search

sireum / archived-v2-amandroid

34 stars 16 forks source link

Error: Cannot Resolve Concrete Dispatch #26

Closed eugenood closed 6 years ago

eugenood commented 9 years ago

I got the following error when running the following:

mainuser@thinkpad-ubuntu:~/Files$ ./analyze app.apk 
Total apks: 1
Analyzing #1:file:/home/mainuser/Files/app.apk
Cleaning up unclosed ZipFile for archive /home/mainuser/Files/app.apk
Cleaning up unclosed ZipFile for archive /home/mainuser/apktool/framework/1.apk

Error: Cannot resolve concrete dispatch!
Type:com.a.a.a.i
Procedure:a:(IZ)V
Written: /home/mainuser/Files/./.errorlog

Within the .errorlog file:

An error occured on 20150331-165648
java.lang.RuntimeException: Cannot resolve concrete dispatch!
Type:com.a.a.a.i
Procedure:a:(IZ)V
        at org.sireum.jawa.RecordHierarchy.resolveConcreteDispatch(RecordHierarchy.scala:364)
        at org.sireum.jawa.alir.util.CallHandler$.getVirtualCalleeProcedure(CallHandler.scala:41)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph$$anonfun$getVirtualCalleeSet$1.apply(PointerAssignmentGraph.scala:490)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph$$anonfun$getVirtualCalleeSet$1.apply(PointerAssignmentGraph.scala:489)
        at scala.collection.immutable.Set$Set4.foreach(Set.scala:181)
        at org.sireum.jawa.alir.pta.suspark.PointerAssignmentGraph.getVirtualCalleeSet(PointerAssignmentGraph.scala:488)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.checkAndDoCall(InterproceduralSuperSpark.scala:200)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$workListPropagation$2.apply(InterproceduralSuperSpark.scala:104)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$workListPropagation$2.apply(InterproceduralSuperSpark.scala:95)
        at scala.collection.Iterator$class.foreach(Iterator.scala:750)
        at scala.collection.AbstractIterator.foreach(Iterator.scala:1202)
        at scala.collection.IterableLike$class.foreach(IterableLike.scala:72)
        at scala.collection.AbstractIterable.foreach(Iterable.scala:54)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.workListPropagation(InterproceduralSuperSpark.scala:94)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.doPTA(InterproceduralSuperSpark.scala:61)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$pta$1.apply(InterproceduralSuperSpark.scala:48)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$$anonfun$pta$1.apply(InterproceduralSuperSpark.scala:45)
        at scala.collection.immutable.Set$Set2.foreach(Set.scala:111)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.pta(InterproceduralSuperSpark.scala:44)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.build(InterproceduralSuperSpark.scala:36)
        at org.sireum.jawa.alir.pta.suspark.InterproceduralSuperSpark$.apply(InterproceduralSuperSpark.scala:29)
        at org.sireum.jawa.alir.reachability.ReachabilityAnalysis$.getReachableProcedures(ReachabilityAnalysis.scala:30)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$updateReachableMap$1.apply(ReachableInfoCollector.scala:58)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector$$anonfun$updateReachableMap$1.apply(ReachableInfoCollector.scala:56)
        at scala.collection.immutable.Map$Map2.foreach(Map.scala:137)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector.updateReachableMap(ReachableInfoCollector.scala:56)
        at org.sireum.amandroid.appInfo.ReachableInfoCollector.collectCallbackMethods(ReachableInfoCollector.scala:146)
        at org.sireum.amandroid.appInfo.AppInfoCollector$.analyzeCallback(AppInfoCollector.scala:223)
        at org.sireum.amandroid.appInfo.AppInfoCollector.collectInfo(AppInfoCollector.scala:162)
        at org.sireum.amandroid.cli.TanitAnalysis$TaintTask.run(TaintAnalysis.scala:187)
        at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:161)
        at org.sireum.amandroid.cli.TanitAnalysis$$anonfun$taintAnalyze$1.apply(TaintAnalysis.scala:157)
        at scala.collection.immutable.Set$Set1.foreach(Set.scala:79)
        at org.sireum.amandroid.cli.TanitAnalysis$.taintAnalyze(TaintAnalysis.scala:156)
        at org.sireum.amandroid.cli.TanitAnalysis$.main(TaintAnalysis.scala:137)
        at org.sireum.amandroid.cli.TanitAnalysis.main(TaintAnalysis.scala)

May I know what is the significance of this error? This error only work on this particular obfuscated APK. Does it not work on all obfuscated APK, or is it a bug?

In addition, even though I did not get this error while analysing whatsapp, staging does not generate any control flow graph, and genGraph produce a graph with only 1 node. Is this an expected behavior?

Thanks.

fgwei commented 9 years ago

That's definitely not an expected behavior. If you can send me the app you tested, then I can test it and fix it.

eugenood commented 9 years ago

Sent you through your gmail.

eugenood commented 9 years ago

I've updated sireum, and now it gave a different error for the app.apk.

An error occured on 20150406-093754
java.lang.RuntimeException: procedure name not correct: .length
        at org.sireum.jawa.JawaProcedure.getShortName(JawaProcedure.scala:206)
        at org.sireum.jawa.JawaProcedure.setName(JawaProcedure.scala:247)
        at org.sireum.jawa.JawaProcedure.init(JawaProcedure.scala:145)
        at org.sireum.jawa.JawaProcedure.init(JawaProcedure.scala:183)
        at org.sireum.jawa.RecordHierarchy.org$sireum$jawa$RecordHierarchy$$findProcedureThroughHierarchy(RecordHierarchy.scala:375)
        at org.sireum.jawa.RecordHierarchy$$anonfun$resolveAbstractDispatch$2.apply(RecordHierarchy.scala:408)
        at org.sireum.jawa.RecordHierarchy$$anonfun$resolveAbstractDispatch$2.apply(RecordHierarchy.scala:407)
        at scala.collection.mutable.HashSet.foreach(HashSet.scala:78)
        at org.sireum.jawa.RecordHierarchy.resolveAbstractDispatch(RecordHierarchy.scala:406)
        at org.sireum.jawa.alir.util.CallHandler$.getUnknownVirtualCalleeProcedures(CallHandler.scala:52)
        at org.sireum.jawa.alir.pta.reachingFactsAnalysis.ReachingFactsAnalysisHelper$$anonfun$getCalleeSet$1.apply(ReachingFactsAnalysisHelper.scala:136)
        at org.sireum.jawa.alir.pta.reachingFactsAnalysis.ReachingFactsAnalysisHelper$$anonfun$getCalleeSet$1.apply(ReachingFactsAnalysisHelper.scala:115)
        at scala.collection.immutable.HashSet$HashSet1.foreach(HashSet.scala:322)
        at scala.collection.immutable.HashSet$HashTrieSet.foreach(HashSet.scala:978)
        at org.sireum.jawa.alir.pta.reachingFactsAnalysis.ReachingFactsAnalysisHelper$.getCalleeSet(ReachingFactsAnalysisHelper.scala:114)
        at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder$Callr.resolveCall(AndroidReachingFactsAnalysis.scala:336)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.org$sireum$jawa$alir$dataFlowAnalysis$InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$$jumpF$2(InterProceduralMonotoneDataFlowAnalysisFramework.scala:477)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visitForward(InterProceduralMonotoneDataFlowAnalysisFramework.scala:514)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.caculateResult(InterProceduralMonotoneDataFlowAnalysisFramework.scala:526)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$IMdaf$1.visit(InterProceduralMonotoneDataFlowAnalysisFramework.scala:532)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$.process$1(InterProceduralMonotoneDataFlowAnalysisFramework.scala:564)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$.build(InterProceduralMonotoneDataFlowAnalysisFramework.scala:601)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$2.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
        at org.sireum.jawa.alir.dataFlowAnalysis.InterProceduralMonotoneDataFlowAnalysisFramework$$anonfun$apply$2.apply(InterProceduralMonotoneDataFlowAnalysisFramework.scala:74)
        at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysisBuilder.build(AndroidReachingFactsAnalysis.scala:74)
        at org.sireum.amandroid.alir.pta.reachingFactsAnalysis.AndroidReachingFactsAnalysis$.apply(AndroidReachingFactsAnalysis.scala:739)
        at org.sireum.amandroid.security.AmandroidSocket$$anonfun$runWithDDA$1.apply(AmandroidSocket.scala:122)
fgwei commented 9 years ago

Thanks for the report. I still working on fix those bugs.

fgwei commented 9 years ago

You can try:

  1. sireum uninstall all
  2. run your analysis again
eugenood commented 9 years ago

Doesn't help. Still the same error.

fgwei commented 9 years ago

It does not have error in my site. I tested: sireum aman taint -m 6 -ns -to 10 -o ~/Desktop/output ~/Desktop/test/s/apks/app.apk apps/amandroid/taintAnalysis/sourceAndSinks/TaintSourcesAndSinks.txt and: sireum aman gen -ns -to 4 -o ~/Desktop/output -m 4 ~/Desktop/test/s/apks/app.apk

Both gives me good result.

So, are you using sireum Development version? Currently sireum stable version does not support those bug fixs.