Solvedandroguard How to get Call graph using Androguard API

Hi,

i want to extract call graph of the entire application using only the API and i am using XREF in order to do it. In addition, i would distinguish external call from internal call. How can i do that?

I made a simple function that do the following:

# dalvik is DalvikVMFormat
for d in dalvik:
    classes = d.get_classes()
    for c in classes:
        methods = c.get_methods()
        for method in methods:
            # x is Analysis object
            method_class_analysis = x.get_method_analysis(method)
            xref_to = method_class_analysis.get_xref_to()
            #add method to graph
            #and for each method in xref_to: add method to graph and add edge

In the variable xref_to I can find methods of type EncodedMethod and ExternalMethod (i can distinguish external call from internal code based on this type), but when I iterate over method (for method in methods) I don't know if it is an external or internal one. This problem leads to an incorrect call graph.

Anyone can help?

Thanks.

50 Answers

✔️Accepted Answer

reox
186

I just changed the code a little bit to get color for the methods:

from androguard.misc import AnalyzeAPK
from androguard.core.analysis.analysis import ExternalMethod
import matplotlib.pyplot as plt
import networkx as nx

a, d, dx = AnalyzeAPK("4e2201cde26141715255d2421f0bcfb1")

CFG = nx.DiGraph()

# Note: If you create the CFG from many classes at the same time, the drawing
# will be a total mess...
for m in dx.find_methods(classname="Lcom/elite/MainActivity;"):
    orig_method = m.get_method()
    print("Found Method --> {}".format(orig_method))
    # orig_method might be a ExternalMethod too...
    # so you can check it here also:
    if isinstance(orig_method, ExternalMethod):
        is_this_external = True
        # If this class is external, there will be very likely
        # no xref_to stored! If there is, it is probably a bug in androguard...
    else:
        is_this_external = False

    CFG.add_node(orig_method, external=is_this_external)

    for other_class, callee, offset in m.get_xref_to():
        if isinstance(callee, ExternalMethod):
            is_external = True
        else:
            is_external = False

        if callee not in CFG.node:
            CFG.add_node(callee, external=is_external)

        # As this is a DiGraph and we are not interested in duplicate edges,
        # check if the edge is already in the edge set.
        # If you need all calls, you probably want to check out MultiDiGraph
        if not CFG.has_edge(orig_method, callee):
            CFG.add_edge(orig_method, callee)

pos = nx.spring_layout(CFG)

internal = []
external = []

for n in CFG.node:
    if isinstance(n, ExternalMethod):
        external.append(n)
    else:
        internal.append(n)


nx.draw_networkx_nodes(CFG, pos=pos, node_color='r', nodelist=internal)
nx.draw_networkx_nodes(CFG, pos=pos, node_color='b', nodelist=external)
nx.draw_networkx_edges(CFG, pos, arrow=True)
nx.draw_networkx_labels(CFG, pos=pos, labels={x: "{} {}".format(x.get_class_name(), x.get_name()) for x in CFG.edge})
plt.draw()
plt.show()

figure_1-1

This also shows something important: If you inherit a class and this class is for example an API class, all methods that are not overwritten are also external.
As you can see in the graph, there are methods like startService or setContentView, which are external (blue) but have the classname of an internal class.

Related Issues:

5
androguard When I run androlyze.py, I receive an error
you can use pip to clone from git like this: See https://pip.pypa.io/en/stable/reference/pip_install...
3
androguard How to get Call graph using Androguard API
I just changed the code a little bit to get color for the methods: This also shows something importa...
750
react native keychain SDK Build Tools revision (23.0.1) is too low for project :react-native-keychain.
Ok I found a solution to this For people facing the same problem in the future Hey there ...
748
material components android Manifest merger failed : Attribute application@appComponentFactory
I had similar problem We're transitioning from github issues to a public buganizer component Rather ...
746
expo Error: fsevents unavailable (this watcher can only be used on Darwin)
Possible solution: I had installed watchman via npm install -g watchman but apparently this installs...
459
flutter Multiple commands produce '/build/ios/Debug-iphonesimulator/Runner.app/Frameworks/Flutter.framework
I was able to fix it by opening the Runner workspace project in Xcode 10 Then navigate to File ...
449
flutter App Store iOS submission fails: The bundle Runner.app/Frameworks/App.framework does not support the minimum OS Version specified in the Info.plist
After doing a flutter clean changing MinimumOSVersion (inside /ios/Flutter/AppframeworkInfo.plist) t...
418
flutter 'com.android.support:appcompat-v7' has different version for the compile (26.1.0) and runtime (27.0.1) classpath
is like this i receive an error when i run flutter run My gradle.build file is: flutter doctor: ...
409
flutter Why does my text not wrap?
You have to wrap Column in a flexible Without flexible the column's width is not constrained to the ...
383
flutter Unexpected top padding in ListView put inside scaffold with no appBar
Yeah this is intentional If you put a widget before the ListView you should wrap the ListView with a...
315
flutter Missing xcode dependency: Python module "six"
try python2.x -m pip install six by @humblerookie's suggest or brew reinstall python@2 pip install s...
306
expo exp build:android fails
This works exp start Cancel ctrl c then do exp build:android. Running exp build:android errors fails...
285
flutter flutter messaging: set the notification icon
Hey guys I fought with this for the better part of a day For some strange reason there are no tutori...
281
flutter Issue with cloud_firestore - Cannot fit requested classes in a single dex file.
As a workaround you can try enabling mutlidex for Android App by following Enable multidex for apps ...
265
flutter D8: Program type already present: io.flutter.BuildConfig
@smrucv I received the same error but after flutter clean and flutter packages get everything works ...
250
238
flutter Introduction of characters package causes crash on flutter run for preexisting Flutter applications
In my case I resolved the issue with flutter clean After e0ed12c I get this error when building: @ju...
222
nativescript cli TNS doctor doesn't recognize Xcode (High Sierra)
HI @philipfeldmann Can yhou please run xcodebuild -version and paste the output? May be Xcode is ins...
221
flutter Making Network http error SocketException: Failed host lookup
@hoc081098 Double-check / make sure you have <uses-permission android:name=android.permission.INTERN...
216
flutter Support inlining Android/iOS views
iOS view embedding support has landed on master This is still just a preview There are multiple open...
207
flutter ✗ Android license status unknown.
Hi everyone Steps to Reproduce Please tell us what you were doing and what went wrong If you are run...
195
react native mapbox gl No static method toHumanReadableAscii
here is workaround: build.gradle got the following error on runtime: java.lang.NoSuchMethodError: No...
185
flutter idevice_id cannot run on catalina
When you're developing on Catalina Steps to Reproduce Run flutter doctor on macOS Catalina I get the...
181
flutter type 'List<dynamic>' is not a subtype of type 'List<String>'
The problem is your fromMap constructor is reading from a Map<String dynamic> ...
178
flutter TextField is hidden by keyboard inside of a Modal Bottom Sheet
This may not work for all situations but I have a modalBottomSheet that contains only a TextField ...
173
retrofit Kotlin & @Body
You can still use Map just suppress its wildcardness with @JvmSuppressWildcards ...
169
NativeBase Needs to tap twice to fire onPress function when keyboard is open
@bm-software Use keyboardShouldPersistTaps={'handled'} and will works fine. react-native ...
162
react native firebase 🔥(Android) Program type already present: io.invertase.firebase.BuildConfig
I think I found my ultimate error here In my package.json file I had at some point earlier ...
160
flutter Dismissing keyboard programatically
This is a better way as it also clears the focus: FocusScope.of(context).requestFocus(new FocusNode(...
157
flutter How to solve: Android license status unknown and also Android sdkmanager tool not found? Tried everything(as i think)
The answer is here Uncheck Hide Obsolete Packages and you'll see Android SDK Tools (Obsolete) 26.1.1...
156
flutter MissingPluginException: No implementation found for method
@mravn-google Yeah turned out I had to quit the flutter run process and start it up again Just a ful...
156
flutter firebase_auth: ^0.8.0+1 crashes on Android
Here i put this in file: android/gradle.properties: and changed targetSdkVersion to 28 and it worked...
156
react native modal The statusbar turns white when the modal is open (only on certain devices)
statusBarTranslucent property has been added to Modal of RN 0.62 I think this problem has been solve...
153
flutter Android sdkmanager tool not found (C:...\Local\Android\sdk\tools\bin\sdkmanager)
This worked for me: open Android Studio's SDK Manager go to the Android SDK tab under SDK Tools ...
149
flutter 1.22.2 - Flutter plugin not installed; this adds Flutter specific functionality.
Hey @bhanuka96 try this line of code How do I fix this android plugin error? This error is being com...
145
cli pod install failure with glog
what helped me: sudo xcode-select --switch /Applications/Xcode.app Ask your Question I have been try...
144
create react native app issue running on ubuntu 16.04 (watchman)
I got it working by running: OS Info: Run: Output: ...
139
flutter [ios][release] GeneratedPluginRegistrant.m Module not found
I may have found the answer from this comment: #21989 (comment) Seems like by opening up the project...
137
flutter [App.framework] Linked and embedded framework 'App.framework' was built for iOS/iOS Simulator
Does rm -rf ios/Flutter/App.framework get you unstuck? SOLUTION @jmagman has written an article on h...
137
Xposed Let's port Xposed to N
Surprisingly by porting M changes to N everything works well From my experience I can tell you that ...
134
flutter Bad state: Future already completed
I had the same issue.. The problem was the same that @soaresgabriel said but I was not navigating di...
131
create react native app AwesomeProject@0.1.0 start: react-native-scripts start- ERR! Exit status 1
As suggested at the error message installing watchman solved this error for me (OSX 10.9.5) ...
129
flutter Execution failed for task ':app:compileFlutterBuildDebug' Issue
Hi @Ramihtet your logs show a different flutter version; could you please run flutter channel stable...
126
capacitor FileReader API not firing
You can try this. Description of the problem: In my project I'm trying to read and convert a Blob do...
124
flutter Unable to load Asset - wrong indentation in pubspec.yaml
Is your assets key underneath a flutter: key as well? https://flutter.io/assets-and-images/ ...
124
flutter Flutter 1.12.13+hotfix.5: Flutter Run: The shrinker may have failed to optimize the Java bytecode.
The plugin seems to work correctly after adding minifyEnabled true as shown above in app-level build...
123
react native image crop picker Build failed, no such file libReact.a
@chrise86 got the error again and this fixed it properly Go to your build phases and remove libReact...