If you want to analyze a program statically, you probably will need to use call graphs. “A call graph is a control flow graph, which represents calling relationships between subroutines in a computer program.” according to Wikipedia. For Java, the nodes of a call graph are methods, and edges represent method calls. Call graphs have various applications from security analysis such as malware detection or simplest applications such as finding unused methods — a method is unused if there is no path from the app's entry point to that method. You may have seen this feature in an IDE like…

In this blog post, I describe how to use Soot to read an Android APK (without the source code), change its methods and classes(even add a new class), and write the new code into a working APK. A few notes:

  • You can find the code in the SootTutorial repository.
  • This repository has a CLI to instrument APKs more conveniently.
  • For better understanding this post, I recommend to first take a look at the previous post “Know the basic tools in Soot” to be familiar with the Soot’s APIs that I used in the code.
  • This post is mostly adapted from…

Finally, I could find some time during the pandemic to be a little productive and write the second post to introduce Soot a little bit more. In this post, I’m going to show you some basic API methods in Soot. This post is a short reference list of API methods and helper classes in Soot that can be used in future posts. In the next post, I’ll show how to use these tools to instrument an Android app to log the executed methods without having access to the source code.

I’m not going to describe the various configuration options for…

In this blog post, I will show you an example that uses Soot to provide some insights about a Java program. This post is designed for the people who know Java programming and want to do some static analysis in practice but do not know anything about Soot and static analysis in theory. The repository that contains the example can be found at https://github.com/noidsirius/SootTutorial.

The Soot Tutorial Series

Navid Salehnamadi

I’m a Ph.D. student in Software Engineering at UCI. I like to automate things and play music.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store