CN113378123A - Method and system for realizing android terminal extracting shell - Google Patents
Method and system for realizing android terminal extracting shell Download PDFInfo
- Publication number
- CN113378123A CN113378123A CN202110647219.0A CN202110647219A CN113378123A CN 113378123 A CN113378123 A CN 113378123A CN 202110647219 A CN202110647219 A CN 202110647219A CN 113378123 A CN113378123 A CN 113378123A
- Authority
- CN
- China
- Prior art keywords
- function
- instruction
- dex file
- code
- checksum value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 90
- 230000006870 function Effects 0.000 claims abstract description 166
- 238000000605 extraction Methods 0.000 claims abstract description 32
- 238000004364 calculation method Methods 0.000 claims description 9
- 239000000203 mixture Substances 0.000 claims description 6
- 238000010276 construction Methods 0.000 claims description 5
- 239000000284 extract Substances 0.000 claims description 4
- 238000012216 screening Methods 0.000 abstract description 2
- 238000012360 testing method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Detection And Correction Of Errors (AREA)
Abstract
The invention provides a method for realizing an android-terminal extracting shell, which comprises the following steps: step S1, extracting functions of the source APK, and analyzing the code structure of the Dex file; step S2, searching the code structure information through the appointed method of the appointed class, and getting the codeltem of the extracted function; step S3, constructing a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covering the original instruction, and storing the function instruction; step S4, recalculating the checksum value in the Dex file, and backfilling the checksum value into the extracted function; step S5, after function backfilling, disabling Dex2oat in the Dex file, and taking the ArtMethod object pointer and function instruction of each method by the hook loadmethod function; step S6, the original instruction of the function to be pumped is backfilled by the aid of the function to be pumped obtained by screening of the ArtMethod object pointer and positioning of the function instruction; the invention can realize APP shell extraction operation.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for realizing an android-end extracting shell.
Background
At the android end, security of games and applications is increasingly important. The reinforcement technique is continuously iterated, and is integrally reinforced from the first generation of DEX, the second generation of DEX extracts the function of the source APK, and the third generation of DEX introduces VMP to reinforce the application (
The code protected by the software is partially executed on the virtual machine, so that the protected program is difficult to analyze and crack, the application of the disassembling program and the MAP file enables a user to quickly select the code which needs to be protected so as to avoid cracking), and then the functions of the source APK are extracted and VMP reinforced and mixed; the purpose of reinforcing the game and the application is to increase the difficulty of reverse analysis, protect the game and the application data from being modified or protect the running logic from being utilized and cracked, and increase the benefit of the application and the game.
Disclosure of Invention
In order to overcome the problems, the invention aims to provide a method for realizing an android-end extraction shell capable of realizing APP extraction shell operation.
The invention is realized by adopting the following scheme: a realization method of an android-terminal extraction shell comprises the following steps:
step S1, extracting functions of the source APK, and analyzing the code structure of the Dex file;
step S2, searching the code structure information through the appointed method of the appointed class, and getting the codeltem of the extracted function;
step S3, constructing a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covering the original instruction, and storing the function instruction;
step S4, recalculating the checksum value in the Dex file, and backfilling the checksum value into the extracted function;
step S5, after function backfilling, disabling Dex2oat in the Dex file, and taking the ArtMethod object pointer and function instruction of each method by the hook loadmethod function;
step S6, the original instruction of the evacuated function is backfilled by the extracted function screened by the ArtMethod object pointer and located by the function instruction.
Further, the step S2 is further specifically: and traversing the Dex file according to the structure of the Dex file, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
Further, the step S3 is further specifically: the composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of the structure of try _ item in ushort triesSize; the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
Further, the step S4 is further specifically: the android art mode of the Dex file verifies the checksum and the checksum value of the Dex file when the Dex file is loaded, and the loading is stopped if the checksum is not correct, so that the checksum and the checksum value need to be recalculated; and recalculating the checksum value of the Dex file after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
Further, the step S5 is further specifically: since the Dex2 at pre-compilation process in the Dex file can generate a complete Dex file, the Dex2 at pre-compilation process in the Dex file needs to be disabled, and the Dex2 at pre-compilation process in the Dex file can be disabled by using the execute function method at the kernel layer hook.
Further, the step S6 is further specifically: when the system function loadmethod function is executed, a function instruction is obtained according to the ArtMethod object pointer, then the evacuated function is screened, the codeItem offset of the evacuated function in the memory is found according to the ArtMethod object pointer of the evacuated function, and the stored original instruction is backfilled.
The invention also provides a system for extracting the shell by the android terminal, which comprises an extraction module, a retrieval module, a construction module, a calculation module, a forbidding module and a backfilling module, wherein the extraction module extracts the function of the source APK and analyzes the code structure of the Dex file; the retrieval module retrieves the code structure information of the code structure through a specified method of a specified class and takes the code structure information of the extracted function; the constructing module constructs a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covers the original instruction and stores the function instruction; the calculation module recalculates the checksum value in the Dex file and backfills the checksum value into the extracted function; after the function is backfilled, the prohibition module forbids the Dex2oat in the Dex file, and the hook loadmethod function takes the ArtMethod object pointer and the function instruction of each method; the backfill module backfills the original instruction of the evacuated function by the aid of the extracted function screened by the ArtMethod object pointer and located by the function instruction.
Further, the retrieval module is further specifically: and traversing the Dex file according to the structure of the Dex file, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
Further, the construction module is further specifically: the composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of the structure of try _ item in ushort triesSize; the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
Further, the calculation module is further specifically: the android art mode of the Dex file verifies the checksum and the checksum value of the Dex file when the Dex file is loaded, and the loading is stopped if the checksum is not correct, so that the checksum and the checksum value need to be recalculated; and recalculating the checksum value of the Dex file after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
Further, the disabling module is further specifically: since the Dex2 at pre-compilation process in the Dex file can generate a complete Dex file, the Dex2 at pre-compilation process in the Dex file needs to be disabled, and the Dex2 at pre-compilation process in the Dex file can be disabled by using the execute function method at the kernel layer hook.
Further, the backfill module further specifically comprises: when the system function loadmethod function is executed, a function instruction is obtained according to the ArtMethod object pointer, then the evacuated function is screened, the codeItem offset of the evacuated function in the memory is found according to the ArtMethod object pointer of the evacuated function, and the stored original instruction is backfilled.
The invention has the beneficial effects that: after the extraction shell is realized, the function of the source APK can be extracted, so that a reverse analyst cannot obtain a complete code when the APK is statically reversed; the application safety of APP is increased; because the dex is extracted and protected on the source APP, the method can be used for realizing the extraction shell of the APP, and a reinforced platform can be made for extracting and protecting the APP in batches; the extraction shell has obvious protection effect, and the protection effect can be realized without consuming the running performance of the App, so the extraction shell is suitable for the protection of various Apps.
Drawings
FIG. 1 is a schematic flow diagram of the process of the present invention.
Fig. 2 is a schematic block diagram of the system of the present invention.
Detailed Description
The invention is further described below with reference to the accompanying drawings.
Referring to fig. 1, the implementation method of the android-end extracting shell of the present invention includes the following steps:
step S1, extracting functions of the source APK, and analyzing the code structure of the Dex file;
step S2, searching the code structure information through the appointed method of the appointed class, and getting the codeltem of the extracted function;
step S3, constructing a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covering the original instruction, and storing the function instruction;
step S4, recalculating the checksum value in the Dex file, and backfilling the checksum value into the extracted function;
step S5, after function backfilling, disabling Dex2oat in the Dex file, and taking the ArtMethod object pointer and function instruction of each method by the hook loadmethod function;
step S6, the original instruction of the evacuated function is backfilled by the extracted function screened by the ArtMethod object pointer and located by the function instruction.
The invention is further illustrated by the following example:
1. traversing the Dex file according to the structure of the Dex file, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
2. The composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of try _ item structures (this size is used to record try-cache/find information); the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
3. Since the android art mode of the dex file can check the checksum and checksum value of the dex file when the dex file is loaded, and the loading is stopped if the checksum is not correct, the checksum and checksum value of the dex file needs to be recalculated. The calculation method is that a Dex file is read from a position of 0x0C to the end of the file, and the result, namely the checksum field, of the read byte array is calculated by using an Adler-32 verification algorithm. And recalculating the checksum value of the Dex after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
4. Since the Dex2 at precompilation process of the Dex file can generate a complete Dex file, and if the application does not disable the Dex2 at precompilation process of the Dex file, the implementation of extracting the shell is meaningless, the Dex2 at precompilation process of the Dex file needs to be disabled, namely the Dex2 at precompilation process of the Dex file can be disabled by using the method of an inline hook function to disable the execute layer hook in the execute function method.
5. Then the opportunity to backfill the instructions. This selects the system function loadmethod function execution here. The benefit here is that the ArtMethod object pointer of the function to be executed and its function instruction (i.e. the ID number of the function method, each unique to the function method) are available here.
6. And a hook loadmethod function obtains a function instruction according to the ArtMethod object pointer, then finds out the codeItem offset of the evacuated function in the memory according to the evacuated function screened out, and backfills the stored original instruction.
The invention is further illustrated by the following specific examples:
some functions of some source APP need to be protected, for example, the function test (), i.e., the function extraction shell protection. Writing a shell APP, and reading a dex file of the APK. The code structure information of test is retrieved according to the specified method through the specified class, and the code item of the test is 030001000200000030081400800000001A 00ED 341A 0143327120910510000E 00. There are 32 bytes, and the first 16 bytes are fixed bytes according to the structure of codeItem. The byte that needs to be evacuated is the last 16 bytes, 1A 00ED 341A 0143327120910510000E 00. It is completely emptied. The new codeItem of test () is 0300010002000000300814008000000000000000000000000000000000000000. 1A 00ED 341A 0143327120910510000E 00 is saved and then the function instruction of test () is saved simultaneously, here 15203. Then looking at the checksum of Dex of the source APP, which is 8912846E, recalculating the checksum of the modified Dex to be 2785815E, overwriting the newly obtained checksum on the original checksum shell APP, disabling the Dex2oat function, then using a hook loadmethod function, taking parameters of the loadmethod, which is ArtMethod dst of the functional method, screening the functional instruction according to the function instruction that the function can be taken by the taken ArtMethod object pointer, when the functional instruction is 15203, proving that the taken ArtMethod object pointer is the extracted function, then obtaining the codeItem of the test () in the memory according to the ArtMethod object pointer, and then backfilling the saved 1A 00ED 341A 0143327120910510000E 00.
Referring to fig. 2, the present invention further provides a system for extracting a shell from an android terminal, including an extraction module, a retrieval module, a construction module, a calculation module, a disabling module, and a backfill module, where the extraction module extracts a function of a source APK and analyzes a code structure of a Dex file; the retrieval module retrieves the code structure information of the code structure through a specified method of a specified class and takes the code structure information of the extracted function; the constructing module constructs a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covers the original instruction and stores the function instruction; the calculation module recalculates the checksum value in the Dex file and backfills the checksum value into the extracted function; after the function is backfilled, the prohibition module forbids the Dex2oat in the Dex file, and the hook loadmethod function takes the ArtMethod object pointer and the function instruction of each method; the backfill module backfills the original instruction of the evacuated function by the aid of the extracted function screened by the ArtMethod object pointer and located by the function instruction.
The retrieval module is further specifically: traversing the Dex file according to the Dex file structure, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
The construction module is further embodied as follows: the composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of the structure of try _ item in ushort triesSize; the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
The calculation module is further specifically: the android art mode of the Dex file verifies the checksum and the checksum value of the Dex file when the Dex file is loaded, and the loading is stopped if the checksum is not correct, so that the checksum and the checksum value need to be recalculated; and recalculating the checksum value of the Dex file after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
The disabling module is further specifically: since the Dex2 at pre-compilation process in the Dex file can generate a complete Dex file, the Dex2 at pre-compilation process in the Dex file needs to be disabled, and the Dex2 at pre-compilation process in the Dex file can be disabled by using the execute function method at the kernel layer hook.
The backfill module further comprises: when the system function loadmethod function is executed, a function instruction is obtained according to the ArtMethod object pointer, then the evacuated function is screened, the codeItem offset of the evacuated function in the memory is found according to the ArtMethod object pointer of the evacuated function, and the stored original instruction is backfilled.
The above description is only a preferred embodiment of the present invention, and all equivalent changes and modifications made in accordance with the claims of the present invention should be covered by the present invention.
Claims (12)
1. A realization method of an android-terminal extraction shell is characterized by comprising the following steps:
step S1, extracting functions of the source APK, and analyzing the code structure of the Dex file;
step S2, searching the code structure information through the appointed method of the appointed class, and getting the codeltem of the extracted function;
step S3, constructing a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covering the original instruction, and storing the function instruction;
step S4, recalculating the checksum value in the Dex file, and backfilling the checksum value into the extracted function;
step S5, after function backfilling, disabling Dex2oat in the Dex file, and taking the ArtMethod object pointer and function instruction of each method by the hook loadmethod function;
step S6, the original instruction of the evacuated function is backfilled by the extracted function screened by the ArtMethod object pointer and located by the function instruction.
2. The implementation method of the android-terminated extraction shell according to claim 1, characterized in that: the step S2 further includes: and traversing the Dex file according to the structure of the Dex file, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
3. The implementation method of the android-terminated extraction shell according to claim 1, characterized in that: the step S3 further includes: the composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of the structure of try _ item in ushort triesSize; the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
4. The implementation method of the android-terminated extraction shell according to claim 1, characterized in that: the step S4 further includes: the android art mode of the Dex file verifies the checksum and the checksum value of the Dex file when the Dex file is loaded, and the loading is stopped if the checksum is not correct, so that the checksum and the checksum value need to be recalculated; and recalculating the checksum value of the Dex file after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
5. The implementation method of the android-terminated extraction shell according to claim 1, characterized in that: the step S5 further includes: since the Dex2 at pre-compilation process in the Dex file can generate a complete Dex file, the Dex2 at pre-compilation process in the Dex file needs to be disabled, and the Dex2 at pre-compilation process in the Dex file can be disabled by using the execute function method at the kernel layer hook.
6. The implementation method of the android-terminated extraction shell according to claim 1, characterized in that: the step S6 further includes: when the system function loadmethod function is executed, a function instruction is obtained according to the ArtMethod object pointer, then the evacuated function is screened, the codeItem offset of the evacuated function in the memory is found according to the ArtMethod object pointer of the evacuated function, and the stored original instruction is backfilled.
7. The utility model provides a system of tall and erect end extraction shell which characterized in that: the extraction module extracts a function of a source APK and analyzes a code structure of a Dex file; the retrieval module retrieves the code structure information of the code structure through a specified method of a specified class and takes the code structure information of the extracted function; the constructing module constructs a null instruction set by taking the instruction number and the instruction offset address of the extracted function, covers the original instruction and stores the function instruction; the calculation module recalculates the checksum value in the Dex file and backfills the checksum value into the extracted function; after the function is backfilled, the prohibition module forbids the Dex2oat in the Dex file, and the hook loadmethod function takes the ArtMethod object pointer and the function instruction of each method; the backfill module backfills the original instruction of the evacuated function by the aid of the extracted function screened by the ArtMethod object pointer and located by the function instruction.
8. The system of claim 7, wherein the android-terminated extraction shell comprises: the retrieval module is further specifically: and traversing the Dex file according to the structure of the Dex file, and retrieving the code structure information of the Dex file by a specified method of a specified class, namely parsing the Dex file byte by byte according to the structure of the Dex file and taking the code element and the function instruction of the extracted function.
9. The system of claim 7, wherein the android-terminated extraction shell comprises: the construction module is further embodied as follows: the composition of codeltem of the decimated function includes: the number of parameters required by the code to call other methods is ushort outsSize; number of the structure of try _ item in ushort triesSize; the agent debug InfoOff points to the debug information storage position of the section of code and is a debug _ info _ item structure offset address; uininssSize, the size of the instruction list, using 16-bit as a unit, ushort insns, code instructions; the value of ushort padding is 0 and is used for aligning bytes; trylten, exception correlation; encodedCatchHandlerList is abnormally related; in each function method, because the first 16 bytes of codeItem are fixed, a null instruction is constructed directly from a code instruction, all instructions behind the function method are set as null instructions, that is to say, the code instruction and the following parts of the method are all 00 under the 16-system; the instruction of the nullifying instruction portion is then saved.
10. The system of claim 7, wherein the android-terminated extraction shell comprises: the calculation module is further specifically: the android art mode of the Dex file verifies the checksum and the checksum value of the Dex file when the Dex file is loaded, and the loading is stopped if the checksum is not correct, so that the checksum and the checksum value need to be recalculated; and recalculating the checksum value of the Dex file after the extraction method, taking the recalculated checksum value and backfilling the recalculated checksum value to cover the original checksum value.
11. The system of claim 7, wherein the android-terminated extraction shell comprises: the disabling module is further specifically: since the Dex2 at pre-compilation process in the Dex file can generate a complete Dex file, the Dex2 at pre-compilation process in the Dex file needs to be disabled, and the Dex2 at pre-compilation process in the Dex file can be disabled by using the execute function method at the kernel layer hook.
12. The system of claim 7, wherein the android-terminated extraction shell comprises: the backfill module further comprises: when the system function loadmethod function is executed, a function instruction is obtained according to the ArtMethod object pointer, then the evacuated function is screened, the codeItem offset of the evacuated function in the memory is found according to the ArtMethod object pointer of the evacuated function, and the stored original instruction is backfilled.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110647219.0A CN113378123A (en) | 2021-06-10 | 2021-06-10 | Method and system for realizing android terminal extracting shell |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110647219.0A CN113378123A (en) | 2021-06-10 | 2021-06-10 | Method and system for realizing android terminal extracting shell |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113378123A true CN113378123A (en) | 2021-09-10 |
Family
ID=77573599
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110647219.0A Pending CN113378123A (en) | 2021-06-10 | 2021-06-10 | Method and system for realizing android terminal extracting shell |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113378123A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108491235A (en) * | 2018-03-21 | 2018-09-04 | 北京理工大学 | In conjunction with the DEX guard methods of dynamic load and function Nativeization |
| CN110046497A (en) * | 2018-01-16 | 2019-07-23 | 腾讯科技(深圳)有限公司 | A kind of function hook implementation method, device and storage medium |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
| CN112214266A (en) * | 2020-10-12 | 2021-01-12 | 广州大学 | Android shelling method and device for deception call chain, storage medium and computer equipment |
| CN112214267A (en) * | 2020-10-12 | 2021-01-12 | 广州大学 | Android shelling acceleration method and device, storage medium and computer equipment |
| CN112883374A (en) * | 2021-02-02 | 2021-06-01 | 电子科技大学 | General Android platform application program shelling method and system based on ART environment |
-
2021
- 2021-06-10 CN CN202110647219.0A patent/CN113378123A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110046497A (en) * | 2018-01-16 | 2019-07-23 | 腾讯科技(深圳)有限公司 | A kind of function hook implementation method, device and storage medium |
| CN108491235A (en) * | 2018-03-21 | 2018-09-04 | 北京理工大学 | In conjunction with the DEX guard methods of dynamic load and function Nativeization |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
| CN112214266A (en) * | 2020-10-12 | 2021-01-12 | 广州大学 | Android shelling method and device for deception call chain, storage medium and computer equipment |
| CN112214267A (en) * | 2020-10-12 | 2021-01-12 | 广州大学 | Android shelling acceleration method and device, storage medium and computer equipment |
| CN112883374A (en) * | 2021-02-02 | 2021-06-01 | 电子科技大学 | General Android platform application program shelling method and system based on ART environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106203120B (en) | A kind of multiple spot Hook reverse method for Android reinforcement application | |
| US11687645B2 (en) | Security control method and computer system | |
| US8327100B2 (en) | Execute only access rights on a Von Neuman architectures | |
| CN107480476B (en) | Android native layer instruction compiling virtualization shell adding method based on ELF infection | |
| CN109255235B (en) | Mobile application third-party library isolation method based on user state sandbox | |
| CN110232262A (en) | A kind of reinforcement means and system of Android application | |
| David et al. | Specification of concretization and symbolization policies in symbolic execution | |
| US8595680B1 (en) | Constrained random error injection for functional verification | |
| US20200183809A1 (en) | Usage amount monitoring method and monitoring unit of electronic control unit for vehicle | |
| CN108595950A (en) | A kind of safe Enhancement Methods of SGX of combination remote authentication | |
| CN105760721B (en) | A kind of software reinforcement method and system | |
| CN115659333A (en) | Sandbox based on binary instrumentation, memory isolation method and storage medium | |
| CN112214267A (en) | Android shelling acceleration method and device, storage medium and computer equipment | |
| Dofferhoff et al. | iscanu: A portable scanner for undocumented instructions on risc processors | |
| CN108763924A (en) | Insincere third party library access right control method in a kind of Android application program | |
| CN105205398A (en) | Shell checking method based on dynamic behaviors of APK (android package) packing software | |
| CN106127054B (en) | A kind of system-level safety protecting method towards smart machine control instruction | |
| CN113378123A (en) | Method and system for realizing android terminal extracting shell | |
| CN109214184B (en) | Universal automatic shelling method and device for Android reinforced application program | |
| Chen et al. | Security analysis of x86 processor microcode | |
| CN115758356A (en) | Method, storage medium and equipment for implementing credible static measurement on Android application | |
| CN113419734B (en) | Application program reinforcing method and device and electronic equipment | |
| CN104615935A (en) | Hiding method geared to Xen virtualization platform | |
| CN105988811B (en) | The method and apparatus for obtaining the kernel control flow chart of operating system | |
| KR20210057239A (en) | Apparatus and method for disabling anti-debugging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |