Multipoint Hook reversing method for Android reinforcing application

A multi-point, tested application technology, applied in the field of information security, can solve problems such as incorrect function code, empty, and Android application APK cannot be installed, and achieve the effect of ensuring reliability and effectiveness

Active Publication Date: 2016-12-07
BEIJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Aiming at the traditional Android application analysis method, the Android application APK obtained by reverse analysis cannot be installed in the face of dynamic reinforcement technology, and the function code in the running dex file is incorrect or empty, etc., and proposes a method for Android Multi-point hook reverse method for hardening applications

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multipoint Hook reversing method for Android reinforcing application
  • Multipoint Hook reversing method for Android reinforcing application
  • Multipoint Hook reversing method for Android reinforcing application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0048] At present, the method of obtaining app source code is generally static analysis or single-point hook, resulting in incomplete app source code, or cannot be restored to a usable app; although the points selected by multi-point hook are somewhat arbitrary, in order to Each execution branch, function, and class are covered, and the better function entry point is hooked. Through the multi-point Hook reverse method, the hardened Android application is hooked at different locations, and the ClassLoader obtained from different locations is further Obtain the offset position of dex in the memory, obtain the dex source code of each part of the program, and finally organize, combine and repair all the obtained dex, and finally obtain the complete application dex, so that the application surface of Android reverse analysis has been extremely improved. The expans...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multipoint Hook reversing method for an Android reinforcing application, and belongs to the field of information security. The method comprises the following specific steps that firstly, a certain tested Android application is loaded to an internal storage; a plurality of different function entry points are selected for Hook operation at the same time in the loading process, and corresponding Hook points are loaded for all functions respectively; when a virtual machine executes different functions, the class structures ClassLoader called by the functions are called through the Hook points; then, the deviation positions of the functions and the classes of the functions in the internal storage are acquired through the class structures ClassLoader, dex source codes of the functions of a program are acquired, a dex file is formed, and restoration and perfection are carried out in the internal storage; finally, the dex file obtained after restoration and perfection is dumped from the internal storage. The method has the advantages that the function entry points are hooked dynamically in the operating process of the application to be analyzed, the defect that dex of a program cannot be completely and accurately acquired through a traditional technology can be avoided, and the complex dex codes hard for a traditional analysis method to obtain are obtained.

Description

technical field [0001] The invention belongs to the field of information security, relates to reverse engineering and mobile terminal security, in particular to a multi-point Hook reverse method for Android reinforcement applications. Background technique [0002] In the past three years, the mobile Internet has developed rapidly in an explosive form, and the sales of smart terminals of various brands have also increased exponentially. According to the statistics of "Strategy Analytics 2015Q1", in 2014, the global smart phone shipments increased by an average of 30% annually, reaching 1.3 billion units. [0003] Against the backdrop of the rise of the mobile Internet, the Android platform dominates the entire mobile Internet market in terms of market share. According to the latest third-quarter report of research firm Strategy Analytics, Android ranks first in the mobile operating system market with a market share of 81.2%. The shipment volume was 268 million, compared wit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 郭燕慧高宇昊吴博张淼
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products