• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1271-1280
• /
• 2017

The android packer service using runtime execution compression technology switches to the original application using DexClassLoader. However the API interface of the DexClassLoader receives the path of the loaded DEX(Dalvik EXcutable) and the path of the compiled file. So there is a problem that the original file is exposed to the file system. Therefore, it is not safe to use the API for the packer service. In this paper, we solve this problem by changing the compile and load flow of the DexClassLoader API. Due to this changed execution flow, the complied file can be encrypted and stored in the file system or only in the memory and it can be decrypted or substituted at the time of subsequent loading to enable the original application conversion. we expected that the stability of the packer will increase beacause the proposed method does not expose the original file to the file system.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.1043-1053
• /
• 2023

Malware analysts work diligently to analyze and counteract malware, while developers persistently devise evasion tactics, notably through packing and obfuscation techniques. Although previous works have proposed general unpacking approaches, they inadequately address techniques like OEP obfuscation and API obfuscation employed by modern packers, leading to occasional failures during the unpacking process. This paper examines the OEP and API obfuscation techniques utilized by various packers and introduces a system designed to automatically de-obfuscate them. The system analyzes the memory of packed programs, detects trampoline codes, and identifies obfuscated information, for program reconstruction. Experimental results demonstrate the effectiveness of our system in de-obfuscating programs that have undergone OEP and API obfuscation techniques.

• The Journal of Engineering Geology
• /
• v.3 no.2
• /
• pp.149-165
• /
• 1993

Nowadays, the field hydraulic test is still an only method to evaluate groundwater characteristics in subsurface. The results of hydraulic test are very important for the concept model of fracture hydrogeology as well as the geometric pattern of fractures. The hydraulic tests performed in Korea are generally analysed under such assumption as steady radial flow in homogeneous aquifer or along simple geometry of fractures. Also the transmissivity measured in a fixed interval length is equivalent to a sum of individual fracture transmissivities in test legth. The boundary effects of weH hydraulics and the geometry of flow paths are hardly obtained from the test results analysed by a steady flow method. To circumvent this problem, the flow dimensional analysis was attempted from the results of constant pressure injection test carried out in a fractured granite area. A comparison of the hydraulic conductivity values from the transient and steady analysis shows that the latter is about a factor of 2~3 higher than the former. However, it was possible to analyse a flow dimension of each test interval from flow rate variation with time. The upper part of the bedrock(<10m deep) indicates an open boundary and the flow dimension shows nearly steady states, while the lower part of the bedrock(>25m deep) is characterized as sublinear flow dimension with a dosed boundary. In one of the test sections(15m deep), the flow dimension was changed from linear flow to spherical flow. From the experience of this study, one of the immediate problems to be solved is to enhance the field testing equipments, i.e., an accurate flowmeter with autorecording and a pressure detecting device to be able to install in the test section.

• The Journal of Engineering Geology
• /
• v.20 no.1
• /
• pp.25-33
• /
• 2010

Most of contaminated groundwater in the study area was contaminated by $NO_3-N$ due to inflow of contaminated shallow surface groundwater inflow into groundwater well. Poor grouting and teared screen have increased contaminated shallow surface groundwater inflow into groundwater well. Contaminated shallow surface groundwater was inflowed into groundwater well throughout faults, joints and fracture zone of ESE-WNW, NNW, NW-SE and NS direction. The objective of this paper is to evaluate an improvement of water quality for contaminated groundwater by $NO_3-N$ using compression packer. For this study groundwater samples collected from 46 groundwater wells were analyzed to clarify $NO_3-N$ contents. Groundwater wells over 10 mg/L in $NO_3-N$ content is 9 wells showing 20% among total samples. $NO_3-N$ contents after compression packer installation showed 26~81% low value compared with before compression packer.

• Product Safety
• /
• s.70
• /
• pp.64-67
• /
• 1999

일본의 대표적인 첨단기술 기업인 후지쓰(Fujitsu Ltd.)사는 미국의 디지털 이큅먼트, 휴렛 패커드, 유니시스와 같은 컴퓨터업계의 거인들을 제치고 IBM에 이어 세계 제2의 컴퓨터 회사 자리로 올라섰다. 그 배경에는 현지기업을 대리인으로 내세우는 국제화전략이 주효한 것을 들 수 있다.

• Proceedings of the Korean Society of Soil and Groundwater Environment Conference
• /
• 2002.04a
• /
• pp.155-158
• /
• 2002

질산성질소 및 탁도로 오염된 지하수공에 대하여 환경성 복원을 위한 오염방지 시설을 시범 설치하였다. 지하수공에 대한 오염 정도를 조사한 결과 PS-1, CW-1, 그리고 CW-2 공이 질산성질소로 오염되어 먹는물 수질기준을 초과하였고, CW-3 공은 탁도가 먹는물 수질기준을 초과하였다. 오염원은 지하수공 개발시 수량 확보를 위하여 그라우팅을 제대로 하지 않은 불량시공으로 인한 오염된 지표수의 유입으로 기인되었다. 금번 연구는 오염된 지하수의 환경성 복원을 위한 것으로, 오염원과 지하수를 격리시켜 오염물질의 지하수 내 유입을 방지할 수 있도록 패커 그라우팅을 완벽하게 다시 실시하였으며, 오염방지시설을 설치하였다. 이 연구를 위하여 먼저 대수층의 분포 및 특성팍악, 지하수공내 지표수의 유입구간 규명, 지하수 오염원, 오염실태, 오염경로 등을 파악하였다 오염방지시설을 설치한 후, 설치 전,후의 질산성질소와 탁도의 함량을 비교하기 위하여 수질 분석을 실시하였다. PS-1의 경우, 오염방지시설 설치전의 질산성질소 함량은 16.1 mg/L 이었으나, 설치후에는 8.1 mg/L, 7.9 mg/L로써 설치전에 비하여 51% 감소되었으며, CW-1은 10.3 mg/L에서 6.3mg/L으로 39%, 그리고 CW-2는 14.9 mg/L에서 9.0 mg/L 으로 40% 감소되었다. CW-3 공의 탁도는 157 NTU에서 0.97 NTU로 완벽하게 복원되었다.

• Proceedings of the Korea Water Resources Association Conference
• /
• 2009.05a
• /
• pp.1918-1923
• /
• 2009

결정질 암반에서 지하수의 수리적 특성을 파악하기 위해 수행되고 있는 수리시험 방법은 정률법, 정압법, 순간주입(회복)법 등 세 가지로 구분할 수 있다. 본 연구에서 다루는 정압주입시험 (Constant Head Injection Test, CHIT)은 위의 정압법의 한 종류로 토목공학, 지질공학 분야에서 대상 구간의 투수계수 추정을 위해 널리 쓰이는 수리 시험이며, 이는 단일 패커나 이중패커를 이용하여 시험 구간을 격리하고, 격리된 구간에 일정한 압력으로 물을 주입하여 주입되는 물의 양을 파악함으로써, 시험 구간의 수리전도도(Hydraulic conductivity)를 산출하는 전통적인 수리시험이다. 본 연구에서는 수치실험을 통해 시험 구간 및 주입 압력의 크기 등 인위적인 요인에 의해 도출되는 투수계수가 어떻게 달라지는지에 대해 평가해 보았다. 일반적으로 단열 암반에서 수행한 정압주입시험의 해석에 있어 매질을 균질, 등방성 다공질이라는 가정으로 구간별 투수량계수를 산출하기 때문에, 다공성 매질의 지하수 유동을 모사하는 MODFLOW를 수치모사 코드로서 이용하였다. 시험구간의 크기 및 주입압력에 대한 민감도 분석 결과, 시험구간의 크기에 상관없이 수치모의에서 입력한 수리전도도 값에 비해 낮은 수리전도도 값이 산출되었으며, 주입 압력이 클수록 산출되는 수리전도도 값이 매질의 수리전도도 값과 차이가 났다. 민감도 분석 결과 현장수리시험에서 정압 주입시험에 의한 구간별 수리전도도 산출함에 있어 시험구간의 크기와 주입 압력 값에 대하여 고려해야 한다고 판단된다.

• Journal of the Korea Institute of Building Construction
• /
• v.6 no.2 s.20
• /
• pp.91-98
• /
• 2006

The purpose of this study is to investigate the problem of crack repair materials and methods in existing concrete structure and to propose the effective injection method on crack repair by packer type. The result of this study is as follows. It is investigated that the crack width in the inner matrix of concrete structure is decreased about 30-40% than that in the sulfate of the concrete structure. Also it is showed that the possibility which could be monolithic with injection part became higher if the injection part if installed near to surface of concrete on the punching method to vertical direction against crack area. The injection of repair material can be poured smoothly under about $10N/mm^2$ pressure on the condition that cracks are monolithic with injection part without dust by drill. The effective method to pour the injection repair material is the punching method by coredrill but several research to minimize injection pressure should be continually.

• KIPS Transactions on Computer and Communication Systems
• /
• v.7 no.6
• /
• pp.155-164
• /
• 2018

Many malicious programs have been compressed or encrypted using various commercial packers to prevent reverse engineering, So malicious code analysts must decompress or decrypt them first. The OEP (Original Entry Point) is the address of the first instruction executed after returning the encrypted or compressed executable file back to the original binary state. Several unpackers, including PinDemonium, execute the packed file and keep tracks of the addresses until the OEP appears and find the OEP among the addresses. However, instead of finding exact one OEP, unpackers provide a relatively large set of OEP candidates and sometimes OEP is missing among candidates. In other words, existing unpackers have difficulty in finding the correct OEP. We have developed new tool which provides fewer OEP candidate sets by adding two methods based on the property of the OEP. In this paper, we propose two methods to provide fewer OEP candidate sets by using the property that the function call sequence and parameters are same between packed program and original program. First way is based on a function call. Programs written in the C/C++ language are compiled to translate languages into binary code. Compiler-specific system functions are added to the compiled program. After examining these functions, we have added a method that we suggest to PinDemonium to detect the unpacking work by matching the patterns of system functions that are called in packed programs and unpacked programs. Second way is based on parameters. The parameters include not only the user-entered inputs, but also the system inputs. We have added a method that we suggest to PinDemonium to find the OEP using the system parameters of a particular function in stack memory. OEP detection experiments were performed on sample programs packed by 16 commercial packers. We can reduce the OEP candidate by more than 40% on average compared to PinDemonium except 2 commercial packers which are can not be executed due to the anti-debugging technique.

• The Journal of Engineering Geology
• /
• v.13 no.1
• /
• pp.83-105
• /
• 2003

Geochemical studies on the alluvial aquifer system near the Nakdong River were carried out for the basic investigation of the estimation of artificial recharge for the river bank filtration. In-situ data do not show any distinct difference between the pumping well and river. Most of waters belong to $_3$ and Ca-$SO_4$ types and show high Mn concentration. In the borehole installed with Multi-Ca-HCOPacker (MP) system, Na, Ca, Mg, $HCO_3$ contents of the groundwater are increased with depth increasing. Cl and $SO_4$ contents of the groundwater show the lowest values at the bottom level (18m depth) and Mn content is very high at the middle level (13.5 m depth) of MP system. There is no distinct difference in the ${\delta}^{18}O$ and D values and tritium content between MP, borehole and surface water samples. The sulfur isotope data indicate that the possible sulfur source is dissolution of sulfate mineral from sedimentary rock. Strontium isotope ratio shows a little differences between the pumping well and observation borehole samples. Nitrogen isotope data indicate that the nitrogen of water samples is originated from fertilizer or organic materials.