基于LLVM的Android Native文件保护方法

Android Native File Protection based on LLVM

针对Android平台应用的加固保护方案层出不穷,攻防对抗也在不断升级。目前,Android平台应用由于效率、安全等方面的考虑,关键代码通常会使用C/C++语言开发,这样关键逻辑就存于动态链接库中。但是,被大量使用的加固方案均为保护DEX文件免遭攻击者逆向分析,缺乏针对Native层动态链接库文件的保护。基于当前的安全现状,提出一种基于LLVM编译器的动态链接库加固方法,以实现反调试、代码混淆替换、插入无效控制流等保护措施,极大地提高了动态链接库抵抗逆向分析的能力。

Along with that various reinforcement and protection schemes for Android platform application constantly appear, offensive and defensive confrontations rapidly escalates. Due to considerations of efficiency, security and other aspects for the current Android platform applications, C/C＋＋ language is usually used for the development of the key code, the key logic is thus stored in the dynamic link library. However the mainstream schemes principally protect the DEX file from doing reverse analysis by attackers, being short of the protection for the Native layer dynamic link library file. Based on the current security situation, the method for dynamic link library reinforcement based on LLVM compiler is proposed, thus to improve the ability of dynamic link library is resisting reverse analysis, such as anti-debugging, code obfuscation and invalid control flow.