Research And Implementation Of Android Applications Protection Method Based On Multiple Instruction Virtualization

In recent years,with the development of mobile Internet,the output of mobile phone application has been undergoing an exponential growth,according to statistics,there are more than 10 million apps in China's major APP(application)stores,these APPs on one hand have brought convenience to our daily lives,yet it have offered ground for malicious reverse personnel who steal the structure and the execution logic of the programs by reversely analyzing legitimate Apps on the other hand,and then further their attacks such as falsifying application and add some malicious advertisements so as to carry out the second packaging or reproducing the core functions of the APPs.All of the above has caused huge economic losses to the App developers and users,as well as seriously affected the healthy development of APP industry.In order to stave off and deter this trend,academia has proposed a series of method to protect the Android APPs.Meanwhile,a variety of domestic enforcement manufacturers have been introduced to secure the core Dex files of the APPs.The protection of the current mainstream method is transforming the real instructions into virtual instruction set and combine the custom interpreter to achieve the function equivalence so as to increase the cost of reverse analysis of the application for the attacker,thus blocking the heavy packaging process.But the Dex virtual protection heavy packaging protection is only a single in Dex file protection and the attacker can be explained through the analysis on the local layer of virtual shell to find the mapping table of virtual instruction and decrypt function point,and then combined with the mapping table to restore it.For the Dex file protection method is relatively single,this paper proposes an Android application protection method based on multiple instruction virtual,which avoids the problems presented about current protection methods.The attack test results show that under the condition of the performance overhead is acceptable,the protection method can effectively prevent reverse current UNPACKER attack work,most of the less than the corresponding effect and reverse analysis.The main research work of this thesis includes three aspects:1)Dex file protection: an Android application protection method that combines JNIreflection sink and Dex diversity virtual is proposed.It is difficult for the attacker to restore the virtual instruction by increasing the diversity,and the Native method of some methods can prevent the automatic restore to get the complete Dex file.2)The virtual protection for Native So files: For the shortcomings of encryption and packing in the current protection about So file,it is easy to dump a complete So file in memory,and a stack-based ARM instruction virtual protection method is proposed.Custom virtual instructions can effectively prevent memory dumps from getting valid instructions.3)Compile a virtual protection for Native file: The compatibility problems in virtual protection,put forward the compilation of virtual protection is mainly used in some important function effectively to ensure compatibility and performance.