Skip to content

Video_tutorials

FoelliX edited this page Nov 25, 2021 · 2 revisions

Videos

The videos below are demo/tutorial videos that mainly show how to use the AQL-System to build a cooperative analysis.

For each video everything that is mentioned is denoted/linked under the respective video. Given credentials etc. may differ from those visible in the videos. All filepaths in the videos are relative to the authors system.

Video 00: Configuring an AQL-System

In this video it is explained how to configure an AQL-System that uses an AQL-WebService as tool provider. With this configuration everything shown in all the videos below can be done.

Video

  • AQL-System (2.0.0 or newer) [Download]
  • Configuration Wiki Page [Link]
  • AQL-WebService [Github]
    • Online status [Link]
    • Credentials (free account):
      • URL: http://vm-fpauck.cs.upb.de/AQL-WebService/config
      • Username: free
      • Password: blank (no password required)
    • Credentials (private account):
  • Android platform files [Download]
  • Android build tools [Download]
  • DroidBench app DirectLeak1.apk [Download]
  • Queries & Commands
    1. java -jar AQL-System-2.0.0.jar
    2. Flows IN App('DirectLeak1.apk') ?
    3. java -jar AQL-System-2.0.0.jar -c "http://vm-fpauck.cs.upb.de/AQL-WebService/config, free"
    4. java -jar AQL-System-2.0.0.jar -q "Flows IN App('DirectLeak1.apk') ?" -view

Video 01: Inter-App Taint Analysis

This video explains how to build a first cooperative analysis. In this case an inter-app taint analysis is constructed.

Video

Video 02: Automatic Cooperative Analysis

Find out how to build a bigger cooperative analysis in this video.
(Remark 1: When explaining the query for AppB it should be "native code" not "reflection".)
(Remark 2: Functionalities explained in detail in Video 05 are already used in this video. Feel free to watch video 05 first.)

Video

Video 03: Reduce False Positives I (Slicing)

The first attempt presented to reduce false positives found by an analysis is based on slicing. The video shows how to use a slicer in a query.
(Remark: Functionalities explained in detail in Video 05 are already used in this video. Feel free to watch video 05 first.)

Video

  • Jicer example debugJicerRunEx_new.apk [Download]

Video 04: Reduce False Positives II (Double Checking)

For this seconds attempt we will use a second analysis tool to double check our results.
(Remark: When speaking about the empty result of "FlowDroid", "HornDroid" was actually meant.)

Video

Video 05: Dynamic Sources & Sinks

This video explains how to use custom variable, for example, custom sources and sinks computed at the time of analysis.
(Remark: "Next video" refers to Video 02.)

Video

  • (Custom) Variables Wiki Page [Link]
  • Mock-up Sources and Sinks file LOCtoSMS.txt [Download]