
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; } @font-face {

        font-family: Calibri;

}

 @font-face {

        font-family: Tahoma;

}

 p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0cm 0cm 0pt; font-family: "Calibri","sans-serif"; font-size: 11pt; } a:link, span.MsoHyperlink { color: blue; text-decoration: underline; } a:visited, span.MsoHyperlinkFollowed { color: rgb(149, 79, 114); text-decoration: underline; } span.E-MailFormatvorlage18 { color: rgb(31, 73, 125); font-family: "Calibri","sans-serif"; } .MsoChpDefault { font-size: 10pt; }--></style>

</head>

<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">

<p><br>

</p>

<div>Thanks, I'd love to try Harvester out! It says in the technical report that you plan on open-sourcing it. Is it already available somewhere?<br>

</div>

<div><br>

</div>

<p><br>

</p>

<div style="color: rgb(33, 33, 33);">

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="divRplyFwdMsg" dir="ltr"><font color="#000000" face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b> Steven Arzt &lt;Steven.Arzt@cased.de&gt;<br>

<b>Sent:</b> September 7, 2015 4:46 AM<br>

<b>To:</b> Andrew Bedford; 'Ben Holland'<br>

<b>Cc:</b> soot-list@cs.mcgill.ca<br>

<b>Subject:</b> AW: [Soot-list] String propagation in points-to analyses</font>

<div>&nbsp;</div>

</div>

<div>

<div class="WordSection1">

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hi,</span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">You might also be interested in the work we have done for de-obfuscating Android apps. There are quite a number of apps that use reflective calls with encrypted targets that only get decrypted at

 runtime right before the call to hinder analysis tools and make it harder for human analysts. We have found a way to remove such obfuscation in most cases. You can get the Technical Report here:

<a href="http://www.bodden.de/pubs/TUD-CS-2015-0031.pdf">www.bodden.de/pubs/TUD-CS-2015-0031.pdf</a></span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Best regards,</span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp; Steven</span></p>

<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">&nbsp;</span></p>

<div>

<div style="border:none; border-top:solid #B5C4DF 1.0pt; padding:3.0pt 0cm 0cm 0cm">

<p class="MsoNormal"><b><span style="font-size:10.0pt; font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;">Von:</span></b><span style="font-size:10.0pt; font-family:&quot;Tahoma&quot;,&quot;sans-serif&quot;"> soot-list-bounces@CS.McGill.CA [mailto:soot-list-bounces@CS.McGill.CA]

<b>Im Auftrag von </b>Andrew Bedford<br>

<b>Gesendet:</b> Montag, 7. September 2015 01:21<br>

<b>An:</b> Ben Holland<br>

<b>Cc:</b> soot-list@cs.mcgill.ca<br>

<b>Betreff:</b> Re: [Soot-list] String propagation in points-to analyses</span></p>

</div>

</div>

<p class="MsoNormal">&nbsp;</p>

<p><span lang="EN-CA">Thank you! I&#8217;ll check it out right away.</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0cm 0cm 0cm">

<p><span lang="EN-CA"><br>

<b>From: </b>Ben Holland<br>

<b>Sent: </b>September 6, 2015 2:08 PM<br>

<b>To: </b>Andrew Bedford<br>

<b>Cc: </b><a href="mailto:soot-list@cs.mcgill.ca">soot-list@cs.mcgill.ca</a><br>

<b>Subject: </b>Re: [Soot-list] String propagation in points-to analyses</span></p>

</div>

<p class="MsoNormal"><span lang="EN-CA" style="font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">&nbsp;</span></p>

<p class="MsoNormal"><span lang="EN-CA" style="font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">&nbsp;</span></p>

<p class="MsoNormal"><span lang="EN-CA" style="font-size:12.0pt; font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">You might want to check out the Java String Analysis (JSA) work. &nbsp;It's been used to some cases if reflective invocation.</span></p>

<div>

<p class="MsoNormal"><span lang="EN-CA" style="font-size:12.0pt; font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">&nbsp;</span></p>

</div>

<div>

<p class="MsoNormal"><span lang="EN-CA" style="font-size:12.0pt; font-family:&quot;Times New Roman&quot;,&quot;serif&quot;"><a href="http://www.brics.dk/JSA/" target="_BLANK">http://www.brics.dk/JSA/</a><br>

<br>

~Benjamin Holland</span></p>

</div>

<div>

<p class="MsoNormal" style="margin-bottom:12.0pt"><span lang="EN-CA" style="font-size:12.0pt; font-family:&quot;Times New Roman&quot;,&quot;serif&quot;"><br>

On Sep 5, 2015, at 5:35 PM, Andrew Bedford &lt;<a href="mailto:andrew.bedford.1@ulaval.ca">andrew.bedford.1@ulaval.ca</a>&gt; wrote:</span></p>

</div>

<blockquote style="margin-top:5.0pt; margin-bottom:5.0pt">

<div>

<div>

<p><span lang="EN-CA">Hi!</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">I am trying to use the points-to analysis of Soot (spark) to statically resolve reflection calls in Android applications. I have a question regarding the string propagation. Let&#8217;s suppose that we have the following code:</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">&nbsp; String a = &#8220;hello&#8221;</span></p>

<p><span lang="EN-CA">&nbsp; String b = &#8220;world&#8221;</span></p>

<p><span lang="EN-CA">&nbsp; String c = a</span></p>

<p><span lang="EN-CA">&nbsp; c = b</span></p>

<p><span lang="EN-CA">&nbsp; String d = a &#43; c</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">The points-to analysis (with the &#8220;string-constants&#8221; and &#8220;simulate-natives&#8221; options turned on) returns something like this:</span></p>

<p><span lang="EN-CA">PointsTo(a) = {&#8220;hello&#8221;}</span></p>

<p><span lang="EN-CA">PointsTo(b) = {&#8220;world&#8221;)</span></p>

<p><span lang="EN-CA">PointsTo(c) = {&#8220;hello&#8221;, &#8220;world&#8221;}</span></p>

<p><span lang="EN-CA">PointsTo(d) = {new Alloc of String}</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">Is there a way to set it up so that the PointsTo(d) returns instead {&#8220;hellohello&#8221;, &#8220;helloworld&#8221;}? Or is another type of analysis required?</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

<p><span lang="EN-CA">Thanks!</span></p>

<p><span lang="EN-CA">&nbsp;</span></p>

</div>

</div>

</blockquote>

<p class="MsoNormal" style="margin-right:36.0pt; margin-bottom:5.0pt; margin-left:36.0pt">

<span lang="EN-CA" style="font-size:12.0pt; font-family:&quot;Times New Roman&quot;,&quot;serif&quot;">_______________________________________________<br>

Soot-list mailing list<br>

<a href="mailto:Soot-list@CS.McGill.CA">Soot-list@CS.McGill.CA</a><br>

<a href="https://mailman.CS.McGill.CA/mailman/listinfo/soot-list" target="_BLANK">https://mailman.CS.McGill.CA/mailman/listinfo/soot-list</a></span></p>

<p class="MsoNormal"><span lang="EN-CA">&nbsp;</span></p>

<p class="MsoNormal"><span lang="EN-CA">&nbsp;</span></p>

</div>

</div>

</div>

</body>

</html>