CN105930692A - Dynamic shelling method for Android application - Google Patents
Dynamic shelling method for Android application Download PDFInfo
- Publication number
- CN105930692A CN105930692A CN201610248368.9A CN201610248368A CN105930692A CN 105930692 A CN105930692 A CN 105930692A CN 201610248368 A CN201610248368 A CN 201610248368A CN 105930692 A CN105930692 A CN 105930692A
- Authority
- CN
- China
- Prior art keywords
- android
- file
- program
- dex
- dex file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 230000008569 process Effects 0.000 claims abstract description 22
- 238000007781 pre-processing Methods 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 33
- 230000003014 reinforcing effect Effects 0.000 claims description 9
- 230000008439 repair process Effects 0.000 claims description 8
- 238000009434 installation Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 3
- 230000004913 activation Effects 0.000 claims description 2
- 239000000203 mixture Substances 0.000 claims 1
- 238000004458 analytical method Methods 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 description 7
- 238000005457 optimization Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013386 optimize process Methods 0.000 description 1
- 239000002574 poison Substances 0.000 description 1
- 231100000614 poison Toxicity 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention discloses a dynamic shelling method for an Android application. A reinforced Android application is taken as a target program, and a dex file of the target program is obtained by utilizing an Xposed framework, so that the target program can be subjected to shelling. The dynamic shelling method comprises an Android mobile phone preprocessing process, a target program debugging process, a target program shelling process and a process of extracting the dex file in the target program and repairing the program. A library Libdvm.so in an Android system contains a function with a function parameter being the dex file, such as an openDexFile function, dex subjected to shelling serves as a parameter and is transmitted to the openDexFile function, and the dex subjected to the shelling is obtained by making a breakpoint at the openDexFile function. By utilizing the technical scheme provided by the method, a malicious Android program can be effectively subjected to reverse analysis to obtain a source code of the program so as to realize security protection of the system.
Description
Technical field
The present invention relates to Android application program, particularly relate to the shelling of a kind of Android application program based on dynamic behaviour
Method so that the Android program after reinforcing can dynamically be repaired by shelling.
Background technology
Along with becoming increasingly popular of mobile device, Mobile solution industry especially Android application is developed rapidly, meanwhile
Incident mobile security problem also becomes increasingly conspicuous.Owing to being limited by resource and computing capability, mobile terminal cannot be installed
The checking and killing virus software that powerful, performance requirement is high, causes using widely in Android terminal, steal information, evil
The Malwares such as meaning fee suction emerge in an endless stream.Conversed analysis technology can be used in the case of not knowing application source code divide
Analyse the functional sequence of application program, distort the data code etc. of application program.
For protective development person and the rights and interests of user, the anti-reversing technology of protection file obtains the biggest development.The full name of shell adding is
Executable program resource is compressed, and is the conventional means of protection file.The program that shell adding is crossed can directly be run, but can not check
Source code, just will can check source code through shelling.The program of shell adding can stop external program that cryptor is carried out dis-assembling
Or dynamically analyze.Encryption technology is commonly used to protect software copyright, prevents software to be cracked.But, encryption technology also can be sick
The rogue programs such as poison are utilized so that rogue program is difficult to analyzed.
Software shelling is the inverse operation of software shelling, shell present on software is removed, acquisition source code.For Android journey
For sequence, the dex file of Android program can be obtained by shelling.Mostly existing hulling method is, for PC end, the most also do not have
There is the ripe hulling method for Android program.The shell of traditional program to be cracked, needs tracing control stream to find OEP (journey
Sequence entrance), then code segment dump from internal memory is out dumped to hard disk, rebuild input table, but, tracing control stream
Finding OEP is the difficult point of technology so that the reparation that carries out program shelling is very limited.Also it is difficult to effectively by existing method
Ground carries out shelling for the Android program after reinforcing and repairs.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art, the present invention provides the dynamic hulling method of a kind of Android application program, pin
Android program after reinforcing is shelled, obtains its dex file.
Present invention provide the technical scheme that
The dynamic hulling method of a kind of Android application program is with the Android application program after reinforcing as target program, logical
Cross and utilize Xposed framework, obtain the dex file of target program, thus realize target program is shelled;Described the most de-
Shell side method includes Android phone preprocessing process, target program debugging process, the process shelling target program and carries
Take the dex file in target program the process of repair procedure, specifically comprise the following steps that
When A. Android phone being pre-processed, described Android phone is installed Xposed module and ZjDroid mould
Block, and restart the mobile phone above-mentioned installation module of activation;
B., when the target program in Android phone is debugged, perform to operate as follows:
B1. in computer end IDA kit, find android_server file, described android_server file is sent to
In described Android phone, add and after can performing authority, run described android_server file, and monitor described Android
Mobile phone terminal and the connectivity port of computer end;
B2. installation targets program in described Android phone, is forwarded by port and described IDA connection local port is entered
Row remote debugging;
B3. target program is started at described Android phone end with debugging mode;
C. realizing shelling target program in computer end, concrete execution operates as follows:
C1. find, by described IDA, module libdvm.so that target program loads, and for grasping in module libdvm.so
Make breakpoint under the function of dex file;
C2. judge whether the dex file in internal memory is the dex file having taken off shell;If not the dex file after shelling,
Then return and perform step C1;If the dex file after Tuo Ke, then perform step D;
D., when the dex file in extracting internal memory repair procedure, perform to operate as follows:
D1. pass through the dex file in ZjDroid decompiling internal memory and dump in local file system, obtaining dex file;
D2. the dex file obtained by D1 changes into jar file, opens jar file and obtains the java source code of program;Or by D1
The dex file in target program directly replaced by the dex file obtained, then repacks the program file after being shelled;Thus
Complete program reparation.
For the dynamic hulling method of above-mentioned Android application program, further, Android phone is carried out pre-by step A
Process, before described Android phone installs Xposed module and ZjDroid module, described Android phone is entered
Row root puies forward power and makes handset program have highest weight limit.
For the dynamic hulling method of above-mentioned Android application program, further, mobile phone terminal described in step B1 and computer end
Connectivity port is port 23946.
For the dynamic hulling method of above-mentioned Android application program, further, in module libdvm.so described in step C1
The function of operable dex file be openDexFile function.
For the dynamic hulling method of above-mentioned Android application program, further, in module libdvm.so described in step C1
The function of operable dex file be dexFileParse function or dvmDexFileOpenPartial function.
For the dynamic hulling method of above-mentioned Android application program, further, the dex in internal memory is judged described in step C2
Whether file is the dex file having taken off shell, and whether the previous byte especially by the data block checking internal memory meets dex
The value of the magic field of file obtains.The value of described magic field be " dex n " be unhulled dex file,
Magic field value be " dey n " be the dex file after shelling.
For the dynamic hulling method of above-mentioned Android application program, further, step D1 is according in ZjDroid
Backsmail order carrys out the dex file in decompiling internal memory, and dumps in local file system, thus obtains dex file.
For the dynamic hulling method of above-mentioned Android application program, further, step D2 is by using dex2jar by dex
File changes into jar file, re-uses jd-gui and opens jar file, obtains the java source code of program.
Compared with prior art, the invention has the beneficial effects as follows:
Apk file (application file) comprises AndroidManifest.xml file and dex file, and the code in Apk is big
Part is all in dex file.The program of shell adding has shelling operation to ensure normal program function before operation.Android system
In storehouse Libdvm.so comprise the function that function parameter is dex file, such as openDexFile function;Dex after shelling can make
It is that a parameter passes to openDexFile function.After the embodiment of the present invention obtains shelling by breakpoint under openDexFile function
Dex.Utilize the technical scheme that the present invention provides, can effectively malice Android program be carried out conversed analysis, obtain journey
The source code of sequence, thus realize the safeguard protection to android system.
Accompanying drawing explanation
Fig. 1 is the FB(flow block) of the dynamic hulling method of the Android application program that the present invention provides.
The apk reinforced is carried out the FB(flow block) of inversely/de-hulling process by Fig. 2 the inventive method.
Detailed description of the invention
Below in conjunction with the accompanying drawings, further describe the present invention by embodiment, but limit the scope of the present invention never in any form.
The present invention provides a kind of shelling based on the dynamic framework of android system and restorative procedure so that the Android after reinforcing
Program can be repaired by shelling.It addition, need to ensure that the program repacked after shelling is not changing, do not affect
The normal execution of program.
In Android platform, owing to dex encryption technology is immature, it is possible to without analyzing the algorithm of source program and straight
Connect by source program dump out.Xposed framework be a can be in the case of not revising Android installation kit (APK)
Affecting the framework services that program is run, general principle is to affect program by amendment system to run.Open-Source Tools ZjDroid is
Dynamic conversed analysis module based on Xposed framework, can complete conversed analysis by ZjDroid, and ZjDroid can realize
Function includes: the internal memory dump of DEX file;Internal memory BackSmali based on Dalvik key pointer, effectively cracking reinforcing should
With;The dynamic monitoring of sensitive API;Specified memory area data dump;Obtain application and load DEX information;Obtain and specify
DEX file loading classes information;Java heapinfo in Dump Dalvik;Lua script is run dynamically at target process.
Android program after reinforcing, by utilizing Xposed framework, is shelled, obtains its dex file by the inventive method.
Dex file may operate on the Davlik virtual machine of android system, general android system apk installs when,
Dex file can be optimized process, and this optimization is that android system is automatically performed and does not interferes with dex and normally work.
As it is shown in figure 1, the present invention provide hulling method include Android phone preprocessing process, target program debugging process,
The apk reinforced carried out de-hulling process and extracts dex and repair apk process, specifically comprising the following steps that
A., when Android phone is pre-processed, perform to operate as follows:
A1. Android phone is carried out root, Xposed framework is installed;
A2., ZjDroid is installed;
The concrete module option clicking on Xposed, chooses ZjDroid option;
A3. mobile phone active module (Xposed framework and ZjDroid) is restarted;
B. running at mobile phone terminal and need the Android program of shelling, this Android program is as target program to be debugged, logical
Cross IDA debugging target program is debugged;When target program is debugged, perform to operate as follows:
B1. finding android_server file in the IDA kit of computer end, then push (transmission) arrives Android
On mobile phone, add and can perform authority, mobile phone runs android_server file, and monitors the connection of mobile phone terminal and computer end
Port (port 23946);
B2. install in Android phone and need the Android program (Android apk file) of shelling, forwarded by port
Make IDA can connect local port and carry out remote debugging;
Apk file (application file) comprises AndroidManifest.xml file, dex file.The big portion of code in Apk
Dividing all in dex file, the hulling method of the present invention is primarily directed to the shelling of dex, AndroidManifest.xml file master
Contain and open for describing the processed data of some assemblies, the class of realization and the various energy exposed in application program and program
Dynamic position.Libdvm.so is the storehouse in Android system, and openDexFile is one of them function, this openDexFile
The parameter of function is dex file.Owing to the program of shell adding has shelling operation to ensure normal program function before operation certainly.
Dex after shelling is certain to pass to this openDexFile as a parameter.The method of the present invention is at this openDexFile
Breakpoint under function, then gets the dex after shelling.
B3. apk program is started at mobile phone terminal with debugging mode;
C. realize reinforcing apk (needing the apk file of shelling in step B2) is shelled by IDA instrument in computer end;
Concrete execution operates (as shown in Figure 2) as follows:
C1. found by IDA and reinforce module libdvm.so that apk program loads, and find the letter that can operate dex therein
Breakpoint under number (such as openDexFile function, dexFileParse function, dvmDexFileOpenPartial function etc.);
Providing a large amount of function operating dex in libdvm.so, such as, openDexFile function loads dex from internal memory
File.Can also be to breakpoint under the function of other operations dex.Breakpoint location is in function entrance position.
C2. whether the previous byte by checking the dex file (data block of internal memory) in internal memory meets the magic of dex file
Field, it may be judged whether be the dex having taken off shell;If not the dex after shelling, then return and perform step C1;If
Dex after shelling, then continue executing with step D;
In embodiment, the memory address space loaded with specific reference to openDexFile function (method), check the value in this space
Whether is the dex after deciphering (shelling), the magic field of Main Basis dex file header judges, i.e. dex file
Identifier be usually " dex n ", the dex file after optimization is " dey n ".
D. extract the dex file reinforced in apk program (i.e. dex file in internal memory) and repair this dex file;Extracting
Dex when repairing, performs following operation:
D1. carry out the dex file in decompiling internal memory according to the backsmail order in ZjDroid, and unloading (dump) is to this
In ground file system, obtain dex file;
D2., after obtaining dex file, dex file can be changed into jar file (in the dex file obtained by using dex2jar
Code be smali grammer, and the code in jar is java form), then use jd-gui open jar file, obtain
The java source code of program;Can also directly replace the dex file in former apk bag, repack the apk after being shelled.
Illustrate that the present invention provides the implementation process of method below by way of example.IDA is used for adjusting by the present embodiment as a kind of instrument
Program on trial work machine, specifically, IDA runs on computers, needs in Android phone during debugging android system
Run the android_server that IDA provides, connect Android phone and computer by network service, by entering between the two
The program in Android phone is debugged in row communication.The present embodiment shells for the app of a shell adding.The app of this shell adding
For target program.First, pre-process for an Android phone, this Android phone carried out root, i.e. for
Android phone puies forward power, allows program can have highest weight limit, installs Xposed framework;Run IDA instrument on computers;
Then it is connected to Android phone port by IDA instrument debug, first IDA and Android phone is connected, at place
Install in Android phone after reason and need the app program of shelling, forwarded by port so that IDA can be at local port
Debug.Module libdvm.so that program loads is found by IDA, and to breakpoint under openDexFile function.According to
The memory address space that openDexFile method loads, checks whether the value in this space is the dex after deciphering (shelling), mainly
Judge according to the magic field of dex file header, i.e. the identifier of dex file is usually " dex n ", the dex after optimization
Be " dey n ", therefore, when the value of described magic field is " dex n " or " dey n ", represent in described internal memory
Dex file is normal dex file after shelling.If not the dex after shelling, then return in module libdvm.so
Carrying out after breakpoint under openDexFile function checking whether is the dex after deciphering (shelling) again;If the dex after Tuo Ke,
Then derive dex and repair apk file, obtain with specific reference to the backsmali order in ZjDroid and derive dex, obtaining dex
Program source code can be obtained, it is also possible to dex is replaced and goes back to repack operation, i.e. complete Android shell adding after file
Program shells.
It should be noted that publicizing and implementing the purpose of example is that help is further appreciated by the present invention, but those skilled in the art
It is understood that various substitutions and modifications are all possible without departing from the present invention and spirit and scope of the appended claims.
Therefore, the present invention should not be limited to embodiment disclosure of that, and the scope of protection of present invention defines with claims
Scope is as the criterion.
Claims (9)
1. a dynamic hulling method for Android application program, with the Android application program after reinforcing as target program,
By utilizing Xposed framework, obtain the dex file of target program, thus realize target program is shelled;Described dynamically
Hulling method include Android phone preprocessing process, target program debugging process, the process that target program is shelled and
Extract the dex file in target program the process of repair procedure, specifically comprise the following steps that
When A. Android phone being pre-processed, described Android phone is installed Xposed module and ZjDroid mould
Block, and restart the mobile phone above-mentioned installation module of activation;
B., when the target program in Android phone is debugged, perform to operate as follows:
B1. in computer end IDA kit, find android_server file, described android_server file is sent to
In described Android phone, add and after can performing authority, run described android_server file, and monitor described Android
Mobile phone terminal and the connectivity port of computer end;
B2. installation targets program in described Android phone, is forwarded by port and described IDA connection local port is entered
Row remote debugging;
B3. target program is started at described Android phone end with debugging mode;
C. realizing shelling target program in computer end, concrete execution operates as follows:
C1. find, by described IDA, module libdvm.so that target program loads, and for grasping in module libdvm.so
Make breakpoint under the function of dex file;
C2. judge whether the dex file in internal memory is the dex file having taken off shell;If not the dex file after shelling,
Then return and perform step C1;If the dex file after Tuo Ke, then perform step D;
D., when the dex file in extracting internal memory repair procedure, perform to operate as follows:
D1. pass through the dex file in ZjDroid decompiling internal memory and dump in local file system, obtaining dex file;
D2. the dex file obtained by D1 changes into jar file, opens jar file and obtains the java source code of program;Or by D1
The dex file in target program directly replaced by the dex file obtained, then repacks the program file after being shelled;Thus
Complete program reparation.
2. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, step A is to Android
Mobile phone pre-processes, before installing Xposed module and ZjDroid module in described Android phone, to described Android
Mobile phone carry out root carry power make handset program have highest weight limit.
3. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, mobile phone described in step B1
End is port 23946 with the connectivity port of computer end.
4. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, module described in step C1
The function of the operable dex file in libdvm.so is openDexFile function.
5. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, module described in step C1
The function of the operable dex file in libdvm.so is dexFileParse function or dvmDexFileOpenPartial function.
6. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, judges described in step C2
Whether the dex file in internal memory is the dex file having taken off shell, especially by the number of the dex file checked in described internal memory
The value of the magic field whether meeting dex file according to the previous byte of block obtains.
7. the dynamic hulling method of Android application program as claimed in claim 6, is characterized in that, when described magic field
Value when being " dex n " or " dey n ", the dex file in described internal memory is the dex file after shelling.
8. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, step D1 is according to ZjDroid
In backsmail order carry out the dex file in decompiling internal memory, and dump in local file system, thus obtain dex literary composition
Part.
9. the dynamic hulling method of Android application program as claimed in claim 1, is characterized in that, step D2 is by using
Dex file is changed into jar file by dex2jar, re-uses jd-gui and opens jar file, obtains the java source code of program.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610248368.9A CN105930692A (en) | 2016-04-20 | 2016-04-20 | Dynamic shelling method for Android application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610248368.9A CN105930692A (en) | 2016-04-20 | 2016-04-20 | Dynamic shelling method for Android application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105930692A true CN105930692A (en) | 2016-09-07 |
Family
ID=56838656
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610248368.9A Pending CN105930692A (en) | 2016-04-20 | 2016-04-20 | Dynamic shelling method for Android application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105930692A (en) |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106502876A (en) * | 2016-10-26 | 2017-03-15 | 腾讯科技(深圳)有限公司 | Method and relevant device that a kind of focus function determines |
CN106778271A (en) * | 2016-12-15 | 2017-05-31 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
CN106778226A (en) * | 2016-11-24 | 2017-05-31 | 四川无声信息技术有限公司 | Shell document hulling method and device |
CN107066886A (en) * | 2017-04-13 | 2017-08-18 | 深圳海云安网络安全技术有限公司 | A kind of Android reinforces the detection method of shelling |
CN107544826A (en) * | 2017-08-22 | 2018-01-05 | 网易(杭州)网络有限公司 | Method, medium, device and the computing device that Xposed modules are reinforced |
CN108229107A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of hulling method and container of Android platform application program |
CN108255496A (en) * | 2018-01-19 | 2018-07-06 | 广州汇智通信技术有限公司 | A kind of method, system and relevant apparatus for obtaining Android and applying primary layer identification code |
CN108614709A (en) * | 2016-11-29 | 2018-10-02 | 北京明朝万达科技股份有限公司 | A kind of method and system of control Android applications secure access network |
CN108846280A (en) * | 2018-06-29 | 2018-11-20 | 江苏通付盾信息安全技术有限公司 | The hulling method and device of application file |
CN109165019A (en) * | 2018-07-28 | 2019-01-08 | 安徽捷兴信息安全技术有限公司 | A kind of hulling method and device for mobile phone application |
CN110781081A (en) * | 2019-10-12 | 2020-02-11 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
CN112580035A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Program shelling method and device, storage medium and computer equipment |
CN112948819A (en) * | 2019-12-10 | 2021-06-11 | 中国电信股份有限公司 | Application file shelling method and device and computer readable storage medium |
CN115951956A (en) * | 2023-03-13 | 2023-04-11 | 中汽研软件测评(天津)有限公司 | Android dynamic link library shelling method, equipment and medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110185345A1 (en) * | 2010-01-27 | 2011-07-28 | Microsoft Corporation | Type-Preserving Compiler for Security Verification |
CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
-
2016
- 2016-04-20 CN CN201610248368.9A patent/CN105930692A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110185345A1 (en) * | 2010-01-27 | 2011-07-28 | Microsoft Corporation | Type-Preserving Compiler for Security Verification |
CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
Non-Patent Citations (4)
Title |
---|
7纷S帅气: ""IDA在内存中dump出android的Dex文件"", 《THINKSAAS社区,URL:HTTPS://WWW.THINKSAAS.CN/GROUP/TOPIC/446860/》 * |
FREEPARTY: ""某加固壳的实战分析"", 《逆向未来技术社区,URL:HTTPS://WWW.PD521.COM/THREAD-1255-1-1.HTML》 * |
GUIGUZI1110: ""听鬼哥说ZJDROID脱壳的简单使用"", 《CSDN博客,URL:HTTP://BLOG.CSDN.NET/GUIGUZI1110/ARTICLE/DETAILS/38727753》 * |
小志风杨: "Android动态逆向分析工具ZjDroid-脱壳神器", 《米柚,URL:HTTP://WWW.MIUI.COM/THREAD-1919525-1-1.HTML》 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106502876A (en) * | 2016-10-26 | 2017-03-15 | 腾讯科技(深圳)有限公司 | Method and relevant device that a kind of focus function determines |
CN106778226A (en) * | 2016-11-24 | 2017-05-31 | 四川无声信息技术有限公司 | Shell document hulling method and device |
CN108614709A (en) * | 2016-11-29 | 2018-10-02 | 北京明朝万达科技股份有限公司 | A kind of method and system of control Android applications secure access network |
CN106778271A (en) * | 2016-12-15 | 2017-05-31 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
CN106778271B (en) * | 2016-12-15 | 2019-05-14 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
CN108229107A (en) * | 2016-12-21 | 2018-06-29 | 武汉安天信息技术有限责任公司 | A kind of hulling method and container of Android platform application program |
CN108229107B (en) * | 2016-12-21 | 2021-06-25 | 武汉安天信息技术有限责任公司 | Shelling method and container for Android platform application program |
CN107066886A (en) * | 2017-04-13 | 2017-08-18 | 深圳海云安网络安全技术有限公司 | A kind of Android reinforces the detection method of shelling |
CN107544826A (en) * | 2017-08-22 | 2018-01-05 | 网易(杭州)网络有限公司 | Method, medium, device and the computing device that Xposed modules are reinforced |
CN107544826B (en) * | 2017-08-22 | 2020-06-09 | 网易(杭州)网络有限公司 | Xpos module reinforcing method, medium, device and computing equipment |
CN108255496A (en) * | 2018-01-19 | 2018-07-06 | 广州汇智通信技术有限公司 | A kind of method, system and relevant apparatus for obtaining Android and applying primary layer identification code |
CN108846280B (en) * | 2018-06-29 | 2021-04-02 | 江苏通付盾信息安全技术有限公司 | Application file shelling method and device |
CN108846280A (en) * | 2018-06-29 | 2018-11-20 | 江苏通付盾信息安全技术有限公司 | The hulling method and device of application file |
CN109165019A (en) * | 2018-07-28 | 2019-01-08 | 安徽捷兴信息安全技术有限公司 | A kind of hulling method and device for mobile phone application |
CN112580035A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Program shelling method and device, storage medium and computer equipment |
CN112580035B (en) * | 2019-09-30 | 2024-02-06 | 奇安信安全技术(珠海)有限公司 | Program shelling method and device, storage medium and computer equipment |
CN110781081A (en) * | 2019-10-12 | 2020-02-11 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
CN110781081B (en) * | 2019-10-12 | 2024-04-09 | 南京信息职业技术学院 | Mobile application callback forced triggering method, system and storage medium |
CN112948819A (en) * | 2019-12-10 | 2021-06-11 | 中国电信股份有限公司 | Application file shelling method and device and computer readable storage medium |
CN112948819B (en) * | 2019-12-10 | 2024-01-26 | 中国电信股份有限公司 | Application file shelling method and device and computer readable storage medium |
CN115951956A (en) * | 2023-03-13 | 2023-04-11 | 中汽研软件测评(天津)有限公司 | Android dynamic link library shelling method, equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105930692A (en) | Dynamic shelling method for Android application | |
US20140365443A1 (en) | Framework for running untrusted code | |
Holzinger et al. | An in-depth study of more than ten years of java exploitation | |
US9372991B2 (en) | Detecting malicious computer code in an executing program module | |
CN106022130A (en) | Shelling method and device for reinforced application program | |
CN105608391B (en) | More ELF document protection methods and system | |
CN106650452A (en) | Mining method for built-in application vulnerability of Android system | |
CN110795734A (en) | Malicious mobile application detection method | |
CN109255235B (en) | Mobile application third-party library isolation method based on user state sandbox | |
CN111400757B (en) | Method for preventing native code in android third-party library from revealing user privacy | |
EP3552107B1 (en) | Device driver telemetry | |
CN108334399A (en) | A kind of multi-source heterogeneous cloud form state data capture method based on cloud probe | |
US20130111018A1 (en) | Passive monitoring of virtual systems using agent-less, offline indexing | |
WO2011127488A2 (en) | Systems and methods of processing data associated with detection and/or handling of malware | |
CN113158191B (en) | Vulnerability verification method based on intelligent probe and related IAST method and system | |
Basu et al. | Preempt: Preempting malware by examining embedded processor traces | |
CN104732145A (en) | Parasitic course detection method and device in virtual machine | |
Payer et al. | Hot-patching a web server: A case study of asap code repair | |
CN115062309B (en) | Vulnerability mining method based on equipment firmware simulation in novel power system and storage medium | |
CN115168847A (en) | Application patch generation method and device, computer equipment and readable storage medium | |
Tan et al. | Detecting kernel refcount bugs with {Two-Dimensional} consistency checking | |
Tang et al. | Xdebloat: Towards automated feature-oriented app debloating | |
Calatayud et al. | A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices | |
CN111291377A (en) | Application vulnerability detection method and system | |
CN110781081B (en) | Mobile application callback forced triggering method, system and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160907 |
|
RJ01 | Rejection of invention patent application after publication |