CN108259182B - Android application repacking detection method and device - Google Patents
Android application repacking detection method and device Download PDFInfo
- Publication number
- CN108259182B CN108259182B CN201810015873.8A CN201810015873A CN108259182B CN 108259182 B CN108259182 B CN 108259182B CN 201810015873 A CN201810015873 A CN 201810015873A CN 108259182 B CN108259182 B CN 108259182B
- Authority
- CN
- China
- Prior art keywords
- application
- authentication information
- random number
- code
- local code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 41
- 238000012857 repacking Methods 0.000 title claims description 7
- 238000000034 method Methods 0.000 claims description 28
- 230000005540 biological transmission Effects 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 6
- 238000011161 development Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000004806 packaging method and process Methods 0.000 abstract description 2
- 239000011230 binding agent Substances 0.000 description 4
- 238000009434 installation Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Virology (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an Android application repackaging detection method and device, which comprises the following steps: simulating and calling an API to acquire the credible authentication information by utilizing the interruption which cannot be hijacked at the application level in the application local code; after the authentication information is acquired from the application local code, the repackaging detection can be directly carried out in the application local code; the authentication information can also be transmitted to the upper layer code through a channel enhanced by using random numbers and encryption technology for repackaging detection; after the authentication information is transmitted by the local code by using the random number and the encryption technology, the upper layer code is applied to decrypt the acquired encrypted data to obtain decrypted authentication information and random number, and whether the transmitted data is replayed or not is judged by comparing the decrypted random number with the random number transmitted to the local code. The invention can enable the protected application to effectively resist the re-packaging behavior of bypassing the detection by utilizing API hijacking and replay.
Description
Technical Field
The invention relates to a repacking detection method and device, in particular to a repacking detection method and device for Android applications.
Background
Android applications face a serious repackaging threat. An attacker can unpack the published application by using a repackaging tool, add the code into the application, repackage the signature to generate the repackaged application and publish the repackaged application, so that the attacker pretends to be the original application and obtains benefits. In order to protect itself, some applications introduce code for detecting the repackaging, so that the application can detect the repackaged itself and prevent the application from running after the application is repackaged. Generally, these applications call the API to obtain some application-related authentication information as a basis for the application itself to detect whether to be repackaged. It is common to call an API such as getheadageinfo () to obtain an application signature and then use the signature to detect whether the application is repackaged.
But existing such re-packing detection methods can be bypassed. An attacker can introduce codes into the re-packaged application to hijack the API called by the application before the application calls the API to acquire information required by detection, and then replay information returned by the API when the application is not re-packaged to bypass the re-packaging detection of the application. If hijacking getPackageInfo (), when calling the API to acquire the application signature for detecting the repackaging, the original signature of the application is replayed, and the repackaging detection of the application is bypassed.
Disclosure of Invention
In view of the foregoing problems, an object of the present invention is to provide a method and an apparatus for detecting repackaging of Android applications, which can effectively resist the repackaging behavior of using API hijacking and replay bypass detection.
In order to achieve the purpose, the invention adopts the following technical scheme: an Android application repacking detection method is characterized by comprising the following steps: 1) simulating the process of calling an API to acquire authentication information to acquire credible authentication information of the application by using the interruption which cannot be hijacked at the application level in the application local code, and then entering the step 2) or the step 3) to detect in the application local code or in the application upper layer code; 2) after the authentication information is acquired from the application local code, the repackaging detection is directly carried out in the application local code; 3) after the authentication information is acquired from the application local code, the authentication information is transmitted to an application upper layer code in a random number and encryption mode; 4) and the application upper layer code decrypts the acquired encrypted data to obtain decrypted authentication information and a random number, judges whether the transmitted data is replayed or not by comparing the decrypted random number with the random number transmitted to the application local code, and finally judges whether the application is repackaged or not by the data which is not replayed.
Further, in the step 2), the detection process is as follows: and comparing the acquired authentication information with the authentication information provided by the application developer which is stored in advance, wherein if the acquired authentication information is the same as the authentication information provided by the developer, the application is not repackaged, and otherwise, the application is repackaged.
Further, in the step 3), the process of transmitting the authentication information by using the random number and the encryption method is as follows: 3.1) in the development process or after the development is completed, the application upper layer code generates a random number according to the selected random source, and then transmits the random number to the application local code; and 3.2) after the application local code obtains the credible authentication information of the application, encrypting the authentication information and the random number together to generate data and transmitting the data to the application upper layer code.
Further, in the step 3.1), an element which is related to the specific application main logic and has higher randomness or an element which is internally provided with higher randomness is adopted as a random source for generating random numbers.
Further, in the step 4), it is determined whether the transmitted data is replayed, where r is a random number transmitted by the application upper layer code to the application local code, r 'is a decrypted random number, s is application trusted authentication information obtained by the application local code, and s' is decrypted authentication information: if r ' is equal to r ', the data is not replayed, namely s ' is equal to s ', and the application is judged whether to be repackaged or not by using s '; if r ≠ r', it indicates that the data transmitted between the application upper layer code and the application native code has been replayed, i.e. the application has been repackaged.
Further, the method for judging whether the application is repackaged by using s' comprises the following steps: and comparing whether the decrypted authentication information s ' is the same as the authentication information Sig of the application developer stored in advance, if s ' ≠ Sig, the application is not repackaged, and if s ' ≠ Sig, the application is repackaged.
The utility model provides an Android application repackages detection device which characterized in that: the device comprises an authentication information acquisition module, an authentication information detection module, an authentication information transmission module and a random number verification module; the authentication information acquisition module is used for simulating and calling the process of acquiring the authentication information by the API to acquire the credible authentication information of the application by utilizing the interruption which cannot be hijacked at the application layer in the application local code; the authentication information transmission module is used for transmitting application credible authentication information between the application upper layer code and the local code by using a random number and an encryption mode; the random number checking module is used for judging whether the data transmitted from the application local code acquired by the authentication information transmission module is replayed or not according to the random number; the authentication information detection module is used for judging whether the application is repackaged according to the credible authentication information of the application.
Due to the adoption of the technical scheme, the invention has the following advantages: 1. the invention utilizes the interrupt mechanism, the encryption technology and the random number to enhance the safety of obtaining the application authentication information by the application repackaging detection code, so that the application can effectively resist the repackaging behavior of utilizing API hijacking and replay bypass detection. 2. The invention adopts the element which is specifically related to the application main logic and has higher randomness or the element which is internally applied and has higher randomness as the random source for generating the random number, can prevent an attacker from hijacking the API for acquiring the random source, and plays back the fixed random source so as to ensure that the generated random number is predictable.
Drawings
FIG. 1 is a schematic view of the overall structure of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and examples.
As shown in fig. 1, the invention provides a repackaging detection method for Android applications, which includes the following steps:
1) the method comprises the steps that an interruption which cannot be hijacked at an application level is utilized in an application local code, namely the interruption is directly initiated through an ARM SWI instruction, after the process of obtaining the authentication information by simulating and calling the API obtains the credible authentication information s of the application, the step 2) or the step 3) is carried out to detect in the application local code or in the application upper layer code.
The application credible authentication information s is an application signature or an application installation file check value and the like. When using an application signature as authentication information, the present invention simulates the process of an application calling getPackageInfo () to obtain the application signature from the system Service Package Manager Service, also known as PMS, that manages the application Package. When the verification value of the installation file is used as authentication information, the method simulates the process of calculating the verification value by calling fopen () to open the original application installation file stored by the system. Without loss of generality, the application signature is taken as an example in the embodiment.
If the application signature is adopted as the authentication information, simulating the process that the application construction binder calls API ioctl () to communicate with the PMS to acquire the signature so as to acquire the application signature. The specific process comprises the following steps:
1.1) constructing a binder data structure for acquiring an application signature;
1.2) generating interruption through an ARM SWI instruction and sending the binder data structure to the PMS;
1.3) extracting a credible application signature from a binder data structure returned by the PMS to serve as authentication information.
2) After the authentication information s is acquired from the application local code, repackaging detection can be directly carried out in the application local code;
the specific detection process is as follows: and comparing the acquired authentication information s with pre-stored authentication information sig provided by an application developer, wherein if the acquired authentication information s is the same as the authentication information sig provided by the developer, the application is not repackaged, and otherwise, the application is repackaged.
3) The main logic implementation of most applications is to apply the upper layer code, the application may need to transmit the authentication information to the application upper layer code, after acquiring the authentication information s from the application local code, the authentication information s is transmitted to the application upper layer code through a random number and encryption mode, and the random number and encryption mode are used to enhance the channel for transmitting the authentication information between the application local code and the application upper layer code, so that the detection bypass behavior of data between the local code and the application upper layer code during hijacking and replaying normal operation of the application can be resisted, namely replay attack can be resisted;
the process of transmitting the authentication information by using the random number and the encryption mode is as follows:
3.1) the application upper layer code generates a random number r which is difficult to predict according to the selected random source rs, and then transmits the random number r to the application local code;
and 3.2) after the application local code obtains the credible authentication information s of the application, encrypting the authentication information s and the random number r together to generate data E (r + s) and transmitting the data E to the application upper layer code.
4) The application upper layer code is used for decrypting the acquired encrypted data to obtain decrypted authentication information s ' and a random number r ', whether the transmitted data are replayed or not can be judged by comparing the decrypted random number r ' with the random number r transmitted to the application local code, and whether the application is repackaged or not is judged by the data which are not replayed;
if r 'is r', it means that the data is not reproduced, i.e. s 'is s', and the decrypted authentication information s 'is used to determine whether the application is repackaged, i.e. to compare whether the decrypted authentication information s' is the same as the pre-stored authentication information Sig of the application developer. If s' ≠ Sig, the application is not repackaged, which indicates that the application has been repackaged. For example, when the application uses the application signature for repackaging detection, s' is the current application signature, Sig is the signature of the application developer, if the current application signature is equal to the application developer signature, it indicates that the application is not repackaged, and if not, it indicates that the application is repackaged. The detection method is similar when the application uses other authentication information such as a file check value;
if r ≠ r', it indicates that the data transmitted between the application upper layer code and the application native code has been replayed, i.e. the application has been repackaged.
In the step 3.1), the element which is related to the specific application main logic and has higher randomness or the element which is internally provided with higher randomness is used as a random source for generating random numbers, so that codes introduced by an attacker in the repackaged application cannot control the random source to generate the same random numbers. The high randomness is that the number of possible values of the element is not less than 10000, and the value of the random number generated in the runtime is difficult to predict by an attacker. For example, for a mapping application, the element that is relevant to its main logic, the user's location, may be selected as a random source. For applications that do not use the above elements, the coordinates of the elements inherent to the application, such as user screen clicks, may be used as a random source. When applications use these random sources, if an attacker hijacks the replay of these random sources, it can cause the repackaged application to run incorrectly, making repackaging meaningless.
In summary, the reason why the present invention can resist replay attack is that (1) in the process of obtaining the application authentication information, the present invention uses the interruption simulation application which cannot be hijacked in the application layer to call the API process in the local code to obtain the credible authentication information; (2) in the process of transmitting the application authentication information in the channel between the untrusted local code and the upper layer code, the invention introduces an encryption mode and a random number to enhance the safety of the channel. The invention binds the random number and the user authentication information by utilizing encryption, so that an attacker cannot directly modify the random number or the user authentication information in the data and can only replay the whole data. The random number in the data transmission is generated by a random source which has high randomness and cannot be replayed, so the random number also has high randomness, namely, an attacker is different from the random number generated in the application operation after repackaging by observing that the random number in the encrypted data transmitted by the application operation in normal operation is different from the random number generated in the application operation. If an attacker replays the encrypted data of the application in normal operation during the operation of the re-packaged application to bypass detection, the random number in the encrypted data is different from the random number transmitted to the application local code, and the attacker can be detected by the random number verification module. Therefore, the invention introduces the data transmission channel with random number and encryption mode to effectively resist replay attack. If the strength of the replay attack resistance is further enhanced, the authentication information and the random number can be encoded and then encrypted.
The invention also provides an Android application repackaging detection device which comprises an authentication information acquisition module, an authentication information detection module, an authentication information transmission module and a random number verification module. Wherein:
the authentication information acquisition module is used for simulating and calling the process of acquiring the authentication information by the API to acquire credible authentication information s by utilizing the interruption which cannot be hijacked at the application layer in the application local code;
the authentication information transmission module is used for transmitting credible authentication information between the application upper layer code and the local code by using a random number and an encryption mode;
the random number checking module is used for judging whether the data transmitted from the application local code acquired by the authentication information transmission module is replayed or not according to the random number;
the authentication information detection module is used for judging whether the application is repackaged according to the credible authentication information of the application.
The above embodiments are only for illustrating the present invention, and the steps may be changed, and on the basis of the technical solution of the present invention, the modification and equivalent changes of the individual components according to the principle of the present invention should not be excluded from the scope of the present invention.
Claims (7)
1. An Android application repacking detection method is characterized by comprising the following steps:
1) simulating the process of calling an API to acquire authentication information to acquire credible authentication information of the application by using the interruption which cannot be hijacked at the application level in the application local code, and then entering the step 2) or the step 3) to detect in the application local code or in the application upper layer code;
2) after the authentication information is acquired from the application local code, the repackaging detection is directly carried out in the application local code;
3) after the authentication information is acquired from the application local code, the authentication information is transmitted to an application upper layer code in a random number and encryption mode;
4) and the application upper layer code decrypts the acquired encrypted data to obtain decrypted authentication information and a random number, judges whether the transmitted data is replayed or not by comparing the decrypted random number with the random number transmitted to the application local code, and finally judges whether the application is repackaged or not by the data which is not replayed.
2. The Android application repackaging detection method of claim 1, characterized in that: in the step 2), the detection process is as follows: and comparing the acquired authentication information with the authentication information provided by the application developer which is stored in advance, wherein if the acquired authentication information is the same as the authentication information provided by the developer, the application is not repackaged, and otherwise, the application is repackaged.
3. The Android application repackaging detection method of claim 1, characterized in that: in the step 3), the process of transmitting the authentication information by using the random number and the encryption mode is as follows:
3.1) in the development process or after the development is completed, the application upper layer code generates a random number according to the selected random source, and then transmits the random number to the application local code;
and 3.2) after the application local code obtains the credible authentication information of the application, encrypting the authentication information and the random number together to generate data and transmitting the data to the application upper layer code.
4. The Android application repackaging detection method of claim 3, wherein: in the step 3.1), an element which is related to the specific application main logic and has higher randomness or an internal element with higher randomness is adopted as a random source for generating random numbers; the high randomness means that the number of possible values of the element is not less than 10000, and the value of the random number generated in the runtime is difficult to predict by an attacker.
5. The Android application repackaging detection method of claim 1, characterized in that: in the step 4), a process of judging whether the transmitted data is replayed is as follows, where r is a random number transmitted by the application upper layer code to the application local code, r 'is a decrypted random number, s is application credible authentication information acquired by the application local code, and s' is decrypted authentication information:
if r ' is equal to r ', the data is not replayed, namely s ' is equal to s ', and the application is judged whether to be repackaged or not by using s ';
if r ≠ r', it indicates that the data transmitted between the application upper layer code and the application native code has been replayed, i.e. the application has been repackaged.
6. The Android application repackaging detection method of claim 5, wherein: the method for judging whether the application is repackaged by utilizing the s' comprises the following steps: and comparing whether the decrypted authentication information s ' is the same as the authentication information Sig of the application developer stored in advance, if s ' ≠ Sig, the application is not repackaged, and if s ' ≠ Sig, the application is repackaged.
7. The utility model provides an Android application repackages detection device which characterized in that: the device comprises an authentication information acquisition module, an authentication information detection module, an authentication information transmission module and a random number verification module;
the authentication information acquisition module is used for simulating and calling the process of acquiring the authentication information by the API to acquire the credible authentication information of the application by utilizing the interruption which cannot be hijacked at the application layer in the application local code;
the authentication information transmission module is used for transmitting application credible authentication information between the application upper layer code and the local code by using a random number and an encryption mode;
the random number checking module is used for judging whether the data transmitted from the application local code acquired by the authentication information transmission module is replayed or not according to the random number;
the authentication information detection module is used for judging whether the application is repackaged according to the credible authentication information of the application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810015873.8A CN108259182B (en) | 2018-01-08 | 2018-01-08 | Android application repacking detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810015873.8A CN108259182B (en) | 2018-01-08 | 2018-01-08 | Android application repacking detection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108259182A CN108259182A (en) | 2018-07-06 |
| CN108259182B true CN108259182B (en) | 2021-01-05 |
Family
ID=62726101
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810015873.8A Active CN108259182B (en) | 2018-01-08 | 2018-01-08 | Android application repacking detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108259182B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111464482B (en) * | 2019-01-18 | 2022-11-08 | 中兴通讯股份有限公司 | Authentication processing method, authentication processing device, storage medium, and electronic device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8756432B1 (en) * | 2012-05-22 | 2014-06-17 | Symantec Corporation | Systems and methods for detecting malicious digitally-signed applications |
| KR101498820B1 (en) * | 2013-11-06 | 2015-03-05 | 순천향대학교 산학협력단 | Method for Detecting Application Repackaging in Android |
| CN104598823A (en) * | 2015-01-21 | 2015-05-06 | 华东师范大学 | Kernel level rootkit detection method and system in Andriod system |
| CN105956456A (en) * | 2016-04-26 | 2016-09-21 | 南京邮电大学 | Realization method for performing quadruple shared signature verification on Android system |
| CN106203120A (en) * | 2016-07-15 | 2016-12-07 | 北京邮电大学 | A kind of multiple spot Hook reverse method for Android reinforcement application |
| CN107180170A (en) * | 2017-05-09 | 2017-09-19 | 深圳海云安网络安全技术有限公司 | A kind of Android APP are without shell reinforcement means |
-
2018
- 2018-01-08 CN CN201810015873.8A patent/CN108259182B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8756432B1 (en) * | 2012-05-22 | 2014-06-17 | Symantec Corporation | Systems and methods for detecting malicious digitally-signed applications |
| KR101498820B1 (en) * | 2013-11-06 | 2015-03-05 | 순천향대학교 산학협력단 | Method for Detecting Application Repackaging in Android |
| CN104598823A (en) * | 2015-01-21 | 2015-05-06 | 华东师范大学 | Kernel level rootkit detection method and system in Andriod system |
| CN105956456A (en) * | 2016-04-26 | 2016-09-21 | 南京邮电大学 | Realization method for performing quadruple shared signature verification on Android system |
| CN106203120A (en) * | 2016-07-15 | 2016-12-07 | 北京邮电大学 | A kind of multiple spot Hook reverse method for Android reinforcement application |
| CN107180170A (en) * | 2017-05-09 | 2017-09-19 | 深圳海云安网络安全技术有限公司 | A kind of Android APP are without shell reinforcement means |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108259182A (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101350390B1 (en) | A apparatus for code obfuscation and method thereof | |
| KR101067399B1 (en) | Saving and retrieving data based on symmetric key encryption | |
| US8332823B2 (en) | Application program verification system, application program verification method and computer program | |
| CN102576391B (en) | Software license embedded in shell code | |
| Sivakumaran et al. | A Study of the Feasibility of Co-located App Attacks against {BLE} and a {Large-Scale} Analysis of the Current {Application-Layer} Security Landscape | |
| JP2004005595A (en) | Storage and retrieval of data based on public key coding | |
| CN109960903A (en) | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced | |
| CN110276198B (en) | Embedded variable granularity control flow verification method and system based on probability prediction | |
| CN111200589A (en) | Data protection method and system for alliance chain | |
| CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| CN106055936A (en) | Method and device for encryption/decryption of executable program data package | |
| CN113722683B (en) | Model protection method, device, equipment, system and storage medium | |
| CN110851800B (en) | Code protection method, device, system and readable storage medium | |
| Wang et al. | Leakdoctor: Toward automatically diagnosing privacy leaks in mobile applications | |
| JP4295684B2 (en) | Program production device | |
| JP4664055B2 (en) | Program dividing device, program executing device, program dividing method, and program executing method | |
| CN111159658B (en) | Byte code processing method, system, device, computer equipment and storage medium | |
| CN112613037A (en) | Code checking method and device | |
| Cho et al. | DexMonitor: dynamically analyzing and monitoring obfuscated Android applications | |
| CN110245464B (en) | Method and device for protecting file | |
| CN108259182B (en) | Android application repacking detection method and device | |
| CN110555303A (en) | Method and device for preventing machine script from being maliciously accessed | |
| EP2873023B1 (en) | Technique for determining a malign or non-malign behavior of an executable file | |
| CN113114681B (en) | Test message processing method, device, computer system and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |