Title: Automatic string deobfuscation scheme for mobile applications based on platform-level code extraction

Authors: WooJong Yoo; Minkoo Kang; Myeongju Ji; Jeong Hyun Yi

Addresses: Department of Computer Science and Engineering, Soongsil University, Seoul, 06978, South Korea ' Department of Software Convergence, Soongsil University, Seoul, 06978, South Korea ' Department of Computer Science and Engineering, Soongsil University, Seoul, 06978, South Korea ' School of Software, Soongsil University, Seoul, 06978, South Korea

Abstract: The Android operating system is vulnerable to various security threats owing to structural problems in Android applications. String obfuscation is one of the required protection schemes developed to protect Android application code. However, string obfuscation is being thwarted by malware makers and malware analysis is becoming more difficult and time-consuming. This paper proposes an automatic string deobfuscation and application programming interface (API) hiding neutralisation scheme that requires no encryption algorithm analysis or encryption key information. The proposed scheme has its own independent obfuscation tool. Further, it extracts and analyses code from the Android platform while the application is being executed and inserts only a return string value from the extracted code into the DEX file. The results of experiments conducted, in which commercial obfuscation tools Allatori, DexGuard, and DexProtector were applied to sample applications, verify the efficacy of the proposed method.

Keywords: reverse engineering; deobfuscation; mobile malware; Android.

DOI: 10.1504/IJAHUC.2019.100730

International Journal of Ad Hoc and Ubiquitous Computing, 2019 Vol.31 No.3, pp.143 - 154

Received: 27 Mar 2017
Accepted: 05 Oct 2017

Published online: 17 Jul 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article