从smali代码构建Android APK的控制流图
[英]Building a Control Flow Graph for Android APK from smali code
问题描述
Are there any tools out there that parse smali code directly to construct CFG? 
有没有可以直接解析smali代码以构造CFG的工具? I know that Androguard does something similar but it seems to use decompilation on the apk file which can become unreliable in situations if the apk uses obfuscation techniques. 我知道Androguard做了类似的事情,但是似乎对apk文件使用了反编译,如果apk使用混淆技术,这种情况在某些情况下可能变得不可靠。
1 个解决方案
解决方案1
0 已采纳 2017-07-18 11:03:06
Have a look at https://androguard.blogspot.co.il/2011/02/android-apps-visualization.html . 看看https://androguard.blogspot.co.il/2011/02/android-apps-visualization.html 。
In regards to your concerns about Androguard. 关于您对Androguard的担忧。
it seems to use decompilation on the apk file
Do you mean "disassembling"? 您是说“拆卸”吗? Well, a tool needs to understand the bytecode in order to build a call graph. 嗯,一个工具需要了解字节码才能构建调用图。 If you mean "decompiling to Java", I'm pretty sure this doesn't happen. 如果您的意思是“反编译为Java”,我很确定这不会发生。
unreliable in situations if the apk uses obfuscation techniques
There are various obfuscation techniques. 有多种混淆技术。 And most has nothing to do with the call graph. 而且大多数与调用图无关。 Eg name mangling replaces class name like org.apache.http.client.HttpClient to something meaningless like abc . 例如,名称改写将org.apache.http.client.HttpClient类的类名替换为abc ,这毫无意义。 You will still see this class and its functions in CFG. 您仍将在CFG中看到该类及其功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.