<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";
mso-fareast-language:DE;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Xinxin,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>One possibility would be to extract them from the APK, place them on disk and add them to the Soot classpath.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Xinxin Jin [mailto:xinxinjin89@gmail.com] <br><b>Gesendet:</b> Donnerstag, 19. Februar 2015 10:15<br><b>An:</b> Steven Arzt<br><b>Cc:</b> Dacong Yan; Soot list<br><b>Betreff:</b> Re: [Soot-list] Any way to get the body of callback methods (not android default handlers) ?<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hi Steven,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Thank you very much ! Finally I got the reason... <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>In this case, how can I include the required jar into my analysis ?<o:p></o:p></span></p></div></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Thu, Feb 19, 2015 at 12:54 AM, Steven Arzt <<a href="mailto:Steven.Arzt@cased.de" target="_blank">Steven.Arzt@cased.de</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi all,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><br>Soot at the moment does not load any additional JAR files from the APK, so the library will be missing and the callgraph will be incomplete. In the long run, we should have an option to merge all JAR files (and additional dex files as well) contained in the APK into the Scene.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best regards,</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Steven</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a> [mailto:<a href="mailto:soot-list-bounces@CS.McGill.CA" target="_blank">soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>Xinxin Jin<br><b>Gesendet:</b> Donnerstag, 19. Februar 2015 02:08<br><b>An:</b> Dacong Yan<br><b>Cc:</b> Soot list<br><b>Betreff:</b> Re: [Soot-list] Any way to get the body of callback methods (not android default handlers) ?</span><o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'>Hi Dacong, </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'>I didn't modify any soot options related with Volley library. The library jar is included in the app's apk, so I think soot should be able to decompile it. </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'> </span><o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'>Thanks a lot ! </span><o:p></o:p></p></div></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>On Wed, Feb 18, 2015 at 4:59 PM, Dacong Yan <<a href="mailto:tonywinslow1986@gmail.com" target="_blank">tonywinslow1986@gmail.com</a>> wrote:<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Purely based on code search:<br><br>The call sites for onResponse() and onErrorResponse() are inside the<br>Volley library: line 60 at<br><<a href="https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/toolbox/StringRequest.java" target="_blank">https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/toolbox/StringRequest.java</a>><br>and line 517 at<br><<a href="https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/Request.java" target="_blank">https://android.googlesource.com/platform/frameworks/volley/+/idea133/src/com/android/volley/Request.java</a>>.<br>Did you include the Volley library code in your call graph<br>construction? You may want to check that, but I'm not saying you<br>should or should not include it.<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br>On Wed, Feb 18, 2015 at 1:55 PM, Xinxin Jin <<a href="mailto:xinxinjin89@gmail.com" target="_blank">xinxinjin89@gmail.com</a>> wrote:<br>> As a follow up, I manually checked the jimple files generated from the apk.<br>> And in "VolleyActivity$1.jimple ", I can clearly see the method body of<br>> onResponse(). That means there is no problem with jimple file, but why it<br>> is not parsed by soot (FlowDroid)?<br>><br>> Thanks,<br>><br>> On Wed, Feb 18, 2015 at 1:43 PM, Xinxin Jin <<a href="mailto:xinxinjin89@gmail.com" target="_blank">xinxinjin89@gmail.com</a>> wrote:<br>>><br>>> Hi Eric,<br>>><br>>> Thanks for your reply. I checked all the reachable methods and found no<br>>> place invoking onResponse and onErrorResponse.<br>>><br>>> The statement that invokes StringRequest() method is :<br>>><br>>> <com.android.volley.toolbox.StringRequest: void<br>>> <init>(int,java.lang.String,com.android.volley.Response$Listener,com.android.volley.Response$ErrorListener)>(<br>>> "<a href="http://www.google.com" target="_blank">http://www.google.com</a>", $r7, $r8)<br>>><br>>> Here parameters $r7, $r8 correspond to Response.Listener() and<br>>> Response.ErrorListener(). Then I continued to track the definition of r7:<br>>><br>>> $r7 = new edu.ucsd.mytest.VolleyActivity$1<br>>><br>>> But there is no useful statement in edu.ucsd.mytest.VolleyActivity$1 ....<br>>><br>>> Any ideas ?<br>>><br>>> Thank you a lot !!<br>>><br>>> On Wed, Feb 18, 2015 at 11:47 AM, Bodden, Eric<br>>> <<a href="mailto:eric.bodden@sit.fraunhofer.de" target="_blank">eric.bodden@sit.fraunhofer.de</a>> wrote:<br>>>><br>>>> Hi Xinxin.<br>>>><br>>>> I think the problem is that the bytecode's structure differs from the<br>>>> source code's. Although in the source the two anonymous subclasses of<br>>>> Listener resp. ErrorListener are lexically contained in the constructor<br>>>> call, they are not in the bytecode. Please inspect the call to<br>>>> StringRequest.<init>. You should see references the second and third<br>>>> parameter both being initialized with instances of classes such as<br>>>> Response.Listener$1. You have to inspect the bodies of the onResponse<br>>>> methods in those classes.<br>>>><br>>>> Hope that helps,<br>>>> Eric<br>>>><br>>>> > On 18.02.2015, at 18:21, Xinxin Jin <<a href="mailto:xinxinjin89@gmail.com" target="_blank">xinxinjin89@gmail.com</a>> wrote:<br>>>> ><br>>>> > Hi all,<br>>>> ><br>>>> > I have an application which calls new StringRequest()of Volley library:<br>>>> ><br>>>> ><br>>>> > StringRequest request = new StringRequest(url,<br>>>> > new Response.Listener() {<br>>>> > @Override<br>>>> > public void onResponse(Object response) {<br>>>> > Log.d(TAG, "response " + ((String)<br>>>> > response).substring(0,500));<br>>>> > }<br>>>> > }, new Response.ErrorListener() {<br>>>> > @Override<br>>>> > public void onErrorResponse(VolleyError error) {<br>>>> > Log.d(TAG, "error message");<br>>>> > }<br>>>> > });<br>>>> ><br>>>> ><br>>>> > It contains two callbacks as its parameters: Response.Listener() and<br>>>> > Response.ErrorListener().<br>>>> ><br>>>> > When I parse reached methods of this application, it can only reach<br>>>> > SootMethod StringRequest: <init>, but when I examine all the statements in<br>>>> > this method, I cannot find bodies of the two registered listeners. Is there<br>>>> > any way to get the method body of onResponse() ?<br>>>> ><br>>>> > Thank you for your help !<br>>>> ><br>>>> > --<br>>>> > Xinxin<br>>>> ><br>>>> ><br>>>> > _______________________________________________<br>>>> > Soot-list mailing list<br>>>> > <a href="mailto:Soot-list@CS.McGill.CA" target="_blank">Soot-list@CS.McGill.CA</a><br>>>> > <a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>>>><br>>>> --<br>>>> Prof. Eric Bodden, Ph.D., <a href="http://sse.ec-spride.de/" target="_blank">http://sse.ec-spride.de/</a> <a href="http://bodden.de/" target="_blank">http://bodden.de/</a><br>>>> Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and<br>>>> EC SPRIDE<br>>>> Tel: <a href="tel:%2B49%206151%2016-75422" target="_blank">+49 6151 16-75422</a> Fax: <a href="tel:%2B49%206151%20869-127" target="_blank">+49 6151 869-127</a><br>>>> Room B5.11, Fraunhofer SIT, Rheinstraße 75, 64295 Darmstadt<br>>>><br>>><br>>><br>>><br>>> --<br>>> Xinxin<br>><br>><br>><br>><br>> --<br>> Xinxin<br>><br>> _______________________________________________<br>> Soot-list mailing list<br>> <a href="mailto:Soot-list@CS.McGill.CA" target="_blank">Soot-list@CS.McGill.CA</a><br>> <a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_blank">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a><br>><o:p></o:p></p></div></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><br><br clear=all><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>-- <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-family:"Arial","sans-serif"'>Xinxin</span><o:p></o:p></p></div></div></div></div></div></div></div><p class=MsoNormal><br><br clear=all><o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>-- <o:p></o:p></p><div><p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Xinxin</span><o:p></o:p></p></div></div></div></body></html>