CN108733379B - Android application reinforcement method based on DEX byte code extraction mapping confusion - Google Patents

Android application reinforcement method based on DEX byte code extraction mapping confusion Download PDF

Info

Publication number
CN108733379B
CN108733379B CN201810521841.5A CN201810521841A CN108733379B CN 108733379 B CN108733379 B CN 108733379B CN 201810521841 A CN201810521841 A CN 201810521841A CN 108733379 B CN108733379 B CN 108733379B
Authority
CN
China
Prior art keywords
code
mapping
dex
item
android application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810521841.5A
Other languages
Chinese (zh)
Other versions
CN108733379A (en
Inventor
乐德广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changshu Institute of Technology
Original Assignee
Changshu Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changshu Institute of Technology filed Critical Changshu Institute of Technology
Priority to CN201810521841.5A priority Critical patent/CN108733379B/en
Publication of CN108733379A publication Critical patent/CN108733379A/en
Application granted granted Critical
Publication of CN108733379B publication Critical patent/CN108733379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The invention discloses an android application reinforcing method based on DEX byte code extraction, mapping and confusion, which comprises the following steps: extracting a code _ item code to be obfuscated from an original DEX file obtained by an android application APK program, and mapping and obfuscating the code _ item; compiling the source code of the mapping interpretation execution environment to obtain a shared object library (SO) executable file of the mapping interpretation execution environment; decompiling DEX byte codes into Java source codes, adding a Java entry method for mapping an interpreted execution environment to replace and confuse an original Java method, and compiling into a new obfuscated DEX file; and signing and packaging other files in the APK, the obfuscated DEX file and the SO executable file mapping the interpreted execution environment into a new reinforced android application APK program. Under the condition of not influencing the operation overhead, the confusion strength is greatly improved, various reverse analysis attacks can be effectively resisted, and the method has strong attack resistance elasticity.

Description

Android application reinforcement method based on DEX byte code extraction mapping confusion
Technical Field
The invention relates to an android application reinforcement protection method, in particular to an android application reinforcement method based on DEX byte code extraction, mapping and confusion.
Background
In mobile internet communication, due to the characteristics of openness and freeness, the android system is supported by a large number of application developers, and various android applications are layered endlessly, so that rich experience is brought to mobile terminal users. However, since the android application is mainly developed through Java language and compiled into DEX bytecode and runs in Dalvik or art (android runtime) virtual machine environment of the android system, an attacker realizes cracking, tampering, hooking (Hook) and repackaging of the android application through reverse analysis of DEX, and security problems such as piracy, code injection and privacy information leakage of the android application are caused. Through autonomous capture and vendor exchange in 2016 national internet emergency (CNCERT/CC), it was discovered that mobile internet malicious programs are nearly 205 thousands in number, 39.0% more than 2015, and mainly aimed at the android platform. According to a 2017 mobile application security situation report issued by the general payment shield technology, the android application scale is increased from 2.3 thousands to 2.8 thousands in 2017 by 21.74%, malicious codes are built in the counterfeit software, and the interests of users are damaged in the modes of pushing advertisements, malicious deduction, stealing privacy information and the like. Therefore, how to prevent the android application from being illegally cracked, injecting malicious codes such as trojans, charging, advertisements and the like, protecting privacy information, maintaining user rights and interests, realizing security reinforcement and protection of the android application software becomes a hotspot of software security research.
Currently, some research achievements have been made for security reinforcement of android applications, including reinforcement technologies and methods such as a reflection mechanism, dynamic loading, encryption, Native code execution, shell adding, code obfuscation, and the like, so that threats caused by reverse analysis are eliminated to a certain extent. However, with the appearance and rapid development of reverse analysis techniques such as memory extraction, dynamic shelling, taint analysis, and symbolic execution, the conventional reinforcement method has not been able to meet the demand.
Disclosure of Invention
In order to solve the technical problems, the invention aims to: the method for reinforcing the android application based on DEX byte code extraction, mapping and confusion is characterized in that the DEX byte code extraction and mapping structure of a Java layer is used for obfuscating the DEX byte code and is packaged into a Native layer, and the obfuscated DEX byte code is interpreted and executed through a DEX mapping interpretation execution environment of the Native layer, so that the correctness of the obfuscated android application operation logic is ensured. The method not only greatly improves the confusion strength, but also can effectively resist various reverse analysis attacks under the condition of not influencing the operation overhead, and has strong attack resistance elasticity.
The technical scheme of the invention is as follows:
an android application reinforcement method based on DEX byte code extraction mapping confusion comprises the following steps:
s01: decompressing an android application APK program to obtain an original DEX file;
s02: extracting code _ item codes to be obfuscated from an original DEX file, and performing mapping obfuscation processing on the code _ item according to an operation code mapping table;
s03: extracting table information in an original DEX file, putting the table information, the obfuscated code _ item code and a mapping interpreter source code into a source code of a mapping interpretation execution environment, and compiling the source code of the mapping interpretation execution environment to obtain a shared object library (SO) executable file of the mapping interpretation execution environment;
s04: decompiling DEX byte codes in the android application into Java source codes through reverse engineering, adding a Java entry method for mapping an interpreted execution environment to perform substitution confusion on an original Java method, and compiling the android application confusion source codes into a new confusion DEX file;
s05: and signing and packaging other files in the original android application APK, the compiled newly generated obfuscated DEX file and the SO executable file mapping the interpreted execution environment into a new reinforced android application APK program.
In a preferred embodiment, in the step S02, an opaque bytecode is constructed during obfuscating, and the mapped obfuscated code _ item code and DEX table information are respectively generated into code _ item and DEX table information indexes, which are then encapsulated in the SO of the Native layer.
In a preferred embodiment, in step S03, the mapping interpreter is implemented in a local layer according to the opcode mapping table and the Dalvik bytecode standard, and the mapping interpreter is encapsulated in the SO to generate a DEX mapping interpretation execution environment together with the code _ item and the DEX table information index.
In a preferred technical solution, in the step S04, a mapping interpretation execution environment entry is set in DEX of the Java layer in combination with a variable parameter passing mechanism, an index mechanism and a Java Native Interface (JNI) mechanism, so as to complete mapping interpretation execution call of the obfuscated code _ item code.
In a preferred technical solution, the table information in the DEX file includes a string identifier table, a field identifier table, and a method identifier list.
In the preferred technical scheme, when the DEX table information is packaged, the original index value of the DEX table information is reserved, when the instruction operation code of the code _ item is explained, the original index value of the DEX table information is found through a polling index linked list, and the DEX table information is obtained through the original index value.
Compared with the prior art, the invention has the advantages that:
the method not only effectively confuses DEX byte codes of the android application, resists various reverse analysis and utilization, and realizes the safety reinforcement protection of the android application. And the operation logic of the confused android application is kept correct, and the environment of the operated android system is kept unchanged.
(1) And constructing opaque DEX byte codes by adopting a pull-out mapping confusion technology, and pulling the DEX byte code information from the DEX file into an SO file, SO that the DEX byte codes can resist various dynamic and static reverse analysis attacks of a Java layer and a Native layer, and the effective confusion protection of the DEX byte codes is realized.
(2) A DEX byte code indirect execution method based on Native layer mapping interpretation execution is provided through a DEX mapping interpretation execution environment, and the correct operation of the DEX byte code after confusion is realized by using a variable parameter transfer mechanism, an index mechanism and a JNI mechanism, so that the operation environment of an android system does not need to be changed after the android application is reinforced, and the independence and the universality of the android application are ensured.
(3) The obfuscated DEX bytecode is directly interpreted and executed by the mapping interpreter without restoring the obfuscated DEX bytecode to the original DEX bytecode through a bytecode mapping table, so that a new security problem caused by protecting the bytecode mapping table is avoided.
Drawings
The invention is further described with reference to the following figures and examples:
FIG. 1 is a flow chart of an android application reinforcement method based on DEX bytecode de-mapping obfuscation in accordance with the present invention;
FIG. 2 is a schematic diagram of an opcode mapping obfuscation process;
FIG. 3 is a diagram illustrating code _ item linked list indexing;
FIG. 4 is a table of string identifier information indices;
FIG. 5 is a diagram of mapping interpreted execution environment entries;
FIG. 6 is a diagram of a mapping interpretation execution environment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
Example (b):
as shown in fig. 1, a method for strengthening an android application based on DEX bytecode-extraction mapping obfuscation, which includes DEX extraction mapping obfuscation and mapping interpretation execution, specifically includes the following steps:
s01: decompressing an android application APK program to obtain an original DEX file;
s02: extracting code _ item codes to be obfuscated from an original DEX file, and performing mapping obfuscation processing on the code _ item according to an operation code mapping table; code _ item is the content in the android dex file format.
S03: extracting table information in an original DEX file, putting the table information, the obfuscated code _ item code and the mapping interpreter source code into a source code of a mapping interpretation execution environment, and compiling the source code of the mapping interpretation execution environment to obtain a Shared Object library (SO) executable file of the mapping interpretation execution environment;
s04: decompiling DEX byte codes in the android application into Java source codes through reverse engineering, adding a Java entry method for mapping an interpreted execution environment to perform substitution confusion on an original Java method, and compiling the android application confusion source codes into a new confusion DEX file;
s05: and signing and packaging other files in the original android application APK, the compiled newly generated obfuscated DEX file and the SO executable file mapping the interpreted execution environment into a new reinforced android application APK program.
In the DEX extraction mapping obfuscation, firstly, extraction processing is carried out on code _ item codes and DEX table information of DEX in android application, secondly, mapping obfuscation is carried out on the extracted code _ item codes according to an operation code mapping table to construct opaque byte codes, and the mapped obfuscated code _ item codes and the DEX table information are respectively generated into code _ item and DEX table information indexes by utilizing android Native characteristics and then are packaged into SO (shared object) of a local layer (Native layer).
In android applications, android Java methods are compiled in code _ item of a DEX file. Thus, the code _ item code is first found in DEX and extracted from DEX. For example, an arithmetic android Java method, the source code of which is shown below.
Figure BDA0001674996530000041
The code _ item code in DEX after the above android Java method compilation is as follows.
Figure BDA0001674996530000051
Wherein, 0x04000200000000000B9529000500000092000202900103000F01 is the code _ item code corresponding to the android Java method test 1. Where 0x92000202900103000F01 is the insns byte code (data in frame) of code _ item, which corresponds to the c ═ a, b + c arithmetic instruction and return instruction of the test1 method.
Then, determining the operation code information in the instruction stream of the code _ item according to the Dalvik byte code syntax, and sequentially replacing each operation code with a new operation code according to an operation code mapping table. Taking the bytecode of test1 method as an example, the opcode mapping obfuscation process is shown in fig. 2.
In FIG. 2, the bytecode is first analyzed to include 3 instructions with opcodes of 0x92, 0x90, and 0x0F, respectively. According to the opcode mapping table of FIG. 2, the opcodes become 0x17, 0x2C, and 0x76, respectively, after mapping. After map obfuscation, the insns bytecode of code _ item is 0x170002022C0103007601, as shown below.
Figure BDA0001674996530000052
It can be seen that the opcode mapping of code _ item ensures that even if the code _ item of an android application is parsed, it is difficult to reverse out its original code _ item code. The extracted and operation code mapping obfuscated code _ item codes form a code _ item linked list index, and the format of the code _ item linked list index is shown in fig. 3.
In fig. 3, each code _ item corresponds to a chain table index value (index). The code _ item index is then encapsulated into the SO by C/C + + program compilation. The obfuscated code _ item code execution is completed by the Native layer mapping interpretation execution environment. In order to improve the interpretation execution efficiency of the obfuscated code _ item code at the Native layer, the DEX table information used by the code _ item code, including a string identifier table (string _ ids _ item), a field identifier table (field _ ids _ item), a method identifier table (method _ ids _ item), and the like, is formed into a corresponding DEX table information index, and then is encapsulated into the SO as to be the same as the obfuscated code _ item code. For example, the string identifier table information index format is as shown in fig. 4.
As can be seen from fig. 4, after the string identifier table information is encapsulated in the SO file, the index value (string _ id) of the original string identifier table information changes corresponding to the chain table index value (index) in the SO file. Therefore, when the DEX table information (e.g., string _ ids _ item) is encapsulated, the original index value (e.g., string _ ids) is retained. Thus, when interpreting the instruction opcode of code _ item, the original index value of the DEX table information is found by polling the index linked list. Then, DEX table information is acquired by the original index value. For example, when executing the const-string instruction opcode of code _ item, it places the reference specified in the string identifier table into the specified register, finds the string _ id _ item of the same string _ id value in the index chain table of FIG. 4 from the string _ id value of the const-string instruction opcode, and then returns the string value of the item. This ensures that the DEX bytecode can still execute correctly and efficiently after the context of interpretation changes.
In the DEX mapping interpretation, firstly, a mapping interpreter is realized at a Native layer according to an operation code mapping table and a Dalvik byte code standard. Then, the mapping interpreter is packaged into SO to generate DEX mapping interpreter execution environment together with code _ item and DEX table information index. And finally, setting a mapping interpretation execution environment entry in DEX of a Java layer by combining a variable parameter transfer mechanism, an index mechanism and a JNI (Java Native Interface) mechanism, and completing the mapping interpretation execution call of the obfuscated code _ item code.
In order to ensure that the obfuscated code _ item code of the DEX bytecode can be correctly executed in the Native layer after being subjected to the extraction mapping, an obfuscated code _ item code execution entry called a mapping interpretation execution environment entry needs to be set in the Java layer. It includes Java method parameters, code _ item index values, and map interpreted execution environment entry methods, as shown in fig. 5.
As can be seen from FIG. 5, after DEX byte codes of the android application are obfuscated, the code _ item code of DEX is modified into a mapping interpretation execution environment entry method called by original Java method parameters and a code _ item index value, and the entry method internally combines a variable parameter passing mechanism, an index mechanism and a JNI mechanism to call a mapping interpretation execution environment of a Native layer. When setting an entry method, an obfcodeltementry class is first defined, which is a Java layer entry class mapping an interpreted execution environment. ObfCodeItemEntry defines different entry methods, such as ObfCodeItemEntry. cnint and ObfCodeItemEntry. cfloat, etc., according to different return types of Java methods. The parameters of the entry methods are variable parameters and are Native attributes, which indicate that the Native attributes call the mapping interpretation execution environment realized by the Native layer through JNI. In the test1 method, its parameters are two int type variables a and b, and the return type is int. Therefore, when an entry method is set, the entry method is defined as a cti method according to the returned int type, that is, obfcodeitemententry.
Figure BDA0001674996530000061
Figure BDA0001674996530000071
In the above code, when the Object array Object [ ] is called, it is used as a variable parameter, and its values are new Integer (a), new Integer (b), and Integer. Where the first two parameters a and b are parameters of the test1 method, and the 3 rd parameter 0 is an index value of the code _ item. To facilitate the passing of parameters, the parameters are uniformly packaged into Java class types.
After the mapping interpretation execution environment entry is set, the code _ item code of DEX in the android application becomes the code _ item code corresponding to the entry method, as shown below.
Figure BDA0001674996530000072
It can be seen that when the android application is analyzed backwards, the original code _ item code is obfuscated by the snapshot map and is not dynamically loaded into the ART runtime environment of the android system when executed. Furthermore, the code _ item code of DEX in android applications no longer contains any execution logic of the original Java method, so it is difficult to perform efficient reverse analysis on it.
When the code _ item code is called, the mapping interpretation execution environment of the Native layer is called from the Java layer by the obcodeiteminentry. cnint through JNI, which includes a mapping interpreter, obfuscated code _ item codes, and a DEX information table, as shown in fig. 6. Wherein the mapping interpreter is an obfuscated code item code interpreter implemented according to an opcode mapping table and a Dalvik opcode standard.
As can be seen from fig. 6, there are no obfuscated DEX bytecodes in the android application, whose interpretation execution is done through the android ART virtual machine. The interpretation execution of the android application obfuscated code _ item code is completed through the mapping interpretation execution environment, and then the mapping interpretation execution environment obtains the obfuscated code _ item code and the DEX table information in the code _ item and DEX table information indexes in the Native layer according to the index value transmitted by the Java layer, and then a mapping interpreter is further called to perform interpretation execution on the obfuscated code _ item code and the DEX table information. If there is execution logic in the obfuscated code _ item code to call android system methods, etc., it will interact with the ART through the JNIENV interface.
Figure BDA0001674996530000081
In the above code, the mapinter exeenvirnint () function is a mapping interpretation execution environment implementation of the Native layer corresponding to the object entry method, and the object _ array parameter thereof receives the parameter values { a, b,0} of the object entry method. According to the code _ item index value 0 received by the object _ array, mapinterpexeenvirnint () finds an obfuscated code _ item code corresponding to a Java method in the code _ item index by calling a getcodeitem () function. Next, the map interpreter function MappingInterpreter () is called with the Java method parameter values { a, b } and the obfuscated code _ item code received by the object _ array as parameters. According to the ART's interpretation implementation principle, the ART interpreter provides both Goto and Switch implementations. The mapping interpreter of this document interprets and executes the mapping operation code in a Switch manner, that is, sets a case value and its corresponding interpretation and execution process according to the operation code mapping table.
According to the mapping relation of the operation codes, the processing procedure corresponding to the case value 0x2C is the processing procedure of the 0x90 instruction type ADD _ INT in the Dalvik byte codes. The mapping interpretation execution environment implemented according to the operation code mapping relation ensures that the method can still be correctly interpreted and executed after the code _ item code of the Java method is extracted, mapped and confused.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.

Claims (5)

1. An android application reinforcement method based on DEX byte code extraction mapping confusion is characterized by comprising the following steps:
s01: decompressing an android application APK program to obtain an original DEX file;
s02: extracting code _ item codes to be obfuscated from an original DEX file, and performing mapping obfuscation processing on the code _ item according to an operation code mapping table; constructing an opaque byte code during obfuscation processing, respectively generating code _ item and DEX table information indexes by the mapped obfuscated code _ item code and DEX table information, and then encapsulating the obfuscated code _ item code and the DEX table information indexes into a Native layer SO;
s03: extracting table information in an original DEX file, putting the table information, the obfuscated code _ item code and a mapping interpreter source code into a source code of a mapping interpretation execution environment, and compiling the source code of the mapping interpretation execution environment to obtain a shared object library (SO) executable file of the mapping interpretation execution environment;
s04: decompiling DEX byte codes in the android application into Java source codes through reverse engineering, adding a Java entry method for mapping an interpreted execution environment to perform substitution confusion on an original Java method, and compiling the android application confusion source codes into a new confusion DEX file;
s05: and signing and packaging other files in the original android application APK, the compiled newly generated obfuscated DEX file and the SO executable file mapping the interpreted execution environment into a new reinforced android application APK program.
2. The method for android application hardening based on DEX bytecode de-mapping obfuscation as claimed in claim 1, wherein in step S03, a mapping interpreter is implemented at a native layer according to an opcode mapping table and a Dalvik bytecode standard, and the DEX mapping interpreter is encapsulated into an SO and then generates a DEX mapping interpretation execution environment together with a code _ item and a DEX table information index.
3. The method for android application reinforcement based on DEX bytecode de-mapping obfuscation of claim 1, wherein in step S04, a mapping interpretation execution environment entry is set in DEX of Java layer in combination with a variable parameter passing mechanism, an indexing mechanism and a Java Native Interface (JNI) mechanism, and mapping interpretation execution call to obfuscated code _ item code is completed.
4. The DEX bytecode-snapshot mapping obfuscated-based android application hardening method of claim 1, wherein table information in the DEX file includes a string identifier table, a field identifier table, and a method identifier list.
5. The method of claim 1, wherein when DEX table information is encapsulated, the original index value is retained, and when an instruction opcode of code _ item is interpreted, the original index value of the DEX table information is found by polling an index linked list, and the DEX table information is obtained through the original index value.
CN201810521841.5A 2018-05-28 2018-05-28 Android application reinforcement method based on DEX byte code extraction mapping confusion Active CN108733379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810521841.5A CN108733379B (en) 2018-05-28 2018-05-28 Android application reinforcement method based on DEX byte code extraction mapping confusion

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810521841.5A CN108733379B (en) 2018-05-28 2018-05-28 Android application reinforcement method based on DEX byte code extraction mapping confusion

Publications (2)

Publication Number Publication Date
CN108733379A CN108733379A (en) 2018-11-02
CN108733379B true CN108733379B (en) 2022-04-08

Family

ID=63936078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810521841.5A Active CN108733379B (en) 2018-05-28 2018-05-28 Android application reinforcement method based on DEX byte code extraction mapping confusion

Country Status (1)

Country Link
CN (1) CN108733379B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109740315A (en) * 2018-12-28 2019-05-10 深圳前海微众银行股份有限公司 Constant guard method, device, equipment and storage medium based on Android platform
CN109960509A (en) * 2019-03-06 2019-07-02 江苏通付盾信息安全技术有限公司 Using the method, apparatus of reinforcing, calculate equipment and computer storage medium
CN113010364B (en) * 2019-12-20 2023-08-01 北京奇艺世纪科技有限公司 Service data acquisition method and device and electronic equipment
CN112052047A (en) * 2020-08-05 2020-12-08 北京智游网安科技有限公司 Instruction processing method, terminal and storage medium
CN112052460A (en) * 2020-08-05 2020-12-08 北京智游网安科技有限公司 DEX file virtualization encryption method, computer equipment and storage medium
CN112328978A (en) * 2020-11-03 2021-02-05 广东三维家信息科技有限公司 Code obfuscation processing and running method and device, terminal equipment and storage medium
CN112926032A (en) * 2021-03-26 2021-06-08 支付宝(杭州)信息技术有限公司 Method and device for processing and operating byte code and byte code operating system
CN113609481B (en) * 2021-06-02 2024-01-30 西安四叶草信息技术有限公司 PHP (phase-shift register) taint analysis method and device based on byte codes
CN113419734B (en) * 2021-06-17 2022-10-04 网易(杭州)网络有限公司 Application program reinforcing method and device and electronic equipment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014142430A1 (en) * 2013-03-15 2014-09-18 주식회사 에스이웍스 Dex file binary obfuscation method in android system
CN103324872B (en) * 2013-07-12 2016-04-27 上海交通大学 Based on the guard method of Android application program and the system of order confusion
KR101521765B1 (en) * 2015-01-08 2015-05-20 숭실대학교산학협력단 Apparatus For Code Obfuscation Using Indistinguishable Identifier Conversion and Method Thereof
CN106650428A (en) * 2015-11-03 2017-05-10 阿里巴巴集团控股有限公司 Method and device for optimizing application codes
CN106203006A (en) * 2016-08-31 2016-12-07 北京鼎源科技有限公司 Android application reinforcement means based on dex Yu so file Dynamic Execution
CN106650341A (en) * 2016-11-18 2017-05-10 湖南鼎源蓝剑信息科技有限公司 Android application reinforcement method based on the process confusion technology
CN106778103B (en) * 2016-12-30 2020-03-13 上海掌门科技有限公司 Reinforcement method, system and decryption method for preventing reverse cracking of android application program
CN107729725A (en) * 2017-10-09 2018-02-23 南京南瑞集团公司 A kind of Android applications hardened system and method based on virtual machine instructions modification
CN107977553B (en) * 2017-12-25 2020-07-10 中国电子产品可靠性与环境试验研究所 Method and device for security reinforcement of mobile application program

Also Published As

Publication number Publication date
CN108733379A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
CN108733379B (en) Android application reinforcement method based on DEX byte code extraction mapping confusion
Liljestrand et al. {PAC} it up: Towards pointer integrity using {ARM} pointer authentication
Sihag et al. A survey of android application and malware hardening
Afonso et al. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy
You et al. Taintman: An art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices
Roundy et al. Binary-code obfuscations in prevalent packer tools
Au et al. Pscout: analyzing the android permission specification
US10698668B1 (en) Custom code transformations during compilation process
Sharif et al. Automatic reverse engineering of malware emulators
Xu et al. Aurasium: Practical policy enforcement for android applications
CN105608391B (en) More ELF document protection methods and system
TW201839644A (en) Protection method of executable program on android platform
CN106326694A (en) Android application reinforcing method baed on C source code mixing
US20180129794A1 (en) Method for Protecting Dex File from Decompilation in Android System
WO2015192637A1 (en) Method and apparatus for reinforced protection of software installation package
Zhang et al. Permission use analysis for vetting undesirable behaviors in android apps
You et al. Reference hijacking: Patching, protecting and analyzing on unmodified and non-rooted android devices
Lu et al. DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system
CN105740703A (en) Application reinforcement method and apparatus
CN106557350B (en) JAVA byte code conversion method, device and equipment in application program installation package
Abbadini et al. Cage4Deno: A fine-grained sandbox for Deno subprocesses
Abbadini et al. NatiSand: Native code sandboxing for JavaScript runtimes
Ghosh et al. Software protection for dynamically-generated code
Bilge et al. Thwarting real-time dynamic unpacking
Abrath et al. Code renewability for native software protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant