This project is the source code for Android Service Helper bypass static analysis tool.
If there are any questions, please feel free to add issues.
1.Prepare to run project in 1 minute
git clone https://github.com/fripSide/ServiceAudit.git
cd ServiceAudit/bin
# in Windows
java -cp soot-dev.jar;ServiceAudit.jar com.serviceaudit.snk.Main conf.json
# in Linux
java -cp soot-dev.jar:ServiceAudit.jar com.serviceaudit.snk.Main conf.jsonThe results will be generated in bin\results.
2.Build project in 5 minutes
mvn packageThe build target will be generated to bin\ServiceAudit.jar.
There are some supplemental documents for the approaches described in the Journal paper:
- Steps for extract the Extended SDK from Android Image doc1
- System service extraction doc2
- Results of NLP approach doc3
- Analysis results and vulnerabilities detail doc4
After running the project, a short report will be print in the console and the vulnerability list will be generated to results/report.txt. Vulnerabilities details are shown in results/vulnerable_api.json.