1 static analysis], num(49975), [1 week],
    table.cell(rowspan: 3)[Theseus], 
-      [dynamic analysis], num(4957), [1 week],
+      [1 dynamic analysis], num(4957), [1 week],
      [patching], num(4748), [2 days],
      [18 static analyses], num(8955), [2 months],