Research On Cross-Layer Code Obfuscation And Cross-Layer Static Analysis Technology For Android Applications

As an important role in the development of mobile Internet industry,mobile applications are adopted by many industries.Among them,Android applications are very popular,which results in many security issues,such as,software vulnerabilities,application piracy,malware and other issues.Meanwhile,research on Android application protection technology and Android software program analysis is also developing.Android applications are divided into two layers,the Dalvik layer(Java language)and the Native layer(C/C++ language).The executable file compiled by Android application consists of two parts: the dex file and so file.The dex file is in the form of Dalvik bytecode,and the so file is in the form of machine code.Dalvik bytecode is easy to decompile,and the decompiled code is close to source code,which leads to that the program logic is easy to reverse recovery.However,the reverse format of so file(machine code)is assembly language,compared with Dalvik bytecode,reverse engineering is more difficult,not easy to crack.From the point of view of software protection,so file is more protective.On the contrary,it is easy to be exploited by malicious software developers.Based on these characteristics,the protection of cross-layer characteristics and program analysis of Android applications are deeply studied and discussed in this thesis.This thesis design and implement CRO-Android application cross-layer obfuscation framework and JN-SAF-Android application cross-layer static program analysis framework.In order to alleviate the vulnerability of current Android applications,we obfuscate the program control flow of Android applications,and implement the CRO control flow obfuscation framework based on Soot program analysis framework.The framework obfuscates the control flow of Dalvik bytecode,and hides the key calls of the program into the Native layer by using the Native layer.Then CRO adds multi-threading support to prevent the dynamic and static program analysis tools and manual reverse from recovering the code logic of the program.The experimental results show that CRO can effectively resist Amandroid static analysis platform and JN-SAF cross-layer analysis framework.Since Android system is supported by the Native layer,malicious software developers use this feature to hide malicious behavior in the Native layer.The existing Android application static analysis tools can not go deep into the Native layer for analysis,such as Amandroid,Flow Droid,IccTA,etc.Therefore,this thesis implements the JN-SAF framework based on Amandroid and angr,in order to make cross-layer control flow and data flow analysis of Android applications.The experimental results show that the efficiency of JN-SAF analysis is linear,and it can effectively analyze applications containing malicious behavior in the Native layer.