Embedded Files
we attempt to demystify current third-party library detection techniques by conducting a thorough comparison. We evaluate five state-of-the-art
third-party library detection tools based on four aspects: scalability, effectiveness, ability to code obfuscation-resilience, and ease of use.
Paper supplement
Paper supplement
The obfuscation-resilient capability of each TPL detection tool are summarized in Table from their original literature.
We can observe that all of these tools claim to be resilient to identifier renaming and string encryption and are not resilient to some sophisticated obfuscation strategies, e.g., classes.dex file encryption.
We will reveal their capability from their actual implementation and provide insight based on our evaluation in this section.
An example to explain the shortcomings of package hierarchy structure as the feature to split the TPL
An example to explain the shortcomings of package hierarchy structure as the feature to split the TPL
shows a real example where a popular ad library is included in an app with sha256 prefix ``42A5BC''.
LibID profiles some TPL can meet some erros as follows:
1 error; aborting
[ERROR] 2020-01-15 12:24:36,141 - LibID [_profile_libs:130] - Conversion failed
[INFO] 2020-01-15 12:24:36,141 - LibID [_profile_libs:121] - Converting AndroidAsync_1.0.8.jar to AndroidAsync_1.0.8.dex ...
UNEXPECTED TOP-LEVEL EXCEPTION:
java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:225)
at java.util.zip.ZipFile.<init>(ZipFile.java:155)
at java.util.zip.ZipFile.<init>(ZipFile.java:169)
at com.android.dx.cf.direct.ClassPathOpener.processArchive(ClassPathOpener.java:206)
at com.android.dx.cf.direct.ClassPathOpener.processOne(ClassPathOpener.java:131)
at com.android.dx.cf.direct.ClassPathOpener.process(ClassPathOpener.java:109)
at com.android.dx.command.dexer.Main.processOne(Main.java:418)
at com.android.dx.command.dexer.Main.processAllFiles(Main.java:329)
at com.android.dx.command.dexer.Main.run(Main.java:206)
at com.android.dx.command.dexer.Main.main(Main.java:174)
at com.android.dx.command.Main.main(Main.java:95)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.googlecode.dex2jar.tools.Jar2Dex.doCommandLine(Jar2Dex.java:99)
at com.googlecode.dex2jar.tools.BaseCmd.doMain(BaseCmd.java:290)
at com.googlecode.dex2jar.tools.Jar2Dex.main(Jar2Dex.java:32)
1 error; aborting
[ERROR] 2020-01-15 12:24:36,628 - LibID [_profile_libs:130] - Conversion failed
[INFO] 2020-01-15 12:24:36,629 - LibID [_profile_libs:121] - Converting AndroidAsync_1.3.6.jar to AndroidAsync_1.3.6.dex ...
Page updated
Google Sites
Report abuse