A method, system and related device for obtaining Android application native layer code

Abstract

This application discloses a method for obtaining the native layer code of an Android application, starting from the Linker that is required for all Android applications to run normally, with high accuracy; using decompilation technology combined with preset key strings to determine the initialization function contained therein , to finally determine whether the initialization function is called to decrypt the encrypted code, and execute the DUMP operation immediately after the decryption is complete. The decrypted code can be intercepted in advance before the target application performs the anti-dump operation and secondary encryption, making full use of malicious applications. The self-decryption process of the encrypted code does not require manual decryption, which can significantly improve the efficiency of obtaining the decrypted code. The present application also discloses a system, device and computer-readable storage medium for obtaining native layer codes of Android applications, which have the above-mentioned beneficial effects.

Description

technical field [0001] The present application relates to the technical field of obtaining application running codes, and in particular to a method, system, device and computer-readable storage medium for obtaining native layer codes of Android applications. Background technique [0002] Since the birth of the Android (also known as Android) system, software security issues have been criticized by the majority of developers. On the one hand, many hard-developed applications have been cracked to obtain source codes through reverse engineering, and secondary packaging and packaging; On the one hand, the internal code logic of many simple virus and Trojan horses is also easily obtained by virus analysts, resulting in low survival rates and difficulty in escaping the interception of anti-virus software. [0003] In this context, some virus developers move the internal code logic from the Java layer, which is easily decompiled and cracked by reverse engineering, to the native lay...

AI Technical Summary

Problems solved by technology

[0002] Since the birth of the Android (also known as Android) system, software security issues have been criticized by the majority of developers. On the one hand, many hard-developed applications have been cracked to obtain source codes through reverse engineering, and secondary packaging and packaging; On the one hand, the internal code logic of many simple viruses and Trojan horses is also easily obtained by virus analysts, resulting in low survival rates and difficulty in escaping the interception of anti-virus software.

[0004] In addition to routine automatic detection, it is still necessary to manually analyze some applications that are difficult to judge malicious applications after using encryption technology. The industry now uses the dd command that comes with the Linux system (the function of this command is to use a specified size Block copy a file, and perform specified conversion while copying) DUMP the decrypted code (an operation of copying the memory image in the software process, that is, the memory data) when the target application is running, this method can To a certain extent, it helps malicious application analysts to obtain the decrypted code, but because the timing of this technology to obtain the decrypted code is not early enough, in the face of some anti-dump operations or the code will be re-dumped after running Very weak when encrypted malicious applications

Images