View Code? Open in Web Editor NEW

A dynamic information flow tracing system for Android

License: Other

Makefile 0.05% C 92.41% C++ 4.43% Objective-C 1.04% Python 0.10% ApacheConf 0.01% Shell 0.87% Groff 0.14% Assembly 0.39% SAS 0.06% Smalltalk 0.01% HTML 0.04% R 0.02% Rebol 0.01% Logos 0.02% Perl 0.01% M 0.05% Haxe 0.37%

ndroid's Introduction

NDroid

NDroid is a dynamic taint analysis system on Android, which focus on tracing information flow through JNI with low performance overhead. More details about NDroid can be found in our published paper here.

####NDroid uses following open source projects:

####Please note that:

The old NDroid prototype's code is kind of messy and not extensible. Therefore, I am rebuilding NDroid with goals: making it faster, more effective and extensible.
Currently, this version is still under developing, so that it cannot be used to analyze apps. Once the core functions are completed, I will create a patch.
The TaintDroid source code I use is 4.1.1_r6.

####How to build?

Build TaintDroid 4.1.1_r6 following the instruction here.
Clone NDroid source code: cd TaintDroid/external/ & git clone https://github.com/0-14N/NDroid.git ndroid
Setup building environment: cd TaintDroid/ & . build/envsetup.sh & lunch full-eng
Build NDroid: cd TaintDroid/external/ndroid & ./android-configure.sh & make
Run NDroid: cd objs & ./emulator -sysdir TaindDroid/out/target/product/generic/ -kernel TaintDroid/prebuilt/android-arm/kernel/kernel-qemu-armv7 -qemu -monitor stdio
Try "ps", "pt", "pm pid" commands provided by DroidScope, make sure they all work.
Start tracing process with command "nd_trace_pid pid" or "nd_trace_uid uid"; stop tracing by typing "nd_stop_trace_pid pid" or "nd_stop_trace_uid uid".
The log of NDroid "NDroid.log" is under directory "objs".

####Issues:

If commands provided by DroidScope ("ps", "pt") output nothing, try modifying files "objs/kernelinfo.conf" and "ndroid/DECAF_shared/DroidScope/DS_Common.h", making the offesets correclty.
As reported by my friends, there are bugs for decoding Thumb-2 instructions and handling taint propagations of certain ARM instructions. (Not fixed yet.)

####Others:

There is little possibility that I will continue working on NDroid for following reasons:
1. Android Lollipop totally abandoned DVM! (So do I ... )
2. I have to admit that the performance overhead produced by NDroid makes it impractical for analyzing real apps with large amounts of native code.
3. I don't have enough time since I am working on new research projects.

Recommend Projects