Abstract
In recent years, more and more criminals tamper with APKs (Android Package) of Android phones by reverse engineering, which brings great threat to the interests of developers and users. Therefore, it is necessary to strengthen the protection of APK code. But with the continuous evolution of the Android system compilation mode, the protection of APK code has encountered more and more difficulties. Main code protection schemes are just for applications based on Interpretation or AOT (Ahead of Time) compilation mode, but the new hybrid compilation mode used in Android 8.0 makes it difficult for the code protection schemes to protect APK code. So we refer to the Android system source code to study the hybrid compilation process of Android 8.0. By analyzing the loading, compiling and executing flow of programs in Android 8.0, we find a way to control the compilation mode. Combined with inline hook technology, our code protection scheme effectively avoids the impact of the complicated hybrid compilation mode, restores the instructions successfully and achieves the purpose of protecting APK code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mulliner, C., Oberheide, J., Robertson, W., Kirda, E.: PatchDroid: scalable third-party security patches for Android device. In: Computer Security Applications Conference (2013)
Shreshtha, R.: A systemic code-protection methodology for the dex file on Android platform. In: Proceedings of 2012 IEEE International Conference on Computer Science and Automation Engineering (2012)
Zhou, W., Wang, Z., Zhou, Y., Jiang, X.: DILIVAR: diversifying intermediate language for anti-repackaging on Android platform. In: ACM Conference on Data & Application Security & Privacy (2014)
Portokalidis, G., Homburg, P., Anagnostakis, K., Bos, H.: Paranoid Android: versatile protection for smartphones. In: Proceedings of the 26th Annual Computer Security Applications Conference (2010)
Chen, Q., Jia, L.-f., Zhang, W.: Research of software protection methods based on the interaction between code and shell. Comput. Eng. Sci. 12 (2006). 011
GToad, 05 July 2018. https://gtoad.github.io/2018/07/05/Android-Native-Hook/
Bryant, R.E., O’Hallaran, D.R.: Computer Systems: A Programmer’s Perspective. Pearson, London (2015)
Zhang, Y., Luo, X., Yin, H.: The terminator to Android hardening services. In: DEFCON 25 Hacker Conference (2017)
Xue, Y., Tan, Y., Liang, C., Li, Y., Zheng, J., Zhang, Q.: RootAgency: a digital signature-based root privilege management agency for cloud terminal devices. Inf. Sci. 444, 36–50 (2018)
https://androidxref.com/8.0.0_r4/xref/art/runtime/interpreter/interpreter.cc
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2013)
Codecache Tuning. https://docs.oracle.com/javase/8/embedded/develop-apps-platforms/codecache.htm
rk700, 30 June 2017. http://rk700.github.io/2017/06/30/hook-on-android-n/?tdsourcetag=s_pcqq_aiomsg
Mai ke, 02 August 2018. https://blog.csdn.net/u013394527/article/details/80980340
Yang, Z., et al.: Appintent: analyzing sensitive data transmission in Android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (2013)
Grassi, M.: Reverse engineering, pentesting, and hardening of Android apps. DroidCon (2014)
Hexo, 25 September 2018. https://ansgarlin.github.io/zh-tw/news/2018/09/25/about_art_1_compilation/
Tsai, K.-Y., Chiu, Y.-H., Wu, T.-C.: Android App copy protection mechanism based on dynamic loading. In: International Symposium on Consumer Electronics (2014)
Wißfeld, M.: ArtHook Callee-side method hook injection on the new Android runtime ART. Information Security and Cryptography (2015)
ele7enxxh (2018). https://github.com/ele7enxxh/Android-Inline-Hook
Liang, S.: The Java Native Interface – Programmer’s Guide and Specification. Addison-Wesley Professional, Boston (1999)
Drake, J.J., Lanier, Z., Mulliner, C., Fora, P.O., Ridley, S.A., Wicherski, G.: Android Hacker’s Handbook. Wiley, Hoboken (2014)
Eagle, C.: The IDA Pro Book. No Starch Press, San Francisco (2011)
Martelli, A., Ravenscroft, A., Ascher, D.: Python Cookbook. O’Reilly Media, Sebastopol (2005)
Chen, H.: Privacy and Security Enhancements for Android Application. University of California, Los Angeles (2012)
Levin, J.: Dalvik and ART. In: Andevcon (2015)
Nolan, G.: Decompiling Android. Apress, New York (2012)
Park, Y.: We can still crack you! general unpacking method for Android packer (no root). In: Blackhat Asia (2015)
Acknowledgment
This work is supported by National Natural Science Foundation of China (No. 61876019 & U1636213).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, H., Yang, K., Wang, L., Gao, J., Hu, S. (2019). A Code Protection Scheme via Inline Hooking for Android Applications. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11982. Springer, Cham. https://doi.org/10.1007/978-3-030-37337-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-37337-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37336-8
Online ISBN: 978-3-030-37337-5
eBook Packages: Computer ScienceComputer Science (R0)