Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Android application program protection method based on dual ARM instruction virtualization

An application and instruction technology, applied in the field of Android application protection based on dual ARM instruction virtualization, can solve problems such as affecting program performance, weak operability, and no application, achieving strong scalability, high flexibility, and increased attack costs. Effect

Inactive Publication Date: 2018-01-12
NORTHWEST UNIV(CN)
View PDF2 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the current protection of SO files is mainly in the packing and obfuscation stage. Packing mainly uses UPX packing (the Ultimate Packer for eXecutables) or by rewriting the loader for packing protection. The packing program can prevent certain Static analysis, but it cannot effectively prevent dynamic debugging analysis. If an attacker understands the entire ELF linker loading process, he can accurately find the timing of unpacking and unpacking. That is to say, packing cannot essentially deal with dynamic analysis. and an experienced reverse engineer
Another common protection method for so files is obfuscation. At present, obfuscation mainly uses OLLVM obfuscation based on source code. Although OLLVM obfuscation seems to increase the complexity of control flow on the surface, too much control flow will affect The performance of the program itself, and based on the source code, has great limitations. In many cases, it is protected on the basis of binary, and the operability is relatively weak.
Although there is currently a virtualization protection technology for SO files, this method can indeed increase the cost of dynamic analysis in terms of the effect of virtualization protection, but on the premise of a device such as a mobile phone and a tablet, this method will introduce High performance overhead, lack of versatility and scalability, resulting in this method has not been applied to the market so far

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Android application program protection method based on dual ARM instruction virtualization
  • Android application program protection method based on dual ARM instruction virtualization
  • Android application program protection method based on dual ARM instruction virtualization

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] The present embodiment proposes a virtual Android application program protection method based on dual ARM instructions, comprising the following steps:

[0030] Step 1, input the Android local layer dynamic link library file to be protected, usually in the .so file format, called the so file; find the key code segment that needs to be protected in the so file, and the key code segment that needs to be protected includes the need to Critical code segments protected by VOP and critical code segments requiring VMP protection;

[0031] Step 2, perform Hex extraction and virtual mapping on the key code segment that needs VOP protection to form a VOP virtual machine so file; encrypt the key code segment that needs VOP protection, and then use the Cydia Substrate framework to encrypt the encrypted code segment that needs VOP protection The key code segment is replaced by Hook so that the virtual instruction code in the VOP virtual machine so file replaces the encrypted code in t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an Android application program protection method based on dual ARM instruction virtualization. The method comprises the steps that key code segments needing to be protected ina so file are searched for, wherein the key code segments include a key code segment needing VOP protection and a key code segment needing VMP protection; Hex extraction and mapping virtualization areperformed on the key code segment needing VOP protection, and a VOP virtual machine so file is formed; the key code segment needing VOP protection is encrypted, Hook replacement is performed on the encrypted VOP key code segment, and a virtual instruction code in the VOP virtual machine so file is made to replace an encrypted code, corresponding to the encrypted VOP key code segment, in the so file; instruction virtualization is performed on the key code segment needing VMP protection, and a protected VMP virtual machine so file with virtual sections is formed; and driving data in the VMP virtual machine so file is made to replace the code, corresponding to the key code segment, in the so file. Through the method, two different virtual machine protection thoughts are combined, attack costof a reverser is increased, and the complexity of a protected program is enhanced.

Description

technical field [0001] The invention belongs to the technical field of SO (abbreviation for shared object) file reinforcement in Android application programs, and in particular relates to a virtual Android application program protection method based on dual ARM instructions. Background technique [0002] In recent years, with the popularization of Android smart devices and the increasing number of applications on the corresponding devices, more and more attackers and hackers focus on the applications on the mobile platform, so the following What is more serious is that the phenomenon of reverse analysis and secondary packaging has become more and more serious, which has brought huge economic loss to the developers and users of the program. [0003] Therefore, in order to reduce the unnecessary economic loss of the developer and protect the legitimate rights and interests of the users, it is urgent to effectively protect and strengthen the APP (short for application). At pre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/14
Inventor 汤战勇赵贝贝房鼎益李振陈晓江龚晓庆陈峰
Owner NORTHWEST UNIV(CN)
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com