Are there any tools out there that parse smali code directly to construct CFG? I know that Androguard does something similar but it seems to use decompilation on the apk file which can become unreliable in situations if the apk uses obfuscation techniques.
Asked
Active
Viewed 1,742 times
0
-
Possibly duplicates - https://stackoverflow.com/questions/13739815/how-to-generate-call-graph-from-android-apk – Ilia Barahovsky Jul 18 '17 at 10:53
1 Answers
0
Have a look at https://androguard.blogspot.co.il/2011/02/android-apps-visualization.html.
In regards to your concerns about Androguard.
it seems to use decompilation on the apk file
Do you mean "disassembling"? Well, a tool needs to understand the bytecode in order to build a call graph. If you mean "decompiling to Java", I'm pretty sure this doesn't happen.
unreliable in situations if the apk uses obfuscation techniques
There are various obfuscation techniques. And most has nothing to do with the call graph. E.g. name mangling replaces class name like org.apache.http.client.HttpClient to something meaningless like a.b.c. You will still see this class and its functions in CFG.
Ilia Barahovsky
- 10,158
- 8
- 41
- 52
-
I find that this file https://github.com/vivainio/androguard/blob/master/androguard/core/bytecodes/dvm.py at line 6672 is responsible for converting the bytecode to useful information. Am i right to say that this is disassembly and not decompilation? – Lew Wei Hao Jul 19 '17 at 07:49
-
This entire module is responsible for parsing the binary dex format to actual opcodes and their parts - like smali. It's more like disassembler that does the same for machine bytecode. In any event, this part is indeed essential for seeing which methods call each other but (mostly) is irrelevant to obfuscation. – Ilia Barahovsky Jul 20 '17 at 05:38