| Android operating system,which is closely related to smart phones,smart TVS and other smart devices controlled by the Internet has become an indispensable part of our lives.The open source nature of Android system and the imperfect application distribution channel lead to the proliferation of various malware and cracked software,at the same time the repackaging of applications,the placement of malicious advertisements,the theft of code and so on are nothing new now.There are two types of code in android application.The first part is the bytecode generated by Java or Kotlin and running in the Art or Dalvik virtual machine environment,which has been extensively studied.The other part is the dynamic link library file with a.so extens and generated by C/C++ compilation,which runs directly in the mobile CPU environment and is generally called Native code.The research on native code protection is somewhat inadequate.Based on the study of relevant open source protection schemes in the industry and the characteristics of mobile processors,this paper conducts a research on the obfuscation between the control flow of code and the instruction and data.This paper made detailed analysis in three aspects on obfuscation of control flow graph.The first technique is to reorganize the sequence between the basic blocks,arrang all the basic blocks in a parallel structure,and use a unified block scheduling distributor to determine the next basic block to be executed.The parallel basic blocks are reconnected by a constant,which is expanded by integer neural network,so that the connection process of basic blocks is hidden,and the original logic of the program cannot be analyzed statically.In the second method,studying the characteristics of the construction of opaque predicate,and the concept of equivalent opaque predicate is been put forward,then using equivalent opaque predicate to construct suspicious control flow in branching and cycling structure,which expands the effect of inserting opaque predicate.For the third method,this paper proposes a way that using a integer neural network to construction opaque predicates which is suitable for Android Native layer code.It will hide the details of control flow by converting the control flow structure into the classification model of neural network.In terms of data obfuscation,two methods are proposed to effectively improve the protection intensity.The first scheme is string encryption based on logistics chaotic mapping,through which the encryption key is generated and then just saving the two-tuples of initial secret key.It is much more secure since it can undeniably avoids the xor decryption instruction from exposing the secret key information in the code.This paper studies and implements the obfuscation scheme of n-times split and n-times combination of integer variable.The codes of variables are replaced in the compilation process,which can effectively expand the code.The experimental results show that the complexity of obfuscated code is about five times as before,which can effectively prevent the attack of reverse engineering,while the time consuming by obfuscation is about twice,which within an acceptable range. |
PDF Full Text Request