Anti-debugging scheme for protecting mobile apps on android platform

详细信息    查看全文

• 作者：Haehyun Cho ; Jongsu Lim ; Hyunki Kim ; Jeong Hyun Yi
• 关键词：Anti ; reversing ; Android APP protection ; Detecting emulator ; Anti ; debugging
• 刊名：The Journal of Supercomputing
• 出版年：2016
• 出版时间：January 2016
• 年：2016
• 卷：72
• 期：1
• 页码：232-246
• 全文大小：2,047 KB
• 参考文献：1.Android debug bridge. http://​developer.​android.​com/​tools/​help/​adb.​html
  2.Android reverse engineering and defenses. https://​bluebox.​com/​technical/​bluebox-berlinsides-presentationblue​box-berlinsides-presentation/​
  3.Bornstein D (2008) Dalvik vm internals. In: Google I/O developer conference, vol 23, pp 17–30
  4.Cesare S (1999) Linux anti-debugging techniques (fooling the debugger). Security focus
  5.Dex file. https://​source.​android.​com/​devices/​tech/​dalvik/​dex-format.​html
  6.Dexprotector by licel. http://​dexprotector.​com/​
  7.Enck W, Octeau D, McDaniel P, Chaudhuri S (2011) A study of android application security. In: USENIX security symposium, vol 2, p 2
  8.Fengsheng Y (2011) Android internals: system
  9.Gagnon MN, Taylor S, Ghosh AK (2007) Software protection through anti-debugging. IEEE Secur Priv 5(3):82–84CrossRef
  10.Huang J (2012) Understanding the dalvik virtual machine. Google Technology User Groups, Taipei
  11.Ida pro disassembler and debugger. https://​www.​hex-rays.​com/​products/​ida/​ . Accessed 26 Mar 2015
  12.Java debug wire protocol. http://​docs.​oracle.​com/​javase/​7/​docs/​technotes/​guides/​jpda/​jdwp-spec.​html . Accessed 25 Mar 2015
  13.Java platform debugger architecture. http://​docs.​oracle.​com/​javase/​7/​docs/​technotes/​ guides/​jpda . Accessed 25 Mar 2015
  14.Jung JH, Kim JY, Lee HC, Yi JH (2013) Repackaging attack on android banking applications and its countermeasures. Wirel Pers Commun 73(4):1421–1437CrossRef
  15.Khan S, Khan S, Banuri H, Nauman M, Alam M (2009) Analysis of dalvik virtual machine and class path library. Tech. rep. Security Engineering Research Group, Institute of Management Sciences, Peshawar
  16.Lee C, Jeong YS, Cho SJ (2013) A method to protect android applications against reverse engineering. J Secur Eng 10(1):41–50
  17.Schallner M (2006) Beginners guide to basic linux anti anti debugging techniques. Code-Break Mag, Secur Anti-Secur Attack Def 1(2):3–10
  18.Schulz P (2012) Code protection in android. Rheinische Friedrich-Wilhelms-Universitgt Bonn, Institute of Computer Science, Bonn
  19.Selvakumar G (2012) Constructing an environment and providing a performance assessment of androids dalvik virtual machine on x86 and arm. Ph.D. thesis, University of Kansas
  
• 作者单位：Haehyun Cho (1)
  Jongsu Lim (1)
  Hyunki Kim (1)
  Jeong Hyun Yi (1)
  
  1. School of Computer Science and Engineering, Soongsil University, Seoul, 156-743, Korea
  
• 刊物类别：Computer Science
• 刊物主题：Programming Languages, Compilers and Interpreters
  Processor Architectures
  Computer Science, general
  
• 出版者：Springer Netherlands
• ISSN：1573-0484

文摘

The Android application package file, APK file, can be easily decompiled using Android reverse engineering tools. Thus, general apps can be easily transformed into malicious application through reverse engineering and analysis. These repacked apps could be uploaded in general android app market called Google Play Store and redistributed. To prevent theses malicious behaviors such as malicious code injection or code falsifications, many techniques and tools were developed. However, these techniques also can be analyzed using debuggers. Also, analyzed apps can be tampered easily. For example, when applying anti-analysis techniques to android apps using Dexprotector which is commercial tool for protecting android app, it can be seen that these techniques can also be analyzed using debugger. In this paper, to protect the android app from the attack using debugger, we propose anti-debugging techniques for native code debugging and managed code debugging of android apps. Keywords Anti-reversing Android APP protection Detecting emulator Anti-debugging