Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding Multidex Support To Ensure All APK Classes are Scanned #9

Merged
merged 5 commits into from
Jun 21, 2020
Merged

Adding Multidex Support To Ensure All APK Classes are Scanned #9

merged 5 commits into from
Jun 21, 2020

Conversation

LordAmit
Copy link
Contributor

@LordAmit LordAmit commented May 9, 2020

CryptoGuard currently does not properly scan multidex apk file, and only looks at classes.dex file regardless of the dex files included in an apk file.

CryptoGuard uses Soot and dexlib2 for analyzing apks. However, the followings were found:

  • dexlib2-2.2.1.jar was being used
  • Soot does not have multidex enabled by default

As a result, apks were not being properly analyzed. To fix that, the following changes were necessary

Change in ApkAnalyzer.java

Options.v().set_process_multiple_dex(true);

This allows Soot to handle multidex based class files.

Change in Utils.java and dexlib2 version

public class Utils {

    File zipFile = new File(apkfile);

-        DexFile dexFile = DexFileFactory.loadDexEntry(zipFile, "classes.dex", true, Opcodes.forApi(23));
+        ZipDexContainer zipContainer = (ZipDexContainer) DexFileFactory.loadDexContainer(zipFile,Opcodes.forApi(23));

-        for (ClassDef classDef : dexFile.getClasses()) {
-            String className = classDef.getType().replace('/', '.');
-            if (!className.contains("android."))
-                classNames.add(className.substring(1, className.length() - 1));
+        for(String dexEntryName: zipContainer.getDexEntryNames()){
+            DexFile dexFile = DexFileFactory.loadDexEntry(zipFile, dexEntryName, true, Opcodes.forApi(23));
+
+            for (ClassDef classDef : dexFile.getClasses()) {
+                String className = classDef.getType().replace('/', '.');
+                if (!className.contains("android.")){
+                    classNames.add(className.substring(1, className.length() - 1));
+                }
+            }
         }

Several necessary changes are happening here:

  • instead of hardcoding to find the classes.dex file, we are now looking at all of the classes<n>.dex files.
  • to do that, we are leveraging the zipContainer.getDexEntryNames()
  • However, the zipContainer.getDexEntryNames() is buggy in the used version of dexlib2, and returns an empty String array. Therefore, upgrading it was necessary. We went for the latest stable release, version dexlib2-2.4.0 based on the commit 5339a81f in repository https://github.com/JesusFreke/smali. Since the mentioned repository maintainers do not offer a precompiled version for specifically dexlib2, we compiled it ourselves based on the same commit 5339a81f.

@sazzad114 sazzad114 merged commit efc2b26 into CryptoGuardOSS:ccs-submission Jun 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LordAmit @sazzad114