Research On Android Application Protection Technology Based On Multi-dimensional Reverse Confrontation

With the rapid development of society and the widespread spread of mobile Internet,smart terminals equipped with the Android operating system have also entered the homes of ordinary people.Almost everyone has some smart hardware devices based on the Android operating system,such as smartphones,tablets,Io T devices,and VR devices.Along with the prosperous development of the Android operating system,the security problems of the applications running on it have also increased significantly.Applications and cracked software with backdoors are very popular,which not only violates the privacy of users,but also harms the interests of genuine software developers.There are also a large number of black products on the market.By cracking the operating process of the application,internal encryption and decryption algorithms and network communication protocols are reproduced,and then a large number of automated tools are used to complete malicious orders,malicious brushing and malicious applications Acts such as receiving coupons have caused great economic losses to innocent businesses.Therefore,it is particularly important to study the code security protection and runtime security protection of applications on the Android operating system.The thesis proposes a set of application protection schemes for the reverse engineering analysis behavior of malicious attackers.By designing and realizing a multi-dimensional countermeasure module against the malicious behavior of reverse analysts,the application source code security and runtime security protection are completed.The main work is as follows:(1)A detailed analysis and introduction of the Android operating system hierarchy,the application hierarchy and the security threats faced by the applications;an analysis of the existing security protection schemes,combined with the advantages and disadvantages of the existing protection schemes,put forward An application protection scheme based on multi-dimensional reverse confrontation.(2)Design and implement an Android application protection scheme based on multidimensional reverse countermeasures.From the countermeasures,the whole system is divided into two subsystems,namely the static analysis countermeasure subsystem and the dynamic debugging analysis countermeasure subsystem.The static analysis and confrontation subsystem is designed to disrupt the reading of the decompiled "pseudo-source code" by the reverse analyst.A random confusion dictionary generator module and a highstrength source code obfuscator module are designed;the dynamic debugging analysis confrontation subsystem is divided into four modules,Designed a countermeasure module based on time interval detection for the runtime interval caused by the reverse analyst during dynamic debugging;designed a runtime suspicious process detection module for the serverside analysis tool deployed by the reverse analyst in the Android smart terminal;The principle of additional main process debugging is required when the reverse analyst initiates dynamic analysis.Ptrace pre-occupying and detection module is designed;the principle of memory breakpoints must be marked when the reverse analyst debugs the application.The whole process of high-frequency memory breakpoint scanning detection module is designed.Through the above-mentioned multi-dimensional cross-protection mode,it can resist the static analysis methods and dynamic debugging analysis methods initiated by reverse analysts on the application,and completely solve the shortcomings of the existing application reinforcement protection system on the market,so as to achieve protection The design goals of application source code security and runtime security.(3)Design experiments and perform detailed tests on the system.The test of the static analysis confrontation subsystem is mainly conducted from two perspectives: the obfuscation of the obfuscation dictionary and the strength of the source code obfuscation;the test of the dynamic analysis confrontation subsystem is mainly from the three aspects of application availability,security and operating efficiency get on.The experimental results show that the system can maximize the interference and obstruction of the malicious behavior of reverse engineering analysts,and effectively guarantee the source code security and runtime security of the application on the Android platform.