Skip to content

Detailed description of IccTA usage

Jump to bottom Edit New page
Jordan Samhi edited this page Dec 19, 2019 · 3 revisions

Author: Jordan Samhi

This description concerns the usage of IccTA with Dare (homepage) and IC3 (homepage) with up-to-date and pre-built tools.

⚠️ A configuration-free version is available here.

PRE-REQUISITES

Prior to execute these scripts, one has to have a working mysql server and the client. Also one has to have a user of the database able to create a database and importing a schema in this database.

Also, the tools executed in these scripts are Java tools using soot, hence one has to use Java 8 as the default JRE. Or one can just modify the script and change the java instruction by the path to a Java 8 executable.

Preparation of the environment

One has to know that IC3 and IccTA rely on a database to store the results of ICC links, methods, etc.

Database creation

Prior to create the database, clone the repository on your computer:

git clone https://github.com/lilicoding/soot-infoflow-android-iccta.git
cd soot-infoflow-android-iccta

Now create the database:

mysql -u username -p -e "create database cc"
mysql -u username -p cc < res/schema

Possible error

If you encounter this error:

ERROR 1071 (42000) at line 203: Specified key was too long; max key length is 3072 bytes

Just replace this block in res/schema:

CREATE TABLE `IFMimeTypes` (
  `id` int NOT NULL AUTO_INCREMENT,
  `filter_id` int NOT NULL,
  `type` varchar(512) NOT NULL,
  `subtype` varchar(512) NOT NULL,
  PRIMARY KEY (`id`),
  FOREIGN KEY (`filter_id`) REFERENCES IntentFilters(`id`) ON DELETE CASCADE,
  INDEX `type_idx` (`type`, `subtype`)
);

By this block:

CREATE TABLE `IFMimeTypes` (
  `id` int NOT NULL AUTO_INCREMENT,
  `filter_id` int NOT NULL,
  `type` varchar(512) NOT NULL,
  `subtype` varchar(512) NOT NULL,
  PRIMARY KEY (`id`),
  FOREIGN KEY (`filter_id`) REFERENCES IntentFilters(`id`) ON DELETE CASCADE,
  INDEX `type_idx` (`type`, `subtype`)
) ENGINE=InnoDB  CHARACTER SET utf8;

The database in now ready to use.

Configuration files

Check that the file res/iccta.properties contains: iccProvider=ic3.

Modify the file res/jdbc.xml with the values concerning you:

<name>name of the database (normally cc)</name>
<username>database username</username>
<password>database password</password>

In the same way, modify the release/res/jdbc.xml.

Then modify the file release/res/iccta.properties with the values concerning you:

android_jars=PATH_TO_YOUR_ANDROID_PLATFORMS

Retarget APK

In order to extract the ICC model from the APK with IC3, one first has to retarget the .dex files into .class files. Indeed, IC3 uses Java classes as input.

Do not use the tool present in this repository to retarget your APK, prefer to use the one I provide to ensure correct execution.

Usage of dare:

wget https://github.com/JordanSamhi/Tools/raw/master/dare.zip
unzip dare.zip
./dare/dare -d PATH_TO_DARE_RESULTS APP.apk

ICC model extraction

Do not use the version of IC3 present in this repository, prefer to use the one I provide to ensure correct execution. The version of IC3 built for this wiki has been built in December 2019 with all the dependencies.

Before executing IC3, on has to create the file cc.properties with the following content:

user=test
password=password
characterEncoding=ISO-8859-1
useUnicode=true

After saving this file, one can now execute IC3 and give the PATH_TO_DARE_RESULTS as an input:

wget https://github.com/JordanSamhi/Tools/raw/master/ic3.jar
java -jar ic3.jar -input PATH_TO_DARE_RESULTS/retargeted/APP_NAME -apkormanifest APP.apk -cp PATH_TO_YOUR_ANDROID_PLATFORMS -db cc.properties

The results will be stored into the database cc and will be reused by IccTA. One can also use the option -protobuf PATH_TO_RESULTS to store the results in a file.

Execution of IccTA

The ICC model is now ready to be used by IccTA.

To easily execute IccTA, do not use the executable in the repository, instead use the jar provided in this wiki (see below). Indeed, it has been built (in December 2019) with updated versions of mysql-connector, Soot and Flowdroid to avoid compatibility errors.

Instructions

⚠️ Be sure to be in the repository folder before running the jar. The pwd command should output something like: SOME_PATH/soot-infoflow-android-iccta

Follow these instructions to run IccTA:

wget https://github.com/JordanSamhi/Tools/raw/master/iccta.jar
java -jar iccta.jar APP.apk PATH_TO_ANDROID.jar

IccTA automatically connects to the database to retrieve the ICC modele generated by IC3. It is important to be in the right folder, otherwise you will receive some file not found errors.

Add a custom footer
Add a custom sidebar
Clone this wiki locally