函数Native化的Android APP加固方法

Yan Yan Song; Sen Lin Luo; Hai Shang; Li Min Pan; Ji Zhang

doi:10.3785/j.issn.1008-973X.2019.03.017

函数Native化的Android APP加固方法

Translated title of the contribution: Android APP reinforcement method with function Nativeization

Yan Yan Song, Sen Lin Luo, Hai Shang, Li Min Pan^*, Ji Zhang

^*Corresponding author for this work

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

3 Citations (Scopus)

Abstract

The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

Translated title of the contribution	Android APP reinforcement method with function Nativeization
Original language	Chinese (Traditional)
Pages (from-to)	555-562
Number of pages	8
Journal	Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)
Volume	53
Issue number	3
DOIs	https://doi.org/10.3785/j.issn.1008-973X.2019.03.017
Publication status	Published - Mar 2019

Access to Document

10.3785/j.issn.1008-973X.2019.03.017

Cite this

@article{8dbc16b4df424a0a946d4c87db9634e3,

title = "函数Native化的Android APP加固方法",

abstract = "The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.",

keywords = "APP reinforcement, Android System, Dynamic loading, Function-Nativezation, Hook technology",

author = "Song, {Yan Yan} and Luo, {Sen Lin} and Hai Shang and Pan, {Li Min} and Ji Zhang",

year = "2019",

month = mar,

doi = "10.3785/j.issn.1008-973X.2019.03.017",

language = "繁体中文",

volume = "53",

pages = "555--562",

journal = "Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)",

issn = "1008-973X",

publisher = "Zhejiang University Press",

number = "3",

}

TY - JOUR

T1 - 函数Native化的Android APP加固方法

AU - Song, Yan Yan

AU - Luo, Sen Lin

AU - Shang, Hai

AU - Pan, Li Min

AU - Zhang, Ji

PY - 2019/3

Y1 - 2019/3

N2 - The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

AB - The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated. The original DEX file was reconstructed and encrypted; its key Java function attribute was changed to Native, and the shell DEX file was added. When the Android APP was started, the shell DEX file was executed first, and then the original DEX was decrypted and loaded dynamically. When the protected function was called, the Native property of the function in memory was maintained, and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism. The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses, and can effectively resist static analysis attacks, DEX dynamic recovery and dynamic shelling attacks.

KW - APP reinforcement

KW - Android System

KW - Dynamic loading

KW - Function-Nativezation

KW - Hook technology

UR - http://www.scopus.com/inward/record.url?scp=85066424438&partnerID=8YFLogxK

U2 - 10.3785/j.issn.1008-973X.2019.03.017

DO - 10.3785/j.issn.1008-973X.2019.03.017

M3 - 文章

AN - SCOPUS:85066424438

SN - 1008-973X

VL - 53

SP - 555

EP - 562

JO - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

JF - Zhejiang Daxue Xuebao (Gongxue Ban)/Journal of Zhejiang University (Engineering Science)

IS - 3

ER -

函数Native化的Android APP加固方法

Abstract

Access to Document

Other files and links

Fingerprint

Cite this