Supercharge Your Innovation With Domain-Expert AI Agents!

A sandbox shelling method and system based on an android virtual machine

A virtual machine and sandbox technology, applied in the field of information security, can solve the problems of mobile phone sensitive information theft, system crash, security risks, etc., and achieve the effect of ensuring the security of the device environment, simple use and high efficiency

Active Publication Date: 2022-06-21
WUHAN ANTIY MOBILE SECURITY
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At the same time, other malicious programs can also obtain root privileges, resulting in the tampering of the system, or the theft of sensitive information in the mobile phone, resulting in security risks
Secondly, the hook technology uses the replacement of key functions in the system layer to achieve the goal of obtaining memory. Improper handling may lead to system crashes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A sandbox shelling method and system based on an android virtual machine
  • A sandbox shelling method and system based on an android virtual machine
  • A sandbox shelling method and system based on an android virtual machine

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0097] combine image 3 As shown, the present invention provides a function of modifying the Android system framework code based on the Android system principle. The steps of this function are as follows:

[0098] S01, start the Android virtual machine until the system framework code is loaded.

[0099] S02, using the system dvmJarOpen to load the custom Android virtual machine code package of the present invention to obtain a DexFile object.

[0100] S03, calling dvmSetBootPathExtraDex to store the above DexFile object in bootClassPathOptExtra.

[0101] S04, call loadAllClass, and loop to find the classes in the above DexFile, so all of them are added to the hashTable for subsequent use.

[0102] S041, classloader and DvmDex are not provided here for class search, use dvmFindSystemClassNoInit to search from bootclass.

[0103] S042, use dexFindClass to search directly from bootClassPathOptExtra, and return if found, otherwise go to the next step.

[0104] S043, use dexFi...

specific Embodiment 2

[0106] This system refers to the operating principle of the Android system, and implements the interfaces from Activity, Application to ActivityThread, etc., which are directly called by applications. It also implements classes related to environment and resources such as ApplicationInfo, LoadedApk, Context, etc. Since many system principles are involved, this embodiment only describes the reference steps.

[0107] S01, the control module starts the dalvik virtual machine.

[0108] S02, the control module uses the function of Embodiment 1 to load the jar package of the system framework.

[0109] S03, pass in the target application app path, and parse to obtain the Application name and the main Activity name.

[0110] S04, use the Jni interface FindClass to find the target Application class, and call Initialize the function and call NewObject to generate an object.

[0111] S05, use the Jni interface FindClass to find the ActivityThread. At this time, the ActivityThread i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a sandbox unpacking method and system based on an Android virtual machine. The method includes the following steps: starting the Android virtual machine, replacing the class loader of the system with a predefined class loader, and loading the unpacking method for sandbox unpacking. Customize the Android virtual machine code package of the shell to obtain the operating environment that can execute the Android unpacking code; read the package name and main activity name of the target application to be unpacked in the virtual machine, and build the target application according to the package name and main activity name The context environment and resource access interface of the target application; the resource access interface of the target application is constructed, the normal execution process of the target application is simulated, the context environment matching the target application is passed into the startup parameters of the target application, and the target application is programmed in the sandbox The code is decrypted to obtain the program code of the target application. The execution environment of the present invention does not need to provide the highest access authority, which ensures the security of the user's equipment environment; and is simple to use and high in execution efficiency.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for unpacking a sandbox based on an Android virtual machine. Background technique [0002] Android devices are developing rapidly, extending from mobile phones to tablets, smart TVs, etc., and there are more and more risky and malicious applications on the devices. The general malicious detection methods are mostly based on feature detection, which is basically ineffective for the malicious behavior of hardened samples. Therefore, there is an urgent need for a solution that can provide a fast detection function in user scenarios. [0003] The general unpacking technology on the user side requires the use of hook (hook) technology, and involves system root (obtaining the highest authority), which is equivalent to opening a door to the mobile system and causing security risks. The system root is based on a linux-like account authority mechanism. T...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/53G06F9/455
CPCG06F9/45558G06F21/53
Inventor 唐浩乔伟
Owner WUHAN ANTIY MOBILE SECURITY
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com