Multipoint Hook reversing method for Android reinforcing application

A multi-point, tested application technology, applied in the field of information security, can solve problems such as incorrect function code, empty, and Android application APK cannot be installed, and achieve the effect of ensuring reliability and effectiveness

Active Publication Date: 2016-12-07
BEIJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] Aiming at the traditional Android application analysis method, the Android application APK obtained by reverse analysis cannot be installed in the face of dynamic reinforcemen

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multipoint Hook reversing method for Android reinforcing application
  • Multipoint Hook reversing method for Android reinforcing application
  • Multipoint Hook reversing method for Android reinforcing application

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0047] The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0048] At present, the method of obtaining app source code is generally static analysis or single-point Hook, which causes the obtained app source code to be incomplete or unable to be restored to a usable app; although the points selected by multi-point hooks are arbitrary, they are in order to The execution branches, functions, and classes of the application are covered, and the better function entry points are hooked. Through the multi-point Hook reverse method, the reinforced Android application is hooked at different locations, and the ClassLoader obtained at different locations is further Obtain the offset position of the dex in the memory, get the dex source code of each part of the program, and finally organize and repair all the acquired dex, and finally obtain the complete application dex, which makes the application of Android reverse analysis extremel...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multipoint Hook reversing method for an Android reinforcing application, and belongs to the field of information security. The method comprises the following specific steps that firstly, a certain tested Android application is loaded to an internal storage; a plurality of different function entry points are selected for Hook operation at the same time in the loading process, and corresponding Hook points are loaded for all functions respectively; when a virtual machine executes different functions, the class structures ClassLoader called by the functions are called through the Hook points; then, the deviation positions of the functions and the classes of the functions in the internal storage are acquired through the class structures ClassLoader, dex source codes of the functions of a program are acquired, a dex file is formed, and restoration and perfection are carried out in the internal storage; finally, the dex file obtained after restoration and perfection is dumped from the internal storage. The method has the advantages that the function entry points are hooked dynamically in the operating process of the application to be analyzed, the defect that dex of a program cannot be completely and accurately acquired through a traditional technology can be avoided, and the complex dex codes hard for a traditional analysis method to obtain are obtained.

Description

technical field [0001] The invention belongs to the field of information security, relates to reverse engineering and mobile terminal security, in particular to a multi-point Hook reverse method for Android reinforcement applications. Background technique [0002] In the past three years, the mobile Internet has developed rapidly in an explosive form, and the sales of smart terminals of various brands have also increased exponentially. According to the statistics of "Strategy Analytics 2015Q1", in 2014, the global smart phone shipments increased by an average of 30% annually, reaching 1.3 billion units. [0003] Against the backdrop of the rise of the mobile Internet, the Android platform dominates the entire mobile Internet market in terms of market share. According to the latest third-quarter report of research firm Strategy Analytics, Android ranks first in the mobile operating system market with a market share of 81.2%. The shipment volume was 268 million, compared wit...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/56
CPCG06F21/566G06F2221/033
Inventor 郭燕慧高宇昊吴博张淼
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products