CN107742078A - A kind of automatic hulling method of general DEX and system - Google Patents

A kind of automatic hulling method of general DEX and system Download PDF

Info

Publication number
CN107742078A
CN107742078A CN201710306117.6A CN201710306117A CN107742078A CN 107742078 A CN107742078 A CN 107742078A CN 201710306117 A CN201710306117 A CN 201710306117A CN 107742078 A CN107742078 A CN 107742078A
Authority
CN
China
Prior art keywords
dex
file
shelling
general
reinforcing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710306117.6A
Other languages
Chinese (zh)
Inventor
刘亮
蒋钟庆
刘露平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University
Original Assignee
Sichuan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University filed Critical Sichuan University
Priority to CN201710306117.6A priority Critical patent/CN107742078A/en
Publication of CN107742078A publication Critical patent/CN107742078A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to Android application reinforcement protection technical fields and DEX exuviating technologies field, it is desirable to provide a kind of automatic hulling method of general DEX file and system.The technology is employed by shelling code insertion into the portable interpreters of Android Dalvik virtual machines, and particular content includes:Using comparative analysis, compare all classes in AndroidManifest.xml configuration files and all classes that decompiling obtains, judge using whether reinforcing, and by homology analysis identify this using reinforcing service;The mark that shelling starts using the MainActivity of application as DEX, recovered using dry run using real bytecode, the real data that these are recovered extract, finally these data recombinations into a new DEX file, the modification of respective pointer is also related in regrouping process.The system versatility is good, can bypass all Anti debugging protection techniques, manual analysis is not needed in de-hulling process, it is not required that understands the reinforcing strategy of the service of reinforcing, can extract the original DEX file of reinforcement application.The present invention shells and provides new solution automatically for the DEX of reinforcement application.

Description

A kind of automatic hulling method of general DEX and system
Technical field
The present invention relates to Android application reinforcement technique fields and DEX file exuviating technology field, more particularly to one kind are logical The automatic hulling methods of DEX and system.
Background technology
Since being born from android system in 2008, the market of operation system of smart phone has just been captured rapidly, is turned into and is worked as Modern most popular mobile phone operating system.Due to the increasing income property of itself, the extensive concern of safety limit is received.Compared to closing IOS, the safety problem of android system is easier to be found and remedied, therefore security is also more credible. However as the continuous development of operating system, the exploitation of Android applications also has an unprecedently grand occasion, as many as species, is related to people's life Every aspect living.While various applications offer convenience to us, safety problem also occurs again and again, and many malicious applications are such as Wooden horse etc., it is also more and more.And the fragmentation problem of android system is serious, the system that different vendor has oneself to customize is consolidated Part and the application market of oneself, unlike IOS, only apple a company and unique APP store.Android except Beyond Google Play, also other application markets, this is also to malicious application with chance.Android applications are gone back simultaneously Web is supported to download, so that malicious application circulation way is more diversified.Although also there are many corresponding malicious application detection works Tool and correlative study, but still can not accomplish the complete detection for malicious application.Reinforced especially for Android now The development of technology, reinforcement technique is gradually ripe, occurs much providing many-sided IT companies for reinforcing service, normally should While with being protected very well, malicious application is also begun to using the reinforcing service for reinforcing business's offer, to oneself carrying out adding comprehensively Gu so as to easily escape the killing of those malice inspection softwares, reach the hiding effect of oneself.Although much business is reinforced Through statement, complete detection can be carried out to application before being reinforced to application, but we still can be found by those reinforcing business The malice sample reinforced.Illustrate to reinforce business also without the inspection software for being capable of complete detection malicious application on the market and be likely to The service of reinforcing can be provided to malicious application.
In order to solve above safety problem, we have proposed a kind of general automatic shelling system of Android applications.Pass through Analysis to the running of android system, propose that a kind of versatility shells scheme automatically well.Reinforced in Android Between several years of technology fast development, skills are reinforced from using some:Integrity checking, pseudo- encryption, bytecode are hidden etc., to such as Modern source code is obscured, Anti-debugging, byte code encryption, dynamic modification bytecode, the modification of Magic fields and it is multiple plus Gu the use of technology(Such as:Dynamic modification bytecode+byte code encryption etc.).Multiple reinforcing is encrypted into from whole bag, is manually shelled Mode can not be adapted to present APP reinforcement techniques, therefore we need to seek a kind of automatically APP hulling methods, obtain Take using original DEX file.
The content of the invention
" a kind of automatic hulling method of general DEX and system " is in Android application exuviating technology research process pins To technical problem existing so far and insufficient proposed invention.An object of the invention is that the existing complexity of improvement is numerous Trivial artificial hulling method and the deficiency of shelling instrument, there is provided a kind of automatic exuviating technology of general DEX file, realize to reinforcing The shelling of application.Artificial hulling method is although general, but as the continuous development of reinforcement technique, artificial shelling are increasingly difficult to, And for existing automatic shelling instrument, versatility is also very poor, it is necessary to certain manual analysis could realize shelling, reinforces simultaneously Person uses Anti-debugging technologies to cause existing most automatic shelling tool failures.Hulling method in the present invention carries Supply a kind of brand-new shelling thinking, it is not necessary to any manual analysis, will not be by the shadow of various Anti-debugging technologies Ring, but shelling code is directly inserted into Dalvik virtual machine, one ROM of customization realizes the shelling of DEX file.This method energy Enough realize the successful shelling of DEX file, efficiency high, the more existing automatic shelling instrument of versatility is more preferable.
In order to realize above-mentioned target, shelled automatically system the invention provides a kind of general DEX file, the system can The effective APK for identifying reinforcing, and extracted from the APK of reinforcing using original DEX file.The system contains: Management end, the realization to whole de-hulling process and function are managed, and provide a User Interface;Reinforce identifier, For judging and identifying whether the APK that user submits is reinforced, DEX shellings are carried out to it if reinforcing, if do not had Then shell and operate without DEX;DEX file extractor, realize the shelling of DEX file.
Brief description of the drawings
From detailed description below in conjunction with the accompanying drawings, it will the clearer target for understanding the present invention, implementation method, a little And characteristic, wherein.
The general DEX file that Fig. 1 is a displaying present invention shells the Organization Chart of system automatically.
Fig. 2 is the block diagram of component units inside the management end of a displaying present invention.
Fig. 3 is the block diagram for reinforcing component units inside identifier of a displaying present invention.
Fig. 4 is the block diagram of component units inside the DEX file extractor of a displaying present invention.
Fig. 5 is the flow chart of the DEX file shelling system complete job flow of an explanation present invention.
Fig. 6 is the DEX file shelling rev of Sys accompanying drawing of an explanation present invention
Embodiment
It is used to extract the original DEX file for reinforcing APK in the present invention, the present invention is done below in conjunction with the accompanying drawings further Explanation.The system the present invention is intended to provide a general DEX file shells automatically, it can simply, efficiently recover APK original Beginning DEX file, use and reinforced for the application serviced for analysis, good booster action can be played.
Fig. 1 is the Organization Chart of a description present system composition.
As shown in figure 1, the core of detecting system is management end, it is other are module integrated so that each work(of whole system It harmonious can link up, while provide a User Interface, user can submit the APK texts of oneself by the interface Part, realize that the institute of the system is functional, and the DEX file that the result that can obtain each function shows and extracted;Other Module is respectively to reinforce identifier module and DEX file extractor module.
Fig. 2 is the schematic diagram of component units inside a description management end.
As shown in Figure 2, management end is made up of logic control element and user interface elements.Logic control element is responsible for control The operation logic of whole system processed, each functional module is connected by logic control element, cooperate, realize DEX The function of file shelling.User interface elements are then the platforms of system and user mutual, and by the unit, user, which can submit, to be thought The APK of DEX shellings is carried out, and checks the output result of each functional module, and obtains the original DEX texts recovered Part.
Fig. 3 is the schematic diagram that component units inside identifier are reinforced in a displaying.
As shown in figure 3, it is clear by AndroidManifest.xml document analysis unit, decompiling unit, class to reinforce identifier Single comparison unit and homology analysis unit composition.AndroidManifest.xml document analysis unit is mainly transported to application The parsing for the authority and component registered is needed during row, because these log-on messages are using necessary to operation, is reinforced Service will not typically change these module informations, so as to which all class names of component are extracted.Decompiling unit is responsible for The APK that decompiling user submits, it is intended to extract all classes obtained after decompiling.Class inventory comparison unit is that whole reinforce is known Other key, groundwork are whether being compiled more than anti-for the class that contrast parses from AndroidManifest.xml files The class not having in the class come, or the class of decompiling out using each component is translated, and only reinforces the class of realizing of service, with this Judge whether apply is reinforcement application.Homology analysis unit is mainly to identify which the application reinforced belongs to and reinforce service, is led to Cross homology analysis can and realize identifying for the service of reinforcing.
Fig. 4 is component units schematic diagram inside a displaying DEX file extractor.
As shown in figure 4, DEX file extractor is by shelling point location unit, dry run unit, DEX data collection modules Formed with DEX data recombinations unit.Shelling point location unit is responsible for the mark that positioning shelling starts, that is, is being carrying out In method, whether the MainActivity for monitoring application starts, if monitoring that the MainActivity of application starts, starts Shell program, if do not monitored, without any operation.Dry run unit is in the interpreter of Dalvik virtual machine All classes of traversal applications simultaneously initialize, and recover the correct data of DEX file.DEX data collection modules pass through in parsing The structure of middle DEX file is deposited, the data of DEX file are obtained by corresponding structure indicator index and dump comes out.DEX data The data of the DEX file of collection are then carried out restructuring by recomposition unit, are recovered using original DEX file, the mistake of recovery The modification of associated pointers can be related in journey again:Code_off, method_id and field_id.
Fig. 5 is a flow chart for illustrating DEX file shelling system complete job flow.
As shown in Figure 5, user submits the APK of oneself to system by the User Interface of management end, and system can be first Whether the APK submitted to user, which reinforces, judges.AndroidManifest.xml configuration file parsings are carried out respectively, are obtained The all component class of application, then decompiling is carried out to APK, all classes after decompiling are obtained, then obtain parsing twice Class is contrasted, if there is no the component class of application in the class after decompiling, and only reinforce service it is seldom realize class, then sentence It is reinforcement application to determine it, and carries out homology analysis to reinforcement application, identifies which the reinforcing reinforce service for, finally starts DEX file automatically extracts module.DEX file automatically extracts module positioning shelling point, used here as the MainActicity of application As shelling point, the tag file without the service of reinforcing is used as shelling point, and versatility is more preferable, it is not required that anyone work point Analysis.It located shelling point and be carried out dry run afterwards, recover the correct data of DEX file, then the DEX numbers to recovering According to being collected, finally recombinate out using original DEX file.
As described above, the invention is characterized in that general DEX file hulling method come realize DEX shell, the advantage is that: 1st, the present invention can carry out the automatic identification of reinforcing service, and analyst need to be only clicked on using operation, it is possible to after being shelled DEX file.2nd, the present invention have found a Zero Knowledge shelling point, that is, require no knowledge about what reinforcing side reinforcing person has used Method(Which AES has been used, which modification has been made to bytecode);There is what feature file in APK catalogues;And make With which kind of Anti-debugging technology etc..It can be shelled by this shelling point.3rd, can dry run it is whole APP, correct DEX data are recovered, extract original DEX file.4th, versatility is more preferable, solve manually shell it is numerous The problem of trivial, time-consuming.
Although describing the preferred embodiments of the present invention for purposes of illustration, those skilled in the art will be understood that, not take off In the case of from the scope and spirit of the present invention as disclosed by appended claims, various modifications, increase and replacement are all can Can.

Claims (11)

  1. A kind of 1. automatic hulling methods of general DEX, it is characterised in that, methods described comprises the following steps:
    A, by the research to the automatic exuviating technology of Android DEX files, a general Zero Knowledge hulling method is have found, Shelling operation is carried out in the interpreter of Dalvik virtual machine;
    B, reinforce whether identification using reinforcing service is judged and identified to application;
    C, the real bytecode of DEX file is recovered using dry run;
    D, dump goes out all data of dex or odex files;
    E, the restructuring of dex or odex files and the modification of respective pointer are finally carried out.
  2. 2. a kind of automatic hulling methods of general DEX according to claim 1, it is characterised in that described step A enters one Step comprises the following steps:
    A1, the interpreter of Android Dalvik virtual machines is appointed as portable interpreters, allows program all sides when running Method is all explained using same interpreter and performed;
    A2, find the function explained in portable interpreters and perform application program method:DvmInterpretPortable (), DEX file is inserted in the function to shell automatically code;
    A3, using the MainActivity of application program whether start as DEX file shelling start mark, if MainActivity is started, and begins to shell, it is on the contrary then without shelling operate.
  3. 3. a kind of automatic hulling methods of general DEX according to claim 2, it is characterised in that described in step A1 Interpreter is appointed as portable interpreters and specifically referred to:
    There are three kinds of interpreters, respectively portable interpreters, fast interpreters and JIT solutions in Android Dalvik virtual machines Release device.Wherein portable interpreters are that C language is realized, can be used on different devices, and remaining two kinds are that compilation is real Existing, and optimized according to corresponding equipment, the poor performance being transplanted in other equipment, therefore the instrument selects Portable interpreters insertion DEX file shelling code, can apply in different equipment.Specify only using this explanation Device also causes the methodical execution of the institute of application program all to pass through the interpreter, so as to determining for shelling opening flag afterwards Position.
  4. 4. a kind of automatic hulling methods of general DEX according to claim 2, it is characterised in that described in step A3 The mark that shelling starts specifically refers to:
    No matter how program reinforces, and can all perform the method in MainActivity in interpreter all the time, because program is run Entrance function be MainActivity onCreate () function, so selection application program MainActivity whether Start the mark started as DEX file shelling.At this moment DEX file is reinforced service decryption and is discharged into internal memory, only It is that there may be partial data situation about not recovering.
  5. 5. a kind of automatic hulling methods of general DEX according to claim 1, it is characterised in that described step B enters one Step comprises the following steps:
    B1, parse class all in AndroidManifest.xml configuration files in reinforcement application;
    B2, decompiling reinforcement application, obtain all classes that decompiling comes out;
    B3, the class obtained in B1, B2 contrasted, judged using whether reinforcing;
    B4, reinforcing service is identified using homology analysis.
  6. 6. a kind of automatic hulling methods of general DEX according to claim 5, it is characterised in that described in step B3 Judgement is reinforced to specifically refer to:
    If the class in B1 includes the class in B2, and the class in B2 is the sub-fraction of the class in B1, then decides that application It is reinforcement application, it is necessary to carry out DEX file shelling.Because contained in AndroidManifest.xml configuration files using fortune During row the component and authority information in need registered, these are unalterable in reinforcing process, otherwise can be caused Application program can not be run, it is possible to therefrom extract the class of all component.And the service of reinforcing is intended to hide these classes, reinforce It is without these component classes in DEX file afterwards, it is possible to which reinforcing identification is carried out by such judgement.
  7. 7. a kind of automatic hulling methods of general DEX according to claim 1, it is characterised in that described step C enters one Step comprises the following steps:
    C1, traveled through by dvmDefineClass () function and search all classes of application program;
    C2, by dvmIsClassInitialized () function judge whether such initializes;
    C3, dvmInitClass () function initialization class is used if fruit does not initialize.
  8. 8. a kind of automatic hulling methods of general DEX according to claim 1, it is characterised in that described step D enters one Step comprises the following steps:
    D1, dex/odex file addresses in internal memory are obtained by the method curMethod objects being currently executing, dump goes out whole Individual dex/odex files;
    D2, dex/odex file structures are parsed, pass through corresponding structure pointer such as * pHeader, * pClassDefs Etc. all data of dex/odex files are obtained, last dump goes out these data;
    D3, the data dump for all classes are carried out when dry run, the data of class for ensureing to recover it is correct Property.
  9. 9. a kind of automatic hulling methods of general DEX according to claim 1, it is characterised in that described step E enters one Step comprises the following steps:
    Using the data that will be obtained by structure indicator index when E1, restructuring, if the dex/odex come out with overall dump The content of file is different, is added to end of file;
    Code_off, method_id and field_id value for the dex/odex files that E2, reparation have recombinated.
  10. The system 10. a kind of general DEX shells automatically, it is characterised in that described system includes:
    F, management end
    G, identifier is reinforced
    H, DEX file extractor
    Characterized in that, described system also includes
    F1, logic control element, for the operation logic of whole system, realize the mutual cooperation between system components and overall work( The realization of energy;
    F2, user interface elements, for realizing interacting for system and user, user by the unit submit reinforcement application program and Obtain the DEX file after shelling;
    G1, AndroidManifest.xml document analysis unit, the configuration file of application is parsed, all component is extracted and includes Class;
    G2, decompiling unit, decompiling APK file, extract all classes after decompiling;
    G3, class inventory comparison unit, judge to apply and whether reinforce;
    Whether G4, homology analysis unit, identification application are reinforced and are reinforced by what service of reinforcing;
    H1, shelling point location unit, the mark that positioning shelling starts;
    H2, dry run unit, the correct data for all classes that are applied;
    H3, DEX data collection module, obtained correct data is collected;
    H4, DEX data recombination unit, all data being collected into are recombinated, recovered using original DEX file.
  11. The system 11. a kind of general DEX shells automatically, it is characterised in that user can be without any analysis, it is not required that knows Which kind of road reinforce and service using, it is only necessary to submits the APK to can be obtained by using original DEX file to the system.
CN201710306117.6A 2017-05-04 2017-05-04 A kind of automatic hulling method of general DEX and system Pending CN107742078A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710306117.6A CN107742078A (en) 2017-05-04 2017-05-04 A kind of automatic hulling method of general DEX and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710306117.6A CN107742078A (en) 2017-05-04 2017-05-04 A kind of automatic hulling method of general DEX and system

Publications (1)

Publication Number Publication Date
CN107742078A true CN107742078A (en) 2018-02-27

Family

ID=61235103

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710306117.6A Pending CN107742078A (en) 2017-05-04 2017-05-04 A kind of automatic hulling method of general DEX and system

Country Status (1)

Country Link
CN (1) CN107742078A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108846280A (en) * 2018-06-29 2018-11-20 江苏通付盾信息安全技术有限公司 The hulling method and device of application file
CN108985015A (en) * 2018-06-29 2018-12-11 江苏通付盾信息安全技术有限公司 The hulling method and device of application file
CN109165048A (en) * 2018-10-11 2019-01-08 四川长虹电器股份有限公司 Quick start method after upgrading based on Android system
CN109214148A (en) * 2018-09-03 2019-01-15 平安普惠企业管理有限公司 A kind of dex file abstracting method, system and terminal device
CN109522719A (en) * 2018-11-29 2019-03-26 北京梆梆安全科技有限公司 Reinforcing detection method, device and the mobile terminal of application installation package
CN109635565A (en) * 2018-11-28 2019-04-16 江苏通付盾信息安全技术有限公司 The detection method of rogue program, calculates equipment and computer storage medium at device
CN109784057A (en) * 2019-01-04 2019-05-21 国家计算机网络与信息安全管理中心 Recognition methods, controller and medium are reinforced in Android application
CN111459822A (en) * 2020-04-01 2020-07-28 北京字节跳动网络技术有限公司 Method, device and equipment for extracting system component data and readable medium
CN112883374A (en) * 2021-02-02 2021-06-01 电子科技大学 General Android platform application program shelling method and system based on ART environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022130A (en) * 2016-05-20 2016-10-12 中国科学院信息工程研究所 Shelling method and device for reinforced application program
CN106203120A (en) * 2016-07-15 2016-12-07 北京邮电大学 A kind of multiple spot Hook reverse method for Android reinforcement application

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106022130A (en) * 2016-05-20 2016-10-12 中国科学院信息工程研究所 Shelling method and device for reinforced application program
CN106203120A (en) * 2016-07-15 2016-12-07 北京邮电大学 A kind of multiple spot Hook reverse method for Android reinforcement application

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108846280A (en) * 2018-06-29 2018-11-20 江苏通付盾信息安全技术有限公司 The hulling method and device of application file
CN108985015A (en) * 2018-06-29 2018-12-11 江苏通付盾信息安全技术有限公司 The hulling method and device of application file
CN108846280B (en) * 2018-06-29 2021-04-02 江苏通付盾信息安全技术有限公司 Application file shelling method and device
CN109214148A (en) * 2018-09-03 2019-01-15 平安普惠企业管理有限公司 A kind of dex file abstracting method, system and terminal device
CN109165048A (en) * 2018-10-11 2019-01-08 四川长虹电器股份有限公司 Quick start method after upgrading based on Android system
CN109635565A (en) * 2018-11-28 2019-04-16 江苏通付盾信息安全技术有限公司 The detection method of rogue program, calculates equipment and computer storage medium at device
CN109522719A (en) * 2018-11-29 2019-03-26 北京梆梆安全科技有限公司 Reinforcing detection method, device and the mobile terminal of application installation package
CN109784057A (en) * 2019-01-04 2019-05-21 国家计算机网络与信息安全管理中心 Recognition methods, controller and medium are reinforced in Android application
CN111459822A (en) * 2020-04-01 2020-07-28 北京字节跳动网络技术有限公司 Method, device and equipment for extracting system component data and readable medium
CN111459822B (en) * 2020-04-01 2023-10-03 抖音视界有限公司 Method, device, equipment and readable medium for extracting system component data
CN112883374A (en) * 2021-02-02 2021-06-01 电子科技大学 General Android platform application program shelling method and system based on ART environment
CN112883374B (en) * 2021-02-02 2022-07-01 电子科技大学 General Android platform application program shelling method and system based on ART environment

Similar Documents

Publication Publication Date Title
CN107742078A (en) A kind of automatic hulling method of general DEX and system
Wu et al. {FUZE}: Towards facilitating exploit generation for kernel {Use-After-Free} vulnerabilities
US7234167B2 (en) Automatic builder of detection and cleaning routines for computer viruses
CN102200911B (en) variable closure
Drewry et al. Flayer: Exposing Application Internals.
CN106022130A (en) Shelling method and device for reinforced application program
CN108681457A (en) The Android application program guard methods explained with residual code based on code sinking
CN110232262A (en) A kind of reinforcement means and system of Android application
EP2196934A1 (en) Method for securing java bytecode
CN109948308A (en) Code security guard method, device, electronic equipment and computer readable storage medium
CN103294951B (en) A kind of malicious code sample extracting method based on document type bug and system
CN105579955A (en) Application control flow models
CN108415821A (en) The generation method and device of test report
CN106326128B (en) The detection method and device of configuration file
CN106708704A (en) Method and device for classifying crash logs
CN106897197A (en) The De-weight method and device of error log
CN108090360A (en) The Android malicious application sorting technique and system of a kind of Behavior-based control feature
US20120117550A1 (en) Method, computer program and device for providing security for intermediate programming code for its execution by a virtual machine
Stiévenart et al. Static stack-preserving intra-procedural slicing of webassembly binaries
CN115062309A (en) Vulnerability mining method based on equipment firmware simulation under novel power system and storage medium
CN108763924A (en) Insincere third party library access right control method in a kind of Android application program
CN116522368A (en) Firmware decryption analysis method for Internet of things equipment, electronic equipment and medium
CN106940771A (en) Leak detection method and device based on file
CN115168847A (en) Application patch generation method and device, computer equipment and readable storage medium
CN106960138B (en) Virtual machine instruction verification method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180227