Virtual android application program protection method based on dual arm instructions

Abstract

The invention discloses a virtual Android application program protection method based on double ARM instructions, including: searching for key code segments that need to be protected in the so file, including key code segments that need VOP protection and key code segments that need VMP protection; The protected key code segment is Hex extracted and virtualized to form a VOP virtual machine so file; the key code segment that needs VOP protection is encrypted, and the encrypted VOP key code segment is Hooked to replace the virtual machine in the VOP virtual machine so file. The command code replaces the encrypted code in the so file corresponding to the encrypted VOP key code segment; performs instruction virtualization on the key code segment that needs VMP protection, and forms a VMP virtual machine so file with virtual section protection; makes VMP virtual The driver data in the machine so file replaces the code in the so file corresponding to the key code segment. The present invention combines two different virtual machine protection ideas, which increases the attack cost of reversers and the complexity of protected programs.

Description

technical field [0001] The invention belongs to the technical field of SO (abbreviation for shared object) file reinforcement in Android application programs, and in particular relates to a virtual Android application program protection method based on dual ARM instructions. Background technique [0002] In recent years, with the popularization of Android smart devices and the increasing number of applications on the corresponding devices, more and more attackers and hackers focus on the applications on the mobile platform, so the following What is more serious is that the phenomenon of reverse analysis and secondary packaging has become more and more serious, which has brought huge economic loss to the developers and users of the program. [0003] Therefore, in order to reduce the unnecessary economic loss of the developer and protect the legitimate rights and interests of the users, it is urgent to effectively protect and strengthen the APP (short for application). At pre...

AI Technical Summary

Problems solved by technology

However, the current protection of SO files is mainly in the packing and obfuscation stage. Packing mainly uses UPX packing (the Ultimate Packer for eXecutables) or by rewriting the loader for packing protection. The packing program can prevent certain Static analysis, but it cannot effectively prevent dynamic debugging analysis. If an attacker understands the entire ELF linker loading process, he can accurately find the timing of unpacking and unpacking. That is to say, packing cannot essentially deal with dynamic analysis. and an experienced reverse engineer

Another common protection method for so files is obfuscation. At present, the obfuscation mainly uses OLLVM obfuscation based on source code. Although OLLVM obfuscation seems to increase the complexity of control flow on the surface, too much control flow will affect The performance of the program itself, and based on the source code, has great limitations. In many cases, it is protected on the basis of binary, and the operability is relatively weak.

Although there is currently a virtualization protection technology for SO files, this method can indeed increase the cost of dynamic analysis in terms of the effect of virtualization protection, but on the premise of a device such as a mobile phone and a tablet, this method will introduce High performance overhead, lack of versatility and scalability, resulting in this method has not been applied to the market so far

Images