Java#

Constant values for lifecycle of Apk.

class cle.backends.java.apk.Apk[source]#

Bases: Soot

Backend for lifting Apk’s to Soot.

is_default = True#
__init__(apk_path, binary_stream, entry_point=None, entry_point_params=(), android_sdk=None, supported_jni_archs=None, jni_libs=None, jni_libs_ld_path=None, **options)[source]#
Parameters:

  • apk_path – Path to APK.

  • android_sdk – Path to Android SDK folder (e.g. “/home/angr/android/platforms”)

The following parameters are optional

Parameters:

  • entry_point – Fully qualified name of method that should be used as the entry point.

  • supported_jni_archs – List of supported JNI architectures (ABIs) in descending order of preference.

  • jni_libs – Name(s) of JNI libs to load (if any). If not specified, we try to extract JNI libs from the APK.

  • jni_libs_ld_path – Path(s) where to find libs defined by param jni_libs. Note: Directory of the APK is added by default.

get_callbacks(class_name: str, callback_names: List[str]) List[None][source]#

Get callback methods from the name of callback methods.

Parameters:

  • class_name (str) – Name of the class.

  • callback_names (List[str]) – Name list of the callbacks.

Returns:

The method object which is callback.

Return type:

list[pysoot.sootir.soot_method.SootMethod]

addr_to_offset(addr: int) int | None#
Return type:

Optional[int]

Parameters:

addr (int) –

property arch: Arch#
classmethod check_compatibility(spec, obj) bool#

Performs a minimal static load of spec and returns whether it’s compatible with other_obj

Return type:

bool

classmethod check_magic_compatibility(stream: BinaryIO) bool#

Check if a stream of bytes contains the same magic number as the main object

Return type:

bool

Parameters:

stream (BinaryIO) –

property classes#
close() None#
Return type:

None

contains_addr(addr)#

Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#
static extract_soname(path) str | None#

Extracts the shared object identifier from the path, or returns None if it cannot.

Return type:

Optional[str]

property finalizers: List[int]#

Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#
find_section_containing(addr: int) cle.backends.region.Section | None#

Returns the section that contains addr or None.

Return type:

Optional[Section]

Parameters:

addr (int) –

find_segment_containing(addr: int) cle.backends.region.Segment | None#

Returns the segment that contains addr, or None.

Return type:

Optional[Segment]

Parameters:

addr (int) –

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:

cls_name (str) – Name of the class.

Returns:

The class object.

Return type:

pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

  • thing – Descriptor or the method, or name of the method.

  • class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name: str) cle.backends.symbol.Symbol | None#

Stub function. Implement to find the symbol with name name.

Return type:

Optional[Symbol]

Parameters:

name (str) –

property image_base_delta#
initial_register_values()#

Deprecated

property initializers: List[int]#

Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#
property loader: Loader#
property main_methods#

Find all Main methods in this binary.

Returns:

All main methods in each class.

Return type:

iterator

property max_addr#

This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr: int#

This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset: int) int | None#
Return type:

Optional[int]

Parameters:

offset (int) –

rebase(new_base)#

Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

The meaning of “resolved relocations” is somewhat subtle - there is a linking step which attempts to resolve each relocation, currently only present in the main internal loading function since the calculation of which objects should be available

property sections: Regions[Section]#
property segments: Regions[Segment]#
set_arch(arch)#
property symbols_by_addr#
thread_registers(thread=None) Dict[str, Any]#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

Return type:

Dict[str, Any]

property threads: List#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

symbols: List[Symbol]#
imports: typing.Dict[str, 'Relocation']#
relocs: List[Relocation]#
child_objects: List['Backend']#
exception_handlings: List[ExceptionHandling]#
function_hints: List[FunctionHint]#
memory: Clemory#
static is_compatible(stream)[source]#

Determine quickly whether this backend can load an object from this stream

class cle.backends.java.jar.Jar[source]#

Bases: Soot

Backend for lifting JARs to Soot.

is_default = True#
__init__(jar_path, binary_stream, entry_point=None, entry_point_params=('java.lang.String[]',), jni_libs=None, jni_libs_ld_path=None, **kwargs)[source]#
Parameters:

jar_path – Path to JAR.

The following parameters are optional

Parameters:

  • entry_point – Fully qualified name of method that should be used as the entry point. If not specified, we try to parse it from the manifest.

  • additional_jars – Additional JARs.

  • additional_jar_roots – Additional JAR roots.

  • jni_libs – Name(s) of JNI libs to load (if any).

  • jni_libs_ld_path – Path(s) where to find libs defined by param jni_libs. Note: Directory of the JAR is added by default.

static is_compatible(stream)[source]#

Determine quickly whether this backend can load an object from this stream

get_manifest(binary_path=None)[source]#

Load the MANIFEST.MF file

Returns:

A dict of meta info

Return type:

dict

addr_to_offset(addr: int) int | None#
Return type:

Optional[int]

Parameters:

addr (int) –

property arch: Arch#
classmethod check_compatibility(spec, obj) bool#

Performs a minimal static load of spec and returns whether it’s compatible with other_obj

Return type:

bool

classmethod check_magic_compatibility(stream: BinaryIO) bool#

Check if a stream of bytes contains the same magic number as the main object

Return type:

bool

Parameters:

stream (BinaryIO) –

property classes#
close() None#
Return type:

None

contains_addr(addr)#

Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

property entry#
static extract_soname(path) str | None#

Extracts the shared object identifier from the path, or returns None if it cannot.

Return type:

Optional[str]

property finalizers: List[int]#

Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#
find_section_containing(addr: int) cle.backends.region.Section | None#

Returns the section that contains addr or None.

Return type:

Optional[Section]

Parameters:

addr (int) –

find_segment_containing(addr: int) cle.backends.region.Segment | None#

Returns the segment that contains addr, or None.

Return type:

Optional[Segment]

Parameters:

addr (int) –

get_soot_class(cls_name, none_if_missing=False)#

Get Soot class object.

Parameters:

cls_name (str) – Name of the class.

Returns:

The class object.

Return type:

pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)#

Get Soot method object.

Parameters:

  • thing – Descriptor or the method, or name of the method.

  • class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

get_symbol(name: str) cle.backends.symbol.Symbol | None#

Stub function. Implement to find the symbol with name name.

Return type:

Optional[Symbol]

Parameters:

name (str) –

property image_base_delta#
initial_register_values()#

Deprecated

property initializers: List[int]#

Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

static is_zip_archive(stream)#
property loader: Loader#
property main_methods#

Find all Main methods in this binary.

Returns:

All main methods in each class.

Return type:

iterator

property max_addr#

This returns the highest virtual address contained in any loaded segment of the binary.

property min_addr: int#

This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset: int) int | None#
Return type:

Optional[int]

Parameters:

offset (int) –

rebase(new_base)#

Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

The meaning of “resolved relocations” is somewhat subtle - there is a linking step which attempts to resolve each relocation, currently only present in the main internal loading function since the calculation of which objects should be available

property sections: Regions[Section]#
property segments: Regions[Segment]#
set_arch(arch)#
property symbols_by_addr#
thread_registers(thread=None) Dict[str, Any]#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

Return type:

Dict[str, Any]

property threads: List#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

symbols: List[Symbol]#
imports: typing.Dict[str, 'Relocation']#
relocs: List[Relocation]#
child_objects: List['Backend']#
exception_handlings: List[ExceptionHandling]#
function_hints: List[FunctionHint]#
memory: Clemory#
class cle.backends.java.soot.Soot[source]#

Bases: Backend

The basis backend for lifting and loading bytecode from JARs and APKs to Soot IR.

Note that self.min_addr will be 0 and self.max_addr will be 1. Hopefully no other object will be mapped at address 0.

__init__(*args, entry_point=None, entry_point_params=(), input_format=None, additional_jars=None, additional_jar_roots=None, jni_libs_ld_path=None, jni_libs=None, android_sdk=None, **kwargs)[source]#
Parameters:

  • binary – The path to the binary to load

  • binary_stream – The open stream to this binary. The reference to this will be held until you call close.

  • is_main_bin – Whether this binary should be loaded as the main executable

property max_addr#

This returns the highest virtual address contained in any loaded segment of the binary.

property entry#
property classes#
get_soot_class(cls_name, none_if_missing=False)[source]#

Get Soot class object.

Parameters:

cls_name (str) – Name of the class.

Returns:

The class object.

Return type:

pysoot.soot.SootClass

get_soot_method(thing, class_name=None, params=(), none_if_missing=False)[source]#

Get Soot method object.

Parameters:

  • thing – Descriptor or the method, or name of the method.

  • class_name (str) – Name of the class. If not specified, class name can be parsed from method_name.

Returns:

Soot method that satisfy the criteria.

property main_methods#

Find all Main methods in this binary.

Returns:

All main methods in each class.

Return type:

iterator

addr_to_offset(addr: int) int | None#
Return type:

Optional[int]

Parameters:

addr (int) –

property arch: Arch#
classmethod check_compatibility(spec, obj) bool#

Performs a minimal static load of spec and returns whether it’s compatible with other_obj

Return type:

bool

classmethod check_magic_compatibility(stream: BinaryIO) bool#

Check if a stream of bytes contains the same magic number as the main object

Return type:

bool

Parameters:

stream (BinaryIO) –

close() None#
Return type:

None

contains_addr(addr)#

Is addr in one of the binary’s segments/sections we have loaded? (i.e. is it mapped into memory ?)

static extract_soname(path) str | None#

Extracts the shared object identifier from the path, or returns None if it cannot.

Return type:

Optional[str]

property finalizers: List[int]#

Stub function. Like initializers, but with finalizers.

find_loadable_containing(addr)#
find_section_containing(addr: int) cle.backends.region.Section | None#

Returns the section that contains addr or None.

Return type:

Optional[Section]

Parameters:

addr (int) –

find_segment_containing(addr: int) cle.backends.region.Segment | None#

Returns the segment that contains addr, or None.

Return type:

Optional[Segment]

Parameters:

addr (int) –

get_symbol(name: str) cle.backends.symbol.Symbol | None#

Stub function. Implement to find the symbol with name name.

Return type:

Optional[Symbol]

Parameters:

name (str) –

property image_base_delta#
initial_register_values()#

Deprecated

property initializers: List[int]#

Stub function. Should be overridden by backends that can provide initializer functions that ought to be run before execution reaches the entry point. Addresses should be rebased.

classmethod is_compatible(stream) bool#

Determine quickly whether this backend can load an object from this stream

Return type:

bool

is_default = False#
static is_zip_archive(stream)[source]#
property loader: Loader#
property min_addr: int#

This returns the lowest virtual address contained in any loaded segment of the binary.

offset_to_addr(offset: int) int | None#
Return type:

Optional[int]

Parameters:

offset (int) –

rebase(new_base)#

Rebase backend’s regions to the new base where they were mapped by the loader

relocate()#

Apply all resolved relocations to memory.

The meaning of “resolved relocations” is somewhat subtle - there is a linking step which attempts to resolve each relocation, currently only present in the main internal loading function since the calculation of which objects should be available

property sections: Regions[Section]#
property segments: Regions[Segment]#
set_arch(arch)#
property symbols_by_addr#
thread_registers(thread=None) Dict[str, Any]#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This method should return the register file for a given thread (as named in Backend.threads) as a dict mapping register names (as seen in archinfo) to numbers. If the thread is not specified, it should return the context for a “default” thread. If there are no threads, it should return an empty dict.

Return type:

Dict[str, Any]

property threads: List#

If this backend represents a dump of a running program, it may contain one or more thread contexts, i.e. register files. This property should contain a list of names for these threads, which should be unique.

symbols: List[Symbol]#
imports: typing.Dict[str, 'Relocation']#
relocs: List[Relocation]#
child_objects: List['Backend']#
exception_handlings: List[ExceptionHandling]#
function_hints: List[FunctionHint]#
memory: Clemory#