Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Virtualized packing method for Android local layer instruction compilation based on ELF infection

A local layer and instruction technology, applied in the direction of program/content distribution protection, instruments, electrical digital data processing, etc., can solve the problems of compiling confusion, inability to deal with dynamic analysis reverse attackers, weak operability, etc., to achieve Increased attack cost, excellent performance, and good compatibility

Inactive Publication Date: 2017-12-15
NORTHWEST UNIV
View PDF4 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The existing protections for local layer files mainly include UPX packing, ELF file section encryption and OLLVM obfuscation. These Android native layer protection methods can only prevent static analysis on the surface, but they cannot deal with it in essence. Dynamic analysis and experienced reverse engineer
Experienced reverse attackers conduct dynamic analysis and debugging, and choose the right time to dump the so restored in memory; in addition, the existing OLLVM confusion is mainly aimed at compiling confusion at the source code level. Although the protection is strong, But the operability is weak
Therefore, the above methods have certain limitations in the protection of the Android native layer so, and the Android native layer so file is usually an important implementation part of the core logic code in the entire Android App, so there is an urgent need for a method that can prevent memory dump analysis and at the same time A method that can take into account the advantages of the above protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Virtualized packing method for Android local layer instruction compilation based on ELF infection
  • Virtualized packing method for Android local layer instruction compilation based on ELF infection
  • Virtualized packing method for Android local layer instruction compilation based on ELF infection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention proposes a kind of Android local layer instruction compilation virtualization packing method based on ELF infection, comprising the following steps:

[0027] Step 1, input the Android local layer dynamic link library file to be protected, usually in .so file format, called so file; find the key code segment that needs to be protected in the so file, and perform instruction Hex extraction and mapping virtual to the key code segment , forming a virtual machine so file;

[0028] Such as figure 2 As shown, in this embodiment, libnative.so is the so file to be protected. The present invention first searches and locates the key code segment according to the label provided by the developer, as shown in the dotted line area in the figure, and HEX extracts this part of the code , use the custom mapping rules to map and transform the extracted results.

[0029] The so-called custom mapping rule refers to setting a set of mapping rules by itself, so that t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a virtualized packing method for Android local layer instruction compilation based on ELF infection. The method is characterized in that Hex extraction and mapping virtualization are conducted on a to-be-protected so document, so a so document of a virtual machine is formed; key code sections of the so document is encrypted, so an encrypted so document is formed; ELF infection is conducted on the encrypted so document by the so document of the virtual machine, so an infected so document is formed; and Hook replacement is conducted on the encrypted so document by a Cydia Substrate framework, so encrypted codes in the encrypted so document are replaced by virtual instruction codes in the so document of the virtual machine. The method disclosed by the invention applies an idea of virtualization in compilation. The idea does not involve problems generated from different ARM platform versions, so the method has high compatibility, prevents memory Dump analysis and increases attack cost of an attacker.

Description

technical field [0001] The invention belongs to the technical field of Android application program reinforcement, and in particular relates to a protection technology based on ELF-infected local layer so file compile-time virtualization packing protection, combined with a Cydia Substrate framework for hooking to realize the normal call of core functions. Background technique [0002] In recent years, with the vigorous development of mobile phone applications, the annual output has grown exponentially. According to statistics, the number of APPs in major application stores in my country has exceeded 10 million. While APP brings convenience to people's lives, it also creates opportunities for criminals, which seriously affects the healthy development of the APP industry. [0003] The protection of APP has changed from the initial simple reinforcement of dex to the current extraction and reinforcement of dex. The protected object has also been transferred from the dex layer to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/12
CPCG06F21/125
Inventor 赵贝贝房鼎益汤战勇宋丽娜陈晓江李振龚晓庆陈峰
Owner NORTHWEST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com