Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A virtualization packing method based on elf infection android local layer instruction compilation

A local layer, instruction technology, applied in the direction of instruments, computing, electrical digital data processing, etc., can solve the problems of weak operability, compiling confusion, unable to deal with dynamic analysis reverse attackers in essence, to increase attack cost, The effect of excellent performance and good compatibility

Inactive Publication Date: 2020-05-19
NORTHWEST UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The existing protections for local layer files mainly include UPX packing, ELF file section encryption and OLLVM obfuscation. These Android native layer protection methods can only prevent static analysis on the surface, but they cannot deal with it in essence. Dynamic analysis and experienced reverse engineer
Experienced reverse attackers conduct dynamic analysis and debugging, and choose the right time to dump the so restored in memory; in addition, the existing OLLVM confusion is mainly aimed at compiling confusion at the source code level. Although the protection is strong, But the operability is weak
Therefore, the above methods have certain limitations in the protection of the Android native layer so, and the Android native layer so file is usually an important implementation part of the core logic code in the entire Android App, so there is an urgent need for a method that can prevent memory dump analysis and at the same time A method that can take into account the advantages of the above protection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A virtualization packing method based on elf infection android local layer instruction compilation
  • A virtualization packing method based on elf infection android local layer instruction compilation
  • A virtualization packing method based on elf infection android local layer instruction compilation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention proposes a kind of Android local layer instruction compilation virtualization packing method based on ELF infection, comprising the following steps:

[0027] Step 1, input the Android local layer dynamic link library file to be protected, usually in .so file format, called so file; find the key code segment that needs to be protected in the so file, and perform instruction Hex extraction and mapping virtual to the key code segment , forming a virtual machine so file;

[0028] Such as figure 2 As shown, in this embodiment, libnative.so is the so file to be protected. The present invention first searches and locates the key code segment according to the label provided by the developer, as shown in the dotted line area in the figure, and HEX extracts this part of the code , use the custom mapping rules to map and transform the extracted results.

[0029] The so-called custom mapping rule refers to setting a set of mapping rules by itself, so that t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method of compiling and virtualizing Android local layer instructions based on ELF infection. This method performs Hex extraction and mapping virtualization on the so file to be protected to form a virtual machine so file, and performs key code segments on the so file. Encrypt to form an encrypted so file; use the virtual machine so file to perform ELF infection on the encrypted so file to form an infected so file; use the Cydia Substrate framework to replace the encrypted so file with Hook, so that the virtual machine so file The virtual instruction code replaces the encrypted code in the encrypted so file. The present invention uses the idea of ​​compile-time virtualization. This idea does not involve the problem of different ARM platform versions, so it has good compatibility, can prevent memory dump analysis and increases the attacker's attack cost.

Description

technical field [0001] The invention belongs to the technical field of Android application program reinforcement, and in particular relates to a protection technology based on ELF-infected local layer so file compile-time virtualization packing protection, combined with a Cydia Substrate framework for hooking to realize the normal call of core functions. Background technique [0002] In recent years, with the vigorous development of mobile phone applications, the annual output has grown exponentially. According to statistics, the number of APPs in major application stores in my country has exceeded 10 million. While APP brings convenience to people's lives, it also creates opportunities for criminals, which seriously affects the healthy development of the APP industry. [0003] The protection of APP has changed from the initial simple reinforcement of dex to the current extraction and reinforcement of dex. The protected object has also been transferred from the dex layer to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/12
CPCG06F21/125
Inventor 赵贝贝房鼎益汤战勇宋丽娜陈晓江李振龚晓庆陈峰
Owner NORTHWEST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com