<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:DengXian;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:SimSun;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=ZH-CN style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><b><span lang=EN-US style='color:black'>Hi Steven,</span></b><b><span lang=EN-US style='font-size:11.0pt;color:black'><o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>I appended </span></b><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>“—pathalgo contextsensitive” to command line. It showed more information than before. However, it lost some information. <o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>For example, below is the android application code snippets.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> protected void onRestart(){<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> super.onRestart();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> EditText usernameText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> (EditText)findViewById(R.id.username);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> EditText passwordText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> (EditText)findViewById(R.id.pwdString);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String uname = usernameText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String pwd = passwordText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> if(!uname.isEmpty() && !pwd.isEmpty())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> this.user = new User(uname, pwd);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> //Callback method defined in xml file<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> public void sendMessage(View view) throws UnsupportedEncodingException{<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> if(user == null) return;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> Password pwd = user.getpwd();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String pwdString = pwd.getPassword();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String obfPwd = "";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> //must track primitives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> obfPwd += c + "_";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message = "User: " +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> user.getName() + " | PWD: " + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> SmsManager sms = SmsManager.getDefault();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> sms.sendTextMessage("+86 12345678901",<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> null, message_base64, null, null); //pwd_str+uname_str<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US>I run the flowdroid with options</span>“<span lang=EN-US>--pathalgo contextsensitive --implicit true -aplength 15</span>”<span lang=EN-US>.<o:p></o:p></span></b></p><p><b><span lang=EN-US>Following is the information given by flowdroid.<o:p></o:p></span></b></p><p><span lang=EN-US><o:p> </o:p></span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US>The sink virtualinvoke $r9.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 12345678901", null, $r5, null, null) on line 49 in method <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)> was called with values from the following sources:</span></p><p><span lang=EN-US>- - $r1 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230724) on line 26 in method <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>on Path:</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $r1 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230724)</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $r3 = (android.widget.EditText) $r1</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $r4 = virtualinvoke $r3.<android.widget.EditText: android.text.Editable getText()>()</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $r6 = interfaceinvoke $r4.<android.text.Editable: java.lang.String toString()>()</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $z0 = virtualinvoke $r6.<java.lang.String: boolean isEmpty()>()</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> if $z0 != 0 goto return</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user> = $r7</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span></p><p><span lang=EN-US>-> return</span></p><p><span lang=EN-US>-> <dummyMainClass: void dummyMainMethod(java.lang.String[])></span></p><p><span lang=EN-US>-> virtualinvoke $r1.<com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)>($r3)</span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span></p><p><span lang=EN-US>-> $r2 = $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span></p><p><span lang=EN-US>-> if $r2 != null goto $r2 = $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span></p><p><span lang=EN-US>-> virtualinvoke $r9.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 12345678901", null, $r5, null, null)</span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>The flowdroid did not track code below. <o:p></o:p></span></b></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> obfPwd += c + "_";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message = "User: " +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> user.getName() + " | PWD: " + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>Is there solution to handle this?<o:p></o:p></span></b></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>Grate thanks!!<o:p></o:p></span></b></p><p><b><span lang=EN-US><o:p> </o:p></span></b></p><p><b><span lang=EN-US>Young<o:p></o:p></span></b></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;border:none;padding:0cm'><span lang=EN-US><br></span><b>发件人<span lang=EN-US>: </span></b><span lang=EN-US>Steven Arzt<br></span><b>发送时间<span lang=EN-US>: </span></b><span lang=EN-US>2015</span>年<span lang=EN-US>12</span>月<span lang=EN-US>7</span>日<span lang=EN-US> 16:33<br></span><b>收件人<span lang=EN-US>: </span></b><span lang=EN-US>'XiaoYang';'soot-list@CS.McGill.CA'<br></span><b>主题<span lang=EN-US>: </span></b><span lang=EN-US>AW: [Soot-list] print the path from source(s) to sink(s) found by flowdroid</span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:SimSun'><o:p> </o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'>Hi Xiao,</span><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>That’s possible. You need to enable a path reconstruction algorithm that supports path reconstruction. If you are using the FlowDroid command-line application, just append “--pathalgo contextsensitive” to your command line. It will increase the runtime, though.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'> Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal align=left style='text-align:left'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>Von:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> soot-list-bounces@CS.Mc</span><span lang=DE style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>Gill.CA [mailto:soot-list-bounces@CS.McGill.CA] <b>Im Auftrag von </b>XiaoYang<br><b>Gesendet:</b> Sonntag, 6. Dezember 2015 04:55<br><b>An:</b> soot-list@CS.McGill.CA<br><b>Betreff:</b> [Soot-list] print the path from source(s) to sink(s) found by flowdroid<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><span lang=DE style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Hi all,</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Suppose that I found there is information leak in android application by flowdroid. Could I print the path from source(s) to sink(s)?</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Take an example. Below is the partial information given by flowdroid.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>>>[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $r10.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 123456789", null, $r6, null, null) in method <com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)> was called with values from the following sources:</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>>>[main] INFO soot.jimple.infoflow.Infoflow - - $r2 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230722) in method <com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)></span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I want to get the path from findViewById to sendTextMessage. Is there a method to handle that? </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Great thanks!!</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Young </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>