더미 덱스 사전 로딩을 통한 언패킹 과정에서의 안드로이드 런타임 무결성 검증 방법

Abstract

Now a day, Android applications attacking techniques have been changed a lot because of the evaluations of protecting application techniques which usually have been improved in order to protect the applications from attackers. In decade reverse engineering techniques are very popular used to attack the Android applications but because most of Android applications recently are protected by many different encryption techniques such as obfuscations, packer and so on. Thus the encryption techniques make the reverse engineering techniques are difficult to attack or achieve the goals to get the applications’ data. To overcome the evaluations of protecting applications techniques, the new attacking techniques have been developed. Applications unpacking techniques are new approaches and more powerful which can attack the encrypted applications. Moreover, these attack techniques can overcome most popular protecting Android applications such as Baidu, ALi, Bangcle, Ijiami and so on. One more ability of applications unpacking techniques is, extract the original Dalvik execution (DEX) files from packed applications. So far there are many published research papers, personal and academic research contents that aim to protect applications unpacking techniques and most of protecting approaches focus on how to change DEX instruction files and a few attempting to create permissions in kernel level as the Android sandbox. In this thesis we attempt to create detecting Android runtime integrity approach which has ability to verify Android system behaviors and events that created by applications unpacking techniques that exploit the class loading and compiling features of DEX files by collecting the information of the DEX files in that time, after that it can extract the original DEX files to the application’s folder or outside the devices. In order to protect the original DEX files, we develop the Android runtime integrity verification approach called Fake Dex which be loaded to check the Android runtime behaviors before the original DEX files will be loaded for execution. Furthermore, we present the result of experimental implementation in the term of applications compiling time by downloading open source applications from the internet and then insert our approach with the applications, after that we use the real smartphone to compile the applications.