Recent years have witnessed rapid development in the detection of third-party libraries in Android applications. However, each approach typically comes with its own implementation, limiting re-use for further development. To address this LibFP was created - a versatile third-party Library Fingerprinting Framework written in Java.
This project uses Gradle as its build system. Follow these steps to build and install the LibFP framework:
-
Clone the repository:
git clone https://github.com/example/libfp.git
-
Navigate to the project directory:
cd libfp
-
Build the project using Gradle:
gradle build
-
After a successful build, you can find each compiled JAR file in their corresponding
build/libs
directory. Note that in order to utilizelibfp-cli
as an executable, rungradle libfp-cli:standalone
- Java 17+
- Android framework JAR (android.jar) - stubs file is ok
- Dataset from LibLOOM formatted according to the
Demo/
directory (see dataset.conf.
Module | Description |
---|---|
libfp-core | Core module providing fundamental components for profile generation and third-party detection. |
libfp-cha | Module implementing the Class Hierarchy Analysis (CHA) strategy for creating library profiles. |
libfp-benchmark | Module containing benchmarking functionalities, including test suites and result analysis. |
libfp-tlsh | Module integrating the Trend Micro Locality-Sensitive Hashing (TLSH) algorithm for similarity. |
libfp-impl | Implementation module for additional features, extensions, and custom profile generation. |
Here's a simple example demonstrating how to use the LibFP framework to perform benchmarking:
// Import necessary classes and interfaces
// ...
// 1. retrieve the dataset
DataSet dataset= //...;
// 2. Create the TestSuite with all relevant factories. Please follow
// the steps provided in CustomProfileExample to create
// ProfileManager and Strategy instances.
ICHAProfileProvider context = new ExampleProfileContext();
CHATestSuite suite = new TestSuiteBuilder<>(CHATestSuite::new)
.setDataSet(dataSet)
.setProvider(context)
.createTestSuite();
// 3. Specify the app name(s) to test.
String appName = "003-nodomain.freeyourgadget.gadgetbridge";
// 3.5. (optional) Prepare the profiles.
suite.prepareApp(appName);
suite.prepareLibraries();
// 4. Benchmark a strategy by using a custom threshold configuration
IThresholdConfig config = new SimpleThresholdConfig()
.set(CHAProfile.class, 0.8) // profile similarity threshold
.set(ClassProfile.class, 0.6) // class similarity threshold
.set(TestResult.class, 0.68); // result threshold
BenchmarkResult result = suite.benchmark(appName, config);
// 5. Retrieve the accuracy of the chosen strategy by providing the
// appType (a default type is "").
Whitelist whitelist = dataSet
.groundTruth()
.getVersionWhitelist(appName);
TestAccuracy accuracy = result.getTestAccuracy(
BenchmarkResult.defaultAppType, config, whitelist);
// ...
Additional examples are placed in libfp-impl:example/.
Distributed under the MIT license. See LICENSE for more information.