| This paper addresses the issue of code protection for Android applications and proposes a series of static and dynamic protection methods aimed at ensuring the original functionality of the application,while increasing the difficulty of reverse analysis of application code and resisting attacks such as repackaging.This paper also designs and implements an application code protection system and verifies its security and performance through experiments.The main contributions of this paper are summarized as follows:Firstly,a static protection scheme for application code files is proposed and implemented,including DEX code file protection and shared library code file protection.In DEX code file protection,instruction extraction is first used to avoid exposing complete DEX code file information in memory.Then,virtual machine obfuscation is used to convert dalvik bytecode into virtual instructions to further enhance the security of DEX code files.Finally,instruction extraction and virtual machine obfuscation are combined to achieve static protection of DEX code files,with an optimal combination ratio of 8:2 determined through experimental analysis.In shared library code file protection,OLLVM and black box obfuscation are used to protect custom virtual machines and encryption keys,while emptying out encrypted.text segments to protect shared library instruction codes.Secondly,a dynamic protection scheme for application code files is proposed and implemented,including root environment detection protection,multi-level dynamic detection anti-debugging protection,and code integrity protection based on multiple nested logic bombs.In root environment detection protection,hash regular expressions are used to improve matching coverage,while moving detection logic to native layer increases attack difficulty.In anti-debugging protection multiple dynamic detection anti-debugging protections are implemented,based on JDWP features and ptrace self-debugging processes.In code integrity protection,code integrity protection nodes are first realized by code file signature and public key comparison,and then various types of logic bombs are defined,including Java layer logic bombs,native layer logic bombs,honeypot bombs,and finally hide the node by nesting multiple types of logic bombs to ensure their effectiveness.Thirdly,based on static and dynamic protections schemes an Android application program’s protective system was designed then implemented.Attack experiments were designed from attacker’s perspective verifying protected applications’security while analyzing protective schemes’performance from multiple dimensions.Experimental results show that proposed protective schemes effectively enhance Android applications’security with only a small increase in performance overhead. |
PDF Full Text Request