- This repo contains the prototype code of DINA, a hybrid analysis tool for identifying potential concealed vulnerable paths through reflection and dynamic class loading between Android Apps.
This work published at IEEE International Conference on Computer Communications (INFOCOM) (INFOCOM'19).
- Written in C++14.
- Uses the Boost Graph Library (BGL).
- Existing generic graph algorithms can be applied to Jitana data structures.
- Can be used as a library:
- Run side-by-side with a virtual machine on a target device.
- Run on a host machine talking to the target device via JDWP.
- Used from visualization tool.
DINA uses CMake which supports out-of-source build. In this document, the following directory structure is assumed:
.
├── DINA (source code downloaded)
├── dex (DEX files)
└── build (build directory you make)
Install all the dependencies first. Then
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ../DINA
make -j8
Please refer to Compiling Jitana on Linux.
According to the workflow, DINA works in three phases, following a description of how to run each phase:
- Mohannad Alhanahnah at University of Nebraska-Lincoln.
- Please note that DINA has been developed on top of jitana. Therefore, many of Jitana's libraries have been used as is or adapted.
- See LICENSE.md for license rights and limitations (ISC).
If you use the source code, please cite the following paper:
M. Alhanahnah et al., "Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code," IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, Paris, France, 2019, pp. 550-558.