Computer Technology |
|
|
|
|
Android APP reinforcement method with function Nativeization |
Yan-yan SONG( ),Sen-lin LUO,Hai SHANG,Li-min PAN*( ),Ji ZHANG |
School of Information and Electronics, Beijing Instutitute of Technology, Beijing 100081, China |
|
|
Abstract The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.
|
Received: 16 May 2018
Published: 04 March 2019
|
|
Corresponding Authors:
Li-min PAN
E-mail: songyanyan29@163.com;panlimin@bit.edu.cn
|
函数Native化的Android APP加固方法
调研动态恢复攻击的逻辑思路和Android APP中函数调用执行流程. 通过对原DEX文件进行重构和加密,将其关键Java函数属性改为Native,并添加壳DEX文件;Android APP启动后首先执行壳DEX文件,然后对原DEX进行解密和动态加载,当调用被保护函数时,保持该函数在内存中的Native属性,通过Hook技术和反射机制隐式恢复并执行原Java函数. 实验和对比分析结果表明,该方法能够在较低资源损耗和无需反编译源码的前提下获取高强度的保护效果,可以有效抵御静态分析攻击、DEX动态恢复和动态脱壳攻击.
关键词:
APP加固,
函数Native化,
Hook技术,
动态加载,
Android系统
|
|
[1] |
RASTOGI S, BHUSHAN K, GUPTA B B Android applications repackaging detection techniques for smartphone devices[J]. Procedia Computer Science, 2016, 78: 26- 32
|
|
|
[2] |
阿里聚安全. 阿里聚安全2016年报[EB/OL]. (2017-03-09)[2017-08-23]. https://yq.aliyun.com/-articles/72037.
|
|
|
[3] |
COLLBERG C. A taxonomy of obfuscating transformations [D]. New Zealand: University of Auckland, 1997.
|
|
|
[4] |
LOW D. Java control flow obfuscation[D]. Auckland: University of Auckland, 1998.
|
|
|
[5] |
TSAI K. Android APP copy protection mechanism with semi-trusted loader [C] // 17th International Conference on Advanced Communication Technology. Seoul: IEEE, 2015: 464–467.
|
|
|
[6] |
Android Open Source. Dalvik可执行文件格式[EB/OL]. (2014-07-14)[2017-08-23]. https://sourc-e.android.google.cn/devices/tech/dalvik/dexformat?hl=zhcn.
|
|
|
[7] |
SCHULZ P. Code protection in Android [R/OL]. Technical Report 110, Rheinische Friedrich-Wilhelms-Universitgt Bonn, Germany, 2012. http://net.cs.uni-bonn.de/fileadmin/user_upload/plohmann/2012-Schulz-Code_Protection_in_Android.pdf.
|
|
|
[8] |
王泽华. Android软件安全加固技术研究与实现[D]. 成都: 电子科技大学, 2016. WANG Ze-hua. Research and Implementation of the Android Software Security Reinforcement Technique[D]. Chengdu: University of Electronic Science and Technology of China, 2016.
|
|
|
[9] |
加固脱壳及抽代码还原方法 [EB/OL]. (2016-04-15)[2018-02-15]. http://blog.csdn.net/justfwd/article/det-ails/51164281.
|
|
|
[10] |
梆梆安全. 梆梆加固[EB/OL]. (2017-01-15)[2018-02-10]. http://www.bangcle.com/.
|
|
|
[11] |
MULLINER C. Android DDI: Introduction to Dynamic Dalvik Instrumentation [EB/OL]. (2014-10-15)[2018-01-02]. https://github.com/crmulliner/ddi.
|
|
|
[12] |
刘惠明 安卓应用自动原生化及混淆系统[J]. 微电子学与计算机, 2016, 33 (10): 50- 62 LIU Hui-ming Automatic Android APPs translation and obfuscation system[J]. Microelectronics and Computers, 2016, 33 (10): 50- 62
|
|
|
[13] |
ZHOU W, WANG Z, ZHOU Y Z. et al. DIVILAR: diversifying intermediate language for anti-repacking on Android platform [C] // Proceedings of the 4th ACM conference on Data and Application Security and Privacy, 2014: 199–210.
|
|
|
[14] |
丰生强. Android软件安全与逆向方法[M]. 北京: 人民邮电出版社, 2014:152–156.
|
|
|
[15] |
Sourceforge. dex2jar introduction [EB/OL]. (2016-10-11)[2017-12-20]. http://sourceforge.net/projects/dex2jar/
|
|
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|