Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional ...Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional way to protect the DEX files from reverse engineering is to encrypt the entire DEX file, but after the complete plain code has been loaded into the memory while the application is running, the attackers can re- trieve the code by using memory dump attack. This paper presents a novel DEX protection scheme to withstand memory dump attack on the Android platform with the name of Dex- Defender, which adopts the dynamic class-restoration method to ensure that the complete plain DEX data not appear in the memolT while the application is being loaded into the memory. Experimental results show- that the proposed scheme can protect the DEX files from both reverse engineering and mem- ory dump attacks with an acceptable performance.展开更多
基金supported by ZTE Industry-Academia-Research Cooperation Funds
文摘Since Dalvik Executable (DEX) files are prone to be reversed to the Java source code using some decompiling tools, how- to protect the DEX files from attackers becomes an important re- search issue. The traditional way to protect the DEX files from reverse engineering is to encrypt the entire DEX file, but after the complete plain code has been loaded into the memory while the application is running, the attackers can re- trieve the code by using memory dump attack. This paper presents a novel DEX protection scheme to withstand memory dump attack on the Android platform with the name of Dex- Defender, which adopts the dynamic class-restoration method to ensure that the complete plain DEX data not appear in the memolT while the application is being loaded into the memory. Experimental results show- that the proposed scheme can protect the DEX files from both reverse engineering and mem- ory dump attacks with an acceptable performance.
