sireum / archived-v2-amandroid Goto Github PK

Hi, I try to run amandroid example. but when i analyze apk file, it occurs the following errors:

Thanks a lot !

Hi,

i have downloaded the latest version of Strawberry Sireum stable distribution. But, it seems like some library is missed.

I am using Ubuntu 14.04 x64. How to solve those problems?

An error occured on 20150609-104157 java.lang.RuntimeException: Error on running: /scratch/avdiienko/Sireum/apps/amandroid/dex2pilar/linux64/newdex2pilar Message: StringResult(/scratch/avdiienko/Sireum/apps/amandroid/dex2pilar/linux64/newdex2pilar: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory ,127) at org.sireum.amandroid.decompile.Dex2PilarConverter$.convert(Dex2PilarConverter.scala:36) at org.sireum.amandroid.security.AmandroidSocket.loadApk(AmandroidSocket.scala:84) at org.sireum.amandroid.cli.TanitAnalysis$TaintTask.run(TaintAnalysis.scala:183) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:159) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:155) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:154) at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:135) at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

Thank you in advance.

Vitalii

Hi, fengguo.
Thanks for your hard work on this project. Similar like CoolDeveloper1, I also hope to use Amandroid as a platform to build further analysis and useful plugins.
I am testing the shortcake stable branches on Mac OSX 10.10 laptop.
However, I encountered some problem.
I followed the instructions from the doc chapter 2.1, and imported the source of Amandroid into Eclipse.
When building the project, it encountered one error.

So I really hope to understand how to solve such issue? Thanks a lot!

Amandroid is powerful analysis tool. But when I use AppInfoCollector.analyzeCallback to get the call back methods in an apk, it get nothing. Here is my codes:

def main(args:Array[String]){
    val sourcePath = args(0)
    val apkFileUri = FileUtil.toUri(sourcePath)
    val mfp = AppInfoCollector.analyzeManifest(apkFileUri)
    val afp = AppInfoCollector.analyzeARSC(apkFileUri)
    val lfp = AppInfoCollector.analyzeLayouts(apkFileUri, mfp)
    val ra = AppInfoCollector.reachabilityAnalysis(mfp)
    val callbackMethods = AppInfoCollector.analyzeCallback(afp, lfp, ra)
    println(callbackMethods.size)

There is a file called AndroidCallbacks.txt in the FlowDroid, which list the callBackMethods in the Android platform. Is there a file like this in Amandroid?

Hello, I wanted to ask you something about the results obtained. In this example, I have a loss of simSerialNumber through a kind Log files.
What I can not understand, it is written after the string "Types: maliciousness: information_theft". Please let me explain what I mean?

TaintPath: Source: <Descriptors: api_source: Landroid/telephony/TelephonyManager;.getSimSerialNumber:()Ljava/lang/String; > Sink: <Descriptors: api_sink: Landroid/util/Log;.d:(Ljava/lang/String;Ljava/lang/String;)I 1> Types: maliciousness:information_theft The path consists of the following edges ("->"). The nodes have the context information (p1 to pn means which parameter). The source is at the top : VirtualBody@(<init>,L0132d8)(<init>,L013b34) -> VirtualBody@(sendSMS,L015770)(access$11,L013f00) -> VirtualBody@(sendSMS,L015794)(access$11,L013f00) -> VirtualBody@(onReceive,L01379a)(env,L225) -> Call@(onReceive,L0137aa)(env,L225)p1 -> VirtualBody@(onCreate,L016206)(env,L165)

Hi, I just wonder whether Amandroid is possible to analyze Android framework (e.g., system service)? As its website says, Amandroid is a static analyzer for Android apps; however, is it possible to analyze framework?

If so, how to achieve it?

Thanks!

Hi,

i am analysing an app and have the following error:

An error occured on 20150410-133311 java.lang.RuntimeException: Following code has format problem: at org.sireum.jawa.JawaCodeSource$.org$sireum$jawa$JawaCodeSource$$getRecordName(JawaCodeSource.scala:85) at org.sireum.jawa.JawaCodeSource$$anonfun$load$1.apply(JawaCodeSource.scala:79) at org.sireum.jawa.JawaCodeSource$$anonfun$load$1.apply(JawaCodeSource.scala:77) at scala.collection.immutable.List.foreach(List.scala:381) at org.sireum.jawa.JawaCodeSource$.load(JawaCodeSource.scala:76) at org.sireum.amandroid.security.AmandroidSocket.loadApk(AmandroidSocket.scala:84) at org.sireum.amandroid.cli.TanitAnalysis$TaintTask.run(TaintAnalysis.scala:185) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:161) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:157) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:156) at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137) at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

It is a development branch.

Thanks.

Running reachability analysis on some popular large apks get empty result. According to "verbose" logging option, components are all phantom so no result is returned, seems like some parsing error on apk.

attached trace:

[VERBOSE]layoutcallback--->Map()
[VERBOSE]layoutuser--->Map()
[VERBOSE]add phantom record com.***.activity.specialcare.QvipSpecialCareActivity
[VERBOSE]add phantom record com.***.av.service.QQServiceForAV
//.... all components are phantom
[VERBOSE]current all callbacks = Map()
[VERBOSE]LayoutClasses --> Map()
[NORMAL]Entry point calculation done.
[CRITICAL]************************************

One test sample apk attached as below:
http://box.myqsc.com/-07382619

Hi, I analyzing of the application and several apps return this error:

Error: String index out of range: -44

What means it?

Thank's

Hi all,

i have found out that TaintAnalysis stopped working on the latest development distribution of Sireum Amandroid. I have also checked the latest version of your GitHub project - the same result. I think some latest commits broke TaintAnalysis....
Everything works fine when I am using a stable distribution of Sireum Amandroid...

You can compare TaintAnalysis.txt files from runs on Stable and Development distributions on any DroidBench app... You can start with Callbacks_Button1.apk.

The thing is that I want to extend TaintAnalysis plugin and thus I need to work with the latest sources, which seems to be broken now.. Or just let me know on which commit it works.

Thank you in advance.

Best Regards,
Vitalii

HI friends, amandroid isn't works.Why?

Hi,
i am trying to compile amandroid in Eclipse, but got the following error:

amandroid/sireum-amandroid-build/sbt/boot/scala-2.10.4/lib/scala-compiler.jar (No such file or directory)

I didn't find anything about downloading of scala in the tutorial.

Thanks.

Best Rergards,
Vitalii

Can I get the .jar file of Amandroid and the other projects and use it instead of importing all the projects?

Errors thrown when analyzing apk with clinit, at the step of socket.runWithoutDDA.
Output and traces are as below:

[CRITICAL]####file:/media/DATA/TestWebview.apk#####
[NORMAL]entrypoints--->Set(com.example.testwebview.MainActivity, com.example.testwebview.MyService, com.example.testwebview.TestActivity)
[NORMAL]packagename--->com.example.testwebview
[NORMAL]permissions--->Set(android.permission.INTERNET)
[NORMAL]intentDB------>Map(com.example.testwebview.MainActivity -> Set(component: com.example.testwebview.MainActivity (actions: Set(android.intent.action.MAIN) categorys: Set(android.intent.category.LAUNCHER) datas: schemes= Set() authorities= Set() path= Set() pathPrefix= Set() pathPattern= Set() mimeType= Set())), com.example.testwebview.TestActivity -> Set(component: com.example.testwebview.TestActivity (actions: Set(android.intent.action.MAIN) categorys: Set(android.intent.category.LAUNCHER) datas: schemes= Set() authorities= Set() path= Set() pathPrefix= Set() pathPattern= Set() mithorwmeType= Set())))
[NORMAL]Generate environment for com.example.testwebview.MainActivity
[NORMAL]environment code:
procedure `void` `com.example.testwebview.MainActivity.envMain`(`android.content.Intent` r0 @type `object`) @owner `com.example.testwebview.MainActivity` @signature `Lcom/example/testwebview/MainActivity;.envMain:(Landroid/content/Intent;)V` @Access `STATIC` {
    temp;
    RandomCoinToss;
    head;
    x;
    `com.example.testwebview.MainActivity` r1;
    `android.app.ContextImpl` r2;
    `android.os.Bundle` r3;

  #Label0.

  #Label1.
  #L0. if RandomCoinToss == head  then goto Label13;
  #L1. r1:= new `com.example.testwebview.MainActivity` ;
  #L2. call temp:= `com.example.testwebview.MainActivity.<init>`(r1) @signature `Lcom/example/testwebview/MainActivity;.<init>:()V` @type `direct`;
  #L3. if RandomCoinToss == head  then goto Label12;
  #L4. r2:= new `android.app.ContextImpl` ;
  #L5. call temp:= `android.app.ContextImpl.<init>`(r2) @signature `Landroid/app/ContextImpl;.<init>:()V` @type `direct`;
  #L6. r1.`android.view.ContextThemeWrapper.mBase`:= r2 @type `object`;
  #L7. call temp:= `android.app.Activity.setIntent`(r1, r0) @signature `Landroid/app/Activity;.setIntent:(Landroid/content/Intent;)V` @type `virtual`;
  #Label2.
  #L8. r3:= new `android.os.Bundle` ;
  #L9. call temp:= `android.os.Bundle.<init>`(r3) @signature `Landroid/os/Bundle;.<init>:()V` @type `direct`;
  #L10. call temp:= `com.example.testwebview.MainActivity.onCreate`(r1, r3) @signature `Lcom/example/testwebview/MainActivity;.onCreate:(Landroid/os/Bundle;)V` @type `virtual`;
  #Label3.
  #L11. call temp:= `android.app.Activity.onStart`(r1) @signature `Landroid/app/Activity;.onStart:()V` @type `virtual`;
  #L12. call temp:= `android.app.Activity.onRestoreInstanceState`(r1, r3) @signature `Landroid/app/Activity;.onRestoreInstanceState:(Landroid/os/Bundle;)V` @type `virtual`;
  #L13. call temp:= `android.app.Activity.onPostCreate`(r1, r3) @signature `Landroid/app/Activity;.onPostCreate:(Landroid/os/Bundle;)V` @type `virtual`;
  #Label4.
  #L14. call temp:= `android.app.Activity.onResume`(r1) @signature `Landroid/app/Activity;.onResume:()V` @type `virtual`;
  #L15. call temp:= `android.app.Activity.onPostResume`(r1) @signature `Landroid/app/Activity;.onPostResume:()V` @type `virtual`;
  #Label5.

  #Label6.

  #Label7.
  #L16. if RandomCoinToss == head  then goto Label5;
  #Label8.
  #L17. call temp:= `android.app.Activity.onPause`(r1) @signature `Landroid/app/Activity;.onPause:()V` @type `virtual`;
  #L18. call temp:= `android.app.Activity.onCreateDescription`(r1) @signature `Landroid/app/Activity;.onCreateDescription:()Ljava/lang/CharSequence;` @type `virtual`;
  #L19. call temp:= `android.app.Activity.onSaveInstanceState`(r1, r3) @signature `Landroid/app/Activity;.onSaveInstanceState:(Landroid/os/Bundle;)V` @type `virtual`;
  #L20. if RandomCoinToss == head  then goto Label9;
  #L21. if RandomCoinToss == head  then goto Label4;
  #L22. if RandomCoinToss == head  then goto Label2;
  #Label9.
  #L23. call temp:= `android.app.Activity.onStop`(r1) @signature `Landroid/app/Activity;.onStop:()V` @type `virtual`;
  #L24. if RandomCoinToss == head  then goto Label11;
  #L25. if RandomCoinToss == head  then goto Label10;
  #L26. if RandomCoinToss == head  then goto Label2;
  #Label10.
  #L27. call temp:= `android.app.Activity.onRestart`(r1) @signature `Landroid/app/Activity;.onRestart:()V` @type `virtual`;
  #L28. goto Label3;
  #Label11.
  #L29. call temp:= `android.app.Activity.onDestroy`(r1) @signature `Landroid/app/Activity;.onDestroy:()V` @type `virtual`;
  #L30. if RandomCoinToss == head  then goto Label12;
  #Label12.

  #Label13.

  #Label14.
  #L31. if RandomCoinToss == head  then goto Label0;
  #L32. return @void;
}
[NORMAL]Entry point calculation done.
[CRITICAL]--------------Component Lcom/example/testwebview/MainActivity;.envMain:(Landroid/content/Intent;)V--------------
[CRITICAL]total: 1, oversize: 0, haveResult: 0
[CRITICAL]************************************

java.util.NoSuchElementException: key not found: Entry@(<clinit>,<clinit>)(envMain,L1)
    at scala.collection.MapLike$class.default(MapLike.scala:228)
    at scala.collection.AbstractMap.default(Map.scala:59)
    at scala.collection.mutable.HashMap.apply(HashMap.scala:65)
    at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.scala$collection$mutable$SynchronizedMap$$super$apply(InterProceduralGraph.scala:57)
    at scala.collection.mutable.SynchronizedMap$class.apply(SynchronizedMap.scala:48)
    at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.apply(InterProceduralGraph.scala:57)
    at org.sireum.jawa.alir.controlFlowGraph.InterproceduralControlFlowGraph.getCGEntryNode(InterproceduralControlFlowGraph.scala:632)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.checkAndLoadClassFromHierarchy(AndroidReachingFactsAnalysis.scala:89)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.org$sireum$amandroid$alir$reachingFactsAnalysis$AndroidReachingFactsAnalysisBuilder$$checkClass(AndroidReachingFactsAnalysis.scala:101)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$$anonfun$checkAndLoadClasses$2.apply(AndroidReachingFactsAnalysis.scala:135)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$$anonfun$checkAndLoadClasses$2.apply(AndroidReachingFactsAnalysis.scala:123)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.checkAndLoadClasses(AndroidReachingFactsAnalysis.scala:122)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Gen.apply(AndroidReachingFactsAnalysis.scala:247)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.fA(InterProceduralMonotoneDataFlowAnalysisFramework.scala:159)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.actionF(InterProceduralMonotoneDataFlowAnalysisFramework.scala:172)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visitForward(InterProceduralMonotoneDataFlowAnalysisFramework.scala:498)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.caculateResult(InterProceduralMonotoneDataFlowAnalysisFramework.scala:518)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visit(InterProceduralMonotoneDataFlowAnalysisFramework.scala:523)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$.org$sireum$jawa$alir$interProcedural$InterProceduralMonotoneDataFlowAnalysisFramework$$process$1(InterProceduralMonotoneDataFlowAnalysisFramework.scala:565)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$.build(InterProceduralMonotoneDataFlowAnalysisFramework.scala:591)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$1.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$1.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.build(AndroidReachingFactsAnalysis.scala:67)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysis$.apply(AndroidReachingFactsAnalysis.scala:665)
    at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithoutDDA$1.apply(AmandroidSocket.scala:168)
    at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithoutDDA$1.apply(AmandroidSocket.scala:164)
    at scala.collection.Iterator$class.foreach(Iterator.scala:743)
    at scala.collection.parallel.immutable.ParHashSet$ParHashSetIterator.foreach(ParHashSet.scala:77)
    at scala.collection.parallel.ParIterableLike$Foreach.leaf(ParIterableLike.scala:971)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply$mcV$sp(Tasks.scala:49)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
    at scala.collection.parallel.Task$class.tryLeaf(Tasks.scala:51)
    at scala.collection.parallel.ParIterableLike$Foreach.tryLeaf(ParIterableLike.scala:968)
    at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:152)
    at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443)
    at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160)
    at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
    at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
    at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
    at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

Test apk at : http://box.myqsc.com/-82089460

Hi. Whenever I run sireum amandroid genCallGraph, I got NullPointerException output in the .errorlog file. The error log is similar to that of issue #17:

An error occured on 20150325-145830
java.lang.NullPointerException
    at scala.collection.mutable.ArrayOps$ofRef$.length$extension(ArrayOps.scala:192)
    at scala.collection.mutable.ArrayOps$ofRef.length(ArrayOps.scala:192)
    at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:32)
    at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186)
    at org.sireum.util.FileUtil$.listFiles(File.scala:51)
    at org.sireum.jawa.JawaCodeSource$.load(JawaCodeSource.scala:75)
    at org.sireum.amandroid.cli.GenCallGraph$$anonfun$genCallGraph$1.apply(GenCallGraph.scala:137)
    at org.sireum.amandroid.cli.GenCallGraph$$anonfun$genCallGraph$1.apply(GenCallGraph.scala:123)
    at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
    at org.sireum.amandroid.cli.GenCallGraph$.genCallGraph(GenCallGraph.scala:122)
    at org.sireum.amandroid.cli.GenCallGraph$.main(GenCallGraph.scala:112)
    at org.sireum.amandroid.cli.GenCallGraph.main(GenCallGraph.scala)

Similar to that issue, I was able to run on Ubuntu 14.04, but unable to run on CentOS 6.5. The suggested solution is to install lib32, but which package, in particular, do I need?

Additional information: I did not compile it via Eclipse, but instead used the built version from sireum site, and run sireum amandroid to install the necessary files. Also, the system doesn't have a lib32 directory, only lib and lib64.

-Rohit BGSU
org.sireum.amandroid.run.security.IntentInjection_run

command line arguments:
/Users/rohitsharma/Desktop/Sireum/apks/com.fcbh.dbp.BibleSocietyOfPhilippines_3.1.0.apk /Users/rohitsharma/Desktop/Sireum/output

Exception in thread "main" java.lang.NullPointerException
at scala.collection.mutable.ArrayOps$ofRef$.length$extension(ArrayOps.scala:192)
at scala.collection.mutable.ArrayOps$ofRef.length(ArrayOps.scala:192)
at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:32)
at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186)
at org.sireum.util.FileUtil$.listFiles(File.scala:45)
at org.sireum.amandroid.run.security.IntentInjection_run$.main(IntentInjection_run.scala:145)
at org.sireum.amandroid.run.security.IntentInjection_run.main(IntentInjection_run.scala)

But Android can update the list of source and sink?

After I configure all stuff on my computer(ubuntu x64) follow the website,i run CryptoMisuse.scala from org.sireum.amandroid.run.security,i found than when the code invoked AmandroidSocket.preProcess,it may read all file from AMANDROID_HOME. However the eclipse give the error:java.lang.StackOverflowError. Also,when i invoke Center.getEntryPoints(AndroidConstants.MAINCOMP_ENV),the eclipse give the error:Cannot access launch context extension points.
I have no idea how to deal with it.I think it may be my problem when i configure the amandroid,but i don`t know why.Please help me with these problems.I am looking forward to hearing from you.Thanks a lot.

I developed some simple apps in Android Studio and when I tried to analyze them with Amandroid taintAnalysis cli, I got the following error. I still can analyze other apps, but not those which I developed in Android Studio.

java.lang.AssertionError: assertion failed
at scala.Predef$.assert(Predef.scala:151)
at org.sireum.amandroid.parser.ARSCFileParser.readResourceHeader(ARSCFileParser.scala:901)
at org.sireum.amandroid.parser.ARSCFileParser.doParse(ARSCFileParser.scala:761)
at org.sireum.amandroid.parser.ARSCFileParser$$anon$1.handleXMLFile(ARSCFileParser.scala:749)
at org.sireum.amandroid.parser.AbstractAndroidXMLParser.handleAndroidXMLFiles(AbstractAndroidXMLParser.scala:52)
at org.sireum.amandroid.parser.ARSCFileParser.parse(ARSCFileParser.scala:743)
at org.sireum.amandroid.appInfo.AppInfoCollector$.analyzeARSC(AppInfoCollector.scala:197)
at org.sireum.amandroid.appInfo.AppInfoCollector.collectInfo(AppInfoCollector.scala:153)
at org.sireum.amandroid.security.AmandroidSocket.loadApk(AmandroidSocket.scala:86)
at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:162)
at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:157)
at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:156)
at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137)
at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

HI, i try to update/execute the sireum , but it seems to always download failure. How to fix such problem?
Could I download the newest version of java from the Oracle website ?

Errors thrown when analyzing apk with clinit, at the step of socket.runWithoutDDA.
Output and traces are as below:

[NORMAL]entrypoints--->Set(com.example.testwebview.MainActivity, com.example.testwebview.MyService, com.example.testwebview.TestActivity)
[NORMAL]packagename--->com.example.testwebview
[NORMAL]permissions--->Set(android.permission.INTERNET)
[NORMAL]intentDB------>Map(com.example.testwebview.MainActivity -> Set(component: com.example.testwebview.MainActivity (actions: Set(android.intent.action.MAIN) categorys: Set(android.intent.category.LAUNCHER) datas: schemes= Set() authorities= Set() path= Set() pathPrefix= Set() pathPattern= Set() mimeType= Set())), com.example.testwebview.TestActivity -> Set(component: com.example.testwebview.TestActivity (actions: Set(android.intent.action.MAIN) categorys: Set(android.intent.category.LAUNCHER) datas: schemes= Set() authorities= Set() path= Set() pathPrefix= Set() pathPattern= Set() mithorwmeType= Set())))
[NORMAL]Generate environment for com.example.testwebview.MainActivity
[NORMAL]environment code:
procedure `void` `com.example.testwebview.MainActivity.envMain`(`android.content.Intent` r0 @type `object`) @owner `com.example.testwebview.MainActivity` @signature `Lcom/example/testwebview/MainActivity;.envMain:(Landroid/content/Intent;)V` @Access `STATIC` {
    temp;
    RandomCoinToss;
    head;
    x;
    `com.example.testwebview.MainActivity` r1;
    `android.app.ContextImpl` r2;
    `android.os.Bundle` r3;

  #Label0.

  #Label1.
  #L0. if RandomCoinToss == head  then goto Label13;
  #L1. r1:= new `com.example.testwebview.MainActivity` ;
  #L2. call temp:= `com.example.testwebview.MainActivity.<init>`(r1) @signature `Lcom/example/testwebview/MainActivity;.<init>:()V` @type `direct`;
  #L3. if RandomCoinToss == head  then goto Label12;
  #L4. r2:= new `android.app.ContextImpl` ;
  #L5. call temp:= `android.app.ContextImpl.<init>`(r2) @signature `Landroid/app/ContextImpl;.<init>:()V` @type `direct`;
  #L6. r1.`android.view.ContextThemeWrapper.mBase`:= r2 @type `object`;
  #L7. call temp:= `android.app.Activity.setIntent`(r1, r0) @signature `Landroid/app/Activity;.setIntent:(Landroid/content/Intent;)V` @type `virtual`;
  #Label2.
  #L8. r3:= new `android.os.Bundle` ;
  #L9. call temp:= `android.os.Bundle.<init>`(r3) @signature `Landroid/os/Bundle;.<init>:()V` @type `direct`;
  #L10. call temp:= `com.example.testwebview.MainActivity.onCreate`(r1, r3) @signature `Lcom/example/testwebview/MainActivity;.onCreate:(Landroid/os/Bundle;)V` @type `virtual`;
  #Label3.
  #L11. call temp:= `android.app.Activity.onStart`(r1) @signature `Landroid/app/Activity;.onStart:()V` @type `virtual`;
  #L12. call temp:= `android.app.Activity.onRestoreInstanceState`(r1, r3) @signature `Landroid/app/Activity;.onRestoreInstanceState:(Landroid/os/Bundle;)V` @type `virtual`;
  #L13. call temp:= `android.app.Activity.onPostCreate`(r1, r3) @signature `Landroid/app/Activity;.onPostCreate:(Landroid/os/Bundle;)V` @type `virtual`;
  #Label4.
  #L14. call temp:= `android.app.Activity.onResume`(r1) @signature `Landroid/app/Activity;.onResume:()V` @type `virtual`;
  #L15. call temp:= `android.app.Activity.onPostResume`(r1) @signature `Landroid/app/Activity;.onPostResume:()V` @type `virtual`;
  #Label5.

  #Label6.

  #Label7.
  #L16. if RandomCoinToss == head  then goto Label5;
  #Label8.
  #L17. call temp:= `android.app.Activity.onPause`(r1) @signature `Landroid/app/Activity;.onPause:()V` @type `virtual`;
  #L18. call temp:= `android.app.Activity.onCreateDescription`(r1) @signature `Landroid/app/Activity;.onCreateDescription:()Ljava/lang/CharSequence;` @type `virtual`;
  #L19. call temp:= `android.app.Activity.onSaveInstanceState`(r1, r3) @signature `Landroid/app/Activity;.onSaveInstanceState:(Landroid/os/Bundle;)V` @type `virtual`;
  #L20. if RandomCoinToss == head  then goto Label9;
  #L21. if RandomCoinToss == head  then goto Label4;
  #L22. if RandomCoinToss == head  then goto Label2;
  #Label9.
  #L23. call temp:= `android.app.Activity.onStop`(r1) @signature `Landroid/app/Activity;.onStop:()V` @type `virtual`;
  #L24. if RandomCoinToss == head  then goto Label11;
  #L25. if RandomCoinToss == head  then goto Label10;
  #L26. if RandomCoinToss == head  then goto Label2;
  #Label10.
  #L27. call temp:= `android.app.Activity.onRestart`(r1) @signature `Landroid/app/Activity;.onRestart:()V` @type `virtual`;
  #L28. goto Label3;
  #Label11.
  #L29. call temp:= `android.app.Activity.onDestroy`(r1) @signature `Landroid/app/Activity;.onDestroy:()V` @type `virtual`;
  #L30. if RandomCoinToss == head  then goto Label12;
  #Label12.

  #Label13.

  #Label14.
  #L31. if RandomCoinToss == head  then goto Label0;
  #L32. return @void;
}
[NORMAL]Entry point calculation done.
[CRITICAL]--------------Component Lcom/example/testwebview/MainActivity;.envMain:(Landroid/content/Intent;)V--------------
[CRITICAL]total: 1, oversize: 0, haveResult: 0
[CRITICAL]************************************

java.util.NoSuchElementException: key not found: Entry@(<clinit>,<clinit>)(envMain,L1)
    at scala.collection.MapLike$class.default(MapLike.scala:228)
    at scala.collection.AbstractMap.default(Map.scala:59)
    at scala.collection.mutable.HashMap.apply(HashMap.scala:65)
    at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.scala$collection$mutable$SynchronizedMap$$super$apply(InterProceduralGraph.scala:57)
    at scala.collection.mutable.SynchronizedMap$class.apply(SynchronizedMap.scala:48)
    at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.apply(InterProceduralGraph.scala:57)
    at org.sireum.jawa.alir.controlFlowGraph.InterproceduralControlFlowGraph.getCGEntryNode(InterproceduralControlFlowGraph.scala:632)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.checkAndLoadClassFromHierarchy(AndroidReachingFactsAnalysis.scala:89)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.org$sireum$amandroid$alir$reachingFactsAnalysis$AndroidReachingFactsAnalysisBuilder$$checkClass(AndroidReachingFactsAnalysis.scala:101)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$$anonfun$checkAndLoadClasses$2.apply(AndroidReachingFactsAnalysis.scala:135)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$$anonfun$checkAndLoadClasses$2.apply(AndroidReachingFactsAnalysis.scala:123)
    at scala.collection.immutable.List.foreach(List.scala:381)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.checkAndLoadClasses(AndroidReachingFactsAnalysis.scala:122)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Gen.apply(AndroidReachingFactsAnalysis.scala:247)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.fA(InterProceduralMonotoneDataFlowAnalysisFramework.scala:159)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.actionF(InterProceduralMonotoneDataFlowAnalysisFramework.scala:172)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visitForward(InterProceduralMonotoneDataFlowAnalysisFramework.scala:498)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.caculateResult(InterProceduralMonotoneDataFlowAnalysisFramework.scala:518)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visit(InterProceduralMonotoneDataFlowAnalysisFramework.scala:523)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$.org$sireum$jawa$alir$interProcedural$InterProceduralMonotoneDataFlowAnalysisFramework$$process$1(InterProceduralMonotoneDataFlowAnalysisFramework.scala:565)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$.build(InterProceduralMonotoneDataFlowAnalysisFramework.scala:591)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$1.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
    at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$1.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.build(AndroidReachingFactsAnalysis.scala:67)
    at org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysis$.apply(AndroidReachingFactsAnalysis.scala:665)
    at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithoutDDA$1.apply(AmandroidSocket.scala:168)
    at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithoutDDA$1.apply(AmandroidSocket.scala:164)
    at scala.collection.Iterator$class.foreach(Iterator.scala:743)
    at scala.collection.parallel.immutable.ParHashSet$ParHashSetIterator.foreach(ParHashSet.scala:77)
    at scala.collection.parallel.ParIterableLike$Foreach.leaf(ParIterableLike.scala:971)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply$mcV$sp(Tasks.scala:49)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
    at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
    at scala.collection.parallel.Task$class.tryLeaf(Tasks.scala:51)
    at scala.collection.parallel.ParIterableLike$Foreach.tryLeaf(ParIterableLike.scala:968)
    at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:152)
    at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443)
    at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160)
    at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
    at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
    at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
    at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

Test apk at : http://box.myqsc.com/-82089460

After I imported the Sireum repositories and Amandroid repository , there are many errors mark,
The tutorial ("http://amandroid.sireum.org/docs/tutorial.html") says that "Just make sure you are using correct Java compiler version, and then clean all projects."

I am not sure which Java compiler version is correct?

Thanks.

here some errors, I do not know the reason ,please help me!

This is just to report the following issue.

CryptographicConstants.scala has signatures as "[| sig |]"
Which should have been just " sig "

-Kaushik, BGSU

Hi,
I changed the code in "TaintAnalysis.scala" for test:
//println("Analysis result write into " + arFile) println("LinAnalysis result write into " + arFile)
And how can i compile and run this change to run my analysis?
Is this can be implemented in eclipse?
Maybe it's a silly question,but hope your answer.

Whats the minimum size of memory required to run Amandroid? I tried with heap size of up to 6GB, but still I get java.lang.OutOfMemoryError: Java heap space.

Hi Fengguo and Team,

Thank you for your hard work on this project. I would like to use Amandroid as a platform to build further analysis, but I have been running into many errors just running the included plugins. I want to make sure Amandroid is a stable platform before I invest significant time into development. I have been testing both the Shortcake stable and dev branches on a Mac OSX 10.9 laptop.

Here is an example run of a CLI plugin that illustrates my concern. I have been testing each of the plugins on a set of 24 APKs, primarily from the Google Play store. This particular run is using the latest version of Amandroid dev.

time ./sireum amandroid staging -o /path/Desktop/amandroid_eval/dev_build/staging/ -m 8 -t DIR /path/Desktop/apks/ 2>&1 | tee ~/Desktop/amandroid_eval/dev_build/staging/out.txt

Command Line Output
Total apks: 24

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: cannot find field: @@แ$･.ι
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: Cannot resolve concrete dispatch!
Type:android.content.ContextWrapper
Method:setListAdapter:(Landroid/widget/ListAdapter;)V
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: Cannot resolve concrete dispatch!
Type:berserker.android.corelib.t
Method:remove:(Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog
com.digg.widget.DiggAppWidgetProvider result stored!
com.nventive.android.auth.OAuthActivity result stored!
com.digg.activities.preferences.PreferencesActivityBookmarks result stored!
com.digg.activities.StoryDetailsActivity result stored!
com.digg.activities.SearchActivity result stored!
com.facebook.FacebookActivity result stored!
com.digg.activities.MainActivity result stored!
com.digg.activities.preferences.PreferencesActivityAccount result stored!
com.digg.activities.WebViewActivity result stored!
com.digg.widget.DiggWidgetService result stored!
com.digg.auth.GoogleAuthActivity result stored!
com.digg.activities.preferences.PreferencesActivity result stored!
com.digg.activities.DrawerActivity result stored!
com.digg.activities.preferences.PreferencesActivityAbout result stored!
com.digg.activities.AddSubscriptionActivity result stored!

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog
com.saurik.substrate.RestartReceiver result stored!
com.saurik.substrate.GalleryActivity result stored!
com.saurik.substrate.PackageReceiver result stored!
com.saurik.substrate.SetupActivity result stored!

Error: null
Written: /path/Desktop/amandroid_eval/dev_build/staging/.errorlog

Out of the 24 APKs in this run, very few generated a IDFG or DDG. I am commonly running into Null and Concrete Dispatch errors. I see that other users have opened issues about these errors (see #26, #31) but I am not aware of a solution. Please correct me if I am wrong.

In your paper you discuss evaluating 753 Google Play store apps. Evaluating so many apps without errors should indicate that the Amandroid platform is stable. However, that is not what I am seeing in my tests and the Issues page.

Are you also encountering these errors? Is my setup wrong somehow? Any comments or suggestions are appreciated.

One suggestion I have for Amandroid - Error logs should not be overwritten when running with --type DIR run. This makes debugging errors more difficult.

I get a key not found error when I run Amandroid cli with the taintAnalysis plugin.

java.util.NoSuchElementException: key not found: param_Entry:v10@(loadRestriction,loadRestriction)
at scala.collection.MapLike$class.default(MapLike.scala:228)
at scala.collection.AbstractMap.default(Map.scala:59)
at scala.collection.mutable.HashMap.apply(HashMap.scala:65)
at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.scala$collection$mutable$SynchronizedMap$$super$apply(InterProceduralGraph.scala:57)
at scala.collection.mutable.SynchronizedMap$class.apply(SynchronizedMap.scala:48)
at org.sireum.jawa.alir.interProcedural.InterProceduralGraph$$anon$1.apply(InterProceduralGraph.scala:57)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph.getPointNode(PointerAssignmentGraph.scala:936)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph.getNode(PointerAssignmentGraph.scala:981)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$buildingEdges$1$$anonfun$apply$3.apply(PointerAssignmentGraph.scala:444)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$buildingEdges$1$$anonfun$apply$3.apply(PointerAssignmentGraph.scala:440)
at scala.collection.mutable.HashMap$$anonfun$foreach$1.apply(HashMap.scala:99)
at scala.collection.mutable.HashMap$$anonfun$foreach$1.apply(HashMap.scala:99)
at scala.collection.mutable.HashTable$class.foreachEntry(HashTable.scala:230)
at scala.collection.mutable.HashMap.foreachEntry(HashMap.scala:40)
at scala.collection.mutable.HashMap.foreach(HashMap.scala:99)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$buildingEdges$1.apply(PointerAssignmentGraph.scala:440)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$buildingEdges$1.apply(PointerAssignmentGraph.scala:438)
at scala.collection.mutable.HashMap$$anonfun$foreach$1.apply(HashMap.scala:99)
at scala.collection.mutable.HashMap$$anonfun$foreach$1.apply(HashMap.scala:99)
at scala.collection.mutable.HashTable$class.foreachEntry(HashTable.scala:230)
at scala.collection.mutable.HashMap.foreachEntry(HashMap.scala:40)
at scala.collection.mutable.HashMap.foreach(HashMap.scala:99)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph.buildingEdges(PointerAssignmentGraph.scala:438)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$constructGraph$2.apply(PointerAssignmentGraph.scala:287)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph$$anonfun$constructGraph$2.apply(PointerAssignmentGraph.scala:283)
at scala.collection.immutable.HashSet$HashSet1.foreach(HashSet.scala:322)
at scala.collection.immutable.HashSet$HashTrieSet.foreach(HashSet.scala:978)
at scala.collection.immutable.HashSet$HashTrieSet.foreach(HashSet.scala:978)
at org.sireum.jawa.alir.pointsToAnalysis.PointerAssignmentGraph.constructGraph(PointerAssignmentGraph.scala:282)
at org.sireum.jawa.alir.pointsToAnalysis.InterproceduralPointsToAnalysis.doPTA(InterproceduralPointsToAnalysis.scala:58)
at org.sireum.jawa.alir.pointsToAnalysis.InterproceduralPointsToAnalysis$$anonfun$pta$1.apply(InterproceduralPointsToAnalysis.scala:47)
at org.sireum.jawa.alir.pointsToAnalysis.InterproceduralPointsToAnalysis$$anonfun$pta$1.apply(InterproceduralPointsToAnalysis.scala:44)
at scala.collection.immutable.HashSet$HashSet1.foreach(HashSet.scala:322)
at scala.collection.immutable.HashSet$HashTrieSet.foreach(HashSet.scala:978)
at scala.collection.immutable.HashSet$HashTrieSet.foreach(HashSet.scala:978)
at org.sireum.jawa.alir.pointsToAnalysis.InterproceduralPointsToAnalysis.pta(InterproceduralPointsToAnalysis.scala:43)
at org.sireum.jawa.alir.reachability.ReachabilityAnalysis$.getReachableProcedures(ReachabilityAnalysis.scala:32)
at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$init$1.apply(ReachableInfoCollector.scala:73)
at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$init$1.apply(ReachableInfoCollector.scala:71)
at scala.collection.Iterator$class.foreach(Iterator.scala:743)
at scala.collection.parallel.immutable.ParHashSet$ParHashSetIterator.foreach(ParHashSet.scala:77)
at scala.collection.parallel.ParIterableLike$Foreach.leaf(ParIterableLike.scala:971)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply$mcV$sp(Tasks.scala:49)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
at scala.collection.parallel.Task$class.tryLeaf(Tasks.scala:51)
at scala.collection.parallel.ParIterableLike$Foreach.tryLeaf(ParIterableLike.scala:968)
at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:152)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443)
at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

Trying to run reachablility analysis on an 209kb apk got 30min timeout with icc enabled, -Xmx24g, context 1, static clinit disabled. Some components are analyzed but others timeout.

Test case attached as below:

http://box.myqsc.com/-04822815

Hi all,

i am new in Scala and sbt and I would be grateful if you can release some README with steps how to recompile and run Amandroid.

I have imported all project in Eclipse, made some changes in sireum-amandroid-cli and I want to recompile the whole system and run Amandroid with my changes.

Thank you in advance,
Vitalii

Hi, yet another error:

An error occured on 20150410-153706 java.lang.IllegalArgumentException: requirement failed at scala.Predef$.require(Predef.scala:207) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ClassModel$$anonfun$classGetName$1.apply(ClassModel.scala:214) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ClassModel$$anonfun$classGetName$1.apply(ClassModel.scala:213) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ClassModel$.classGetName(ClassModel.scala:212) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ClassModel$.doClassCall(ClassModel.scala:98) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ModelCallHandler$class.caculateResult(ModelCallHandler.scala:62) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.model.AndroidModelCallHandler$.caculateResult(AndroidModelCallHandler.scala:64) at org.sireum.jawa.alir.pta.reachingFactsAnalysis.model.ModelCallHandler$class.doModelCall(ModelCallHandler.scala:46) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.model.AndroidModelCallHandler$.doModelCall(AndroidModelCallHandler.scala:28) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisHelper$.doModelCall(AndroidReachingFactsAnalysisHelper.scala:28) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Callr$$anonfun$resolveCall$1.apply(AndroidReachingFactsAnalysis.scala:396) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Callr$$anonfun$resolveCall$1.apply(AndroidReachingFactsAnalysis.scala:372) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Callr.resolveCall(AndroidReachingFactsAnalysis.scala:371) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.org$sireum$jawa$alir$dataFlowAnalysis$InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$$jumpF$2(InterProceduralMonotoneD$ at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visitForward(InterProceduralMonotoneDataFlowAnalysisFramework.scala:514) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.caculateResult(InterProceduralMonotoneDataFlowAnalysisFramework.scala:526) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visit(InterProceduralMonotoneDataFlowAnalysisFramework.scala:532) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$.process$1(InterProceduralMonotoneDataFlowAnalysisFramework.scala:564) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$.build(InterProceduralMonotoneDataFlowAnalysisFramework.scala:601) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$2.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74) at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$2.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.build(AndroidReachingFactsAnalysis.scala:74) at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysis$.apply(AndroidReachingFactsAnalysis.scala:739) at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithDDA$1.apply(AmandroidSocket.scala:122) at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithDDA$1.apply(AmandroidSocket.scala:119) at scala.collection.Iterator$class.foreach(Iterator.scala:750) at scala.collection.parallel.immutable.ParHashSet$ParHashSetIterator.foreach(ParHashSet.scala:77) at scala.collection.parallel.ParIterableLike$Foreach.leaf(ParIterableLike.scala:972) at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply$mcV$sp(Tasks.scala:49) at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48) at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48) at scala.collection.parallel.Task$class.tryLeaf(Tasks.scala:51) at scala.collection.parallel.ParIterableLike$Foreach.tryLeaf(ParIterableLike.scala:969) at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:152) at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443) at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160) at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)

Thanks.

Hi,

I am trying to track data flow from any input to the web servers (URL). I could not find any manual or example to do it.
I leave these rules in the file:

Ljava/net/URLConnection;.setRequestProperty:(Ljava/lang/String;Ljava/lang/String;)V -> SINK
Ljava/net/Socket;.connect:(Ljava/net/SocketAddress;)V -> SINK
Ljava/net/URL;.openConnection:()Ljava/net/URLConnection; -> SINK
Landroid/app/Activity;.setResult:(ILandroid/content/Intent;)V -> SINK
Ljava/net/URLConnection;.getOutputStream:()Ljava/io/OutputStream; -> SINK

But I am not sure if that's all what required or there are other rules I need to add. Would you please kindly help me out?
Thank you in advance

Im pasting a full error trace ,
java.lang.NoSuchMethodError: brut.androlib.res.data.ResResSpec.getType()Lbrut/androlib/res/data/ResTypeSpec;
at org.sireum.amandroid.appInfo.AppInfoCollector$$anonfun$analyzeCallback$2$$anonfun$apply$1.apply$mcVI$sp(AppInfoCollector.scala:261)
at org.sireum.amandroid.appInfo.AppInfoCollector$$anonfun$analyzeCallback$2$$anonfun$apply$1.apply(AppInfoCollector.scala:259)
at org.sireum.amandroid.appInfo.AppInfoCollector$$anonfun$analyzeCallback$2$$anonfun$apply$1.apply(AppInfoCollector.scala:259)
at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
at org.sireum.amandroid.appInfo.AppInfoCollector$$anonfun$analyzeCallback$2.apply(AppInfoCollector.scala:258)
at org.sireum.amandroid.appInfo.AppInfoCollector$$anonfun$analyzeCallback$2.apply(AppInfoCollector.scala:256)
at scala.collection.immutable.Map$Map1.foreach(Map.scala:116)
at org.sireum.amandroid.appInfo.AppInfoCollector$.analyzeCallback(AppInfoCollector.scala:256)
at org.sireum.amandroid.security.apiMisuse.InterestingApiCollector.collectInfo(InterestingApiCollector.scala:51)
at org.sireum.amandroid.run.security.HideAPI_run$HideAPIMisuseTask.run(HideAPI_run.scala:111)
at org.sireum.amandroid.run.security.HideAPI_run$$anonfun$main$1.apply(HideAPI_run.scala:90)
at org.sireum.amandroid.run.security.HideAPI_run$$anonfun$main$1.apply(HideAPI_run.scala:83)
at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
at org.sireum.amandroid.run.security.HideAPI_run$.main(HideAPI_run.scala:82)
at org.sireum.amandroid.run.security.HideAPI_run.main(HideAPI_run.scala)

I get an error Error: Cannot find node: .... with lots of malware samples. Here is one of the samples.

https://www.dropbox.com/s/pynkkw4gzkh8ffl/AnserverBot.apk?dl=0

Hello I downloaded "sireum-dev-linux64.tar.gz"
how do I install it? what are the commands?

I'am following this tutorial for use amandroid:
http://amandroid.sireum.org/software.html
Premise: I use an MacBook Pro.
I have downloaded Sireum Strawberry version and to start it with terminal type the folder path and I get the menu:

Now what do I have to type to start Android?

Hi, fengguo.
I was trying to build up development platform as manual said. When it came to the third step "Launch Eclipse", it came up with following error:

How could i solve such problem?
Actually I tried to update the sireum, because I thought maybe there existed some plugins or folders that did not download from the sireum server.
However, it implies that there is no update.

Hi Developers,

i have faced with the following bug:

java.lang.NullPointerException at scala.collection.mutable.ArrayOps$ofRef$.length$extension(ArrayOps.scala:192) at scala.collection.mutable.ArrayOps$ofRef.length(ArrayOps.scala:192) at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:32) at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186) at org.sireum.util.FileUtil$.listFiles(File.scala:51) at org.sireum.jawa.JawaCodeSource$.load(JawaCodeSource.scala:75) at org.sireum.amandroid.security.AmandroidSocket.loadApk(AmandroidSocket.scala:85) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:162) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:157) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:156) at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137) at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

Exception doesn't depend on APKs. I am using the following mode:
./sireum amandroid taintAnalysis -p -m 40 -to 60 -msg VERBOSE someapk.apk sourcessinks.txt

BUT, it depends on the ENVIRONMENT:

• It doesn't work on Ubuntu 14.04
• BUT it does work on Ubuntu 12.04
• It does work on OSX 10.10
• It does work on Fedora 20
• BUT it doesn't work on Fedora 19

Best Regards,
Vitalii

Hi,

it turns out that Amandroid doesn't write partial results for Taint Analysis.

I see in the output that some data flows have been discovered, but TaintResults.txt file doesn't exists until analysis is done.

Such behavior is unwanted in case of occurrence of some exception on later steps of the analysis.

Do you think it is good idea to implement saving of partial results in Amandroid or do I need to implement it just for my needs?

Thanks in advance.

Vitalii

Is there any way in Amandroid to query the icc results in reachability analysis? For example, in the following code snippets:

ActivityA: (exported)
protected void onCreate()
{
    Intent intent = new Intent();
    intent.setClass(this, ActivityB.class);
    startActivity(intent);
}

ActivityB: (not exported, but have privileged call)
private Handler handler = new Handler(){
   public void handleMessage(Message msg){
    privileged_call_function();
   }
}
protected void onCreate()
{
handler.sendEmptyMessage(0);
}

One can see that there is a capability leak in this snippet, because an external intent can reach ActivityB's privileged function call.

Using the ReachabilityAnalysis.getBackwardReachability on privileged_call_function, one can get the following results:

ActivityB.handleMessage, ActivityB.envMain (notice no ActivityA.oncreate)

So there is a way to propagate back from envMain, which is the dummy main method of ActivityB, from the startActivity code in ActivityA? Which API function call should one refer to to get the link between ActivityB.envMain and ActivityA.onCreate ?

Hi,

I started Amandroid like this:

.../Sireum$ ./sireum amandroid taintAnalysis -m 12 -p -o ../Amandroid-out/ com.acj0.formsxpressdemo.apk apps/amandroid/taintAnalysis/sourceAndSinks/TaintSourcesAndSinks.txt
Total apks: 1

Error: null
Written:../Amandroid-out/.errorlog
.../Sireum$ cat ../Amandroid-out/.errorlog
An error occured on 20150415-084659
java.lang.NullPointerException
at scala.collection.mutable.ArrayOps$ofRef$.length$extension(ArrayOps.scala:192)
at scala.collection.mutable.ArrayOps$ofRef.length(ArrayOps.scala:192)
at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:32)
at scala.collection.mutable.ArrayOps$ofRef.foreach(ArrayOps.scala:186)
at org.sireum.util.FileUtil$.listFiles(File.scala:51)
at org.sireum.jawa.JawaCodeSource$.preLoad(JawaCodeSource.scala:60)
at org.sireum.amandroid.security.AmandroidSocket.preProcess(AmandroidSocket.scala:63)
at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:152)
at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137)
at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

HI, when i try to install amandroid in the terminal , i follow the instrcutions and type "sireum install amandroid"
it always occurs below scenarios :

Hi, when I imported the Amandroid source (including Sireum repositories), there are many errors mark,
The tutorial ("http://amandroid.sireum.org/docs/tutorial.html") says that I can "Just make sure you are using correct Java compiler version, and then clean all projects."

I sure that the Java compiler version is 1.8, but I still can't solve these errors.

Hi,
I tried to run amandroid as stated on the website:
sireum amandroid taintAnalysis -m 12 -p -o /outputPath /path/some.apk /your_Amandroid_Home/taintAnalysis/sourceAndSinks/TaintSourcesAndSinks.txt

The analyzed apk was com.acj0.formsxpressdemo.apk from the playstore.
I used the Flowdroid format for Sources/Sinks, which I now know is incorrect.
However, I got a ZipException, which I imagine has nothing to do with the sources/sinks file:

java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.(ZipFile.java:220)
at java.util.zip.ZipFile.(ZipFile.java:150)
at java.util.zip.ZipFile.(ZipFile.java:164)
at Main$$anon$1$SireumDistro$.unzip(sireum:1322)
at Main$$anon$1$SireumDistro$.installApp(sireum:1003)
at Main$$anon$1$SireumDistro$.downloadFile(sireum:962)
at Main$$anon$1$SireumDistro$$anonfun$downloadNewFiles$1.apply(sireum:591)
at Main$$anon$1$SireumDistro$$anonfun$downloadNewFiles$1.apply(sireum:586)
at scala.collection.immutable.List.foreach(List.scala:381)
at Main$$anon$1$SireumDistro$.downloadNewFiles(sireum:586)
at Main$$anon$1$SireumDistro$$anonfun$install$2.apply(sireum:568)
at Main$$anon$1$SireumDistro$$anonfun$install$2.apply(sireum:557)
at scala.collection.IndexedSeqOptimized$class.foreach(IndexedSeqOptimized.scala:33)
at scala.collection.mutable.WrappedArray.foreach(WrappedArray.scala:35)
at Main$$anon$1$SireumDistro$.install(sireum:557)
at Main$$anon$1$SireumDistro$.parseCliArgs(sireum:400)
at Main$$anon$1$SireumDistro$.parseDistroArgs(sireum:340)
at Main$$anon$1$SireumDistro$.delayedEndpoint$Main$$anon$1$SireumDistro$1(sireum:248)
at Main$$anon$1$SireumDistro$delayedInit$body.apply(sireum:77)
at scala.Function0$class.apply$mcV$sp(Function0.scala:40)
at scala.runtime.AbstractFunction0.apply$mcV$sp(AbstractFunction0.scala:12)
at scala.App$$anonfun$main$1.apply(App.scala:76)
at scala.App$$anonfun$main$1.apply(App.scala:76)
at scala.collection.immutable.List.foreach(List.scala:381)
at scala.collection.generic.TraversableForwarder$class.foreach(TraversableForwarder.scala:35)
at scala.App$class.main(App.scala:76)
at Main$$anon$1$SireumDistro$.main(sireum:77)
at Main$$anon$1.(sireum:49)
at Main$.main(sireum:49)
at Main.main(sireum)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at scala.reflect.internal.util.ScalaClassLoader$$anonfun$run$1.apply(ScalaClassLoader.scala:70)
at scala.reflect.internal.util.ScalaClassLoader$class.asContext(ScalaClassLoader.scala:31)
at scala.reflect.internal.util.ScalaClassLoader$URLClassLoader.asContext(ScalaClassLoader.scala:101)
at scala.reflect.internal.util.ScalaClassLoader$class.run(ScalaClassLoader.scala:70)
at scala.reflect.internal.util.ScalaClassLoader$URLClassLoader.run(ScalaClassLoader.scala:101)
at scala.tools.nsc.CommonRunner$class.run(ObjectRunner.scala:22)
at scala.tools.nsc.ObjectRunner$.run(ObjectRunner.scala:39)
at scala.tools.nsc.CommonRunner$class.runAndCatch(ObjectRunner.scala:29)
at scala.tools.nsc.ObjectRunner$.runAndCatch(ObjectRunner.scala:39)
at scala.tools.nsc.ScriptRunner.scala$tools$nsc$ScriptRunner$$runCompiled(ScriptRunner.scala:175)
at scala.tools.nsc.ScriptRunner$$anonfun$runScript$1.apply(ScriptRunner.scala:192)
at scala.tools.nsc.ScriptRunner$$anonfun$runScript$1.apply(ScriptRunner.scala:192)
at scala.tools.nsc.ScriptRunner$$anonfun$withCompiledScript$1.apply$mcZ$sp(ScriptRunner.scala:157)
at scala.tools.nsc.ScriptRunner$$anonfun$withCompiledScript$1.apply(ScriptRunner.scala:129)
at scala.tools.nsc.ScriptRunner$$anonfun$withCompiledScript$1.apply(ScriptRunner.scala:129)
at scala.tools.nsc.util.package$.trackingThreads(package.scala:43)
at scala.tools.nsc.util.package$.waitingForThreads(package.scala:27)
at scala.tools.nsc.ScriptRunner.withCompiledScript(ScriptRunner.scala:128)
at scala.tools.nsc.ScriptRunner.runScript(ScriptRunner.scala:192)
at scala.tools.nsc.ScriptRunner.runScriptAndCatch(ScriptRunner.scala:205)
at scala.tools.nsc.MainGenericRunner.runTarget$1(MainGenericRunner.scala:67)
at scala.tools.nsc.MainGenericRunner.run$1(MainGenericRunner.scala:87)
at scala.tools.nsc.MainGenericRunner.process(MainGenericRunner.scala:98)
at scala.tools.nsc.MainGenericRunner$.main(MainGenericRunner.scala:103)
at scala.tools.nsc.MainGenericRunner.main(MainGenericRunner.scala)

Hi,
I have got the error 'Java.lang.IllegalArgumentException: Requirement failed: JawaClass should be object type, but get: int' when I tried to run taintAnalysis on few google play apps(ex. Ubercab.apk). Would you please tell me what is the reason for this error and how to solve this.

Thanks.

Sharifa

Hi, when I run the command "sireum amandroid decompile /path/some.apk /outputPath", I get the error as the title says. I really dont know why.

With one of the malware samples, I get the following error when I run Amandroid taintAnalysis cli.

java.util.ConcurrentModificationException
at java.util.ArrayList$Itr.checkForComodification(ArrayList.java:901)
at java.util.ArrayList$Itr.next(ArrayList.java:851)
at java.util.Collections$UnmodifiableCollection$1.next(Collections.java:1042)
at scala.collection.convert.Wrappers$JIteratorWrapper.next(Wrappers.scala:43)
at scala.collection.Iterator$class.foreach(Iterator.scala:743)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1177)
at scala.collection.IterableLike$class.foreach(IterableLike.scala:72)
at scala.collection.AbstractIterable.foreach(Iterable.scala:54)
at scala.collection.TraversableLike$class.map(TraversableLike.scala:245)
at scala.collection.mutable.AbstractSet.scala$collection$SetLike$$super$map(Set.scala:46)
at scala.collection.SetLike$class.map(SetLike.scala:92)
at scala.collection.mutable.AbstractSet.map(Set.scala:46)
at org.sireum.alir.AlirSuccPredAccesses$class.predecessors(AlirGraph.scala:114)
at org.sireum.jawa.alir.controlFlowGraph.InterproceduralControlFlowGraph.predecessors(InterproceduralControlFlowGraph.scala:37)
at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$7.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:58$
at org.sireum.jawa.alir.interProcedural.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$7.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:58$
at scala.collection.parallel.mutable.ParArray$Map.leaf(ParArray.scala:657)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply$mcV$sp(Tasks.scala:49)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
at scala.collection.parallel.Task$$anonfun$tryLeaf$1.apply(Tasks.scala:48)
at scala.collection.parallel.Task$class.tryLeaf(Tasks.scala:51)
at scala.collection.parallel.mutable.ParArray$Map.tryLeaf(ParArray.scala:648)
at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.internal(Tasks.scala:169)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.internal(Tasks.scala:443)
at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:149)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443)
at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runSubtask(ForkJoinPool.java:1357)
at scala.concurrent.forkjoin.ForkJoinPool.tryHelpStealer(ForkJoinPool.java:2253)
at scala.concurrent.forkjoin.ForkJoinPool.awaitJoin(ForkJoinPool.java:2377)
at scala.concurrent.forkjoin.ForkJoinTask.doJoin(ForkJoinTask.java:341)
at scala.concurrent.forkjoin.ForkJoinTask.join(ForkJoinTask.java:673)
at scala.collection.parallel.ForkJoinTasks$WrappedTask$class.sync(Tasks.scala:378)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.sync(Tasks.scala:443)
at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.internal(Tasks.scala:173)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.internal(Tasks.scala:443)
at scala.collection.parallel.AdaptiveWorkStealingTasks$WrappedTask$class.compute(Tasks.scala:149)
at scala.collection.parallel.AdaptiveWorkStealingForkJoinTasks$WrappedTask.compute(Tasks.scala:443)
at scala.concurrent.forkjoin.RecursiveAction.exec(RecursiveAction.java:160

Hi,
again, I am trying to run the latest version of Amandroid on Ubuntu 14.04 x64, but now on DEV branch of Strawberry.

An error occured on 20150609-105548 java.lang.NoSuchMethodError: android.util.TypedValue.coerceToString(II)Ljava/lang/String; at brut.androlib.res.data.value.ResIntValue.encodeAsResXml(ResIntValue.java:45) at brut.androlib.res.data.value.ResScalarValue.encodeAsResXmlAttr(ResScalarValue.java:45) at brut.androlib.res.decoder.ResAttrDecoder.decode(ResAttrDecoder.java:41) at brut.androlib.res.decoder.AXmlResourceParser.getAttributeValue(AXmlResourceParser.java:369) at org.xmlpull.v1.wrapper.classic.XmlPullParserDelegate.getAttributeValue(XmlPullParserDelegate.java:69) at brut.androlib.res.decoder.XmlPullStreamDecoder$1.parseManifest(XmlPullStreamDecoder.java:97) at brut.androlib.res.decoder.XmlPullStreamDecoder$1.event(XmlPullStreamDecoder.java:65) at brut.androlib.res.decoder.XmlPullStreamDecoder.decode(XmlPullStreamDecoder.java:141) at brut.androlib.res.decoder.XmlPullStreamDecoder.decodeManifest(XmlPullStreamDecoder.java:153) at brut.androlib.res.decoder.ResFileDecoder.decodeManifest(ResFileDecoder.java:134) at brut.androlib.res.AndrolibResources.decodeManifestWithResources(AndrolibResources.java:199) at brut.androlib.Androlib.decodeManifestWithResources(Androlib.java:139) at brut.androlib.ApkDecoder.decode(ApkDecoder.java:102) at org.sireum.amandroid.decompile.AmDecoder$.decode(AmDecoder.scala:49) at org.sireum.amandroid.security.AmandroidSocket.loadApk(AmandroidSocket.scala:80) at org.sireum.amandroid.cli.TanitAnalysis$TaintTask.run(TaintAnalysis.scala:183) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:159) at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:155) at scala.collection.immutable.Set$Set1.foreach(Set.scala:79) at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:155) at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:135) at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)
Can you help me with this?

Thanks,

Vitalii

Hi, I tested GenCallGraph with the sample apk "AndroidSpecific_PrivateDataLeak3.apk" from the source code (sireumdev, debug mode), I got following error messages.
However, it works from the executable Sireum Command Line Interface.

An error occured on 20150125-211620
java.lang.ExceptionInInitializerError
at org.sireum.pilar.parser.Parser$.parse(Parser.scala:91)
at org.sireum.pilar.parser.Parser$.parse(Parser.scala:75)
at org.sireum.pilar.parser.Parser$.parseWithErrorAsString(Parser.scala:61)
at org.sireum.jawa.Transform$.parseCodes(Transform.scala:30)
at org.sireum.jawa.Transform$.getSymbolResolveResult(Transform.scala:35)
at org.sireum.jawa.JawaResolver$.forceResolveToHierarchy(JawaResolver.scala:131)
at org.sireum.jawa.JawaResolver$.resolveToHierarchy(JawaResolver.scala:117)
at org.sireum.jawa.JawaResolver$.tryResolveRecord(JawaResolver.scala:69)
at org.sireum.jawa.Center$.tryLoadRecord(Center.scala:701)
at org.sireum.amandroid.parser.LayoutFileParser.org$sireum$amandroid$parser$LayoutFileParser$$getLayoutClass(LayoutFileParser.scala:53)
at org.sireum.amandroid.parser.LayoutFileParser$LayoutParser.child(LayoutFileParser.scala:103)
at pxb.android.axml.AxmlReader.accept(AxmlReader.java:108)
at org.sireum.amandroid.parser.LayoutFileParser$$anon$1.handleXMLFile(LayoutFileParser.scala:214)
at org.sireum.amandroid.parser.AbstractAndroidXMLParser.handleAndroidXMLFiles(AbstractAndroidXMLParser.scala:52)
at org.sireum.amandroid.parser.LayoutFileParser.parseLayoutFile(LayoutFileParser.scala:173)
at org.sireum.amandroid.appInfo.AppInfoCollector$.analyzeLayouts(AppInfoCollector.scala:207)
at org.sireum.amandroid.appInfo.AppInfoCollector.collectInfo(AppInfoCollector.scala:154)
at org.sireum.amandroid.cli.GenCallGraph$$anonfun$genCallGraph$1.apply(GenCallGraph.scala:140)
at org.sireum.amandroid.cli.GenCallGraph$$anonfun$genCallGraph$1.apply(GenCallGraph.scala:123)
at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
at org.sireum.amandroid.cli.GenCallGraph$.genCallGraph(GenCallGraph.scala:122)
at org.sireum.amandroid.cli.GenCallGraph$.main(GenCallGraph.scala:112)
at org.sireum.amandroid.cli.GenCallGraph.main(GenCallGraph.scala)
Caused by: org.antlr.v4.runtime.RuntimeMetaData$VersionMismatchException: ANTLR Tool version 4.4 used for code generation does not match the current runtime version 4.3
at org.antlr.v4.runtime.RuntimeMetaData.checkVersion(RuntimeMetaData.java:397)
at org.sireum.pilar.parser.Antlr4PilarLexer.(Antlr4PilarLexer.java:14)
... 23 more

I got the following error when running the following:

mainuser@thinkpad-ubuntu:~/Files$ ./analyze app.apk 
Total apks: 1
Analyzing #1:file:/home/mainuser/Files/app.apk
Cleaning up unclosed ZipFile for archive /home/mainuser/Files/app.apk
Cleaning up unclosed ZipFile for archive /home/mainuser/apktool/framework/1.apk

Error: Cannot resolve concrete dispatch!
Type:com.a.a.a.i
Procedure:a:(IZ)V
Written: /home/mainuser/Files/./.errorlog

Within the .errorlog file:

An error occured on 20150331-165648
java.lang.RuntimeException: Cannot resolve concrete dispatch!
Type:com.a.a.a.i
Procedure:a:(IZ)V
        at org.sireum.jawa.RecordHierarchy.resolveConcreteDispatch(RecordHierarchy.scala:364)
        at org.sireum.jawa.alir.util.CallHandler$.getVirtualCalleeProcedure(CallHandler.scala:41)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph$$anonfun$getVirtualCalleeSet$1.apply(PointerAssignmentGraph.scala:490)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph$$anonfun$getVirtualCalleeSet$1.apply(PointerAssignmentGraph.scala:489)
        at scala.collection.immutable.Set$Set4.foreach(Set.scala:181)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph.getVirtualCalleeSet(PointerAssignmentGraph.scala:488)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.checkAndDoCall(InterproceduralSuperSpark.scala:200)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$workListPropagation$2.apply(InterproceduralSuperSpark.scala:104)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$workListPropagation$2.apply(InterproceduralSuperSpark.scala:95)
        at scala.collection.Iterator$class.foreach(Iterator.scala:750)
        at scala.collection.AbstractIterator.foreach(Iterator.scala:1202)
        at scala.collection.IterableLike$class.foreach(IterableLike.scala:72)
        at scala.collection.AbstractIterable.foreach(Iterable.scala:54)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.workListPropagation(InterproceduralSuperSpark.scala:94)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.doPTA(InterproceduralSuperSpark.scala:61)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$pta$1.apply(InterproceduralSuperSpark.scala:48)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$pta$1.apply(InterproceduralSuperSpark.scala:45)
        at scala.collection.immutable.Set$Set2.foreach(Set.scala:111)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.pta(InterproceduralSuperSpark.scala:44)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.build(InterproceduralSuperSpark.scala:36)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.apply(InterproceduralSuperSpark.scala:29)
        at org.sireum.jawa.alir.reachability.ReachabilityAnalysis$.getReachableProcedures(ReachabilityAnalysis.scala:30)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$updateReachableMap$1.apply(ReachableInfoCollector.scala:58)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$updateReachableMap$1.apply(ReachableInfoCollector.scala:56)
        at scala.collection.immutable.Map$Map2.foreach(Map.scala:137)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector.updateReachableMap(ReachableInfoCollector.scala:56)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector.collectCallbackMethods(ReachableInfoCollector.scala:146)
        at org.sireum.amandroid.appInfo.AppInfoCollector$.analyzeCallback(AppInfoCollector.scala:223)
        at org.sireum.amandroid.appInfo.AppInfoCollector.collectInfo(AppInfoCollector.scala:162)
        at org.sireum.amandroid.cli.TanitAnalysis$TaintTask.run(TaintAnalysis.scala:187)
        at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:161)
        at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:157)
        at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
        at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:156)
        at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137)
        at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

May I know what is the significance of this error? This error only work on this particular obfuscated APK. Does it not work on all obfuscated APK, or is it a bug?

In addition, even though I did not get this error while analysing whatsapp, staging does not generate any control flow graph, and genGraph produce a graph with only 1 node. Is this an expected behavior?

Thanks.