Unlock instant, AI-driven research and patent intelligence for your innovation.

Universal shelling method and system for Android platform application program based on ART environment

A platform application and program technology, applied in the direction of platform integrity maintenance, instruments, electronic digital data processing, etc., can solve the problems of file damage, unreliable field features, loss of marking function, etc. The effect of obfuscation techniques

Active Publication Date: 2021-06-01
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF14 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1. The field characteristics are not reliable, and the bytecode encrypted by multiple rounds has lost its original marking function and is decoupled from the real business
[0005] 2. Feature extraction is deceptive. There are a lot of technologies that confuse and bypass the detection system in the current business. Traditional methods are not universal
[0006] 3. The fixed unpacking method does not have the function of repairing the APK, which may damage the file
[0007] 4. Static analysis is basically invalid for strong obfuscation shells

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Universal shelling method and system for Android platform application program based on ART environment
  • Universal shelling method and system for Android platform application program based on ART environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The present invention will be further explained by specific examples below.

[0047] The present invention provides a kind of Android platform application general unpacking method and system based on the new generation ART environment, it is characterized in that, comprises the following steps:

[0048] S1: Determine the packer program as a vmp shell, dex2c shell, or ordinary shell through the shell checking component.

[0049] S2: In the dex extraction component, modify the oasp that conforms to the operating environment of this program at the source code level and then compile it. After flashing into the new system image, start the packing program to obtain the extracted dex file and the list of loaded classes.

[0050] S3: Insert an active call chain in oasp, actively load the loaded class list in clinit, start the program after compiling and get all the extracted function instructions in all classes.

[0051] S4: In the repair component, fill the function instructi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a universal shelling method and system for an Android platform application program based on an ART environment, and belongs to the field of software security detection. The main scheme includes the steps that the shell type of the program is judged in a shell checking component, a dex file obtained after initialization is completed is obtained from a memory in an extraction dex component, all types of original programs are loaded in the active calling component, a method body of the original programs is obtained, and a function body of the dex file is subjected to integrity filling in the repairing component. Modification and compiling are carried out on the android source code layer, an anti-debugging means is effectively bypassed, a complete function body can be obtained without anti-confusion, and the shelling efficiency is greatly improved.

Description

technical field [0001] The invention belongs to the field of software safety detection, and discloses a general unpacking method and system for Android platform application programs based on a new generation of ART environment. The program to be tested is an Android program, which is effective for unpacking Android malicious programs. Background technique [0002] Nowadays, mobile devices such as smartphones are widely used in our daily life. Due to the popularity of Android devices and the openness of Android OS, the amount of Android malware is increasing rapidly. Infection of mobile devices with malware can lead to the leakage of important private information, such as user accounts and passwords. Also, the rise of malware that wastes users' time and scams theft leads to financial losses for users. Therefore, there is an urgent need to effectively detect and defend against Android malware. [0003] The most important step in the analysis and detection of Android malware...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/563
Inventor 牛伟纳鲁启扬张小松张洪彬周杰
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA