Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.1.17

A Code Concealment Method using Java Reflection and Dynamic Loading in Android  

Kim, Jiyun (Hanyang University)
Go, Namhyeon (Korea Polytechnic II College)
Park, Yongsu (Hanyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.1, 2015 , pp. 17-30 More about this Journal
Abstract
Unlike existing widely used bytecode-centric Android application code obfuscation methodology, our scheme in this paper makes encrypted file i.e. DEX file self-extracted arbitrary Android application. And then suggests a method regarding making the loader app to execute encrypted file's code after saving the file in arbitrary folder. Encrypted DEX file in the loader app includes original code and some of Manifest information to conceal event treatment information. Loader app's Manifest has original app's Manifest information except included information at encrypted DEX. Using our scheme, an attacker can make malicious code including obfuscated code to avoid anti-virus software at first. Secondly, Software developer can make an application with hidden main algorithm to protect copyright using suggestion technology. We implement prototype in Android 4.4.2(Kitkat) and check obfuscation capacity of malicious code at VirusTotal to show effectiveness.
Keywords
Java reflection; Malware; Malicious code; DES; Data encryption standard; Bytecode; Copyright protection; Obfuscation; Intent; Intent filter; Class encryption; Dynamic keys; AndroidManifest;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 STRATEGY ANALYTICS, http://www.strategyanalytics.com/
2 Joonhyouck Jang, Seunghwan Han, Yookun Cho, U jin Choe and Jiman Hong, "Survey of Security Threats and Countermeasures on Android Environment," Journal of Security Engineering, Vol.11, No.1, pp. 01-12, Feb. 2014.   DOI
3 Alexandrina KOVACHEVA, "Efficient Code Obfuscation for Android," Advances in information Technology's Communications in Computer and Information Science, Vol. 409, pp.104-119, Aug. 2013.
4 Patrick Schulz, "Code Protection in Android," Institute of Computer Science 4 Communication and Distributed Systems in Bonn University, June 2012.
5 Hao Hao, Vicky Singh, and Wenliang Du, "On the effectiveness of API-level access control using bytecode rewriting in Android," ASIA CCS '13 Proceedings of the 8th ACM SIGSAC symposium on Information of computer and communications security, pp. 25-36, 2013.
6 W. Zhou, Y. Zhon, X. Jiang and P. Ning, "Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces," Proceedings of the 2nd ACM Conference on Data and Application Security and Privacy, pp. 317-326, Feb. 2012.
7 Yuxue Piao and Jin-hyuk Jung and Jeong Hyun Yi, "Structural and Functional Analyses of ProGuard Obfuscation Tool," Networks and Services, Vol. 38B, No. 08, pp. 654-661, Aug. 2013.
8 DexFile, http://developer.android.com/reference/dalvik/system/DexFile.html
9 William M. Daley and Raymond G. Kammer, "DATA ENCRYPTION STANDARD (DES)," FIPS PUB 46-3, Oct. 1999.
10 William C. Barker and Elaine Barker, "Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher," NIST Special Publication 800-67, Jan. 2012.
11 Doo-Sik Choi, Doo-Hwan Oh, Jeong-Soo Park and Jae-Cheol Ha, "An Improved Round Reduction Attack on Triple DES Using Fault Injection in Loop Statement," Journal of The Korea Institute of Information Security & Cryptology, Vol. 22, No. 4, pp. 709-717, Aug. 2012.
12 Androguard, https://code.google.com/p/androguard/
13 Virus Total, http://virustotal.com
14 Building and Running, http://developer.android.com/tools/building/index.html
15 Alessandro Armando, Alessio Merlo. Mauro Migliardi and Luca Verderame, "Breaking and Fixing the Android Launching Flow," Computers & Security, Vol. 39, pp. 104-115, Nov. 2013.   DOI
16 dex2jar, https://code.google.com/p/dex2jar/
17 JD-GUI, http://jd.benow.ca/
18 android-apktool, https://code.google.com/p/android-apktool/
19 Trail: The Reflection API (The JavaTM Tutorials), http://docs.oracle.com/javase/tutorial/reflect/
20 V. Benjarmin Livshits and Monica S. Lam, "Finding Security Vulnerabilities in Java Applications with Static Analysis," Proceedings of the 14th USENIX Security, Aug. 2005.
21 MARIUS POPA, "Analysis of Zero-Day Vulnerabilities in Java," Journal of Mobile, Embedded and Distributed Systems, Vol. 5, No. 3, pp. 108-117, Sep. 2013.
22 Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, "Analyzing Inter-Application Communication in Android," MobiSys '11 Proceedings, Vol. 9, pp. 239-252, 2011.
23 Intents and Intent Filters, http://developer.android.com/guide/components/intents-filters.html#iobjs
24 CONTEXT_IGNORE_SECURITY, http://developer.android.com/reference/android/content/Context.html
25 Toast, http://developer.android.com/reference/android/widget/Toast.html
26 Support Library, http://developer.android.com/tools/support-library/index.html