soot icon indicating copy to clipboard operation
soot copied to clipboard

Published 20 hours ago verified publisher icon soot-oss

Casting exception during AxmlHandler transformation

Open 3ntr0phy opened this issue 6 years ago • 9 comments

I'm trying to work on the AndroidManifest on some application and I get this exception of a lot of applications :

java.lang.ClassCastException: java.lang.Float cannot be cast to java.lang.Integer at pxb.android.axml.AxmlWriter$NodeImpl.write(AxmlWriter.java:238) at pxb.android.axml.AxmlWriter$NodeImpl.write(AxmlWriter.java:254) at pxb.android.axml.AxmlWriter$NodeImpl.write(AxmlWriter.java:254) at pxb.android.axml.AxmlWriter$NodeImpl.write(AxmlWriter.java:254) at pxb.android.axml.AxmlWriter.toByteArray(AxmlWriter.java:388) at soot.jimple.infoflow.android.axml.AXmlHandler.toByteArray(AXmlHandler.java:124) at Manifest_extractor.addProperties(Manifest_extractor.java:192) There is some ways for an easy fix? I need to deploy a large set of experiments is a few days..

3ntr0phy avatar Nov 21 '18 11:11 3ntr0phy

Can you investigate the issue a bit more to track down its cause?

mbenz89 avatar Dec 04 '18 10:12 mbenz89

Sure, I will, in a few days I will add some extra info, sorry for the delay;)

3ntr0phy avatar Dec 11 '18 09:12 3ntr0phy

I'm currently experiencing the same problem with several apks. The issue seems to be more related to FlowDroid than Soot directly though

louison avatar Mar 08 '19 14:03 louison

AXmlWriter is a third-party component that both FlowDroid and Soot use. At the moment, it is unclear to me whether this is a bug in FlowDroid, in your own code (generating invalid nodes), or in AXml. Could you check why this exception occurs? It would be nice to see why the writer thinks it's dealing with an Integer value.

StevenArzt avatar Mar 08 '19 14:03 StevenArzt

Sure, I'll try to investigate a bit more on that

louison avatar Mar 08 '19 14:03 louison

Hello, there is any fix for this issue ?

3ntr0phy avatar Jul 22 '19 09:07 3ntr0phy

I've committed a change to axml, which should fix this issue: https://github.com/Sable/axml/commit/8e1d4277518c1413b849cd7850aa39d32dffb50b

Note that this is on the develop branch.

MarcMil avatar Aug 13 '20 10:08 MarcMil

Thank you @MarcMil Any chance it will be merged into master? I got the same error, that should be fixed, with AXmlComplexValue.

Killuaa27 avatar Sep 17 '20 10:09 Killuaa27

I am having ~the exact same~ a similar issue, but it is not caused by Float. It crashes when the axml contains AXmlComplexValue. My debugger shows me this: image

and it will get into the else branch as it matches with no other type. Can we fix this? The number part should be easy to write, but what about the unit part?

By the way, this can be triggered by simply reading layout files then write it for many apps (if you cannot reproduce, I am happy to provide my sample apk)

import soot.jimple.infoflow.android.resources.AbstractResourceParser

class LayoutModifier(private val apkPath: Path) : AbstractResourceParser() {
    fun readLayoutFiles() {
        handleAndroidResourceFiles(apkPath.toString(), null, IResourceHandler { fileName, _, stream ->
            if (!fileName.startsWith("res/layout") && !fileName.startsWith("res/menu"))
                return@IResourceHandler
            if (!fileName.endsWith(".xml")) {
                return@IResourceHandler
            }

            val handler = AXmlHandler(stream, AXML20Parser())
            handler.toByteArray() // <-- here
        }
    }
}

This zip file contains the apk I used to trigger this error app-debug.zip

YaxinCheng avatar Feb 23 '22 16:02 YaxinCheng