Research And Implementation Of Android Application Code Protection Based On LLVM

With the advancement of Mobile Internet,mobile devices running Android OS have been widely accepted.Amongst all the there are relatively scarce researches on native layer code.Inspired by this situation,this article mainly focuses on native layer code protection based on LLVM.As an advanced compiling infrastructure,LLVM provides separated source code scanner and code generator with good platform independence.Besides its intermediate representation is highly well-formed,and thus it's a perfect platform for code obfuscation.Based on LLVM,we implement the research in the following ways.Control flow flattening can be achieved by altering regular sequential,conditional and looping code sequence into a big switch jump and replacing logic jump with a dispatching variable.With this idea,we implement a process to obfuscate native layer code,which has considerable resistance against control flow analysis an attack.Opaque predict can introduce uncertainty without changing the origin semantics.In this paper we evaluate several accesses of opaque predict with the Android native context,and choose number theory opaque predict as the jump condition.Then insert redundant branches to obfuscate the control flow.In addition,we present a methodology to make control flow unreducible regardless of its form.To protect essential integers,we adopt a replacement by slicing the integers and storing them separately.Furthermore,we replace opcodes related to the integers so the integers will remain obfuscated through the lifecycle,making it more difficult for attackers to extract data from dynamic debugging.Arrays are another group of vulnerable data which is easy to be located and analyzed,because there are internal connection between adjacent elements.In this article,we design an obfuscation tactic to protect arrays by taking the advantage of array splitting and array index re-indexing.Based on the researches above,we have designed the structure of the obfuscator,which can be integrated into Android NDK and can run seamlessly with it.At last,we design two experiments based on ndk-samples and LLVM LIT.The former aims at verifying the usability of the obfuscator on Android,the latter tries to cover as much as possible test cases to validate the obfuscator.This experiments has proved that the average expansion rate is approximately 62%,and the effectiveness is greater than 99%.