A virtualxposed-based inline hooking framework for android native methods

Shuo Feng; Yu an Tan; Gang Zhao; Xiaohui Kuang; Xiao Yu; Juan Wang

doi:10.1007/978-981-15-9031-3_22

A virtualxposed-based inline hooking framework for android native methods

Shuo Feng, Yu an Tan, Gang Zhao, Xiaohui Kuang, Xiao Yu, Juan Wang^*

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Hooking is an important technique for monitoring application performance and adding features to applications. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even some approaches are able to hook these methods, it has limitations or is complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which doesn’t need any modifications to both Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, we combine this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

Original language	English
Title of host publication	Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings
Editors	Yang Xiang, Zheli Liu, Jin Li
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	245-253
Number of pages	9
ISBN (Print)	9789811590306
DOIs	https://doi.org/10.1007/978-981-15-9031-3_22
Publication status	Published - 2020
Event	6th International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2020 - Tianjin, China Duration: 26 Sept 2020 → 27 Sept 2020

Publication series

Name	Communications in Computer and Information Science
Volume	1298 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	6th International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2020
Country/Territory	China
City	Tianjin
Period	26/09/20 → 27/09/20

Keywords

Call encryption
ELF file format
Native hook
VirtualXposed

Access to Document

10.1007/978-981-15-9031-3_22

Cite this

Feng, S., Tan, Y. A., Zhao, G., Kuang, X., Yu, X., & Wang, J. (2020). A virtualxposed-based inline hooking framework for android native methods. In Y. Xiang, Z. Liu, & J. Li (Eds.), Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings (pp. 245-253). (Communications in Computer and Information Science; Vol. 1298 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-15-9031-3_22

Feng, Shuo ; Tan, Yu an ; Zhao, Gang et al. / A virtualxposed-based inline hooking framework for android native methods. Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings. editor / Yang Xiang ; Zheli Liu ; Jin Li. Springer Science and Business Media Deutschland GmbH, 2020. pp. 245-253 (Communications in Computer and Information Science).

@inproceedings{cb55750fc73641e6923377ea4689aa13,

title = "A virtualxposed-based inline hooking framework for android native methods",

abstract = "Hooking is an important technique for monitoring application performance and adding features to applications. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even some approaches are able to hook these methods, it has limitations or is complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which doesn{\textquoteright}t need any modifications to both Android framework and app{\textquoteright}s code. In this approach, the method{\textquoteright}s reference address is modified and control flow is redirected. Beyond that, we combine this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.",

keywords = "Call encryption, ELF file format, Native hook, VirtualXposed",

author = "Shuo Feng and Tan, {Yu an} and Gang Zhao and Xiaohui Kuang and Xiao Yu and Juan Wang",

note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd 2020.; 6th International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2020 ; Conference date: 26-09-2020 Through 27-09-2020",

year = "2020",

doi = "10.1007/978-981-15-9031-3_22",

language = "English",

isbn = "9789811590306",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "245--253",

editor = "Yang Xiang and Zheli Liu and Jin Li",

booktitle = "Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings",

address = "Germany",

}

Feng, S, Tan, YA, Zhao, G, Kuang, X, Yu, X & Wang, J 2020, A virtualxposed-based inline hooking framework for android native methods. in Y Xiang, Z Liu & J Li (eds), Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings. Communications in Computer and Information Science, vol. 1298 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 245-253, 6th International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2020, Tianjin, China, 26/09/20. https://doi.org/10.1007/978-981-15-9031-3_22

A virtualxposed-based inline hooking framework for android native methods. / Feng, Shuo; Tan, Yu an; Zhao, Gang et al.
Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings. ed. / Yang Xiang; Zheli Liu; Jin Li. Springer Science and Business Media Deutschland GmbH, 2020. p. 245-253 (Communications in Computer and Information Science; Vol. 1298 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A virtualxposed-based inline hooking framework for android native methods

AU - Feng, Shuo

AU - Tan, Yu an

AU - Zhao, Gang

AU - Kuang, Xiaohui

AU - Yu, Xiao

AU - Wang, Juan

N1 - Publisher Copyright: © Springer Nature Singapore Pte Ltd 2020.

PY - 2020

Y1 - 2020

N2 - Hooking is an important technique for monitoring application performance and adding features to applications. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even some approaches are able to hook these methods, it has limitations or is complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which doesn’t need any modifications to both Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, we combine this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

AB - Hooking is an important technique for monitoring application performance and adding features to applications. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even some approaches are able to hook these methods, it has limitations or is complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which doesn’t need any modifications to both Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, we combine this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

KW - Call encryption

KW - ELF file format

KW - Native hook

KW - VirtualXposed

UR - http://www.scopus.com/inward/record.url?scp=85092196952&partnerID=8YFLogxK

U2 - 10.1007/978-981-15-9031-3_22

DO - 10.1007/978-981-15-9031-3_22

M3 - Conference contribution

AN - SCOPUS:85092196952

SN - 9789811590306

T3 - Communications in Computer and Information Science

SP - 245

EP - 253

BT - Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings

A2 - Xiang, Yang

A2 - Liu, Zheli

A2 - Li, Jin

PB - Springer Science and Business Media Deutschland GmbH

T2 - 6th International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2020

Y2 - 26 September 2020 through 27 September 2020

ER -

Feng S, Tan YA, Zhao G, Kuang X, Yu X, Wang J. A virtualxposed-based inline hooking framework for android native methods. In Xiang Y, Liu Z, Li J, editors, Security and Privacy in Social Networks and Big Data - 6th International Symposium, SocialSec 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 245-253. (Communications in Computer and Information Science). doi: 10.1007/978-981-15-9031-3_22

A virtualxposed-based inline hooking framework for android native methods

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this