Stigma is a framework for modifying / instrumenting commodity Android applications. It instruments the Smali assembly code of a given .APK file in and runs any provided plugins which specify the exact changes (if any) that will be made. Currently, there are two (first party) plugins. One implements dynamic information flow tracking to track the use of sensitive information such as IMEI number, GPS location information, and the device phone number. The other carries out Object Extraction on the APK in question, allowing for a more general-purpose use for Stigma. Stigma is intended to be used as a toolkit to modify android apps for future research projects.
- Have one of the following Operating Systems: Linux (best supported), MacOS or Windows
- Install python 3.x
- Install python dependencies (see requirements.txt)
- Install openjdk-11-jdk or newer (latest version available at https://docs.microsoft.com/en-us/java/openjdk/download)
- keytool (provided by above Ubuntu package and install)
- jarsigner (provided by above Ubuntu package and install)
- Install adb (available in Ubuntu repository
apt install adband in the homebrew repositorybrew install android-platform-toolsAs well as https://www.lifewire.com/android-debug-bridge-adb-4149410)- official adb documentation: https://developer.android.com/studio/command-line/adb
- Install aapt (available in Ubuntu repository
apt install aaptand at https://developer.android.com/studio/command-line/aapt2#download_aapt2) - Android Build Tools (
build-tools) version 32.0.0 (ref). Android does not distribute Build Tools individually so the one have to install the Android SDK in which Build Tools are included. The Android SDK is available via the Android Studio SDK Manager. After installing the SDK from the SDK Manager in Android Studio, you also need to put the path includingapksignerinto yourPATHenvironment variable. To do this,- Find your Android SDK root directory.
- On macOS, this is typically at
~/Library/Android/sdk. - On Windows, this is typically at
C:\Users\YOUR_USERNAME\AppData\Local\Android\Sdk. - On Linux, this is typically at
~/Android/Sdk. - Check Android Studio's SDK Manager settings to confirm.
- On macOS, this is typically at
- Find the
build-toolsdirectory under your Android SDK root directory.- On macOS, this is typically at
~/Library/Android/sdk/build-tools/32.0.0. - On Windows, this is typically at
C:\Users\YOUR_USERNAME\AppData\Local\Android\Sdk\build-tools\32.0.0. - On Linux, this is typically at
~/Android/Sdk/build-tools/32.0.0.
- On macOS, this is typically at
- Add the
build-toolsdirectory to yourPATHenvironment variable.- On macOS, you can add
export PATH=$PATH:~/Library/Android/sdk/build-tools/32.0.0to your~/.bash_profileor your shell's equivalent configuration file. - On Windows, add
C:\Users\YOUR_USERNAME\AppData\Local\Android\Sdk\build-tools\32.0.0to yourPATHenvironment variable. - On Linux, add
export PATH=$PATH:~/Android/Sdk/build-tools/32.0.0to your~/.bashrc,~/.profile,~/.bash_profile, or your shell's equivalent configuration file.
- On macOS, you can add
- Find your Android SDK root directory.
- Android Studio - to view logcat easily (available at https://developer.android.com/studio)
- pydot version 1.2.3 python3 module - to see control flow graphs (
ControlFlowGraph.show()) (available in Ubuntu repository under python3-pydot)
python3 Stigma.py /path/to/some_app.apk -p SomePlugin
You likely need to download some APK file to be run through Stigma. We recommend downloading from https://www.apkmirror.com or https://f-droid.org.
After successfully running, a new APK file should be generated (and signed): Modified_some_app.apk
Ensure that developer options are turned on (run-through below). Additionally, ensure adb is downloaded and on PATH (run-through below).
Provide wired connection of Android Phone with computer containing Stigma. Ensure adb recognizes Android Phone by entering the following on the command line:
adb devices
Install / run the modified APK:
adb install -r Modified_some_app.apk
Most plugins insert LogCat messages into the app that can be viewed by searching for the keyword ``Stigma''. Please consider the source code of the plugin you're using.
The following tutorial is on an OPPO A96. Options will be similar across the board for other Android phones.
In Settings, open "About Phone":
Open Version:
Tap on Build number 7 times. You will eventually receive a confirmation for Developer mode, similar to the one shown below:
Set up both adb and the openjdk tools (keytool and jarsigner) as PATH environment variables, with the following tutorial showing a specific example for the openjdk tools.
In the taskbar, search for and select "Edit the system environment variables":
Select "Environmental Variables...":
In the User variables, choose to "Edit" your "Path" variable:
"Browse" and locate the folder containing your install of openjdk, and hence its "bin" folder, which contains both "keytool" and "jarsigner":
Stigma has many limitations. It can only track very limited sources of sensitive information (GPS, IMEI, Device Phone Number) and it can lose track of that sensitive information as the target application operates. Additionally, the detection of network connections / transmission is very primitive and may not catch many instances. Extensive future research and improvments are ongoing.
Stigma is currently "beta" software. Numerous bugs and limitations exist, which limit broad compatibility with many Android apps. It is intended to be a tool for computer science researchers working in (a) smali byte-code instrumentation or (b) dynamic information flow tracking.
-
stigma/count_pools.sh- Bash command line utility for counting the references to strings, types, fields, and methods. Requires the installation of the smali command line tool. -
stigma/valid_smali_instructions.txtandstigma/ValidSmaliInstrunctions.pycomprehensive collection of all valid smali opcode names. -
stigma/app_check_eval.pyutility that searches for small collection of likely source function calls. Takes a path to a folder (containing APKs) as input.