Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional ...Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional way to protect the DEX files from reverse engineering is to encrypt the entire DEX file, but after the complete plain code has been loaded into the memory while the application is running, the attackers can re- trieve the code by using memory dump attack. This paper presents a novel DEX protection scheme to withstand memory dump attack on the Android platform with the name of Dex- Defender, which adopts the dynamic class-restoration method to ensure that the complete plain DEX data not appear in the memolT while the application is being loaded into the memory. Experimental results show- that the proposed scheme can protect the DEX files from both reverse engineering and mem- ory dump attacks with an acceptable performance.展开更多
In the absence of specialized encryption hardware,cryptographic operationsmust be performed in main memory.As such,it is common place for cybercriminals to examine the content of main memory with a view to retrievingh...In the absence of specialized encryption hardware,cryptographic operationsmust be performed in main memory.As such,it is common place for cybercriminals to examine the content of main memory with a view to retrievinghigh-value data in plaintext form and/or the associated decryption key.Inthis paper,the author presents a number of simple methods for identifyingand extracting crypfographic keys from memory dumps of softwareapplications that utilize the Microsoft.NET Framework,as well as source-code level countermeasures to protect against same.Given the EXE file ofan application and a basic knowledge of the cryptographic libraries utilizedin the NET Framework,the author shows how to create a memory dumpof a running application and how to extract cryptographic keys from sameusing WinDBG-without any prior knowledgel of the cryptographic keyutilized.Whilst the proof-of-concept application utilized as part of thispaper uses an implementation of the DES cipher,it should be noted that thesteps shown can be utilized against all three generations of symmetric andasymmetric ciphers supported within the NET Framework.展开更多
基金supported by ZTE Industry-Academia-Research Cooperation Funds
文摘Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional way to protect the DEX files from reverse engineering is to encrypt the entire DEX file, but after the complete plain code has been loaded into the memory while the application is running, the attackers can re- trieve the code by using memory dump attack. This paper presents a novel DEX protection scheme to withstand memory dump attack on the Android platform with the name of Dex- Defender, which adopts the dynamic class-restoration method to ensure that the complete plain DEX data not appear in the memolT while the application is being loaded into the memory. Experimental results show- that the proposed scheme can protect the DEX files from both reverse engineering and mem- ory dump attacks with an acceptable performance.
文摘In the absence of specialized encryption hardware,cryptographic operationsmust be performed in main memory.As such,it is common place for cybercriminals to examine the content of main memory with a view to retrievinghigh-value data in plaintext form and/or the associated decryption key.Inthis paper,the author presents a number of simple methods for identifyingand extracting crypfographic keys from memory dumps of softwareapplications that utilize the Microsoft.NET Framework,as well as source-code level countermeasures to protect against same.Given the EXE file ofan application and a basic knowledge of the cryptographic libraries utilizedin the NET Framework,the author shows how to create a memory dumpof a running application and how to extract cryptographic keys from sameusing WinDBG-without any prior knowledgel of the cryptographic keyutilized.Whilst the proof-of-concept application utilized as part of thispaper uses an implementation of the DES cipher,it should be noted that thesteps shown can be utilized against all three generations of symmetric andasymmetric ciphers supported within the NET Framework.
