Skip to content

Latest commit

 

History

History
33 lines (24 loc) · 3.16 KB

README.md

File metadata and controls

33 lines (24 loc) · 3.16 KB

DroidReachBenchmarks

Benchmark apps that highlights reachability analysis challenges in the native world of Android applications.

The compiled applications are stored under the apks subdirectory.

Benchmarks

id name description ArgusSaf Ghidra DroidReach
0 StaticMapping JNI Method bound to a Java native method through name mangling n/a
1 StaticMappingOverload JNI Method bound to a Java native method through name mangling (method overload) n/a
2 DynamicMapping JNI Method bound to a Java native method using RegisterNatives API ☒ (1) n/a
3 DynamicMappingClash JNI Method bound to a Java native method using RegisterNatives API (clash in class name) ☒ (1) n/a ☒ (1)
4 DynamicMappingNonglobal JNI Method bound to a Java native method using RegisterNatives API (non-global array) ☒ (1) n/a ☒ (1)
5 DynamicMappingComplex JNI Method bound to a Java native method using RegisterNatives API (complex code) n/a
6 NestedLib JNI Method calls another linked library ☐ (2) ☐ (3)
7 HighDepth The target function is called with a high calldepth ☐ (4)
8 IndirectJmp The target function is called after an indirect call (C++ virtual call)
9 IndirectJmpVariant The target function is called after an indirect call (C++ virtual call)
10 IndirectJmpVariant2 The target function is called after an indirect call (function pointer)
11 IndirectJmpHighDepth The target function is called at a high calldepth after an indirect call (at small depth) ☐ (4)
12 IndirectJmpHighDepthVariant The target function is called at a high calldepth after an indirect call (at high depth) ☐ (4) ☐ (4)

(1): Slow, uses symbolic execution.

(2): For the coarse-grained evaluation, we developed a variant of ArgusSaf that can reason on nested libraries

(3): For the coarse-grained evaluation, Ghidra was enhanced to deal with nested libraries

(4): It is possible to increase the calldepth, but there is a trade-off between running time/memory usage and desired calldepth.

n/a: not applicable, e.g., Ghidra is not involved in the resolution of JNI mapping.