This commit is contained in:
parent
5686c0b7fa
commit
dddbcd17b7
GPG key ID:
B66AEEDA9B645AD2
2 changed files with 33 additions and 1 deletions
|
|
@ -106,7 +106,7 @@ The remaining #num(nb_bytecode_collected - nb_google - nb_appsflyer - nb_faceboo
|
|||
caption: [Most common dynamically loaded files]
|
||||
) <tab:th-bytecode-hashes>
|
||||
|
||||
=== Impact on Analysis Tools Finishing Rate
|
||||
=== Impact on Analysis Tools
|
||||
|
||||
Unfortunately, our implementation of the transformation is imperfect and does fails some time.
|
||||
Over the #num(dyn_res.all.nb - dyn_res.all.nb_failed), #num(nb_patched) were patched.
|
||||
|
|
@ -134,6 +134,24 @@ We run the tools on the #APK before and after patching, and compared the finishi
|
|||
|
||||
#jfl-note[Combien d'app tranforme? on parle des 888? on fait les 2 tranformation sur chaque apk? ca reussit tout le temps?]
|
||||
|
||||
#todo[Finish @tab:th-compare-cg]
|
||||
#figure({
|
||||
let nb_col = 3
|
||||
table(
|
||||
columns: (2fr, 2fr, 1fr),
|
||||
table.header(
|
||||
//[SHA 256], [Original CG edges], [New CG edges], [Edges added], [Reflection edges added],
|
||||
[SHA 256], [CG Edges added], [Reflection edges added],
|
||||
),
|
||||
..compared_callgraph.map(
|
||||
//(e) => ([#lower(e.sha256).slice(0, 10)...], num(e.edges_before), num(e.edges_after), num(e.added), num(e.added_ref_only))
|
||||
(e) => ([#lower(e.sha256).slice(0, 10)...], [#num(e.added) #h(.5em) #text(fill: luma(75))[(#num(e.edges_after) - #num(e.edges_before))]], num(e.added_ref_only))
|
||||
).flatten(),
|
||||
[#lower("5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE").slice(0, 10)...], table.cell(colspan: nb_col - 1)[Instrumentation Crached]
|
||||
)},
|
||||
caption: []
|
||||
) <tab:th-compare-cg>
|
||||
|
||||
=== Example
|
||||
|
||||
We use on our approach on a small #APK.
|
||||
|
|
|
|||
|
|
@ -100,6 +100,20 @@
|
|||
(1, "0a446677e3eb0e015827f3d2d67df23ed9042e436bb5bab5cc9fae961e20600f", "", DEX),
|
||||
)
|
||||
|
||||
#let compared_callgraph = csv(
|
||||
bytes("sha256,edges_before,edges_after,added,added_ref_only
|
||||
0019D7FB6ADDA0619C0BEFC8DE53E2E59139B3BC0DE62E30BB0E2AB5B2C6D79D,641,60170,59529,1
|
||||
274B677449ACB313396C833475183E384D69C611F5FCA0DFCA4E415FB057C012,537613,540674,3061,26
|
||||
34599C24994658C0FE3D40A67E655584AF657408C803595B771DCAC58A6A7F02,336740,339616,2876,29
|
||||
35065C683441E62C59C0DA0D86E6793256E33E54834E22AD0F70F44C99419E2F,343245,346694,3449,26
|
||||
E7B2FB02FF14706D989BE662CEE89954FD49CFBAB3CEEE449CD215188EECA433,464642,465389,747,91
|
||||
EFECECC03CBD7EE7B73F80CCB2ABD6A5F59C7E33150D336AD7BF8601CFB9A4EF,243647,243925,278,23
|
||||
F34CE1E7A81F935A5BB2D0B2B3FE81E62C1C8B906C92253C9CA467DA9BB3C9D1,704095,706576,2481,28
|
||||
"),
|
||||
// 5D2CD1D10ABE9B1E8D93C4C339A6B4E3D75895DE1FC49E248248B5F0B05EF1CE,,,,
|
||||
row-type: dictionary
|
||||
)
|
||||
|
||||
// #let nb_bytecode_collected = 640
|
||||
#let nb_bytecode_collected = bytecode_hashes.map((e) => e.at(0)).sum()
|
||||
#let nb_google = bytecode_hashes.filter((e) => "google" in e.at(2)).map((e) => e.at(0)).sum()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue