Abstract
Following the steady growth of the android mobile market, android application developers apply the obfuscation techniques to hide confidential information to be revealed and to prevent from abnormal approaches. Keeping up this trend, however, the obfuscation technique is also widely used in android malicious codes. Android malicious code developers apply the obfuscation techniques to hide their malignant act and evade anti-virus program, eventually making malicious code reversing engineers spend a lot of time and efforts and adding a huge amount of social cost for the analysis. Due to this reason, the de-obfuscation techniques is getting more and more required to solve this problem. In this paper, we research existing obfuscation and de-obfuscation techniques which currently are applied to the android applications, then suggest the de-obfuscation platform based on LLVM (Low-Level Virtual Machine) to perform de-obfuscation process more efficiently.
This work was supported by the MSIT (Ministry of Science and ICT), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2017-2016-0-00313) supervised by the IITP (National IT Industry Promotion Agency), the Basic Science Research Program through the NRF funded by the Ministry of Education (NRF-2015R1C1A1A02037561) and the 2017 Yeungnam University Research Grant.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dexguard. https://www.guardsquare.com/dexguard
Proguard. http://developer.android.com/tools/help/proguard.html
Piao, Y., Jung, J.H., Yi, J.H.: Server based code obfuscation scheme for APK tamper detection. Secur. Commun. Netw. (2014)
Schulz, H., Titze, D., Schutte, J., Kittel, T., Eckert, C.: Automated de-obfuscation of Android bytecode. Department of Computer Science, The University of Munchen, Germany, July
Bremer, J.: Automated Analysis and Deobfuscation of Android Apps & Malware, Freelance Security Researcher (2013)
Simplify. https://github.com/CalebFenton/simplify
Dexoracle. https://github.com/CalebFenton/dex-oracle
Dexprotector. https://dexprotector.com
Lee, S.Y., Park, J.H., Chan Park, M., Suk, J.H., Lee, D.H.: A study on deobfuscation method of Android and implementation of automatic analysis tool. J. Korea Inst. Inf. Secur. Cryptol. 25(5), 1201–1215 (2015)
LLVM overview. http://www.aosabook.org/en/llvm.html#fig.llvm.rtc
Wegman, M.N., Zadeck, F.K.: Constant propagation with conditional branches. ACM Trans. Program. Lang. Syst. 13(2), 181–210 (1991)
Click, C., Cooper, K.: Combining analyses, combining optimizations. ACM Trans. Programm. Lang. Syst. 17(2), 181–196 (1995)
Kennedy, K.: Use-definition chains with applications. Comput. Lang. Arch. 3(3), 163–179 (1978)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kim, J., Ko, K., Youn, J.M. (2018). Building the De-obfuscation Platform Based on LLVM. In: Park, J., Loia, V., Yi, G., Sung, Y. (eds) Advances in Computer Science and Ubiquitous Computing. CUTE CSA 2017 2017. Lecture Notes in Electrical Engineering, vol 474. Springer, Singapore. https://doi.org/10.1007/978-981-10-7605-3_202
Download citation
DOI: https://doi.org/10.1007/978-981-10-7605-3_202
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-7604-6
Online ISBN: 978-981-10-7605-3
eBook Packages: EngineeringEngineering (R0)