Giter Site home page Giter Site logo

condroid's Introduction

ConDroid

This project is a fork and extension of the Acteve project on concolic execution for Android (https://code.google.com/p/acteve/) [1]

ConDroid performs concolic execution of Android apps - a combination of pure symbolic and concrete execution of a program which has first been described in [2] for C programs. The goal of ConDroid is to drive execution of Android app to specific code locations without requiring any manual interaction with the app. This allows to observe "interesting" behavior in a dynamic analysis, such as network traffic or dynamic code loading.

Some details on the extensions have been published in [3].

[1] Saswat Anand, Mayur Naik, Hongseok Yang, Mary Jean Harrold. Automated Concolic Testing of Smartphone Apps. In ACM International Symposium on Foundations of Software Engineering (FSE), 2012.

[2] Koushik Sen, Darko Marinov, Gul Agha. CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering, 2005

[3] Julian Schütte, Rafael Fedler, Dennis Titze. ConDroid: Targeted Dynamic Analysis of Android Applications. In IEEE Conference on Advanced Information Networking and Applications (AINA), 2015

Bitdeli Badge Coverity Scan Build Status

Getting Started

Prerequisites

  • Android SDK
  • Z3 solver, including the string extensions from this project

Clone

git clone https://github.com/JulianSchuette/ConDroid.git

Install Z3-str

Unzip Z3 solver with added supported for String operations (equals, concat, etc.)

unzip Z3-str_20140720.zip /opt/
mv /opt/Z3-str_20140720 /opt/z3

Set up configuration

mv config.properties.sample config.properties

Set up eclipse

  • Import project into eclipse

Launch

  • Launch an android emulator
  • Launch run configuration from eclipse The app under test is given as argument to the program

java -jar condroid.jar <apk>

condroid's People

Contributors

julianschuette avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

fraunhofer-aisec leoaccount liberatorqjw majestyhao rongqinglee pt01 primekun leima-hit binnary zys0070 returnhere hartl3y94

condroid's Issues

could not find z3 binary

hi, it seems that there is not a z3 binary in the z3.zip
and, i failed to build it
anyone has an idea?

Getting error when running on concolicexample.apk

When running on concolicexample.apk, I get an error as shown below. What could be the cause?

Warning:
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2045-04-25) or after any future revocation date.
[main] INFO acteve.instrumentor.Main - Done. Have fun with /Users/ankitku/dev/ConDroid/sootOutput/concolicexample_modified.apk
[main] DEBUG acteve.explorer.Config - useMonkeyScript=false
[main] DEBUG acteve.explorer.Config - monkey=monkey_script.txt
[main] DEBUG acteve.explorer.Config - pkg=null
[main] DEBUG acteve.explorer.Config - mainact=null
[main] DEBUG acteve.explorer.Config - actargs=
[main] DEBUG acteve.explorer.Config - max.iters=1000
[main] DEBUG acteve.explorer.Config - out.dir=./results/
[main] DEBUG acteve.explorer.Config - port=5554
[main] DEBUG acteve.explorer.Config - userwait=4
[main] DEBUG acteve.explorer.Config - K=2
[main] DEBUG acteve.explorer.Config - indep=false
[main] DEBUG acteve.explorer.Config - readonly=false
[main] DEBUG acteve.explorer.Config - condmap.file=./out/condmap.txt
[main] DEBUG acteve.explorer.Config - fieldsigs.file=./out/fieldsigs.txt
[main] DEBUG acteve.explorer.Config - blackfields.file=null
[main] DEBUG acteve.explorer.Config - restart=false
[main] DEBUG acteve.explorer.Config - prune.last=false
[main] DEBUG acteve.explorer.Config - diverge.threshold=3
[main] DEBUG acteve.explorer.Config - wildemus.threshold=6
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results/adbout.5554
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results/pkg.txt
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results/script.txt
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results/script.txt.emu5554
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/./results/settings.txt.emu5554
[main] DEBUG acteve.explorer.Utils - Deleting /Users/ankitku/dev/ConDroid/results
[main] DEBUG acteve.explorer.ConcolicExecutor - using emulator running on port 5554
Setting up Z3 with /opt/z3/bin/z3
[main] DEBUG acteve.explorer.ConcolicPathsExplorer - Vanilla symex with currentRoundRunIds []
[main] DEBUG acteve.explorer.Path - Generating new script
[main] DEBUG acteve.explorer.Path - Smt file : false - /Users/ankitku/dev/ConDroid/./results/pc.0.smt2
[main] DEBUG acteve.explorer.Path - pc file : false - /Users/ankitku/dev/ConDroid/pc.-1
[main] DEBUG acteve.explorer.Path - pcDecl file : false - /Users/ankitku/dev/ConDroid/./results/pc.-1.decl
[main] DEBUG acteve.explorer.Path - scriptToRun file: false - /Users/ankitku/dev/ConDroid/./results/script.txt.0
[main] DEBUG acteve.explorer.Path - Depth: 0
[main] DEBUG acteve.explorer.Path - id: 0
[main] DEBUG acteve.explorer.Path - seedId: -1
[main] DEBUG acteve.explorer.Path - No smt file exists, nothing to solve
[Worker-0] INFO acteve.explorer.ConcolicExecutor -

Starting new path ID 0
[Worker-0] DEBUG acteve.explorer.ConcolicExecutor - Executing path 0 on emulator-5554
[Worker-0] DEBUG acteve.explorer.Emulator - Pushing /Users/ankitku/dev/ConDroid/./results/z3out.0 to /sdcard/solution.txt
[Worker-0] DEBUG acteve.explorer.Emulator - Starting logcat
[Worker-0] ERROR acteve.explorer.ConcolicExecutor - Error occurred while executing 0 on emulator-5554
null returned: 1
at org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:650)
at org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:676)
at org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:502)
at acteve.explorer.AdbTask.execute(AdbTask.java:67)
at acteve.explorer.Emulator.execute(Emulator.java:260)
at acteve.explorer.Emulator.execute(Emulator.java:146)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
at org.apache.tools.ant.Task.perform(Task.java:348)
at org.apache.tools.ant.Target.execute(Target.java:390)
at acteve.explorer.Emulator.exec(Emulator.java:222)
at acteve.explorer.ConcolicExecutor$Worker.executePath(ConcolicExecutor.java:228)
at acteve.explorer.ConcolicExecutor$Worker.run(ConcolicExecutor.java:183)
Exception in thread "Worker-0" java.lang.Error: java.io.FileNotFoundException: ./results/syslog.0 (No such file or directory)
at acteve.explorer.Path.checkForSWB(Path.java:437)
at acteve.explorer.Path.postProcess(Path.java:251)
at acteve.explorer.ConcolicExecutor$Worker.executePath(ConcolicExecutor.java:238)
at acteve.explorer.ConcolicExecutor$Worker.run(ConcolicExecutor.java:183)
Caused by: java.io.FileNotFoundException: ./results/syslog.0 (No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.(FileInputStream.java:138)
at java.io.FileReader.(FileReader.java:72)
at acteve.explorer.Main.newReader(Main.java:142)
at acteve.explorer.Path.checkForSWB(Path.java:424)
... 3 more

Don't know how to handle non-constant parameter

Hi Mr Schuette
I've been searching for different ways to traverse mobile application codes and Fortunately I found your impressive tool, Condroid. So I want to run it and start to run Main class of instrumentor module.I use concolicexample.apk as input and I got this error:

Don't know how to handle non-constant parameter :$r2 = virtualinvoke $r1.<android.support.v4.app.FragmentActivity: android.view.View findViewById(int)>($i0) Don't know how to handle non-constant parameter :$r3 = interfaceinvoke $r13.<android.support.v4.app.FragmentContainer: android.view.View findViewById(int)>($i3) Exception in thread "main" java.lang.NullPointerException at acteve.instrumentor.InstrumentationHelper.getClassOfViewId(InstrumentationHelper.java:648) at acteve.instrumentor.AndroidCGExtender.internalTransform(AndroidCGExtender.java:86) at soot.SceneTransformer.transform(SceneTransformer.java:39) at soot.Transform.apply(Transform.java:90) at soot.ScenePack.internalApply(ScenePack.java:40) at soot.Pack.apply(Pack.java:116) at soot.PackManager.runWholeProgramPacks(PackManager.java:564) at soot.PackManager.runPacksNormally(PackManager.java:456) at soot.PackManager.runPacks(PackManager.java:391) at acteve.instrumentor.Main.main(Main.java:303)

the corresponding line for this error is

PackManager.v().runPacks();
Would you please help me to fix this problem.

Any instructions to use the tool?

Please share the guideline if anyone has figured out already how to run this
testing tool.

What is the point of publishing a tool publicly if no one is able to use that?

Could not find or load main class ...

Hi,

I've successufly compile the ConDroid project but when I try to start the condroid.jar it gives me this error : Could not find or load main class ...
Could you tel me where is the problem ?

HOW to USE it

I have read the README.md, but i do not know how to install it and how to use it?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.