research-article

An Anti-Reverse Engineering Technique using Native code and Obfuscator-LLVM for Android Applications

Authors:

Kyeonghwan Lim,

Seongtae JhangAuthors Info & Claims

RACS '17: Proceedings of the International Conference on Research in Adaptive and Convergent Systems

Pages 217 - 221

https://doi.org/10.1145/3129676.3129708

Published: 20 September 2017 Publication History

Abstract

Android applications are exposed to reverse engineering attacks. In particular, the applications written in Java are more prone to reverse engineering in comparison to the applications written in native-code languages such as C or C++ on the Android platform. This is because Java applications are distributed as byte codes, while applications written in native-code languages are distributed as low-level binary codes. In this paper, we propose a new technique to protect Android applications against reverse engineering. Three key characteristics of the proposed approach are as follows. First, we write the main parts of the application in native-code using Android NDK. This not only makes reverse engineering more difficult, but it is also more effective in terms of code reuse. Second, we introduce obfuscation, which hides the intent of the native codes and obscures theirs structure, at the intermediate representation (IR) level. Finally, we integrate an integrity verification scheme which detects whether the critical module of the application has been modified prior to execution of the application. Based on the results of experimentation on five known Android applications, we show that the proposed techniques can be applied without a significant effect on performance.

References

[1]

Snell B. 2016. Mobile Threat Report What's on the Horizon for 2016. https://www.mcafee.com/us/resources/reports/rpmobile-threat-report-2016.pdf

[2]

Jang, J., Han, S. Cho, Y., choe, U. and Hong, J. 2014. Survey of Security Threats and Countermeasures on Android Environment. Journal of Security Engineering. 11, 1 (Feb. 2014), 01--12. DOI=http://dx.doi.org/10.14257/jse.2014.02.01.

[3]

Zhou, W., Zhon, Y. Jiang, X. and Ning, P. 2012. Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces. In Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy (San Antonio, USA, February 07--09, 2012). CODASPY'12. ACM, New York, NY, 317--326. DOI=http://dx.doi.org/10.1145/2133601.2133603.

Digital Library

[4]

Enck, W., Octeau, D., McDaniel, P. and Chaudhuri, S. 2011. A Study of Android Application Security. In Proceedings of the 20th USENIX conference on Security (San Fransicso, USA, August 08--12, 2011). SEC '11. USENIX, San Francisco, CA, 21--21.

[5]

Chebyshev, V. and Unuchek, R. 2014. Mobile Malware Evolution: 2013. https://securelist.com/58335/mobile-malware-evolution-2013.

[6]

Piao, Y., Jung, J. and Yi, J. 2013. Structural and Functional Analyses of ProGuard Obfuscation Tool. The Journal of Korean Institute of Communications and Information Sciences. 38B, 8 (Aug. 2013). 654--661. DOI=http://dx.doi.org/10.7840/kics.2013.38B.8.654.

[7]

Schulz, P. 2012. Code protection in android. Lab Report. University of Bonn at North Rhine-Westphalia.

[8]

Bangcle. www.bangcle.com. [Online; Accessed on September 10, 2016].

[9]

LIAPP. https://liapp.lockincomp.com/. [Online; Accessed on September 10, 2016].

[10]

Petsas, T. Voyatzis, G. Athanasopoulos, E. Polychronakis, M. and Ioannidis, S. 2014. Rage against the virtual machine: hindering dynamic analysis of android malware. In Proceedings of the Seventh European Workshop on System Security (Amsterdam, Netherlands, April 13--16, 2014). EuroSys 2014. ACM, New York, NY, 5. DOI=http://dx.doi.org/10.1145/2592791.2592796.

Digital Library

[11]

Cho, H., Lim, J., Kim, H. and Yi, J. 2016. Anti-debugging scheme for protecting mobile apps on android platform. The Journal of Supercomputing. 72, 1 (Jan. 2016), 232--246. DOI=http://dx.doi.org/10.1007/s11227-015-1559-9.

Digital Library

[12]

Sun, S., Cuadros, A. and Beznosov, K. 2015. Android rooting: Methods, detection, and evasion. In Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (Denver, USA, October 12--12, 2015). SPSM '15. ACM, New York, NY, 3--14. DOI=http://dx.doi.org/10.1145/2808117.2808126.

Digital Library

[13]

Yang, W., Zhang, Y., Li, J., Shu, J., Li, B., Hu, W. and Gu, D. 2015. AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. In Proceedings of 18th International Symposium (Kyoto, Japan, November 2--4, 2015). RAID 2015. Springer International Publishing, Cham, ZG, 350--381. DOI=http://dx.doi.org/10.1007/978-3-319-26362-5_17.

Digital Library

[14]

Costamagna, V. and Bergadano, F. 2016. HOOKDROID: DALVIK DYNAMIC INSTRUMENTATION FOR SECURITY ANALYTICS. International Journal on Information Technologies and Security. 8, 1 (2016), 39--52.

[15]

Costamagna, V. and Zheng, C. 2016. ARTDroid: A virtual-method hooking framework on android ART runtime. In Proceedings of the 2016 Innovations in Mobile Privacy and Security (Egham, SRY, April 06, 2016). IMPS 2016. CEURWS, 20--28.

[16]

Google. Android NDK. https://developer.android.com/tools/sdk/ndk/index.html.

[17]

Welton, R. 2014. Obfuscating Android Applications using O-LLVM and the NDK. http://fuzion24.github.io/android/obfuscation/ndk/llvm/o-llvm/2014/07/27/android-obfuscation-o-llvm-ndk/.

[18]

Kim, J., Go, N. and Park, Y. 2015. A Code Concealment Method using Java Reflection and Dynamic Loading in Android. Journal of the Korea Institute of Information Security and Cryptology. 25, 1(Feb. 2015), 17--30. DOI=http://dx.doi.org/10.13089/JKIISC.2015.25.1.17.

[19]

Lim, K., Jeong, Y., Cho, S., Park, M. and Han, S. 2016. An Android Application Protection Scheme against Dynamic Reverse Engineering Attacks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 7, 3(Sep. 2016), 40--52.

[20]

Kovacheva, A. 2013. Efficient Code Obfuscation for Android. In Proceedings of Advances in Information Technology: 6th International Conference (Bangkok, Thailand, December 12--13, 2013). IAIT'13, 104--119. DOI= http://dx.doi.org/10.1007/978-3-319-03783-7_10

Cited By

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
https://doi.org/10.1145/3702314
Pizzolotto DBerlato SCeccato M(2024)Mitigating Debugger-based Attacks to Java Applications with Self-debuggingACM Transactions on Software Engineering and Methodology10.1145/363197133:4(1-38)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3631971
Kasuya RYoshiura N(2023)Obfuscating LLVM IR with the Application of Lambda CalculusIntelligent Information and Database Systems10.1007/978-981-99-5837-5_3(27-39)Online publication date: 5-Sep-2023
https://doi.org/10.1007/978-981-99-5837-5_3
Show More Cited By

Index Terms

An Anti-Reverse Engineering Technique using Native code and Obfuscator-LLVM for Android Applications
1. Security and privacy
  1. Software and application security

Recommendations

Exploring reverse engineering symptoms in Android apps
EuroSec '15: Proceedings of the Eighth European Workshop on System Security

The appearance of the Android platform and its popularity has resulted in a sharp rise in the number of reported vulnerabilities and consequently in the number of mobile threats. Leveraging openness of Android app markets and the lack of security ...
Benchmark Dalvik and Native Code for Android System
IBICA '11: Proceedings of the 2011 Second International Conference on Innovations in Bio-inspired Computing and Applications

Google's Android Native Development Kit (NDK) is a toolset that lets you embed components to use of native code in your Android applications. It makes possible for developers to easily compile in C/C++ for the Android development platform. Generally, ...
Reverse Engineering iOS Mobile Applications
WCRE '12: Proceedings of the 2012 19th Working Conference on Reverse Engineering

As a result of the ubiquity and popularity of smart phones, the number of third party mobile applications is explosively growing. With the increasing demands of users for new dependable applications, novel software engineering techniques and tools ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

RACS '17: Proceedings of the International Conference on Research in Adaptive and Convergent Systems

September 2017

324 pages

ISBN:9781450350273

DOI:10.1145/3129676

Conference Chairs:
Katarzyna Grygiel
Jagiellonian University, Poland
,
Tomas Cerny
Baylor University, USA
,
Program Chairs:
Sung-Ryul Kim
Konkuk University, Korea
,
Wei Wang
San Diego State University, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing
ACCT: Association of Convergent Computing Technology

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 September 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

National Research Foundation of Korea(NRF) & Ministry of Science, ICT and Future Planning

Conference

RACS '17

Sponsor:

SIGAPP
ACCT

RACS '17: International Conference on Research in Adaptive and Convergent Systems

September 20 - 23, 2017

Krakow, Poland

Acceptance Rates

RACS '17 Paper Acceptance Rate 48 of 207 submissions, 23%;

Overall Acceptance Rate 393 of 1,581 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
321
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)7

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
https://doi.org/10.1145/3702314
Pizzolotto DBerlato SCeccato M(2024)Mitigating Debugger-based Attacks to Java Applications with Self-debuggingACM Transactions on Software Engineering and Methodology10.1145/363197133:4(1-38)Online publication date: 18-Apr-2024
https://dl.acm.org/doi/10.1145/3631971
Kasuya RYoshiura N(2023)Obfuscating LLVM IR with the Application of Lambda CalculusIntelligent Information and Database Systems10.1007/978-981-99-5837-5_3(27-39)Online publication date: 5-Sep-2023
https://doi.org/10.1007/978-981-99-5837-5_3
Soewito BSuwandaru A(2022)Android sensitive data leakage prevention with rooting detection using Java function hookingJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2020.07.00634:5(1950-1957)Online publication date: May-2022
https://doi.org/10.1016/j.jksuci.2020.07.006
Zaidenberg NKiperberg MResh A(2022)TrulyProtect—Virtualization-Based Protection Against Reverse EngineeringCyber Security10.1007/978-3-030-91293-2_15(353-366)Online publication date: 3-Apr-2022
https://doi.org/10.1007/978-3-030-91293-2_15
Zhao YTang ZYe GGong XFang D(2021)Input-Output Example-Guided Data Deobfuscation on BinarySecurity and Communication Networks10.1155/2021/46460482021Online publication date: 13-Dec-2021
https://dl.acm.org/doi/10.1155/2021/4646048
Szczepanik MKędziora MJóźwiak I(2020)Android Methods Hooking Detection Using Dalvik Code and Dynamic Reverse Engineering by Stack Trace AnalysisTheory and Applications of Dependable Computer Systems10.1007/978-3-030-48256-5_62(633-641)Online publication date: 22-May-2020
https://doi.org/10.1007/978-3-030-48256-5_62
He ZYe GYuan LTang ZWang XRen JWang WYang JFang DWang Z(2019)Exploiting Binary-Level Code Virtualization to Protect Android Applications Against App RepackagingIEEE Access10.1109/ACCESS.2019.29214177(115062-115074)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2921417

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten