build taintdroid2.3 for emulator

TaintDroid 2.3	Search this site

Navigation Home TaintDroid 2.3 Build TaintDroid Runner TaintDroid Tester Hide the Emulator Files Sitemap External Links appanalysis.org Mobile Sandbox

TaintDroid 2.3 Build This page describes how to build TaintDroid 2.3 for the emulator. Disclaimer: Use the TaintDroid research prototypes at your own risk! TaintDroid is a research prototype and is provided "as is" without warranty or support of any kind, whether expressed or implied. The creators of TaintDroid make no guarantee and hold no responsibility for any damage, injury,  loss of property, loss of data, loss of any and all resources, or any  negative influence what-so-ever that may result from any and all use of TaintDroid and associated materials. This includes but is not limited to the  downloadable software and documentation available from this website.  Negative consequences of your usage of TaintDroid and any associated materials are solely your problem and your responsibility. Contents 1 Limitations of the Emulator Version 2 Prerequisites 2.1 Build on Ubuntu 11.10 x64 3 Step 1: Get the Android Source Code 4 Step 2: Get the TaintDroid Source Code 5 Step 3: Build Kernel with xattr SDcard Support 5.1 Get Kernel 5.2 Patch Kernel 5.3 Build Kernel 5.4 Verify YAFFS and EXT2 Support 6 Step 4: Build TaintDroid 7 Optional: Step 5: Prepare SD Card 8 Step 6: Use TaintDroid Limitations of the Emulator Version Even though the same code is used for the TaintDroid 2.3 Emulator version there are some differences to the version for Nexus S and Nexus One: Taint tags currently get lost in the emulated environment if op code OP_WIGET_WIDE is used (which is mapped dvmQuasiAtomicRead64FieldTaint). Prerequisites In order to build TaintDroid you should have a computer configured to build Android as described in source.android.com. Build on Ubuntu 11.10 x64 In order to build on Ubuntu 11.10 x64 it is necessary to adjust some make files before starting the build (with make): frameworks/base/libs/utils/Android.mk Change: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) To: LOCAL_CFLAGS += -DLIBUTILS_NATIVE=1 $(TOOL_CFLAGS) -fpermissive build/core/combo/HOST_linux-x86.mk Change: HOST_GLOBAL_CFLAGS += -D_FORTIFY_SOURCE=0 To: HOST_GLOBAL_CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 Step 1: Get the Android Source Code Download the Android 2.3 source code. % mkdir ~/tdroid-2.3 % cd ~/tdroid-2.3 % repo init -u https://android.googlesource.com/platform/manifest -b android-2.3.4_r1 % repo sync ... wait To build Android 2.3 the Java 6 JDK needs to be installed. % sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner" % sudo add-apt-repository "deb-src http://archive.canonical.com/ubuntu lucid partner" % sudo apt-get update % sudo apt-get install sun-java6-jdk Ensure that your build is running fine. % . ./build/envsetup.sh % lunch 1 % make -j4 ... wait % emulator ... ensure the build works Step 2: Get the TaintDroid Source Code Download the TaintDroid 2.3 local_manifest.xml and place it in ~/tdroid-2.3/.repo or copy and paste the following content into .repo/local_manifest.xml. <manifest>   <remote  name="github" fetch="git://github.com" />   <remove-project name="platform/dalvik"/>   <project path="dalvik" remote="github" name="dbaeumges/android_platform_dalvik" revision="taintdroid-2.3_emulator" />   <remove-project name="platform/libcore"/>   <project path="libcore" remote="github" name="TaintDroid/android_platform_libcore" revision="taintdroid-2.3.4_r1" />   <remove-project name="platform/frameworks/base"/>   <project path="frameworks/base" remote="github" name="TaintDroid/android_platform_frameworks_base" revision="taintdroid-2.3.4_r1" />   <remove-project name="platform/system/vold"/>   <project path="system/vold" remote="github" name="TaintDroid/android_platform_system_vold" revision="taintdroid-2.3.4_r1" /> </manifest> Next, pull the source code. % cd ~/tdroid-2.3 % repo sync % cd dalvik % git branch --track tdroid-2.3 github/taintdroid-2.3_emulator % git checkout tdroid-2.3 % git pull # (just to be safe) % cd .. % cd libcore % git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1 % git checkout tdroid-2.3 % git pull # (just to be safe) % cd .. % cd frameworks/base % git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1 % git checkout tdroid-2.3 % git pull # (just to be safe) % cd ../.. % cd system/vold % git branch --track tdroid-2.3 github/taintdroid-2.3.4_r1 % git checkout tdroid-2.3 % git pull # (just to be safe) Step 3: Build Kernel with xattr SDcard Support Get Kernel % cd ~/tdroid-2.3 % git clone http://android.googlesource.com/kernel/goldfish.git % cd goldfish % git branch --track android-goldfish-2.6.29 origin/android-goldfish-2.6.29 % git checkout android-goldfish-2.6.29 % git pull # (just to be safe) % ... wait Patch Kernel The patch file can be downloaded here and be applied. % cd ~/tdroid-2.3/ goldfish % patch -p1 < ~/yaffs_xattr.patch Build Kernel % cd ~/tdroid-2.3 % . build/envsetup.sh % lunch 1 % cd goldfish % export ARCH=arm % export SUBARCH=arm % export CROSS_COMPILE=arm-eabi- % make goldfish_defconfig % make oldconfig % make menuconfig % ... make sure that YAFFS and EXT2 with XATTR and SECURITY options are supported (refer to verify YAFFS and EXT2 support). % make -j4 # -j# determines the number of threads used for the build % cp arch/arm/boot/zImage ~/ # for later use Verify YAFFS and EXT2 Support After calling make menuconfig a .config file can be found in the common directory. Search for the following entries: ... # # File systems # CONFIG_EXT2_FS=y CONFIG_EXT2_FS_XATTR=y CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT2_FS_XIP=y ... CONFIG_YAFFS_FS=y CONFIG_YAFFS_YAFFS1=y CONFIG_YAFFS_XATTR=y CONFIG_YAFFS_SECURITY=y # CONFIG_YAFFS_9BYTE_TAGS is not set # CONFIG_YAFFS_DOES_ECC is not set CONFIG_YAFFS_YAFFS2=y CONFIG_YAFFS_AUTO_YAFFS2=y # CONFIG_YAFFS_DISABLE_LAZY_LOAD is not set # CONFIG_YAFFS_DISABLE_WIDE_TNODES is not set # CONFIG_YAFFS_ALWAYS_CHECK_CHUNK_ERASED is not set CONFIG_YAFFS_SHORT_NAMES_IN_RAM=y ... Step 4: Build TaintDroid First, we need to create a buildspec.mk file and define some  variables so that TaintDroid will build properly. % cd ~/tdroid-2.3 % edit/create buildspec.mk # Enable core taint tracking logic (always add this) WITH_TAINT_TRACKING := true # Enable taint tracking for ODEX files (always add this) WITH_TAINT_ODEX := true # Enable taint tracking in the "fast" (aka ASM) interpreter (recommended) WITH_TAINT_FAST := true # Enable addition output for tracking JNI usage (not recommended) #TAINT_JNI_LOG := true Now TaintDroid can be built. % . ./build/envsetup.sh % lunch 1 % make clean % make -j4 Optional: Step 5: Prepare SD Card You might like to use an SD card in your emulator system. In your build environment do the following: % mksdcard 1024M sdcard.img % sudo mke2fs sdcard.img Step 6: Use TaintDroid Now TaintDroid can be started in the emulator. % emulator -kernel ~/zImage -image ~/tdroid-2.3/out/target/product/generic/system.img -ramdisk ~/tdroid-2.3/out/target/product/generic/ramdisk.img -sdcard sdcard.img During startup change the execution mode. % adb shell setprop dalvik.vm.execution-mode int:portable