these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

wip

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-10-01 15:51:12 +02:00
parent 346151125e
commit b5583dbae9
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
8 changed files with 110 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

12
4_class_loader/3_obfuscation.typ
View file

@ -179,7 +179,7 @@ The documentation highlights the analysis commands that compute three types of o
The #APK and the list of #dexfiles are a one-to-one representation of the content of an application, and have the same issues that we discussed with Apktool: they provide the different versions of a shadow class contained in multiple #dexfiles.
The Analysis object is used to compute a method call graph, and we found that this algorithm may choose the wrong version of a shadowed class when using the cross-references that are computed.
This leads to an invalid call graph, as shown in @fig:cl-andro_obf_cg: the two methods `doSomething()` are represented in the graph, but the one linked to `main()` on the graph is the one calling the method `good()` when in fact the method `bad()` is called when running the application.
This leads to an invalid call graph, as shown in @fig:cl-androguard_call_graph b): the two methods `doSomething()` are represented in the graph, but the one linked to `main()` on the graph is the one calling the method `good()` when in fact the method `bad()` is called when running the application.
Androguard has a method `.is_external()` to detect if the implementation of a class is not provided inside the application and a method `.is_android_api()` to detect if the class is part of the Android #API.
Regrettably, the documentation of `.is_android_api()` explains that the method is still experimental and just checks a few package names.
@ -203,8 +203,9 @@ Because of that, like for Apktool and Jadx, Androguard has no way to warn the re
"
),
supplement: [Subfigure],
caption: [Expected Call Graph]
kind: "sub-cl-androguard_call_graph",
supplement: none,
caption: [a) Expected Call Graph]
) <fig:cl-andro_non_obf_cg>],[
#figure(
image(
@ -219,8 +220,9 @@ Because of that, like for Apktool and Jadx, Androguard has no way to warn the re
There are two boxes Obfuscation.doSomething(), the one pointed by Main.main() and that points to Main.good() is gray, the one without arrows pointed at and that points to bad is white like the other boxes.
"
),
supplement: [Subfigure],
caption: [Call Graph Computed by Androguard]
kind: "sub-cl-androguard_call_graph",
supplement: none,
caption: [b) Call Graph Computed by Androguard]
) <fig:cl-andro_obf_cg>
])
h(1em)},