摘要
调研动态恢复攻击的逻辑思路和Android APP中函数调用执行流程.通过对原DEX文件进行重构和加密,将其关键Java函数属性改为Native,并添加壳DEX文件; Android APP启动后首先执行壳DEX文件,然后对原DEX进行解密和动态加载,当调用被保护函数时,保持该函数在内存中的Native属性,通过Hook技术和反射机制隐式恢复并执行原Java函数.实验和对比分析结果表明,该方法能够在较低资源损耗和无需反编译源码的前提下获取高强度的保护效果,可以有效抵御静态分析攻击、DEX动态恢复和动态脱壳攻击.
The logic of dynamic recovery attack and the function call execution flow in Android APP was investigated.The original DEX file was reconstructed and encrypted;its key Java function attribute was changed to Native,and the shell DEX file was added.When the Android APP was started,the shell DEX file was executed first,and then the original DEX was decrypted and loaded dynamically.When the protected function was called,the Native property of the function in memory was maintained,and the original Java function was implicitly restored and executed by the Hook technique and the reflection mechanism.The experimental results show that the method obtains high level of protection without Source decompilation at lower resource losses,and can effectively resist static analysis attacks,DEX dynamic recovery and dynamic shelling attacks.
作者
宋言言
罗森林
尚海
潘丽敏
张笈
SONG Yan-yan;LUO Sen-lin;SHANG Hai;PAN Li-min;ZHANG Ji(School of Information and Electronics,Beijing Instutitute of Technology,Beijing 100081,China)
出处
《浙江大学学报(工学版)》
EI
CAS
CSCD
北大核心
2019年第3期555-562,共8页
Journal of Zhejiang University:Engineering Science
