«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

31

期数:

2021年07期

页码:

120-126

栏目:

网络与安全

出版日期:

2021-07-10

文章信息/Info

Title:

Research on Smali Code Obfuscation in Android Application

文章编号:

1673-629X(2021)07-0120-07

作者:

邱子杨; 付 雄

南京邮电大学 计算机学院,江苏 南京 210003

Author(s):

QIU Zi-yang; FU Xiong

School of Computer, Nanjing University of Posts & Telecommunications, Nanjing 210003,China

关键词:

smali; 混淆; 数据流; 控制流; 逻辑流

Keywords:

:smali; obfuscation; data flow; control flow; logic flow

分类号:

TP393

DOI:

10. 3969 / j. issn. 1673-629X. 2021. 07. 020

摘要:

近年来,互联网行业快速发展,安卓系统由于其开源的特点,成为了全球市场份额最多的操作系统。 但也由于其开源性的特点,造成安卓应用软件恶意攻击的简易性,再加上目前安卓应用软件保护技术的不成熟,使得针对安卓应用软件的恶意攻击越来越多。 厂商应对恶意软件攻击的方式简易,一般会在源码级别进行安全加固混淆,来防止恶意攻击,但由于 Android 中间代码产物过多,攻击者可对反编译产物 smali 代码进行随意篡改,即可在 APP 中植入恶意代码,这严重破坏了 Android 的安全性。 为了解决这一问题,该文总结出一套可以防御 smali 代码篡改的混淆方法,对寄存器存储字符串类型的值进行加密混淆,并结合不透明谓词技术对其控制流进行混淆,还加入新的自定义逻辑来对 APP 的逻辑流进行混淆,让攻击者在反编译时发生异常并且无法获得正确的代码逻辑。 从强度、开销、弹性三个方面对 smali 混淆方法进行有效性分析。 实验结果表明,该方法可以对抗反编译的逆向分析。

Abstract:

In recent years,with the rapid development of the Internet industry,Android system has become the operating system with the largest market share in the world due to? ? its open source characteristics. However,due to its open source characteristics, the Android application malicious attack is simple, coupled with the current Android application protection technology is not mature,so the malicious attack against Android application software is more and more. Manufacturers respond to malicious software attacks in a simple way. Generally,security reinforcement and obfuscation are performed at the source code level to prevent malicious attacks. However,due? ? ?to the excessive intermediate code products of Android,attackers can tamper with the decompiled product smali code at will and implant malicious codes into the APP, which seriously undermines the security of Android. In order to solve this problem, we summarize a set of obfuscation methods that can prevent smali code tampering, encrypt and obfuscate the value of the register storage string type, and combine it with opacity. The predicate technology obfuscates its control flow,and also adds new custom logic to obfuscate the logic flow of the APP,so that the attacker will have an exception during decompilation and cannot obtain the correct code logic. The effectiveness ofsmali obfuscation method is analyzed from three aspects of strength,cost and flexibility. Experiment shows that the proposed method canresist the reverse analysis of decompilation.

常用功能

更新日期/Last Update: 2021-07-10