search

hanada31 / ICCBot

ICCBot: A Fragment-Aware and Context-Sensitive ICC Resolution Tool for Android Applications
36 stars 10 forks source link

[Bug]: java.lang.RuntimeException: File format error, res0 was not zero #25

Open TasnimFabiha opened 10 months ago

TasnimFabiha commented 10 months ago

Contact Details

fabiha@usc.edu

ICCBot Command Line

java -jar ICCBot.jar -path apk/ -name 6PM_Shoes_Clothes_More_3_0_0_Apkpure_unpack.apk -androidJar lib/platforms -time 30 -maxPathNumber 100 -client ICCSpecClient -outputDir results/output

java -jar ICCBot.jar -path apk/ -name 6PM_Shoes_Clothes_More_3_0_0_Apkpure_unpack.apk -androidJar lib/platforms -time 30 -maxPathNumber 100 -client CTGClient -outputDir results/output

Technical Details

When I using ICCBot to analyze APK [6PM_Shoes_Clothes_More_3_0_0_Apkpure_unpack.apk], for CTGClient and for ICCSpecClient, I get the following error.

java.lang.RuntimeException: File format error, res0 was not zero
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readTypeTable(ARSCFileParser.java:2495)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readResourceHeader(ARSCFileParser.java:2228)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2092)
        at soot.jimple.infoflow.android.resources.ARSCFileParser$1.handleResourceFile(ARSCFileParser.java:2082)
        at soot.jimple.infoflow.android.resources.AbstractResourceParser.handleAndroidResourceFiles(AbstractResourceParser.java:54)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2076)
        at main.java.client.cg.CgConstructor.collectFragmentClasses(CgConstructor.java:185)
        at main.java.client.cg.CgConstructor.analyze(CgConstructor.java:81)
        at main.java.client.cg.CallGraphClient.clientAnalyze(CallGraphClient.java:30)
        at main.java.client.BaseClient.start(BaseClient.java:21)
        at main.java.client.obj.target.ctg.ICCSpecClient.clientAnalyze(ICCSpecClient.java:48)
        at main.java.client.BaseClient.start(BaseClient.java:21)
        at main.java.MainClass.startAnalyze(MainClass.java:83)
        at main.java.MainClass.main(MainClass.java:52)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at com.simontuffs.onejar.Boot.run(Boot.java:340)
        at com.simontuffs.onejar.Boot.main(Boot.java:166)
The analysis is stopped, caused by File format error, res0 was not zero

It can successfully run and produce results for IROutputClient.

The error is coming from the soot jar, can anyone tell me what is the source of soot-infoflow-dummy.jar? I assume most of the codes are similar from the flowdroid repo, but can it be the case that the codes inside the soot-infoflow-dummy.jar is not updated?

APK File

(https://drive.google.com/file/d/1YipyGRJAzi0FJVZZIWuSSWc8rl-ScSPt/view?usp=sharing)

Version of ICCBot

1.0-stable

Version of Java

openjdk version "21"

Relevant log output

java.lang.RuntimeException: File format error, res0 was not zero
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readTypeTable(ARSCFileParser.java:2495)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readResourceHeader(ARSCFileParser.java:2228)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2092)
        at soot.jimple.infoflow.android.resources.ARSCFileParser$1.handleResourceFile(ARSCFileParser.java:2082)
        at soot.jimple.infoflow.android.resources.AbstractResourceParser.handleAndroidResourceFiles(AbstractResourceParser.java:54)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2076)
        at main.java.client.cg.CgConstructor.collectFragmentClasses(CgConstructor.java:185)
        at main.java.client.cg.CgConstructor.analyze(CgConstructor.java:81)
        at main.java.client.cg.CallGraphClient.clientAnalyze(CallGraphClient.java:30)
        at main.java.client.BaseClient.start(BaseClient.java:21)
        at main.java.client.obj.target.ctg.ICCSpecClient.clientAnalyze(ICCSpecClient.java:48)
        at main.java.client.BaseClient.start(BaseClient.java:21)
        at main.java.MainClass.startAnalyze(MainClass.java:83)
        at main.java.MainClass.main(MainClass.java:52)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
        at java.base/java.lang.reflect.Method.invoke(Method.java:580)
        at com.simontuffs.onejar.Boot.run(Boot.java:340)
        at com.simontuffs.onejar.Boot.main(Boot.java:166)
The analysis is stopped, caused by File format error, res0 was not zero
LightningRS commented 10 months ago

Hello @TasnimFabiha,

It seems you've encountered an issue related to FlowDroid, specifically related to the dependency de.fraunhofer.sit.sse.flowdroid:soot-infoflow-android. ICCBot is using version 2.10.0 of this dependency, and unfortunately, the problem still exists in the latest published version, which is 2.12.0. You can find more information about these versions here: https://mvnrepository.com/artifact/de.fraunhofer.sit.sse.flowdroid/soot-infoflow-android https://central.sonatype.com/artifact/de.fraunhofer.sit.sse.flowdroid/soot-infoflow-android

It appears that the issue has recently been fixed on the development branch of the FlowDroid project this month. Once an official release is made, we will consider upgrading the dependency. You can track the progress of this issue on GitHub here: https://github.com/secure-software-engineering/FlowDroid/issues/657

If you need to use it urgently, you may need to update the soot-infoflow-android dependency to the latest version from the develop branch on GitHub: https://github.com/secure-software-engineering/FlowDroid/tree/develop/soot-infoflow-android

TasnimFabiha commented 10 months ago

@LightningRS , Thank you for your quick response!

While I wait for the official fix, can you please suggest some set of apps (the exact version) from https://f-droid.org/ that you used to evaluate the tool? I'm mostly looking for shopping or news related apps to get some results with. So at least if I can get results for some of the older versions of the apks on which this tool used to work that will be great. Can I get at least some portions of the list of 2000 apps (apk versions) that was mentioned in the paper to get start with?