Abusing Android Runtime for Application Obfuscation

Studying Android obfuscation techniques is an essential task for understanding and analyzing malicious applications. Obfuscation techniques have already been extensively studied for market applications but never for pre-compiled applications used in smartphone firmwares. In this paper, we describe two new obfuscation techniques that take advantage of the duality between assembly and Dalvik bytecode and, as far as we know, have never been described before. We also propose detection methods for these obfuscation techniques. We apply them to vendor firmwares and market applications in order to evaluate their usage in the wild. We found that even if they do not seem to be already used in the wild, they are fully practical.

Keywords

Android Assembly Obfuscation

Domains

Computer Science [cs] Cryptography and Security [cs.CR]

Fichier principal

bfo-camera.pdf (193.13 Ko)

Origin : Files produced by the author(s)

Jean-François Lalande : Connect in order to contact the contributor

https://hal-centralesupelec.archives-ouvertes.fr/hal-02877815

Submitted on : Monday, June 22, 2020-4:55:19 PM

Last modification on : Friday, March 24, 2023-2:53:18 PM

Dates and versions

hal-02877815 , version 1 (22-06-2020)

Identifiers

HAL Id : hal-02877815 , version 1
DOI : 10.1109/EuroSPW51379.2020.00089

Cite

Pierre Graux, Jean-François Lalande, Pierre Wilke, Valérie Viet Triem Tong. Abusing Android Runtime for Application Obfuscation. SAD 2020 - Workshop on Software Attacks and Defenses, Sep 2020, Genova, Italy. pp.616-624, ⟨10.1109/EuroSPW51379.2020.00089⟩. ⟨hal-02877815⟩

Export

BibTeX TEI Dublin Core DC Terms EndNote Datacite

Collections

UNIV-RENNES1 CNRS INRIA INSA-RENNES IRISA SUP_CIDRE CENTRALESUPELEC INRIA2 UR1-MATH-STIC UR1-UFR-ISTIC UNIV-RENNES UR1-MATH-NUM CYBERSCHOOL

143 View

562 Download