Research And Implementation Of Android Application Software Protection System Based On Anti-reverse Tampering

The success of Android system owe to its open resource and the portability of the Linux kernel.Android's open resource has contributed to its success,however,it also led to Android's becoming the most vulnerable operating system in mobile terminal systems.Attackers can use a range of tools to analyze and tamper with Android applications.With the increasing of tampering and the number of viruses,the protection of Android application software has drawn more and more attention.In recent years,both research institutions and technology companies have invested a certain amount of resources dedicated to Android Platform Software protection research.Based on the analysis of the existing software protection technology,this paper designs and implements an android application software protection system on ground of the Anti-reverse Tamper-proof Technology.The main work in this paper is as follows:(1)The Protection of the dex FileBy analyzing the structure and loading the mode of dex file and combining with the common software protection methods,this paper reached a solution of dex File protection which is encrypted after the code set is replaced.This scheme can effectively resist decompile and static analysis: the program will not run without restoring the original dex file.So even if the attacker decompress or decompile apk,they are still not able to obtain the original file,which can protect the dex file well.(2)The Protection of the SO FileWhen the programmer writes the critical logic code to the SO library file,the attack is also transferred to the SO file.After analyzing the process performed by Android calling JNI code,this article finds that there is a preprocessing function before the file is actually loaded into memory in the process,so programmer can insert custom logic to preprocessing functions.Using this discovery,this paper realizes the protection scheme of replacing and encrypting SO library file with the header field of SO file,which can effectively eliminate the static analysis of the SO file by the attacker.(3)Remote Protection of Critical InformationThe existing protection schemes encrypt or deform key information in local files,and the flaw of this approach is that the program is still possible to be cracked by means of finding the key information whether it is written in the SO file or encrypted or deformed.This paper provides the remote service function to the protection system,which can realize the completely decoupling of key information and other procedures need to be protected,thus the security of software can be furtherly improved.(4)The Resist of Dynamic DebuggingAn android software protection system should not only consider protection against static analysis,but also incorporate techniques for resisting dynamic debugging.After analyzing the dynamic debugging mechanism,it is found that the Android device debugging must be connected with android_server,and they are connected by the connection oriented TCP protocol.According to these characteristics,this paper works out a solution based on resource occupied about android_server connection.This scheme relies on the scheme of TCP connection between the protected application software and android_server,to prevent the debugger connection,which furtherly prevents the dynamic debugging of the program.It is more efficient and permanent compared with the currently used anti debugging solution.