CN115756480A - Android application reinforcement method, system and equipment - Google Patents
Android application reinforcement method, system and equipment Download PDFInfo
- Publication number
- CN115756480A CN115756480A CN202211387169.8A CN202211387169A CN115756480A CN 115756480 A CN115756480 A CN 115756480A CN 202211387169 A CN202211387169 A CN 202211387169A CN 115756480 A CN115756480 A CN 115756480A
- Authority
- CN
- China
- Prior art keywords
- file
- instruction
- code
- interpreter
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Devices For Executing Special Programs (AREA)
Abstract
The invention provides an android application reinforcing method, which comprises the following steps: receiving a user-defined interpreter file generated by an interpreter file in a source code of the Dalvik virtual machine by a user; selecting a plurality of protected functions from the executable file to construct a local method and generate a Java local interface function; extracting all instructions of the protected function from each local method; sequentially carrying out metadata collection, code disordering and offset correction on all instructions of the protected function to obtain a virtual code which can be transferred to a custom interpreter for interpretation and execution through a Java local interface function; storing all the obtained virtual codes in a resource file; and encrypting the custom interpreter file and the resource file containing the virtual code and compiling the encrypted custom interpreter file and the resource file into an application program package file to obtain a reinforced application program package file. The method aims to solve the problems that reverse analysts can quickly obtain the effective semantics of the android application after reinforcement and potential safety hazards of the android application are exposed.
Description
Technical Field
The invention relates to the technical field of android data processing, in particular to an android application reinforcing method, system and device.
Background
At present, many android applications are reinforced by means of mature technologies such as dynamic loading, encryption and anti-debugging, which means that reverse analysts also know the mature technologies and make countermeasures through reverse engineering for cracking. Reverse engineering is made more difficult by code obfuscation schemes, common types of code obfuscation include data obfuscation, control flow obfuscation, and code virtualization. Data obfuscation focuses on string encryption and identifier renaming. Since strings and identifiers in programs often imply specific and easily understood meanings, scan engines can utilize this principle to understand code. To avoid this, the application package obfuscation tool replaces meaningful strings and identifiers with meaningless strings and identifiers. Control flow obfuscation hides the control flow graph of the original application, preventing static analysis by making the control flow graph of the application look more complex. One representative approach, named control flow flattening, uses switch structures to transfer control flow to avoid static and dynamic analysis, rather than using easily identifiable loops and conditional jumps. Code virtualization is a typical code obfuscation method that converts executable file (DEX) bytecode into an intermediate representation, forcing reverse analysts to move from a familiar instruction set to an unfamiliar custom virtual code set, in the hope of adding time and effort to reverse engineering.
In the prior art, for example, a method and a system for implementing android terminal VMP protection disclosed in publication No. CN113127004A provide a method and a system capable of completing VMP protection of an APP at the beginning of the APP. According to the technical scheme, the code element of the Java function A to be protected is copied into the cpp file, the function A and the interpreter function are defined in the cpp file, the interpreter function is called in the function A, the byte array of the code element is converted into the code element defined in the cpp file in the interpreter function, then a virtual register is defined, instructions in the code element are taken out one by one, the application program package is compiled through a compiler, and VMP protection of android application is achieved.
However, after implementing the code virtualization protection, although the instruction of the function cannot be referred to in the executable file, when the android application runs to the protected function, the dexcode may be loaded to the memory. In addition, the definition in the code element is copied into cpp, so that the so is defined to be loaded, and actually, the source code is only stored in the so in another form, so that the source code can be obtained by reversely analyzing the so file. The reverse analysts can obtain effective semantics, potential safety hazards of android applications are exposed, and the time and the energy for the reverse analysts to perform reverse engineering cannot be increased.
Disclosure of Invention
The invention provides an android application reinforcement method, system and device, and aims to solve the problem that reverse analysts can quickly obtain the effective semantics of the android application after reinforcement, so that the potential safety hazard of the android application is exposed.
The invention provides an android application reinforcement method, which comprises the following steps:
receiving a user-defined interpreter file generated by an interpreter file in source codes of the Dalvik virtual machine by a user;
selecting a number of protected functions from the executable file;
sequentially constructing a plurality of protected functions into a local method and sequentially generating Java local interface functions corresponding to the local method;
extracting all instructions of the protected function from each local method;
sequentially carrying out metadata collection, code disordering and offset correction on all instructions of the protected function to obtain a virtual code which can be transferred to a custom interpreter for interpretation and execution through a Java local interface function;
saving the virtual code in a resource file;
and encrypting the custom interpreter file and the resource file containing the virtual code and compiling the encrypted custom interpreter file and the resource file into an application package file to obtain a reinforced application package file.
Further, the specific selection condition for selecting several protected functions from the executable file includes:
selecting as protected functions the functions of the sensitive application program interface when called in the executable file, randomly selecting 10% of the functions from the executable file, or by specifying the functions.
Further, the metadata collection step includes:
taking all the instructions of the protected function as original instructions, then generating a random operation code of a random sequence instruction from 0 to 255, extracting the operation code of each original instruction and acquiring an instruction offset value pc;
replacing the operation code of each original instruction with a random operation code to obtain an intermediate instruction;
if the intermediate instruction is an unconditional jump instruction goto or goto/16, the intermediate instruction is expanded into an unconditional jump instruction goto/32;
recording the sequence of the intermediate instruction in all the alternative intermediate instructions and the expanded total word number brought by the unconditional jump instruction goto;
combining the command deviant pc, the total word number, the sequence of the middle command in all the replaced middle commands and the middle command in sequence to construct a new structure, storing the new structure into a dictionary by taking the command deviant pc as a key, and collecting metadata after all the original commands form the new structure and are stored into the dictionary.
Further, the step of out-of-order code comprises:
dividing the intermediate instruction into a byte beginning with the operation code and other bytes, replacing and deconstructing the operation code, moving two bytes guided by the operation code to the tail of the intermediate instruction, adding two bytes at the beginning of the intermediate instruction, wherein a lower byte represents the position of the operation code, and a higher byte is filled with a random number to realize code disorder.
Further, the step of performing the correction offset process includes:
and if the address calculated by the expanded intermediate instruction according to the original offset is not the address of the target instruction, performing offset correction on the operand part of the intermediate instruction.
Further, the offset-correcting instruction comprises an unconditional jump instruction: including goto and goto/16, conditional jump instruction: including if-test, exception instruction: including try-catch, pseudo-instruction: including a packed-switch, a spared-switch, and a fill-array-data.
Further, the receiving a custom interpreter file generated by the user from the interpreter file in the source code of the Dalvik virtual machine includes:
initializing an interpreter file in a source code of the Dalvik virtual machine by a receiving user;
and adding a dynamic instruction recombination algorithm for executing the virtual code into the initialized interpreter to generate a custom interpreter file.
Further, the step of executing the dynamic instruction reorganization algorithm of the virtual code includes:
pointing to the initial address of the virtual code through a pointer of a program counter;
reading the first two bytes of the virtual code according to the initial address to obtain the position of the virtual operation code;
according to the position of the virtual operation code, the operand is obtained, and the processing program for interpreting and executing the virtual code is determined.
The invention also provides an android application reinforcement system, which comprises:
a preprocessing module: the system comprises a storage unit, a preprocessing unit, a Java local interface function unit and a processing unit, wherein the storage unit is used for receiving an original application package file for preprocessing, constructing each protected function selected by the application package file as a local method, and generating a Java local interface function corresponding to the local method;
the instruction virtualization module: the system comprises a preprocessing module, a data processing module and a data processing module, wherein the preprocessing module is used for performing metadata collection, code disorder and offset correction on an instruction extracted by a local method constructed by the preprocessing module to form a virtual code, and the virtual code is encrypted and then stored as a resource file;
a custom interpreter module: interpreting the virtual code through a dynamic instruction recombination algorithm in the custom interpreter file, and distributing the virtual code to a processing program for execution; and
repacking module: the system is used for repackaging the resource file and the custom interpreter file into an application package file and signing the newly generated application package.
The invention also provides electronic equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the android application reinforcement method.
According to the android application reinforcement method provided by the invention, metadata collection, code disorder and offset correction are carried out on the instruction extracted by the protected function in the executable file, so that a virtual code which can be interpreted and executed by transferring a Java local interface function into a custom interpreter is obtained, when the virtual instruction is loaded into a memory, a reverse analyst cannot obtain effective semantics, and the instruction level protection strength of the android application program is improved.
Meanwhile, the custom interpreter file containing the dynamic instruction recombination algorithm changes the original Dalvik instruction structure, the key of the custom interpreter is encrypted again, the key is stored in the resource file, and reverse analysts are difficult to obtain the entrance of the custom interpreter, so that the instruction level protection strength of the android application program is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of an android application reinforcement method provided by the present invention;
FIG. 2 is a schematic flow chart of an android application reinforcement method provided by the present invention;
FIG. 3 is a schematic flow chart of metadata collection in an android application reinforcement method provided in the present invention;
FIG. 4 is a flowchart of executing virtual code through a dynamic instruction reorganization algorithm in the android application reinforcing method provided by the present invention;
FIG. 5 is a block diagram of a system for reinforcing an android application provided by the invention.
Reference numerals are as follows:
110: a preprocessing module; 120: an instruction virtualization module; 130: custom interpreter module, 140: and (5) repacking the modules.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The android application strengthening method of the present invention is described below with reference to fig. 1 to 4, and includes the following steps:
and S1, before reinforcement, receiving a custom interpreter file generated by an interpreter file in the Dalvik virtual machine source code by a user. The method comprises the following specific steps:
and initializing the interpreter file in the source code of the Dalvik virtual machine, adding a dynamic instruction recombination algorithm into the initialized interpreter, and generating a custom interpreter file.
And S2, during reinforcement, selecting a plurality of protected functions from executable files (DEX) in an application package (Android application package, APK) file.
Specifically, the specific selection scheme for selecting a plurality of protected functions from the executable file is as follows:
(1) A function of a sensitive Application Program Interface (API) in the executable file is selected when called. For example, function a calls sendTextMessage, which is a sensitive API, and then functions as the function to be protected.
(2) A 10% function is randomly selected from the executable file.
(3) The function is designated as a protected function. For example, the note @ Dynvmp is added at the definition of function A to indicate that this function is a function to be protected.
The operating efficiency of the reinforced app is ensured by selecting part of protected functions from all functions in the executable file. Meanwhile, reverse analysts are difficult to obtain the entrance of the custom interpreter, and therefore the protection strength of the android application program instruction level is improved.
And S3, sequentially constructing a plurality of protected functions into a local method (Native method) and generating Java Native Interface (JNI). The Java method changed into native can be transferred into the custom interpreter to run through the Java local interface function. Because the subsequent instruction virtualization operation converts the instructions of the above method into virtual instructions, the virtual instructions cannot be interpreted and executed by the Dalvik interpreter. But need to go to the custom interpreter through the JNI interface function to be interpreted correctly.
And S4, extracting all instructions of the protected function from each local method.
And S5, sequentially carrying out metadata collection, code disordering and offset correction on all instructions of the protected function to obtain a virtual code which can be transferred to a custom interpreter for interpretation and execution through a Java local interface function.
Specifically, the metadata collection includes the following steps:
all the instructions of the protected function are used as original instructions, a random operation code vm _ opcode of a random sequence instruction from 0 to 255 is generated, an operation code rawOpcode of each original instruction is extracted, and an instruction offset value pc is obtained, wherein the instruction offset value pc refers to an offset of the current instruction in an instruction stream.
And replacing the operation code of each original instruction with a random operation code to obtain an intermediate instruction tmpIns, namely replacing the rawoopcode with one value in the vm _ opcode, wherein the value cannot be used in the random replacement of the operation code. And recording the sequence of the intermediate instruction in all the alternative intermediate instructions, recording the sequence as index, and taking the total number of words (each word equals to 2 bytes) expanded due to the goto instruction as extended, and defaulting the rest as 0.
If the intermediate instruction is a goto instruction or a goto/16 instruction, the intermediate instruction is expanded into a goto/32 instruction;
combining the instruction deviation value pc, the total word number, the sequence of the intermediate instruction in all the replaced intermediate instructions and the intermediate instruction in sequence to construct a new structure codelnfo (pc + extended, index, tmpIns), storing the new structure in a dictionary by taking the instruction deviation value pc as a key, and collecting metadata after all the original instructions form the new structure and store in the dictionary.
The construction of the virtual code is realized by carrying out metadata collection, code out-of-order and offset correction processing on all instructions of the protected function. When the virtual instruction is loaded to the memory, the reverse analyst cannot obtain effective semantics, so that the protection strength of the android application program instruction level is improved.
And S6, sequentially storing the virtual codes obtained after all the instructions extracted from all the functions to be protected are processed in a resource file. For example, after all instructions in all local methods constructed by randomly selecting 10% of functions from the executable file are processed, the obtained virtual code is stored in the resource file.
And S7, encrypting the custom interpreter file and the resource file containing the virtual code and compiling the encrypted custom interpreter file and the resource file into an application package file to obtain a reinforced application package file.
The invention changes the original Dalvik instruction structure through the custom interpreter file containing the dynamic instruction recombination algorithm. And the key of the custom interpreter is encrypted again, the key is stored in the resource file, and a reverse analyst is difficult to obtain the entry of the custom interpreter, so that the improvement of the instruction level protection strength of the android application program is realized.
Meanwhile, metadata collection, code disordering and offset correction processing are carried out on the instruction extracted by the protected function in the executable file, so that the virtual code which can be interpreted and executed in a custom interpreter through the JNI function is obtained, when the virtual instruction is loaded to the memory, a reverse analyst cannot obtain effective semantics, and the protection strength of the android application program instruction level is further improved.
In order to further improve the protection strength of the android application program instruction level, the code disordering step comprises the following steps:
dividing the middle instruction tmpIns into a byte 0801 at the beginning of the operation code and the rest bytes 0x1500, replacing and deconstructing the operation code, moving two bytes guided by the operation code to the end of the middle instruction, adding two bytes at the beginning of the middle instruction, wherein the low byte represents the position of the operation code, and the high byte is filled with a random number to realize code disordering.
Specifically, taking the instruction move-object/from16 v1, v21 as an example, the corresponding bytecode is 0x08011500. Opcode 08 decomposes into 0xc301 and 0x1500 after substitution and deconstruction. Two bytes guided by the operation code are moved to the end 1500c301 of the instruction, and finally two bytes are added at the beginning of the instruction, wherein the lower byte represents the position of the operation code, and the upper byte is filled with a random number. The final form of 0x08011500 is 0xb7021500c301.
Meanwhile, the step of performing the correction offset process includes:
and if the address calculated by the expanded instruction according to the original offset is not the address of the target instruction, performing offset correction on the operand part of the instruction.
In this embodiment, the offset correcting instruction includes an unconditional jump instruction: including goto and goto/16; a conditional jump instruction: including if-test; an exception instruction: including try-catch; a pseudo instruction: including packed-switch, spared-switch, and file-array-data.
The execution steps of the dynamic instruction recombination algorithm for executing the virtual code comprise:
and step 1, pointing to the initial address of the virtual code through a pointer of a program counter.
And 2, reading the first byte of the virtual code according to the initial address to obtain the position of the virtual operation code.
And 3, acquiring an operand according to the position of the virtual operation code, and determining a processing program for interpreting and executing the virtual code. For example, virtual opcode 0x1a corresponds to real opcode 0x90, indicating an add-int add instruction, and is handed to a handler that handles such instruction to execute the instruction.
The method realizes instruction-level high-strength protection based on the unordered and dynamic recovery of the virtual code, and prevents reverse analysts from using the existing knowledge to reverse android application programs.
The following describes the android application reinforcement system provided by the present invention, and the android application reinforcement system described below and the android application reinforcement method described above may be referred to in correspondence with each other.
In another aspect, referring to fig. 4, the present invention further provides an android application reinforcement system, including:
the preprocessing module 110: the method is used for receiving and preprocessing the original application package file, constructing each protected function selected by the application package file into a local method, and generating a Java local interface function corresponding to the local method.
Instruction virtualization module 120: the method is used for collecting metadata, disordering codes and correcting offset processing of instructions extracted by a local method constructed by the preprocessing module 110 to form virtual codes, and the virtual codes are encrypted and stored as resource files.
Custom interpreter module 130: and interpreting the virtual code through a dynamic instruction recombination algorithm in the custom interpreter file, and distributing the virtual code to a processing program for execution.
Repackaging module 140: the system is used for repackaging the resource file and the custom interpreter file into an application package file and signing the newly generated application package.
The method comprises the steps of preprocessing an original application package file through a preprocessing module, constructing a local method and generating a corresponding Java local interface function. And the instruction virtualization module is used for collecting metadata, disordering codes and correcting offset, so that the construction of virtual codes is realized. And the interpretation and execution of the virtual code are realized through the custom interpreter module. Repackaging of application package file is realized through repackaging module to original Dalvik instruction format has been changed, when virtual instruction was loaded to the memory, reverse analysis personnel can't obtain effectual semanteme, thereby improve the intensity of protection of android application program instruction level.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. An android application reinforcement method is characterized by comprising the following steps:
receiving a user-defined interpreter file generated by an interpreter file in a source code of the Dalvik virtual machine by a user;
selecting a number of protected functions from the executable file;
sequentially constructing a plurality of protected functions into a local method and sequentially generating Java local interface functions corresponding to the local method;
extracting all instructions of the protected function from each local method;
sequentially carrying out metadata collection, code disordering and offset correction on all instructions of the protected function to obtain a virtual code which can be transferred to a custom interpreter for interpretation and execution through a Java local interface function;
saving the virtual code in a resource file;
and encrypting the custom interpreter file and the resource file containing the virtual code and compiling the encrypted custom interpreter file and the resource file into an application package file to obtain a reinforced application package file.
2. The android application reinforcement method of claim 1, wherein the specific selection condition for selecting a number of protected functions from the executable file comprises:
selecting a function of the sensitive application program interface when called in the executable file, randomly selecting 10% of functions from the executable file or by specifying the functions as the protected functions.
3. The android application reinforcement method of claim 1, wherein the metadata collection step includes:
taking all the instructions of the protected function as original instructions, then generating a random operation code of a random sequence instruction from 0 to 255, extracting the operation code of each original instruction and acquiring an instruction offset value pc;
replacing the operation code of each original instruction with a random operation code to obtain an intermediate instruction;
if the intermediate instruction is an unconditional jump instruction goto or goto/16, the intermediate instruction is expanded into an unconditional jump instruction goto/32;
recording the sequence of the intermediate instruction in all the replaced intermediate instructions and the total number of words expanded by the unconditional jump instruction goto;
combining the command deviant pc, the total word number, the sequence of the middle command in all the replaced middle commands and the middle command in sequence to construct a new structure, storing the new structure into a dictionary by taking the command deviant pc as a key, and collecting metadata after all the original commands form the new structure and are stored into the dictionary.
4. The android application reinforcement method of claim 3, wherein the code out-of-order step includes:
dividing the intermediate instruction into a byte beginning with the operation code and other bytes, replacing and deconstructing the operation code, moving two bytes guided by the operation code to the end of the intermediate instruction, adding two bytes at the beginning of the intermediate instruction, wherein the lower byte represents the position of the operation code, and the upper byte is filled with a random number to realize code disorder.
5. The android application reinforcement method of claim 4, wherein the step of performing a corrective offset process includes:
and if the address calculated by the expanded intermediate instruction according to the original offset is not the address of the target instruction, performing offset correction on the operand part of the intermediate instruction.
6. The android application hardening method of claim 5, wherein the offset-modifying instruction comprises an unconditional jump instruction: including goto and goto/16, conditional jump instruction: including if-test, exception instruction: including try-catch, pseudo-instruction: including packed-switch, spared-switch, and file-array-data.
7. The android application reinforcement method of any of claims 1-6, wherein receiving a custom interpreter file that the user generated the interpreter file in the Dalvik virtual machine source code comprises:
receiving an interpreter file in a Dalvik virtual machine source code for initialization processing by a user;
and adding a dynamic instruction recombination algorithm for executing the virtual code into the initialized interpreter to generate a custom interpreter file.
8. The android application hardening method of claim 7, wherein the step of executing a dynamic instruction reorganization algorithm of virtual code comprises:
pointing to the initial address of the virtual code through a pointer of a program counter;
reading the first two bytes of the virtual code according to the initial address to obtain the position of the virtual operation code;
according to the position of the virtual operation code, the operand is obtained, and the processing program for interpreting and executing the virtual code is determined.
9. An android application reinforcement system, comprising:
a pretreatment module: the system comprises a storage unit, a preprocessing unit, a Java local interface function unit and a processing unit, wherein the storage unit is used for receiving an original application package file for preprocessing, constructing each protected function selected by the application package file as a local method, and generating a Java local interface function corresponding to the local method;
the instruction virtualization module: the system comprises a preprocessing module, a code disordering module and a resource file, wherein the preprocessing module is used for performing metadata collection, code disordering and offset correction on an instruction extracted by a local method constructed by the preprocessing module to form a virtual code, and the virtual code is encrypted and then stored as the resource file;
a custom interpreter module: interpreting the virtual code through a dynamic instruction recombination algorithm in the custom interpreter file, and distributing the virtual code to a processing program for execution; and
a repacking module: the system is used for repackaging the resource file and the custom interpreter file into an application package file and signing the newly generated application package.
10. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the android application reinforcement method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211387169.8A CN115756480A (en) | 2022-11-07 | 2022-11-07 | Android application reinforcement method, system and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211387169.8A CN115756480A (en) | 2022-11-07 | 2022-11-07 | Android application reinforcement method, system and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115756480A true CN115756480A (en) | 2023-03-07 |
Family
ID=85357505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211387169.8A Pending CN115756480A (en) | 2022-11-07 | 2022-11-07 | Android application reinforcement method, system and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115756480A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116522343A (en) * | 2023-07-05 | 2023-08-01 | 北京国御网络安全技术有限公司 | Native function attack defending method and device |
-
2022
- 2022-11-07 CN CN202211387169.8A patent/CN115756480A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116522343A (en) * | 2023-07-05 | 2023-08-01 | 北京国御网络安全技术有限公司 | Native function attack defending method and device |
| CN116522343B (en) * | 2023-07-05 | 2023-09-08 | 北京国御网络安全技术有限公司 | Native function attack defending method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108681457B (en) | Android application program protection method based on code sinking and residual code interpretation | |
| CN108614960B (en) | JavaScript virtualization protection method based on front-end byte code technology | |
| Li et al. | Steelix: program-state based binary fuzzing | |
| Bichsel et al. | Statistical deobfuscation of android applications | |
| US10698668B1 (en) | Custom code transformations during compilation process | |
| Lakhotia et al. | Fast location of similar code fragments using semantic'juice' | |
| Roundy et al. | Binary-code obfuscations in prevalent packer tools | |
| Smirnov et al. | Feynman integral evaluation by a sector decomposition approach (FIESTA) | |
| CN108932406B (en) | Virtualization software protection method and device | |
| Coogan et al. | Automatic static unpacking of malware binaries | |
| US20120233601A1 (en) | Recompiling with Generic to Specific Replacement | |
| CN107480476B (en) | Android native layer instruction compiling virtualization shell adding method based on ELF infection | |
| Kalysch et al. | VMAttack: Deobfuscating virtualization-based packed binaries | |
| US10459707B2 (en) | Instruction-set simulator and its simulator generation method | |
| CN107291485B (en) | Dynamic link library reinforcing method, operation method, reinforcing device and safety system | |
| Jung et al. | B2R2: Building an efficient front-end for binary analysis | |
| US8407678B2 (en) | Method of array interception using data-flow analysis | |
| CN115756480A (en) | Android application reinforcement method, system and equipment | |
| Mendis et al. | Revec: program rejuvenation through revectorization | |
| Reinbacher et al. | Precise control flow reconstruction using boolean logic | |
| Kochberger et al. | SoK: automatic deobfuscation of virtualization-protected applications | |
| US11288108B2 (en) | Automatic out-of-bound access prevention in GPU kernels executed in a managed environment | |
| Cesare et al. | Wire--a formal intermediate language for binary analysis | |
| Alam et al. | Droidclone: Attack of the android malware clones-a step towards stopping them | |
| Stepan | Defeating polymorphism: beyond emulation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |