research-article

Reversing Obfuscated Control Flow Structures in Android Apps using ReDex Optimizer

Authors:

Minkyu ParkAuthors Info & Claims

SMA 2020: The 9th International Conference on Smart Media and Applications

Pages 272 - 276

https://doi.org/10.1145/3426020.3426089

Published: 04 November 2021 Publication History

Get Access

Abstract

Code obfuscation is a technique that makes programs harder to understand. Malware writers widely the obfuscation technique to evade detection from anti-malware software, or to deter reverse engineering attempts for their malicious code. If we de-obfuscate the obfuscated code and restore it to the original code before obfuscation was applied, we can analyze the obfuscated malware effectively and efficiently. In this paper, we apply ReDex optimizer for reversing the control-flow obfuscation performed by the Obfuscapk system on open-source Android applications. We then analyze the effectiveness and limitations of ReDex in terms of its deobfuscation ability to reverse the control-flow obfuscation of Android apps. The experimental results show that ReDex can recover 1089 of 1108 apps obfuscated with control-flows obfuscation techniques of Obfuscapk obfuscator. During the process of optimizing bytecode, ReDex reduces the number of methods and fields significantly while it has a limitation in removing dead codes related to both useless goto statements and random nop instructions.

References

[1]

Simone Aonzo, Gabriel Claudiu Georgiu, Luca Verderame, and Alessio Merlo. 2020. Obfuscapk: An open-source black-box obfuscation tool for Android apps. SoftwareX 11(2020), 100403.

Crossref

Google Scholar

[2]

Vivek Balachandran, Darell JJ Tan, Vrizlynn LL Thing, 2016. Control flow obfuscation for android applications. Computers & Security 61(2016), 72–93.

Digital Library

Google Scholar

[3]

Richard Baumann, Mykolai Protsenko, and Tilo Müller. 2017. Anti-ProGuard: Towards automated deobfuscation of android apps. In Proceedings of the 4th Workshop on Security in Highly Connected IT Systems. 7–12.

Digital Library

Google Scholar

[4]

Benjamin Bichsel, Veselin Raychev, Petar Tsankov, and Martin Vechev. 2016. Statistical deobfuscation of android applications. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 343–355.

Digital Library

Google Scholar

[5]

Jens Van den Broeck, Bart Coppens, and Bjorn De Sutter. 2019. Extended Report on the Obfuscated Integration of Software Protections. ArXiv abs/1907.01445(2019).

Google Scholar

[6]

Android Developers. 2020. Shrink, obfuscate, and optimize your app. Retrieved Sep 1, 2020 from https://developer.android.com/studio/build/shrink-code

Google Scholar

[7]

Ciaran Gultnieks et al.2010. F-droid. Retrieved Sep 1, 2020 from https://f-droid.org/

Google Scholar

[8]

Bert macher Marty Greenia and Shane Nay. 2015. Optimizing Android bytecode with ReDex. Retrieved Sep 1, 2020 from https://engineering.fb.com/android/optimizing-android-bytecode-with-redex/

Google Scholar

[9]

Yoni Moses and Yaniv Mordekhay. 2018. Android app deobfuscation using static-dynamic cooperation. VB2018 (2018).

Google Scholar

[10]

Salim Shaaban Salim. 2003. INVESTIGATING ANDROID BYTECODE EXECUTION ON JAVA VIRTUAL MACHINES. Master’s thesis. University of Manchester, Manchester, United Kingdom.

Google Scholar

[11]

R Samani. 2020. McAfee Mobile Threat Report Q1.

Google Scholar

[12]

Fang-Hsiang Su and Gail E. Kaiser. 2017. Deobfuscating Android Applications through Deep Learning.

Google Scholar

[13]

Dominik Wermke, Nicolas Huaman, Yasemin Acar, Bradley Reaves, Patrick Traynor, and Sascha Fahl. 2018. A large scale investigation of obfuscation use in google play. In Proceedings of the 34th Annual Computer Security Applications Conference. 222–235.

Digital Library

Google Scholar

Cited By

View all

Mariano BWang ZPailoor SCollberg CDillig I(2024)Control-Flow Deobfuscation using Trace-Informed Compositional Program SynthesisProceedings of the ACM on Programming Languages10.1145/36897898:OOPSLA2(2211-2241)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689789
Guo RLiu QZhang MHu NLu H(2022)A Survey of Obfuscation and Deobfuscation Techniques in Android Code Protection2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00013(40-47)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00013
You GKim GHan SPark MCho S(2022)Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART)IEEE Access10.1109/ACCESS.2022.318137310(61426-61440)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3181373

Index Terms

Reversing Obfuscated Control Flow Structures in Android Apps using ReDex Optimizer
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Software and its engineering
  1. Software notations and tools

Index terms have been assigned to the content through auto-classification.

Recommendations

Anti-ProGuard: Towards Automated Deobfuscation of Android Apps
SHCIS '17: Proceedings of the 4th Workshop on Security in Highly Connected IT Systems

A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and ...
Detecting money-stealing apps in alternative Android markets
CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

The prevalence of malware in Android marketplaces is a growing and significant problem. Among the most worrisome concerns are with regarding to malicious Android applications that attempt to steal money from unsuspecting users. These malicious ...
Android decompiler performance on benign and malicious apps: an empirical study
Abstract
Decompilers are indispensable tools in Android malware analysis and app security auditing. Numerous academic works also employ an Android decompiler as the first step in a program analysis pipeline. In such settings, decompilation is frequently ...

Comments

Information & Contributors

Information

Published In

SMA 2020: The 9th International Conference on Smart Media and Applications

September 2020

491 pages

ISBN:9781450389259

DOI:10.1145/3426020

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SMA 2020

SMA 2020: The 9th International Conference on Smart Media and Applications

September 17 - 19, 2020

Jeju, Republic of Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
55
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mariano BWang ZPailoor SCollberg CDillig I(2024)Control-Flow Deobfuscation using Trace-Informed Compositional Program SynthesisProceedings of the ACM on Programming Languages10.1145/36897898:OOPSLA2(2211-2241)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689789
Guo RLiu QZhang MHu NLu H(2022)A Survey of Obfuscation and Deobfuscation Techniques in Android Code Protection2022 7th IEEE International Conference on Data Science in Cyberspace (DSC)10.1109/DSC55868.2022.00013(40-47)Online publication date: Jul-2022
https://doi.org/10.1109/DSC55868.2022.00013
You GKim GHan SPark MCho S(2022)Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART)IEEE Access10.1109/ACCESS.2022.318137310(61426-61440)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3181373

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Abstract

References

Cited By

Index Terms

Recommendations

Anti-ProGuard: Towards Automated Deobfuscation of Android Apps

Detecting money-stealing apps in alternative Android markets

Android decompiler performance on benign and malicious apps: an empirical study

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

HTML Format

Share

Share this Publication link

Share on social media

Affiliations