Git repositories for newest versions:
- https://bitbucket.org/wsnavely/soot-infoflow-latest/
- https://bitbucket.org/wsnavely/soot-infoflow-android-latest/
- https://bitbucket.org/wklieber/didfail/
Branches:
The most recent branches are the the
Static Fields branch and the
Services and BroadcastReceivers branch, which are both based off the Improved DEX Conversion branch (Nov 2014). In the future, these two branches will be merged, with an option to turn static field analysis (which is computationally intensive) on and off.
A table of releases with specific commit numbers for releases is available.
To build DidFail in Ubuntu 12.04:
- Set up a fresh virtual machine with Ubuntu 12.04 (64-bit desktop version). At least 3 GB of RAM is recommended to be given to the virtual machine.
- Build FlowDroid.
- Open a Bash shell (Ctrl+Alt+T).
- Set environment variable
didfail
to where you want to install DidFail, and create and enter that directory:
- export didfail=~/didfail
- mkdir $didfail
- cd $didfail
- Install some 32-bit libraries needed by Dare:
- sudo apt-get install gcc-4.6-multilib lib32stdc++6 zlib1g-dev:i386
- Download Epicc, Dare, Android platform JARs, and toy apps:
- wget -nc http://siis.cse.psu.edu/epicc/downloads/epicc-0.1.tgz
#mirror at http://www.cs.cmu.edu/~wklieber/didfail/epicc-0.1.tgz
- wget -nc https://github.com/dare-android/platform_dalvik/releases/download/dare-1.1.0/dare-1.1.0-linux.tgz
- wget -nc http://www.cs.cmu.edu/~wklieber/didfail/platform-16.zip
- wget -nc http://www.cs.cmu.edu/~wklieber/didfail/platform-19.zip
- wget -nc http://www.cs.cmu.edu/~wklieber/didfail/toyapps-2014-04-28.zip
- Unpack downloaded files:
- mkdir epicc
- tar xzf epicc-0.1.tgz -C epicc
- tar xzf dare-1.1.0-linux.tgz
- unzip platform-16.zip
- unzip platform-19.zip
- unzip -q toyapps-2014-04-28.zip
- Clone the DidFail CERT repo (containing the APK Transformer, second-phase analyzer, and various scripts):
- git clone https://bitbucket.org/wklieber/didfail.git cert
- Switch to the desired branch or specific commit. Available branches are: service-additions, static-field-support, master. (Note: master is an older version without support for either static field support or services.)
For example:
- cd cert
- git checkout service-additions # if you want the latest version of this branch
- git checkout 2781780c9971f0ec5c998956b14af81196a9879f # if you want the release snapshot
- cd ..
- Create local config file:
- cp cert/paths.distrib.sh cert/paths.local.sh
- Modify paths.local.sh
- Change the "
export didfail=
" line to point to the directory where you chose to install DidFail.
- Change the "
export wkspc=
" line to point to the directory that contains the soot
, heros
, jasmin
, and soot-infoflow*
directories (as child directories).
- Compile the APK Transformer:
- cd $didfail/cert
- source paths.local.sh
# It is normal to get a message like "ls: cannot access .../transformApk/bin: No such file or directory" when you source paths.local.sh the first time; in a later step, you will use the make
process to create this directory.
- cd transformApk
- make
- cd $didfail
- Run the analyzer on the toy apps:
- $didfail/cert/run-didfail.sh $didfail/toyapps/out/ $didfail/toyapps/*.apk
Note: These are the original toy apps from the SOAP 2014 version of DidFail. Toy apps to test the new functionality (added in the Dec 2014 releases) are available: test-apps-dec2014/.
Note: You may need to adjust max_mem and/or jvm_flags in paths.local.sh. If you get an error message "Could not create the Java virtual machine", either increase max_mem (which is supplied to ulimit) or decrease the "-Xmx" option in jvm_flags.
- Get the full set of Android SDK libraries (several gigabytes) if you want to test real-world apps:
- Download the Android SDK
- Run the
sdk/tools/android
program to grab the android.jar
files for other API versions.
- Edit
$didfail/cert/paths.local.sh
so that sdk_platforms
refers to the appropriate directory (e.g., ~/adt-bundle-linux-x86_64-20130729/sdk/platforms/
).