FlowDroid 分析最新Android 构建 APK出错

最近在使用 FlowDroid 的2.13的Jar包分析一些 Android 应用，在分析其他应用的时候一切工作正常。但是当分析到自己用 Android Studio 编写的应用时，就会出现如下的报错：

[main] WARN soot.dexpler.DexFileProvider - Multiple dex files detected, only processing 'classes.dex'. Use '-process-multiple-dex' option to process them all.
[main] ERROR soot.jimple.infoflow.android.resources.ARSCFileParser - Error when looking for XML resource files in apk /home/syc/Music/app-debug.apk
java.lang.RuntimeException: File format violation in type spec table: res1 is not zero offset=0x6ee5a
        at soot.jimple.infoflow.android.resources.ARSCFileParser.raiseFormatViolationIssue(ARSCFileParser.java:2991)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readTypeSpecTable(ARSCFileParser.java:2655)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readResourceHeader(ARSCFileParser.java:2212)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2094)
        at soot.jimple.infoflow.android.resources.ARSCFileParser$1.handleResourceFile(ARSCFileParser.java:2084)
        at soot.jimple.infoflow.android.resources.AbstractResourceParser.handleAndroidResourceFiles(AbstractResourceParser.java:54)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2078)
        at soot.jimple.infoflow.android.SetupApplication.parseAppResources(SetupApplication.java:443)
        at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1521)
        at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1491)
        at soot.jimple.infoflow.cmd.MainClass.run(MainClass.java:358)
        at soot.jimple.infoflow.cmd.MainClass.main(MainClass.java:256)
The data flow analysis has failed. Error message: File format violation in type spec table: res1 is not zero offset=0x6ee5a
java.lang.RuntimeException: File format violation in type spec table: res1 is not zero offset=0x6ee5a
        at soot.jimple.infoflow.android.resources.ARSCFileParser.raiseFormatViolationIssue(ARSCFileParser.java:2991)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readTypeSpecTable(ARSCFileParser.java:2655)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.readResourceHeader(ARSCFileParser.java:2212)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2094)
        at soot.jimple.infoflow.android.resources.ARSCFileParser$1.handleResourceFile(ARSCFileParser.java:2084)
        at soot.jimple.infoflow.android.resources.AbstractResourceParser.handleAndroidResourceFiles(AbstractResourceParser.java:54)
        at soot.jimple.infoflow.android.resources.ARSCFileParser.parse(ARSCFileParser.java:2078)
        at soot.jimple.infoflow.android.SetupApplication.parseAppResources(SetupApplication.java:443)
        at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1521)
        at soot.jimple.infoflow.android.SetupApplication.runInfoflow(SetupApplication.java:1491)
        at soot.jimple.infoflow.cmd.MainClass.run(MainClass.java:358)
        at soot.jimple.infoflow.cmd.MainClass.main(MainClass.java:256)

我们通过分析错误日志，不难定位到发生的问题是 ARSC文件（即resources.arsc文件）导致的

我发现 FlowDroid 的 Github 上 2.14 版本更新日志为

The new version of FlowDroid supports recent additions to the ARSC file format for Android as well as Java streams.

这就解释了我为何会遇到上述的错误，将 FlowDroid 自己构建为最新版本即可。重新构建即去下载源码包，执行：

mvn install -DskipTests

你就可以在类似这样的目录下发现构建好的 jar 包

FlowDroid-2.14.1\soot-infoflow-cmd\target

这个问题主要是因为现在很多教程还在使用老的 FlowDroid 而没有更新，故记录一下