| As an important role in the development of the mobile Internet industry,mobile applications have been adopted by many industries,among which Android applications are the most widely popular.Meanwhile,security problems derived from them also emerge in an endless stream,posing a great threat to Android devices.In response to emerging security issues,Android application hardening research is also continuing to develop.Considering the stability of the application,some manufacturers refuse to use the shell method to strengthen the Android application.For this reason,researchers introduce the code obfuscation technology.The source code obfuscation tool Pro Guard is available,but it has a low level of obfuscation.An attacker can use a reverse tool to rename the identifier to help understand the confused code,and the tool requires vendor source code to be used to harden Android applications.Therefore,this thesis designed a obfuscation system for smali code,which only needs to provide Android applications to achieve the purpose of obfuscation,which plays a certain role in strengthening Android applications,and is of great significance for solving the security problems that constantly appear.Based on the analysis of the existing research results,this thesis makes an in-depth analysis of the Android system and smali syntax,combined with the existing reinforcement technology,to complete the following work:(1)This thesis presents a data flow obfuscation algorithm based on dictionary encryption.The algorithm includes two schemes: function dictionary encryption storage obfuscation and const-string dictionary encryption obfuscation.The algorithm encrypts functions and const-string respectively through dictionary encryption,and performs dynamic execution through injected decryption instructions.(2)This thesis presents a control flow obfuscation algorithm based on control branch enhancement.The algorithm includes two schemes: loop body splitting enhancement and adding jump branch enhancement.The two schemes confuse the cyclic control flow and the sequential control flow respectively,and enhance the strength of the control flow and complete the cohesion of the control flow by dispersing the cyclic body and adding "goto" statements.(3)In this thesis,smali code obfuscation system is designed and implemented,including three parts: smali code parsing,smali code obfuscation and encryption and decryption library.The smali code obfuscation system and smali code obfuscation method are experimentation tested.The test results show that the method and system designed in this thesis have high strength reinforcement for Android applications and have little impact. |
PDF Full Text Request