nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

DexHunter: Toward Extracting Hidden Code from Packed Android Applications

verfasst von : Yueqian Zhang, Xiapu Luo, Haoyang Yin

Erschienen in: Computer Security -- ESORICS 2015

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The rapid growth of mobile application (or simply app) economy provides lucrative and profitable targets for hackers. Among OWASP’s top ten mobile risks for 2014, the lack of binary protections makes it easy to reverse, modify, and repackage Android apps. Recently, a number of packing services have been proposed to protect Android apps by hiding the original executable file (i.e., dex file). However, little is known about their effectiveness and efficiency. In this paper, we perform the first systematic investigation on such services by answering two questions: (1) what are the major techniques used by these services and their effects on apps? (2) can the original dex file in a packed app be recovered? If yes, how? We not only reveal their techniques and evaluate their effects, but also propose and develop a novel system, named DexHunter, to extract dex files protected by these services. It is worth noting that DexHunter supports both the Dalvik virtual machine (DVM) and the new Android Runtime (ART). The experimental results show that DexHunter can extract dex files from packed apps effectively and efficiently.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Accountable Authority Ciphertext-Policy Attribute-Based Encryption with White-Box Traceability and Public Auditing in the Cloud

Nächstes Kapitel Identifying Arbitrary Memory Access Vulnerabilities in Privilege-Separated Software

https://www.arxan.com/.

http://www.apperian.com/.

ptrace. http://linux.die.net/man/2/ptrace

Smali. https://code.google.com/p/smali/

Xposed. http://forum.xda-developers.com/xposed/xposed-installer-versions-changelog-t2714053

Owasp mobile top 10 risks (2014). http://bit.ly/1FAIJiv

Dalvik opcode changes in art (2015). https://github.com/anestisb/oatdump_plus#dalvik-opcode-changes-in-art

F-droid (2015). https://f-droid.org/

Zjdroid (2015). http://safe.baidu.com/opensec_detail_2.html

Alibaba Inc.: http://jaq.alibaba.com/

Apvrille, A., Nigam, R.: Obfuscation in android malware, and how to fight back. In: Virus Bulletin, July 2014

10.

Arxan Tech., Inc.: Securing mobile apps in the wild with app hardening and run-time protection (2014). http://bit.ly/1aliJil

11.

Baidu Inc.: http://apkprotect.baidu.com/

12.

Bangcle Inc.: http://www.bangcle.com/

13.

Chen, K., Liu, P., Zhang, Y.: Achieving accuracy and scalability simultaneously in detecting application clones on android markets. In: Proceedings of the ACM ICSE (2014)

14.

Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley, Upper Saddle River (2009)

15.

Crussell, J., Gibler, C., Chen, H.: Attack of the clones: detecting cloned applications on android markets. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 37–54. Springer, Heidelberg (2012) CrossRef

16.

Crussell, J., Gibler, C., Chen, H.: Scalable semantics-based detection of similar android applications. In: Proceedings of the ESORICS (2013)

17.

Davies, J., German, D., Godfrey, M., Hindle, A.: Software bertillonage - determining the provenance of software development artifacts. Empirical Softw. Eng. 18(6), 1195–1237 (2013)CrossRef

18.

Dredge, S.: Android beats IOS for app downloads, but revenues are still a different story (2015). http://bit.ly/1A2conk

19.

Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 1–42 (2012)CrossRef

20.

Frumusanu, A.: A closer look at android runtime (ART) in android L

21.

Fung, B.: The time a major financial institution was hacked in under 15 minutes (2015). http://wapo.st/1zcKNj0

22.

Gartner Inc.: Debunking six myths of app wrapping (2015). http://gtnr.it/1aGJizc

23.

Gibler, C., Stevens, R., Crussell, J., Chen, H., Zang, H., Choi, H.: Adrob: examining the landscape and impact of android application plagiarism. In: Proceedings of the ACM MobiSys (2013)

24.

Google: Proguard. http://goo.gl/CLBIkD

25.

Google Inc.: ART and Dalvik

26.

Grassi, M.: Reverse engineering, pentesting, and hardening of android apps

27.

Guo, F., Ferrie, P., Chiueh, T.: A study of the packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 98–115. Springer, Heidelberg (2008) CrossRef

28.

Halloway, S.: Component Development for the Java Platform. Addison-Wesley, Boston (2002)

29.

IDC.: Android and IOS squeeze the competition (2015). http://bit.ly/17wYoFF

30.

Ijiami Inc.: http://www.ijiami.cn/

31.

Kang, M., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proceedings of WORM (2007)

32.

Lookout Inc.: Mobile threats, made to measure (2014). http://goo.gl/EhJzdt

33.

Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: Proceedings of the ACSAC (2007)

34.

Nigam, R.: Android packers: separating from the pack, June 2014. http://goo.gl/YiULcy

35.

Park, Y.: We can still crack you! general unpacking method for android packer (no root). In: Proceedings of the Blackhat Asia (2015)

36.

Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recogn. Lett. 29(14), 1941–1946 (2008)CrossRef

37.

Qian, C., Luo, X., Shao, Y., Chan, A.: On tracking information flows through JNI in android applications. In: Proceedings of the IEEE/IFIP DSN (2014)

38.

Qian, C., Luo, X., Yu, L., Gu, G.: Vulhunter: towards discovering vulnerabilities in android applications. IEEE Micro 35(1), 44–53 (2015)CrossRef

39.

Qihoo360 Inc.: http://dev.360.cn/protect/welcome

40.

Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the ACM ASIACCS (2013)

41.

Roundy, K., Miller, B.: Binary-code obfuscations in prevalent packer tools. ACM Comput. Surv. 46(1), 1–32 (2013)CrossRef

42.

Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: automating the hidden-code extraction of unpack-executing malware. In: Proceedings of the ACSAC (2006)

43.

Sabanal, P.: State of the art: exploring the new android kitkat runtime

44.

Schulz, P.: Android security analysis challenge: tampering dalvik bytecode during runtime (2013). http://goo.gl/eIszsj

45.

Shao, Y., Luo, X., Qian, C., Zhu, P., Zhang, L.: Towards a scalable resource-driven approach for detecting repackaged android applications. In: Proceedings of the ACSAC (2014)

46.

Sharif, M., Yegneswaran, V., Saidi, H., Porras, P.A., Lee, W.: Eureka: a framework for enabling static malware analysis. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 481–500. Springer, Heidelberg (2008) CrossRef

47.

Stewart, J.: Ollybone: semi-automatic unpacking on ia-32 (2006). http://goo.gl/LbQYiN

48.

Strazzere, T.: android-unpacker (2014). https://github.com/strazzere/android-unpacker

49.

Strazzere, T., Sawyer, J.: Android hacker protection level 0 (2014). http://goo.gl/BSKEop

50.

Tencent Inc.: http://www.qcloud.com/product/product.php?item=appup

51.

Zhang, F., Huang, H., Zhu, S., Wu, D., Liu, P.: Viewdroid: towards obfuscation-resilient mobile application repackaging detection. In: Proceedings of the ACM WiSec (2014)

52.

Zheng, M., Lee, P.P.C., Lui, J.C.S.: ADAM: an automatic and extensible platform to stress test android anti-virus systems. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 82–101. Springer, Heidelberg (2013) CrossRef

53.

Zhou, W., Zhou, Y., Jiang, X., Ning, P.: Detecting repackaged smartphone applications in third-party android marketplaces. In: Proceedings of the ACM CODASPY (2012)

Titel: DexHunter: Toward Extracting Hidden Code from Packed Android Applications
verfasst von: Yueqian Zhang
Xiapu Luo
Haoyang Yin
Verlag: Springer International Publishing
Buch: Computer Security -- ESORICS 2015
Print ISBN: 978-3-319-24176-0

Electronic ISBN: 978-3-319-24177-7

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24177-7_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"