[Soot-list] FlowDroid callback extraction in obfuscated library
25 views
Skip to first unread message
Faridah Akinotcho
Jul 27, 2021, 9:52:05 PM7/27/21
to Soot-list
Hi,
My name is Faridah Akinotcho and I am currently using FlowDroid to build static app models. For this purpose, there are specific callbacks which I need to parse and analyze. In particular, I extended the AndroidCallbacks.txt file, with 'android.support.design.widget.NavigationView$OnNavigationItemSelected' in order to obtain the callback 'boolean onNavigationItemSelected(MenuItem menuItem)'
The APK that I am working with obfuscate some of the library methods by renaming, as shown in the picture:
My understanding was that, since FlowDroid parses bytecode, it would find and parse NavigationView$OnNavigationItemSelected, then extract its interface methods. However, logs show that FlowDroid extract NavigationView$a (the obfuscated version of the interface), which results in callbacks not being found.
I was hoping I could get some clarification on whether this is the expected behavior and if so, I would greatly appreciate any pointers on how to solve this issue. Please note that, building an exhaustive list of all the obfuscated APIs and adding them to AndroidCallbacks.txt wouldn't be feasible, as the analysis I am trying to perform, will involve multiple apps, with potentially different obfuscated methods.
Faridah Akinotcho
Arzt, Steven
Jul 28, 2021, 4:31:52 AM7/28/21
to Faridah Akinotcho, Soot-list
Dear Faridah,
FlowDroid matches the class name inside the "AndroidCallbacks.txt" against the
parameter types of registration methods inside the app. This works fine for
classes from the Android SDK, i.e., the classes installed on the phone. For
Android support classes compiled into the app, on the other hand, it might not
work, since these apps may be obfuscated and the classes may be renamed. In
that case, the matching fails and the callback will not be found.
By default, FlowDroid does not have any mechanism to detect obfuscated
callbacks. Maybe some of the work that has been done on library detection in
obfuscated apps can be adapted to detect obfuscated callbacks. If you want to
work on that, merge requests are always welcome.
Best regards,
Steven
-----Original Message-----
From: Soot-list <soot-lis...@CS.McGill.CA> On Behalf Of Faridah
Akinotcho
Sent: Mittwoch, 28. Juli 2021 03:52
To: Soot-list <soot...@cs.mcgill.ca>
Subject: [Soot-list] FlowDroid callback extraction in obfuscated library
Hi,
My name is Faridah Akinotcho and I am currently using FlowDroid to build
static app models. For this purpose, there are specific callbacks which I need
to parse and analyze. In particular, I extended the AndroidCallbacks.txt file,
with 'android.support.design.widget.NavigationView$OnNavigationItemSelected'
in order to obtain the callback 'boolean onNavigationItemSelected(MenuItem
menuItem)'
The APK that I am working with obfuscate some of the library methods by
renaming, as shown in the picture:
FlowDroid matches the class name inside the "AndroidCallbacks.txt" against the
parameter types of registration methods inside the app. This works fine for
classes from the Android SDK, i.e., the classes installed on the phone. For
Android support classes compiled into the app, on the other hand, it might not
work, since these apps may be obfuscated and the classes may be renamed. In
that case, the matching fails and the callback will not be found.
By default, FlowDroid does not have any mechanism to detect obfuscated
callbacks. Maybe some of the work that has been done on library detection in
obfuscated apps can be adapted to detect obfuscated callbacks. If you want to
work on that, merge requests are always welcome.
Best regards,
Steven
-----Original Message-----
From: Soot-list <soot-lis...@CS.McGill.CA> On Behalf Of Faridah
Akinotcho
Sent: Mittwoch, 28. Juli 2021 03:52
To: Soot-list <soot...@cs.mcgill.ca>
Subject: [Soot-list] FlowDroid callback extraction in obfuscated library
Hi,
My name is Faridah Akinotcho and I am currently using FlowDroid to build
static app models. For this purpose, there are specific callbacks which I need
to parse and analyze. In particular, I extended the AndroidCallbacks.txt file,
with 'android.support.design.widget.NavigationView$OnNavigationItemSelected'
in order to obtain the callback 'boolean onNavigationItemSelected(MenuItem
menuItem)'
The APK that I am working with obfuscate some of the library methods by
renaming, as shown in the picture:
Faridah Akinotcho
Jul 28, 2021, 2:00:14 PM7/28/21
to Arzt, Steven, Soot-list
Dear Mr Arzt,
Thank you for your reply and the clarification. I will look into library detection as you suggested.
Best regards,
Reply all
Reply to author
Forward
0 new messages