Conference Proceeding Article
Attackers use reverse engineering techniques to gain detailed understanding of executable for malicious purposes, such as re-packaging an Android app to inject malicious code or advertising components. To make reverse engineering more difficult, researchers have proposed various code obfuscation techniques to conceal purposes or logic of code segments. One interesting idea of code obfuscation is to apply codereuse techniques (e.g., Return-Oriented Programming) to (re-)distribute essential code segments before they are reconstructed at runtime. Such techniques are well understood on x86 platform, but relatively less explored on Android. In this paper, we present an evaluation on the extent to which code-reuse-based techniques can be applied to obfuscate Android apps. Moreover, we extend code-reuse-based obfuscation to the Android platform by proposing an obfuscation mechanism for both Java and native code. Results show that 835 gadgets are found in the C standard library (libc.so) which cover the entire Turing complete set. Furthermore, we implement a semi-automatic tool named AndroidCubo and show that it protects both Java and native code with comparable security to those obfuscated with Java reflection at a small runtime overhead.
Obfuscation, Android application, Code reuse, Java Native Interface
Information Security and Cryptology: ICISC 2016: 19th International Conference, Seoul, November 30 - December 2: Revised selected papers
City or Country
TANG, Xiaoxiao; LIANG, Yu; MA, Xinjie; LIN, Yan; and GAO, Debin.
On the effectiveness of code-reuse-based Android application obfuscation. (2017). Information Security and Cryptology: ICISC 2016: 19th International Conference, Seoul, November 30 - December 2: Revised selected papers. 10157, 333-349. Research Collection School Of Information Systems.
Available at: http://ink.library.smu.edu.sg/sis_research/3426
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.