Table of Contents

• Introduction
• Build Project
• Documents
• Analysis Results

Introduction

This project is the source code for Android Service Helper bypass static analysis tool.

If there are any questions, please feel free to add issues.

Build Project

1.Prepare to run project in 1 minute

git clone https://github.com/fripSide/ServiceAudit.git
cd ServiceAudit/bin
# in Windows
java -cp soot-dev.jar;ServiceAudit.jar com.serviceaudit.snk.Main conf.json
# in Linux
java -cp soot-dev.jar:ServiceAudit.jar com.serviceaudit.snk.Main conf.json

The results will be generated in bin\results.

2.Build project in 5 minutes

mvn package

The build target will be generated to bin\ServiceAudit.jar.

Documents

There are some supplemental documents for the approaches described in the Journal paper:

• Steps for extract the Extended SDK from Android Image doc1
• System service extraction doc2
• Results of NLP approach doc3
• Analysis results and vulnerabilities detail doc4

Analysis Results

After running the project, a short report will be print in the console and the vulnerability list will be generated to results/report.txt. Vulnerabilities details are shown in results/vulnerable_api.json.