Title: Automatic string deobfuscation scheme for mobile applications based on platform-level code extraction
Authors: WooJong Yoo; Minkoo Kang; Myeongju Ji; Jeong Hyun Yi
Addresses: Department of Computer Science and Engineering, Soongsil University, Seoul, 06978, South Korea ' Department of Software Convergence, Soongsil University, Seoul, 06978, South Korea ' Department of Computer Science and Engineering, Soongsil University, Seoul, 06978, South Korea ' School of Software, Soongsil University, Seoul, 06978, South Korea
Abstract: The Android operating system is vulnerable to various security threats owing to structural problems in Android applications. String obfuscation is one of the required protection schemes developed to protect Android application code. However, string obfuscation is being thwarted by malware makers and malware analysis is becoming more difficult and time-consuming. This paper proposes an automatic string deobfuscation and application programming interface (API) hiding neutralisation scheme that requires no encryption algorithm analysis or encryption key information. The proposed scheme has its own independent obfuscation tool. Further, it extracts and analyses code from the Android platform while the application is being executed and inserts only a return string value from the extracted code into the DEX file. The results of experiments conducted, in which commercial obfuscation tools Allatori, DexGuard, and DexProtector were applied to sample applications, verify the efficacy of the proposed method.
Keywords: reverse engineering; deobfuscation; mobile malware; Android.
DOI: 10.1504/IJAHUC.2019.100730
International Journal of Ad Hoc and Ubiquitous Computing, 2019 Vol.31 No.3, pp.143 - 154
Received: 27 Mar 2017
Accepted: 05 Oct 2017
Published online: 17 Jul 2019 *