摘要
通过分析Android的应用特点,提出一种新的Android重打包方法。该方法可以在不反编译、不修改原有应用代码的基础上,实现对Android应用的重打包,并支持主流加壳工具。该方法利用多种新的代码注入技术,引入额外代码;加载Hook框架,提供代码修改能力;最后动态修改应用行为,实现应用重打包。实现了原型框架,并通过实验,验证了该框架在多个Android系统版本及多个加壳服务上的有效性。既证明了现有加壳技术的缺陷,又可以用于对Android应用的动态调试、防御功能部署以及应用修改等。
The authors proposed a new Android repackaging method based on Android app characteristics.The new method can repackage apps without decompiling nor modifying the code and also supports packed apps.The method leverages multiple new code injection techniques to attach code to the app.Then,it adds a hook framework to provide capabilities to modify the code behaviors.Finally,the app’s behaviors will be changed during runtime,thus the app is repackaged.A prototype framework is also implemented.The experiments demonstrate that the framework is compatible to different Android platforms and multiple packers.This research has proved that the current packing techniques have some flaws and the method can be used in dynamic code analysis,defense policies deployment and app modification.
作者
黎桐辛
韩心慧
简容
肖建国
LI Tongxin;HAN Xinhui;JIAN Rong;XIAO Jianguo(Institute of Computer Science and Technology,Peking University,Beijing 100871;Beihang University,Beijing 100083)
出处
《北京大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2018年第6期1147-1158,共12页
Acta Scientiarum Naturalium Universitatis Pekinensis
基金
国家自然科学基金(61772308)资助
关键词
ANDROID
重打包
非侵入式
加壳
Android
repackaging method research
noninvasive
packed apps
