Skip to content
/ IfExtractor Public

IfExtractor, Java Library for isolate and extract Logical Bombs from Android Malware

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Franciscocoo/IfExtractor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
apk
apk
 
 
src/main/java/lu/uni/trux/IfExtractor
src/main/java/lu/uni/trux/IfExtractor
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

ifExtractor

ifExtractor is a extractor of Logical Bomb located inside Andoird Application. This extraction is made with static analysis and instrumentation of Jimple Bytecode. Written in Java and using FlowDroid , this library is Open-Source.

Getting Started

Download

You can download the release here.

Install

  • If you are using a IDE, you just have to had the library to the Java Build Path.

  • If you are using a CLI, add this option when you build your project :

-classpath path/to/ifExtractor.jar

How it works

The extractor is represented by a Java Object.
This object contains a list of If Statement and some methods to add the statement to the list and generate the new APK.
The generation method takes in input : If Statements in Jimple
It produce in output a new APK.

Every input statement will generate a ifMethod containing the ifBlock Statements and the dependencies.
All of the ifMethods are contains inside the ifClass.
Model of IfClass in Jimple syntax:

public void ifClass extends MainActivity {  
  
  void < init >()
    {
        ifClass r0;

        r0 := @this: ifClass;

        specialinvoke r0.< android.app.Activity: void < init >() >();

        return;
    }
    
  public ifMethod1(...) {  
    /* Contains if Block of the LogicBomb_1 */  
  } 
  
  ...  
    
  public ifMethodN(...) {  
    /* Contains if Block of the LogicBomb_n */  
  }  
    
}

Once all of the methods are created, ifExtractor is parsing the AndroidManifest.xml and looking for the MainActivity. Then, the onCreate method of the MainActivity is delete and replace a new one containing calls of the ifMethods.
Model of the OnCreate in Jimple syntax:

public class MainActivity extends ... {  
  
  ...
  
  public final void onCreate(android.os.Bundle)
    {
        android.os.Bundle $r1;
        ifClass r0;

        r0 := @this: ifClass;

        $r1 := @parameter0: android.os.Bundle;

        virtualinvoke $r1.< ifClass: void ifMethod1() >();

        ...

        virtualinvoke $r1.< ifClass: void ifMethodN() >();

        return;
    }
  
  }

Finally, the apk is generated. When it's going to be executed, all the LogicalBomb are executed in priority to observe the behaviour.

How to use it

Let's see the methods of the ifExtractor object :

/* Constructor with the paths of Android Platforms, apk and output folder
   WARNING : this method create a instance of Soot */
IfExtractor example = new IfExtractor(androidPath, apkPath, outputPath);

// Add the IfStmt to the ifExtractor
example.addLogicBomb(ifStmt);
example.addLogicBombs(listOfIfStmt);

// Call the method to generate the apk
example.generateApk();

Built With

  • Maven - Dependency Management

Authors

About

IfExtractor, Java Library for isolate and extract Logical Bombs from Android Malware

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Release ifExtractor v1.0 Latest
Aug 19, 2021

Packages

No packages published

Languages