CN108733379A - The Android application reinforcement means that mapping is obscured is detached based on DEX bytecodes - Google Patents
The Android application reinforcement means that mapping is obscured is detached based on DEX bytecodes Download PDFInfo
- Publication number
- CN108733379A CN108733379A CN201810521841.5A CN201810521841A CN108733379A CN 108733379 A CN108733379 A CN 108733379A CN 201810521841 A CN201810521841 A CN 201810521841A CN 108733379 A CN108733379 A CN 108733379A
- Authority
- CN
- China
- Prior art keywords
- mapping
- dex
- code
- android application
- obscured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a kind of Android application reinforcement means for being detached based on DEX bytecodes and mapping and obscuring, including:Code_item codes to be obscured are extracted from the former DEX file that Android application APK programs obtain, and code_item is subjected to mapping and is obscured;Mapping is explained that the compilation of source code of performing environment obtains the shared object library that performing environment is explained in mapping(SO)Executable file;DEX bytecodes are decompiled into Java source codes, and adds mapping and explains that the Java entry methods of performing environment to former Java method substitute and obscures, is compiled into and new obscures DEX file;In APK alternative document, obscure DEX file and mapping explains that the SO executable files of performing environment sign be packaged into a new reinforcing Android application APK program together.It in the case where not influencing to run expense, not only greatly improves and obscures intensity, but also can effectively resist various conversed analysis attacks, there is very strong attack resistance elasticity.
Description
Technical field
The present invention relates to a kind of Android application method for reinforcing and protecting, are detached and are reflected based on DEX bytecodes more particularly to one kind
Penetrate the Android application reinforcement means obscured.
Background technology
In mobile interchange Network Communication, Android system has obtained extensive application exploit person due to its opening and free feature
The support of member, various Android applications emerge one after another, and rich experience is brought to mobile terminal user.However, due to Android application
It is mainly developed by Java language, and is compiled into Dalvik or the ART (Android that DEX bytecodes operate in Android system
Runtime) in virtual machine environment, attacker is realized by conversed analysis DEX and cracks, distorts, links up with to what Android was applied
(Hook) and packet is beaten again, causes the safety problems such as piracy, code injection and the private information disclosure of Android application.Country in 2016
(CNCERT/CC) is exchanged by independently capturing with manufacturer during internet is emergent, finds mobile Internet rogue program quantity nearly 205
Ten thousand, 39.0% was increased than 2015, and mainly for Android platform.It is moved according to logical 2017 years for paying the publication of shield science and technology
Dynamic to be reported using security postures, counterfeit Android application scale rises to 2.8 ten thousand in 2017 from 2.3 ten thousand, increases by 21.74%, these
Malicious code built in counterfeit software, and by advertisement, maliciously deduct fees with privacy information steal etc. in a manner of damage user benefit.Cause
How this, prevent Android using illegally being cracked, injecting the malicious codes such as wooden horse, charging, advertisement, protect privacy information, safeguard
User's right realizes the security hardening protection of Android application software, becomes the hot spot of software security research.
Currently, the security hardening for Android application has been achieved for some achievements in research, including reflex mechanism, dynamic add
Reinforcement techniques and the methods such as load, encryption, the execution of Native codes, shell adding and Code obfuscation, eliminate reverse point to a certain extent
Analyse the threat brought.But with memory extraction, dynamic shelling, stain analysis and the appearance of the conversed analysis technology such as semiology analysis and
Fast development, traditional reinforcement means can no longer meet demand.
Invention content
In order to solve the above-mentioned technical problem, purpose of the present invention is to:It provides and a kind of mapping is detached based on DEX bytecodes obscure
Android application reinforcement means, Java layers of DEX bytecodes are detached and obscure DEX bytecodes with map construction, and are encapsulated into
In Native layer, performing environment is explained by Native layers of DEX mappings, execution is explained to obscuring DEX bytecodes, it is ensured that
The correctness of Android application operation logic after obscuring.The method of the present invention is not in the case where influencing to run expense, not only significantly
Intensity is obscured in raising, and can effectively resist various conversed analysis attacks, has very strong attack resistance elasticity.
The technical scheme is that:
It is a kind of to detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, include the following steps:
S01:It unzips it Android application APK programs to obtain former DEX file;
S02:Code_item codes to be obscured are extracted from former DEX file, and will according to operation code mapping table
Code_item carries out mapping and obscures processing;
S03:Table information in the former DEX file of extraction, together with the code_item codes and mapping interpreter source code obscured
It is placed in the source code of mapping explanation performing environment, mapping is explained that the compilation of source code of performing environment obtains mapping and explains execution
Shared object library (SO) executable file of environment;
S04:DEX bytecodes in being applied Android by reverse-engineering decompile into Java source codes, and add mapping solution
It releases the Java entry methods of performing environment and former Java method substitute and obscure, the mixed of source code Cheng Xin is obscured in compiling Android application
Confuse DEX file;
S05:Execution is explained in newly-generated the obscuring DEX file and map of alternative document in former Android application APK, compiling
The SO executable files of environment are signed together is packaged into a new reinforcing Android application APK program.
In preferred technical solution, opaque bytecode is constructed when obscuring processing in the step S02, it will be mixed after mapping
Confuse code_item codes and DEX tables information generate code_item and DEX table information indexs respectively after be encapsulated into Native together
In the SO of layer.
In preferred technical solution, in the step S03, according to operation code mapping table and Dalvik bytecodes standard at this
Mapping interpreter is realized on stratum, and mapping interpreter is encapsulated into after SO and code_item and DEX tables information index generates together
Performing environment is explained in DEX mappings.
Combine variable element pass through mechanism, Indexing Mechanism and Java local in preferred technical solution, in the step S04
Mapping is arranged in Java layers of DEX and explains performing environment entrance for interface (JNI) mechanism, completes to obscuring code_item codes
Mapping explanation execute calling.
In preferred technical solution, the table information in the DEX file, including character string identification symbol table, field specifier
Table and method identifier list.
In preferred technical solution, when encapsulating DEX table information, retains its original index value, explain code_item's
When instruction operation code, the original index value that chained list finds DEX table information is indexed by poll, is obtained by the original index value
DEX table information.
Compared with prior art, it is an advantage of the invention that:
The method of the present invention is not only effectively obscured Android application DEX bytecodes, is resisted various conversed analysis and is utilized,
Realize the security hardening protection of Android application.And the Android application operation logic after obscuring keeps correct, the Android system of operation
System environment remains unchanged.
(1) opaque DEX bytecodes are constructed using detaching mapping obfuscation, and by DEX bytecodes information from DEX file
In detach into SO files, allow them to resist Java layers and Native layer of various sound state conversed analysis and attack, realization
DEX bytecodes effectively obscure protection.
(2) it is mapped by DEX and explains that performing environment provides a kind of DEX bytecodes for explaining execution based on Native layers of mapping
Indirectly execute method, and using variable element pass through mechanism, Indexing Mechanism and JNI mechanism realize DEX bytecodes obscure after just
Really operation so that Android application is not necessarily to change the running environment of Android system after reinforcing, to ensure that the independence of Android application
Property and versatility.
(3) obscure DEX bytecodes and directly explain execution by mapping interpreter, will obscure without passing through bytecode mapping table
DEX bytecodes are reduced into original DEX bytecodes, avoid the new safety problem caused by guard byte code mapping table.
Description of the drawings
The invention will be further described with reference to the accompanying drawings and embodiments:
Fig. 1 is that the present invention is based on the flow charts that DEX bytecodes detach the Android application reinforcement means that mapping is obscured;
Fig. 2 is that operation code maps process of obfuscation schematic diagram;
Fig. 3 is code_item chain table index schematic diagrames;
Fig. 4 is that character string identification accords with table information index;
Fig. 5 is that performing environment entrance schematic diagram is explained in mapping;
Fig. 6 is that performing environment schematic diagram is explained in mapping.
Specific implementation mode
In order to make the objectives, technical solutions and advantages of the present invention clearer, With reference to embodiment and join
According to attached drawing, the present invention is described in more detail.It should be understood that these descriptions are merely illustrative, and it is not intended to limit this hair
Bright range.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid this is unnecessarily obscured
The concept of invention.
Embodiment:
As shown in Figure 1, a kind of detaching the Android application reinforcement means that mapping is obscured based on DEX bytecodes, this method includes
DEX detaches mapping and obscures and map explanation execution, specifically includes following steps:
S01:It unzips it Android application APK programs to obtain former DEX file;
S02:Code_item codes to be obscured are extracted from former DEX file, and will according to operation code mapping table
Code_item carries out mapping and obscures processing;Code_item is the content in Android dex file formats.
S03:Table information in the former DEX file of extraction, together with the code_item codes and mapping interpreter source code obscured
It is placed in the source code of mapping explanation performing environment, mapping is explained that the compilation of source code of performing environment obtains mapping and explains execution
Shared object library (Shared Object, SO) executable file of environment;
S04:DEX bytecodes in being applied Android by reverse-engineering decompile into Java source codes, and add mapping solution
It releases the Java entry methods of performing environment and former Java method substitute and obscure, the mixed of source code Cheng Xin is obscured in compiling Android application
Confuse DEX file;
S05:Execution is explained in newly-generated the obscuring DEX file and map of alternative document in former Android application APK, compiling
The SO executable files of environment are signed together is packaged into a new reinforcing Android application APK program.
It is detached during mapping obscures in DEX, the code_item codes of DEX and DEX table information carry out in being applied first to Android
Detach processing, secondly according to operation code mapping table to pull out come code_item codes carry out mapping obscure construct it is opaque
Bytecode, and using Android Nativeization characteristic by after mapping obscure code_item codes and DEX tables information generates respectively
It is encapsulated into together after code_item and DEX table information indexs in the SO (Shared Object) of local layer (Native layers).
In Android application, Android Java method is compiled in the code_item of DEX file.Therefore, first in DEX
Code_item codes are found, and it is pulled out to come from DEX.For example, an arithmetical operation Android Java method, source generation
Code is as follows.
Code_item codes after the above Android Java method compiling in DEX are as follows.
Wherein, 0x04000200000000000B9529000500000092000202900103000F01 is Android Java
The corresponding code_item codes of method test1.Wherein, 0x92000202900103000F01 is the insns words of code_item
Code (data in frame) is saved, it corresponds to the c=a*a of test1 methods, b+c operational orders and return return instructions.
Then, the opcode information according to Dalvik bytecode grammers in code_item in its determining instruction stream, and according to
It is secondary that each operation code is substituted for new operation code according to operation code mapping table.By taking the bytecode of test1 methods as an example, operation
Code mapping process of obfuscation is as shown in Figure 2.
In fig. 2, it includes 3 instructions to analyze the bytecode first, and operation code is respectively 0x92,0x90 and 0x0F.Root
According to the operation code mapping table of Fig. 2, become 0x17,0x2C and 0x76 respectively after operation code mapping.After mapping is obscured, code_item
Insns bytecodes be 0x170002022C0103007601, as follows.
As can be seen that the operation code mapping of code_item ensure that the code_item applied even if Android is parsed out
When, it is also difficult to inversely go out its original code_item code.It will detach and carry out the code_item generations after operation code mapping is obscured
Code one code_item chain table index of composition, format are as shown in Figure 3.
In figure 3, each code_item corresponds to a chain table index value (index).Then it is compiled by C/C++ programs
Code_item indexes are encapsulated into SO.Code_item codes after obscuring are executed explains execution ring by Native layers of mapping
It completes in border.To improve the code_item codes after obscuring in Native layers of explanation execution efficiency, code_item codes are used
The DEX table information arrived, including character string identification symbol table (string_ids_item), field specifier table (field_ids_
Item) and the corresponding DEX tables information index of the composition such as method identifier list (method_ids_item), then and obscure
Code_item codes are equally encapsulated into SO.For example, character string identification symbol table information index format is as shown in Figure 4.
From fig. 4, it can be seen that after character string identification symbol table Information encapsulation to SO files, in former character string identification symbol table letter
The chain table index value (index) that the index value (string_id) of breath corresponds in SO files can change.Therefore, it is encapsulating
When DEX tables information (such as string_ids_item), while its original index value (such as string_ids) can be retained.In this way, working as
When explaining the instruction operation code of code_item, the original index value that chained list finds DEX table information can be indexed by poll.Then,
DEX table information is obtained by the original index value.For example, when executing the const-string instruction operation codes of code_item,
The reference specified in character string identification symbol table is put into specified register by it, is at this moment instructed and is operated according to const-string
The string_id values of code find the string_id_item items of identical string_id values in Fig. 4 index chained lists, are then back to this
The string values of item.After the interpreted environment variation for ensuring that DEX bytecodes in this way, still can correctly it be effectively carried out.
In DEX maps and explains execution, first according to operation code mapping table and Dalvik bytecodes standard at Native layers
Realize mapping interpreter.Then, mapping interpreter is encapsulated into after SO and code_item and DEX tables information index generates together
Performing environment is explained in DEX mappings.Finally, in conjunction with variable element pass through mechanism, Indexing Mechanism and JNI (Java Native
Interface, Java local interface) mechanism be arranged in Java layers of DEX mapping explain performing environment entrance, complete to obscuring
The mapping explanation of code_item codes executes calling.
For ensure DEX bytecodes be pulled out mapping after its obscure code_item codes can be by correctly at Native layers
Middle execution needs in Java layers the code_item codes of obscuring that setting detaches mapping to execute entrance, and referred to as mapping, which is explained, executes
Ambient inlet.It includes that performing environment entry method is explained in Java method parameter, code_item index values and mapping, such as Fig. 5 institutes
Show.
From fig. 5, it can be seen that after Android application DEX bytecodes are obscured, the code_item codes of DEX are modified to original
Performing environment entry method, the entry method are explained in the mapping that beginning Java method parameter and a code_item index value call
Internal combustion variable element pass through mechanism, Indexing Mechanism and JNI mechanism call Native layers of mapping to explain performing environment.It is setting
When posting port method, an ObfCodeItemEntry class is defined first, it is the Java layer entrances that performing environment is explained in mapping
Class.ObfCodeItemEntry defines different entry methods, such as according to the different return types of Java method
ObfCodeItemEntry.cInt and ObfCodeItemEntry.cFloat etc..The parameter of these entry methods is variable ginseng
Number, and be all Native attributes, illustrate that it calls the mapping of Native layers of realization to explain performing environment by JNI.In the side test1
In method, parameter is two int type variables a and b, return type int.Therefore, in inlet porting method, according to return
Int types define its entry method and are set to cInt methods, i.e. ObfCodeItemEntry.cInt, the following institute of entry method code
Show.
In the above code, when calling ObfCodeItemEntry.cInt methods, using object array Object [] as can
Variable element, value are respectively new Integer (a), new Integer (b), Integer.valueOf (0).Wherein, the first two
Parameter a and b are the parameters of test1 methods, and the 3rd parameter 0 is the index value of code_item.For the ease of the transmission of parameter, this
A little parameters are uniformly packaged into java class type.
After the setting of performing environment entrance is explained in mapping, the code_item codes of DEX become entry method in Android application
Corresponding code_item codes, as follows.
There it can be seen that when carrying out conversed analysis to Android application, original code_item codes, which are pulled out, to be reflected
It penetrates and obscures, and original code_item codes will not be loaded dynamically in the ART running environment of Android system when being executed.This
Outside, the code_item codes of DEX no longer include any execution logic of former Java method during Android is applied, so it is difficult to it
Carry out effective conversed analysis.
When above-mentioned code_item codes are called, can by ObfCodeItemEntry.cInt by JNI from Java
The mapping that layer calls in Native layers explains that performing environment, its containment mapping interpreter obscure code_item codes and DEX information
Table, as shown in Figure 6.Wherein, mapping interpreter is one according to the mixed of operation code mapping table and Dalvik operation code standard implementations
Confuse code_item code interpretative devices.
From fig. 6, it can be seen that the DEX bytecodes not being confused in Android application, explain and execute through Android ART void
Quasi- machine is completed.The explanation that code_item codes are obscured in Android application executes and will explain that performing environment is completed by mapping, at this moment reflects
Radiolysis is released performing environment and is obtained in Native layers in code_item and DEX table information indexs according to Java layers of incoming index value
It is corresponding to obscure code_item codes and DEX table information, then mapping interpreter is further called to explain execution to it.
Call Android system method etc. to execute logic if obscuring and existing in code_item codes, will by JNIEnv interfaces and ART into
Row interaction.
In above code, MapInterprExeEnvirInt () function is the entrance sides ObfCodeItemEntry.cInt
The mapping that method corresponds to Native layers explains that performing environment is realized, object_array parameters receive
The parameter value { a, b, 0 } of ObfCodeItemEntry.cInt methods.The code_item indexes received according to object_array
Value 0, MapInterprExeEnvirInt () is by calling GetCodetItem () function to be found in code_item indexes
Java method is corresponding to obscure code_item codes.Then, the Java method parameter value { a, b } received with object_array
With code_item codes are obscured interpreter function MappingInterpreter () is mapped as parameter call.According to ART's
Explain that implementation principle, ART interpreters provide two kinds of realization methods of Goto and Switch.The mapping interpreter of this paper uses Switch
Mode, which is explained, executes map operation code, i.e., case values and its corresponding explanation implementation procedure is arranged according to operation code mapping table.
According to the mapping relations of operation code, the corresponding processing procedures of case values 0x2C are that 0x90 is instructed in Dalvik bytecodes
Type is the processing procedure of ADD_INT.The mapping realized according to operation code mapping relations explains that performing environment ensure that in Java
The code_item codes of method are pulled out after mapping obscures, and this method remains able to be properly interpreted execution.
It should be understood that the above-mentioned specific implementation mode of the present invention is used only for exemplary illustration or explains the present invention's
Principle, but not to limit the present invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention
Covering the whole variations fallen into attached claim scope and boundary or this range and the equivalent form on boundary and is repairing
Change example.
Claims (6)
1. a kind of detaching the Android application reinforcement means that mapping is obscured based on DEX bytecodes, which is characterized in that including following step
Suddenly:
S01:It unzips it Android application APK programs to obtain former DEX file;
S02:Extract code_item codes to be obscured from former DEX file, and according to operation code mapping table by code_
Item carries out mapping and obscures processing;
S03:Table information in the former DEX file of extraction is placed on together with the code_item codes and mapping interpreter source code obscured
Mapping is explained in the source code of performing environment, and mapping is explained that the compilation of source code of performing environment obtains mapping and explains performing environment
Shared object library(SO)Executable file;
S04:DEX bytecodes in being applied Android by reverse-engineering decompile into Java source codes, and add mapping explanation and hold
The Java entry methods of row environment, which to former Java method substitute, to be obscured, and obscuring for source code Cheng Xin is obscured in compiling Android application
DEX file;
S05:Performing environment is explained in newly-generated the obscuring DEX file and map of alternative document in former Android application APK, compiling
SO executable files sign be packaged into a new reinforcing Android application APK program together.
2. according to claim 1 detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, feature exists
In constructing opaque bytecode when obscuring processing in the step S02, code_item codes and DEX tables will be obscured after mapping
Information is encapsulated into after generating code_item and DEX table information indexs respectively in Native layers of SO together.
3. according to claim 1 detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, feature exists
In, in the step S03, mapping interpreter is realized in local layer according to operation code mapping table and Dalvik bytecodes standard,
Mapping interpreter is encapsulated into after SO and code_item and DEX tables information index generates DEX mappings and explains performing environment together.
4. according to claim 1 detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, feature exists
In in conjunction with variable element pass through mechanism, Indexing Mechanism and Java local interfaces in the step S04(JNI)Mechanism is at Java layers
DEX in setting mapping explain performing environment entrance, complete to obscure code_item codes mapping explain executing calling.
5. according to claim 1 detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, feature exists
In, the table information in the DEX file, including character string identification symbol table, field specifier table and method identifier list.
6. according to claim 1 detach the Android application reinforcement means that mapping is obscured based on DEX bytecodes, feature exists
In when encapsulating DEX table information, retaining its original index value and pass through poll when explaining the instruction operation code of code_item
Index chained list finds the original index value of DEX table information, and DEX table information is obtained by the original index value.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810521841.5A CN108733379B (en) | 2018-05-28 | 2018-05-28 | Android application reinforcement method based on DEX byte code extraction mapping confusion |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810521841.5A CN108733379B (en) | 2018-05-28 | 2018-05-28 | Android application reinforcement method based on DEX byte code extraction mapping confusion |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108733379A true CN108733379A (en) | 2018-11-02 |
CN108733379B CN108733379B (en) | 2022-04-08 |
Family
ID=63936078
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810521841.5A Active CN108733379B (en) | 2018-05-28 | 2018-05-28 | Android application reinforcement method based on DEX byte code extraction mapping confusion |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108733379B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109740315A (en) * | 2018-12-28 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Constant guard method, device, equipment and storage medium based on Android platform |
CN109960509A (en) * | 2019-03-06 | 2019-07-02 | 江苏通付盾信息安全技术有限公司 | Using the method, apparatus of reinforcing, calculate equipment and computer storage medium |
CN112052047A (en) * | 2020-08-05 | 2020-12-08 | 北京智游网安科技有限公司 | Instruction processing method, terminal and storage medium |
CN112052460A (en) * | 2020-08-05 | 2020-12-08 | 北京智游网安科技有限公司 | DEX file virtualization encryption method, computer equipment and storage medium |
CN112328978A (en) * | 2020-11-03 | 2021-02-05 | 广东三维家信息科技有限公司 | Code obfuscation processing and running method and device, terminal equipment and storage medium |
CN112926032A (en) * | 2021-03-26 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for processing and operating byte code and byte code operating system |
CN113010364A (en) * | 2019-12-20 | 2021-06-22 | 北京奇艺世纪科技有限公司 | Service data acquisition method and device and electronic equipment |
CN113419734A (en) * | 2021-06-17 | 2021-09-21 | 网易(杭州)网络有限公司 | Application program reinforcing method and device and electronic equipment |
CN113609481A (en) * | 2021-06-02 | 2021-11-05 | 西安四叶草信息技术有限公司 | Byte code-based PHP taint analysis method and device |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103324872A (en) * | 2013-07-12 | 2013-09-25 | 上海交通大学 | Android application program protective method and system based on order confusion |
WO2014142430A1 (en) * | 2013-03-15 | 2014-09-18 | 주식회사 에스이웍스 | Dex file binary obfuscation method in android system |
CN106203006A (en) * | 2016-08-31 | 2016-12-07 | 北京鼎源科技有限公司 | Android application reinforcement means based on dex Yu so file Dynamic Execution |
US20160371473A1 (en) * | 2015-01-08 | 2016-12-22 | Soongsil University Research Consortium Techno-Park | Code Obfuscation Device Using Indistinguishable Identifier Conversion And Method Thereof |
CN106650428A (en) * | 2015-11-03 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for optimizing application codes |
CN106650341A (en) * | 2016-11-18 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | Android application reinforcement method based on the process confusion technology |
CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
CN107977553A (en) * | 2017-12-25 | 2018-05-01 | 中国电子产品可靠性与环境试验研究所 | The method and device of the security hardening of mobile applications |
-
2018
- 2018-05-28 CN CN201810521841.5A patent/CN108733379B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014142430A1 (en) * | 2013-03-15 | 2014-09-18 | 주식회사 에스이웍스 | Dex file binary obfuscation method in android system |
CN103324872A (en) * | 2013-07-12 | 2013-09-25 | 上海交通大学 | Android application program protective method and system based on order confusion |
US20160371473A1 (en) * | 2015-01-08 | 2016-12-22 | Soongsil University Research Consortium Techno-Park | Code Obfuscation Device Using Indistinguishable Identifier Conversion And Method Thereof |
CN106650428A (en) * | 2015-11-03 | 2017-05-10 | 阿里巴巴集团控股有限公司 | Method and device for optimizing application codes |
CN106203006A (en) * | 2016-08-31 | 2016-12-07 | 北京鼎源科技有限公司 | Android application reinforcement means based on dex Yu so file Dynamic Execution |
CN106650341A (en) * | 2016-11-18 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | Android application reinforcement method based on the process confusion technology |
CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
CN107977553A (en) * | 2017-12-25 | 2018-05-01 | 中国电子产品可靠性与环境试验研究所 | The method and device of the security hardening of mobile applications |
Non-Patent Citations (5)
Title |
---|
KOBRA KHANMOHAMMADI 等: "HyDroid: A Hybrid Approach for Generating API Call Traces from Obfuscated Android Applications for Mobile Security", 《IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY》 * |
YAJIN ZHOU 等: "Dissecting Android Malware: Characterization and Evolution", 《IEEE SYMPOSIUM ON SECURITY AND PRIVACY》 * |
刘惠明 等: "安卓应用自动原生化及混淆系统", 《信息科技》 * |
张建新: "基于防逆向篡改的安卓应用软件保护系统的研究和实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
秘锡辰: "Android应用软件安全加固技术研究", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109740315A (en) * | 2018-12-28 | 2019-05-10 | 深圳前海微众银行股份有限公司 | Constant guard method, device, equipment and storage medium based on Android platform |
CN109960509A (en) * | 2019-03-06 | 2019-07-02 | 江苏通付盾信息安全技术有限公司 | Using the method, apparatus of reinforcing, calculate equipment and computer storage medium |
CN113010364A (en) * | 2019-12-20 | 2021-06-22 | 北京奇艺世纪科技有限公司 | Service data acquisition method and device and electronic equipment |
CN113010364B (en) * | 2019-12-20 | 2023-08-01 | 北京奇艺世纪科技有限公司 | Service data acquisition method and device and electronic equipment |
CN112052047A (en) * | 2020-08-05 | 2020-12-08 | 北京智游网安科技有限公司 | Instruction processing method, terminal and storage medium |
CN112052460A (en) * | 2020-08-05 | 2020-12-08 | 北京智游网安科技有限公司 | DEX file virtualization encryption method, computer equipment and storage medium |
CN112328978A (en) * | 2020-11-03 | 2021-02-05 | 广东三维家信息科技有限公司 | Code obfuscation processing and running method and device, terminal equipment and storage medium |
CN112926032A (en) * | 2021-03-26 | 2021-06-08 | 支付宝(杭州)信息技术有限公司 | Method and device for processing and operating byte code and byte code operating system |
CN113609481A (en) * | 2021-06-02 | 2021-11-05 | 西安四叶草信息技术有限公司 | Byte code-based PHP taint analysis method and device |
CN113609481B (en) * | 2021-06-02 | 2024-01-30 | 西安四叶草信息技术有限公司 | PHP (phase-shift register) taint analysis method and device based on byte codes |
CN113419734A (en) * | 2021-06-17 | 2021-09-21 | 网易(杭州)网络有限公司 | Application program reinforcing method and device and electronic equipment |
CN113419734B (en) * | 2021-06-17 | 2022-10-04 | 网易(杭州)网络有限公司 | Application program reinforcing method and device and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN108733379B (en) | 2022-04-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108733379A (en) | The Android application reinforcement means that mapping is obscured is detached based on DEX bytecodes | |
Sun et al. | Nativeguard: Protecting android applications from third-party native libraries | |
Afonso et al. | Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy | |
US11363061B2 (en) | Runtime detection of injection attacks on web applications via static and dynamic analysis | |
Xu et al. | Aurasium: Practical policy enforcement for android applications | |
CN106326694A (en) | Android application reinforcing method baed on C source code mixing | |
Payer et al. | Fine-grained user-space security through virtualization | |
Deng et al. | iris: Vetting private api abuse in ios applications | |
Tang et al. | A novel hybrid method to analyze security vulnerabilities in android applications | |
Lu et al. | AutoD: Intelligent blockchain application unpacking based on JNI layer deception call | |
CN112163195B (en) | Virtual machine software protection method based on stack hiding | |
Lu et al. | DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system | |
KR101234591B1 (en) | Method for Anti-Encoding Android by Using Java Native Interface | |
You et al. | Reference hijacking: Patching, protecting and analyzing on unmodified and non-rooted android devices | |
CN108763924B (en) | Method for controlling access authority of untrusted third party library in android application program | |
CN105956425B (en) | A kind of Android application guard methods based on smali Code obfuscations | |
CN107122662A (en) | A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares | |
Abrath et al. | Code renewability for native software protection | |
Chen | Encapsulating antivirus (av) evasion techniques in metasploit framework | |
CN107180170A (en) | A kind of Android APP are without shell reinforcement means | |
Cugliari et al. | Smashing the stack in 2010 | |
Mori | Detecting unknown computer viruses–a new approach– | |
Jung et al. | AVPASS: automatically bypassing android malware detection system | |
Niu et al. | SASAK: Shrinking the Attack Surface for Android Kernel with Stricter “seccomp” Restrictions | |
Loch | Juturna: Lightweight, Pluggable and Selective Taint Tracking for Java |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |