Abstract
Android has proved itself to be the defacto standard for smart phones. Today Android claims a major share of smart phones OS market . The increasing popularity of Android has attracted attention of developers from around the globe in a very short span of time. Concerns and resultantly techniques involving code protection were evolved. The techniques were focused to hide sensitive logic of important pieces of code.These techniques were also used by malicious code writers to hide the malicious functionality of their code. This paper will analyze the techniques being employed in Android applications for code obfuscation. In addition, one of obfuscation technique i.e. runtime code modification in Android would be analyzed in detail.The major part of the paper would focus on tools and techniques for extracting dex files from the memory and analyzing them in order to recover code which has been injected in application process during runtime and is actually being executed in the memory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Uses of Self Modifying Code, http://stackoverflow.com/questions/516688/what-are-the-uses-of-self-modifying-code
Android Security Analysis Challenge, https://bluebox.com/technical/android-security-analysis-challenge-tampering-dalvik-bytecode-during-runtime
My Life with Android, http://mylifewithandroid.blogspot.com/2009/02/optimized-dex-files.html
Self Modifying code, http://tibasicdev.wikidot.com/selfmodify
Smartphone OS Market Share, Q2 2014, http://www.idc.com/prodserv/smartphone-os-market-share.jsp
How obfuscation helps protect Java from reverse engineering, http://www.techrepublic.com/blog/software-engineer/how-obfuscation-helps-protect-java-from-reverse-engineering/
Android Bytecode Obfuscation, http://www.dexlabs.org/blog/bytecode-obfuscation
How obfuscation helps protect Java from reverse engineering, http://www.techrepublic.com/blog/software-engineer/how-obfuscation-helps-protect-java-from-reverse-engineering/
Bytecode for the Dalvik VM, http://s.android.com/tech/dalvik/dalvik-bytecode.html
Linear Sweep vs Recursive Disassembling Algorithm, http://resources.infosecinstitute.com/linear-sweep-vs-recursive-disassembling-algorithm/
What is the algorithm used in Recursive Traversal disassembly? http://reverseengineering.stackexchange.com/questions/2347/what-is-the-algorithm-used-in-recursive-traversal-disassembly
What are Suspicious Packers? http://www.kaspersky.com/internet-security-center/threats/suspicious-packers
Android packer: facing the challenges, building solutions, https://www.virusbtn.com/conference/vb2014/abstracts/Yu.xml
Memory-Mapped files, https://msdn.microsoft.com/en-us/library/dd997372v=vs.110.aspx
Custom Class Loading in Dalvik, http://android-developers.blogspot.com/2011/07/custom-class-loading-in-dalvik.html
Patrick, S.: Code Protection in Android. Communication and Communicating Devices (2012)
Joe, S.: LiME - Linux Memory Extractor, Instructions v1.1
Alexandrina, K.: Efficient Code Obfuscation for Android. University of Luxembourg (2013)
Holger, M.: Live Memory Forensics on Android with Volatility. Friedrich Alexander University (2013)
The Volatility Framework, https://code.google.com/p/volatility/
How to acquire memory from a running Linux system, https://gist.github.com/adulau/5094750
Sebastian, P., Yanick, F., Antonio, B., Christopher, K., Giovanni, V.: Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In: Network and Distributed System Security Symposium (2014)
Thanasis, P., Giannis, V., Elias, A., Michalis, P., Sotiris, I.: Rage Against the Virtual Machine:Hindering Dynamic Analysis of Android Malware. In: European Workshop on Systems Security (2014)
Joe, S., Andrew, C., Lodovico, M., Golden, G.R.: Acquisition and analysis of volatile memory from android devices. Elsevier 8(3-4), 175–184 (2012)
Axelle, A., Ruchna, N.: Obfuscation in Android Malware and how to fight back. Virus Bulletin (2014)
Yury, Z., Maqsood, A., Olga, G., Bruno, C., Fabio, M.: StaDynA: Addressing the Problem of Dynamic Code. In: ACM Conference on Data and Application Security and Privacy (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Nasim, F., Aslam, B., Ahmed, W., Naeem, T. (2015). Uncovering Self Code Modification in Android. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-18681-8_24
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-18680-1
Online ISBN: 978-3-319-18681-8
eBook Packages: Computer ScienceComputer Science (R0)