ucr-riple / androidslicer Goto Github PK
View Code? Open in Web Editor NEWAndroidSlicer is a dynamic slicing tool, useful for a variety of tasks, from testing to debugging to security.
License: Other
AndroidSlicer is a dynamic slicing tool, useful for a variety of tasks, from testing to debugging to security.
License: Other
Hi, I tried to compile and run "instrumenter" from the source code (instead of running instrumenter.sh).
By setting Instrumenter's main as a default function, I used this arguments.
com.twitter.android -w -allow-phantom-refs -process-multiple-dex -force-android-jar <sdk_path>/android-28/android.jar -src-prec apk -output-format dex -process-dir <my_path>/AndroidSlicer/tool/Twitter_v7.93.2-release.50_apkpure.com.apk
The app I used is from Google Play Store for version 7.93.2
After that, there is no error for a while, and it ran for like 5 minutes.
At the end, the program dies because of GC
I found that the paper used Twitter as a benchmark. I am curious how to instrument it.
I tried it with a small example, it could be done.
It would be really appreciated if you help me to figure this out.
Below is the error message.
Soot started on Sun Jul 28 16:59:22 PDT 2019
[Thread-9] ERROR heros.solver.CountingThreadPoolExecutor - Worker thread execution failed: GC overhead limit exceeded
java.lang.OutOfMemoryError: GC overhead limit exceeded
at soot.toDex.ConstantVisitor.caseStringConstant(ConstantVisitor.java:86)
at soot.jimple.StringConstant.apply(StringConstant.java:63)
at soot.toDex.StmtVisitor.caseAssignStmt(StmtVisitor.java:489)
at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:242)
at soot.toDex.DexPrinter.toInstructions(DexPrinter.java:1511)
at soot.toDex.DexPrinter.toMethodImplementation(DexPrinter.java:1174)
at soot.toDex.DexPrinter.toMethods(DexPrinter.java:1083)
at soot.toDex.DexPrinter.addAsClassDefItem(DexPrinter.java:656)
at soot.toDex.DexPrinter.add(DexPrinter.java:1646)
at soot.PackManager.writeClass(PackManager.java:1096)
at soot.PackManager.lambda$writeOutput$1(PackManager.java:699)
at soot.PackManager$$Lambda$2/1879083009.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Exception in thread "Thread-9" java.lang.RuntimeException: java.lang.OutOfMemoryError: GC overhead limit exceeded
at soot.PackManager.writeOutput(PackManager.java:716)
at soot.PackManager.writeDexOutput(PackManager.java:584)
at soot.PackManager.writeOutput(PackManager.java:567)
at soot.Main.run(Main.java:271)
at soot.Main.main(Main.java:141)
at org.ucr.ds.cd.utilities.Instrumenter.main(Instrumenter.java:407)
Caused by: java.lang.OutOfMemoryError: GC overhead limit exceeded
at soot.toDex.ConstantVisitor.caseStringConstant(ConstantVisitor.java:86)
at soot.jimple.StringConstant.apply(StringConstant.java:63)
at soot.toDex.StmtVisitor.caseAssignStmt(StmtVisitor.java:489)
at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:242)
at soot.toDex.DexPrinter.toInstructions(DexPrinter.java:1511)
at soot.toDex.DexPrinter.toMethodImplementation(DexPrinter.java:1174)
at soot.toDex.DexPrinter.toMethods(DexPrinter.java:1083)
at soot.toDex.DexPrinter.addAsClassDefItem(DexPrinter.java:656)
at soot.toDex.DexPrinter.add(DexPrinter.java:1646)
at soot.PackManager.writeClass(PackManager.java:1096)
at soot.PackManager.lambda$writeOutput$1(PackManager.java:699)
at soot.PackManager$$Lambda$2/1879083009.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
java.lang.OutOfMemoryError: GC overhead limit exceeded
at soot.toDex.ConstantVisitor.caseStringConstant(ConstantVisitor.java:86)
at soot.jimple.StringConstant.apply(StringConstant.java:63)
at soot.toDex.StmtVisitor.caseAssignStmt(StmtVisitor.java:489)
at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:242)
at soot.toDex.DexPrinter.toInstructions(DexPrinter.java:1511)
at soot.toDex.DexPrinter.toMethodImplementation(DexPrinter.java:1174)
at soot.toDex.DexPrinter.toMethods(DexPrinter.java:1083)
at soot.toDex.DexPrinter.addAsClassDefItem(DexPrinter.java:656)
at soot.toDex.DexPrinter.add(DexPrinter.java:1646)
at soot.PackManager.writeClass(PackManager.java:1096)
at soot.PackManager.lambda$writeOutput$1(PackManager.java:699)
at soot.PackManager$$Lambda$2/1879083009.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Ouuups... something went wrong! Sorry about that.
Follow these steps to fix the problem:
1.) Are you sure you used the right command line?
Click here to double-check:
https://github.com/Sable/soot/wiki/Options-and-JavaDoc
2.) Not sure whether it's a bug? Feel free to discuss
the issue on the Soot mailing list:
https://github.com/Sable/soot/wiki/Getting-help
Process finished with exit code 1
Hi,
I am sorry for many questions. I really wanted to make this work :p
So, the question is when which source file corresponds to preSlicer.jar and AndroidSlicer.jar?
In the source code I can see three main files from Instrumeneter class, TestInside class, and Slicer class.
I can see Instrumenter.java and Instrumenter.class are from Instrument class in source code.
But, I am not sure for AndroidSlicer.jar and preSlicer.jar
Could you let me know which source code is related with these jar files?
Also, could you let me know how to actually recompile/build jars to get the same jar files?
I really appreciate your answers :)
Hi,
I tried to run ./instrument.sh , it gives me this error.
Could you let me know how I should fix it?
(I updated jre bath)
Thank you !
if you closed adb logcat press enter
'com.example.motex'
Note: Instrumenter.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
pkg: com.example.motex
Soot started on Sun Jul 28 16:52:36 PDT 2019
Using '/home/chungha/Android/Sdk/platforms//android-28/android.jar' as android.jar
java.lang.NullPointerException
at soot.JastAddJ.Program.initPaths(Program.java:350)
at soot.SootResolver.(SootResolver.java:88)
at soot.Singletons.soot_SootResolver(Singletons.java:1456)
at soot.SootResolver.v(SootResolver.java:93)
at soot.Scene.tryLoadClass(Scene.java:713)
at soot.Scene.loadBasicClasses(Scene.java:1374)
at soot.Scene.loadNecessaryClasses(Scene.java:1453)
at soot.Main.run(Main.java:243)
at soot.Main.main(Main.java:147)
at Instrumenter.main(Instrumenter.java:405)
Ouuups... something went wrong! Sorry about that.
Follow these steps to fix the problem:
1.) Are you sure you used the right command line?
Click here to double-check:
https://ssebuild.cased.de/nightly/soot/doc/soot_options.htm
2.) Not sure whether it's a bug? Feel free to discuss
the issue on the Soot mailing list:
https://github.com/Sable/soot/wiki/Getting-help
3.) Sure it's a bug? Click this link to report it.
https://github.com/Sable/soot/issues/new?title=java.lang.NullPointerException+when+...&body=Steps+to+reproduce%3A%0A1.%29+...%0A%0AFiles+used+to+reproduce%3A+%0A...%0A%0ASoot+version%3A+%3Cpre%3Etrunk%3C%2Fpre%3E%0A%0ACommand+line%3A%0A%3Cpre%3E-w+-allow-phantom-refs+-process-multiple-dex+-android-jars+%2Fhome%2Fchungha%2FAndroid%2FSdk%2Fplatforms%2F+-src-prec+apk+-output-format+dex+-process-dir+ex1-1.apk%3C%2Fpre%3E%0A%0AMax+Memory%3A%0A%3Cpre%3E5120MB%3C%2Fpre%3E%0A%0AStack+trace%3A%0A%3Cpre%3Ejava.lang.NullPointerException%0A%09at+soot.JastAddJ.Program.initPaths%28Program.java%3A350%29%0A%09at+soot.SootResolver.%26%2360%3Binit%26%2362%3B%28SootResolver.java%3A88%29%0A%09at+soot.Singletons.soot_SootResolver%28Singletons.java%3A1456%29%0A%09at+soot.SootResolver.v%28SootResolver.java%3A93%29%0A%09at+soot.Scene.tryLoadClass%28Scene.java%3A713%29%0A%09at+soot.Scene.loadBasicClasses%28Scene.java%3A1374%29%0A%09at+soot.Scene.loadNecessaryClasses%28Scene.java%3A1453%29%0A%09at+soot.Main.run%28Main.java%3A243%29%0A%09at+soot.Main.main%28Main.java%3A147%29%0A%09at+Instrumenter.main%28Instrumenter.java%3A405%29%0A%3C%2Fpre%3E
Please be as precise as possible when giving us
information on how to reproduce the problem. Thanks!
chmod: cannot access 'sootOutput/ex1-1.apk': No such file or directory
signing sootOutput/ex1-1.apk to sootOutput/ex1-1.apk_signed.apk
java.nio.file.NoSuchFileException: sootOutput/ex1-1.apk
at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
at java.base/sun.nio.fs.UnixFileAttributeViews$Basic.readAttributes(UnixFileAttributeViews.java:55)
at java.base/sun.nio.fs.UnixFileSystemProvider.readAttributes(UnixFileSystemProvider.java:145)
at java.base/sun.nio.fs.LinuxFileSystemProvider.readAttributes(LinuxFileSystemProvider.java:99)
at java.base/java.nio.file.Files.readAttributes(Files.java:1763)
at java.base/java.util.zip.ZipFile$Source.get(ZipFile.java:1225)
at java.base/java.util.zip.ZipFile$CleanableResource.(ZipFile.java:727)
at java.base/java.util.zip.ZipFile$CleanableResource.get(ZipFile.java:844)
at java.base/java.util.zip.ZipFile.(ZipFile.java:247)
at java.base/java.util.zip.ZipFile.(ZipFile.java:177)
at java.base/java.util.jar.JarFile.(JarFile.java:346)
at java.base/java.util.jar.JarFile.(JarFile.java:317)
at java.base/java.util.jar.JarFile.(JarFile.java:297)
at com.android.signapk.SignApk.main(SignApk.java:320)
chmod: cannot access 'ex1-1.apk_signed.apk': No such file or directory
Hi there,
nice work coming up with a slicer for Android apps.
However, I got some issues using it.
All files mentioned in the following are included here: test.zip
After Step 4 I found the following line in testApp.apk_signed.apk.logcat.txt
:
11-09 11:36:51.183 19538 19538 I System.out: CALLBACK_SLC: SLICING: ZZZ-1ZZZde.foellix.aql.slicer.slicertestapp.TargetLeakZZZonCreateZZZ__inst__ZZZvirtualinvoke $r4.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+49 1234", null, $r3, null, null)
This line includes the desired statement that should be used as slicing criterion, however, after executing Step 5 I cannot find that statement anymore in testApp.apk_signed.apk.logcat.processed.txt
.
Thus, I cannot proceed with the last step, since I cannot identify the intended slicing criterion. What am I missing?
Made three adaptions to the usage-instructions given:
rt.jar
in instrumenter.sh
,MANIFEST.MF
from the APK generated by Soot. Added zip -d sootOutput/$1 "META-INF/MANIFEST.MF"
to instrumenter.sh
in line 18 to do so. Thereafter, I could successfully instrument, install and run the APK.adb logcat | grep SLICING > testApp.apk_signed.apk.logcat.txt
gave me incomplete output (see last line in testApp_signed.apk.logcat_incomplete.txt
). Thus, I used adb logcat -e "SLICING" > testApp.apk_signed.apk.logcat.txt
which should do the same.Looking forward to hearing from you!
Cheers,
FoelliX
Hi,
when I tried to sign the apk after instrumentation, it shows this error when I ran this command:
java -jar signapk.jar testkey.x509.pem testkey.pk8 sootOutput/ex1-1.apk ex1-1_signed.apk
Exception in thread "main" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder
at com.android.signapk.SignApk.addDigestsToManifest(SignApk.java:169)
at com.android.signapk.SignApk.main(SignApk.java:325)
Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:583)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
... 2 more
I couldn't find any source code for this jar so it is hard to figure out the problem.
Can I just sign the app in my own way? such as using jarsigner
provided by bash command?
I am not sure if this affects the result.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.