Skip to main content
SpringerLink
Log in

Uncovering Self Code Modification in Android

  • Conference paper
Codes, Cryptology, and Information Security (C2SI 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9084))

Abstract

Android has proved itself to be the defacto standard for smart phones. Today Android claims a major share of smart phones OS market . The increasing popularity of Android has attracted attention of developers from around the globe in a very short span of time. Concerns and resultantly techniques involving code protection were evolved. The techniques were focused to hide sensitive logic of important pieces of code.These techniques were also used by malicious code writers to hide the malicious functionality of their code. This paper will analyze the techniques being employed in Android applications for code obfuscation. In addition, one of obfuscation technique i.e. runtime code modification in Android would be analyzed in detail.The major part of the paper would focus on tools and techniques for extracting dex files from the memory and analyzing them in order to recover code which has been injected in application process during runtime and is actually being executed in the memory.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Uses of Self Modifying Code, http://stackoverflow.com/questions/516688/what-are-the-uses-of-self-modifying-code

  2. Android Security Analysis Challenge, https://bluebox.com/technical/android-security-analysis-challenge-tampering-dalvik-bytecode-during-runtime

  3. My Life with Android, http://mylifewithandroid.blogspot.com/2009/02/optimized-dex-files.html

  4. Self Modifying code, http://tibasicdev.wikidot.com/selfmodify

  5. Smartphone OS Market Share, Q2 2014, http://www.idc.com/prodserv/smartphone-os-market-share.jsp

  6. How obfuscation helps protect Java from reverse engineering, http://www.techrepublic.com/blog/software-engineer/how-obfuscation-helps-protect-java-from-reverse-engineering/

  7. Android Bytecode Obfuscation, http://www.dexlabs.org/blog/bytecode-obfuscation

  8. How obfuscation helps protect Java from reverse engineering, http://www.techrepublic.com/blog/software-engineer/how-obfuscation-helps-protect-java-from-reverse-engineering/

  9. Bytecode for the Dalvik VM, http://s.android.com/tech/dalvik/dalvik-bytecode.html

  10. Linear Sweep vs Recursive Disassembling Algorithm, http://resources.infosecinstitute.com/linear-sweep-vs-recursive-disassembling-algorithm/

  11. What is the algorithm used in Recursive Traversal disassembly? http://reverseengineering.stackexchange.com/questions/2347/what-is-the-algorithm-used-in-recursive-traversal-disassembly

  12. What are Suspicious Packers? http://www.kaspersky.com/internet-security-center/threats/suspicious-packers

  13. Android packer: facing the challenges, building solutions, https://www.virusbtn.com/conference/vb2014/abstracts/Yu.xml

  14. Memory-Mapped files, https://msdn.microsoft.com/en-us/library/dd997372v=vs.110.aspx

  15. Custom Class Loading in Dalvik, http://android-developers.blogspot.com/2011/07/custom-class-loading-in-dalvik.html

  16. Patrick, S.: Code Protection in Android. Communication and Communicating Devices (2012)

    Google Scholar 

  17. Joe, S.: LiME - Linux Memory Extractor, Instructions v1.1

    Google Scholar 

  18. Alexandrina, K.: Efficient Code Obfuscation for Android. University of Luxembourg (2013)

    Google Scholar 

  19. Holger, M.: Live Memory Forensics on Android with Volatility. Friedrich Alexander University (2013)

    Google Scholar 

  20. The Volatility Framework, https://code.google.com/p/volatility/

  21. Ptrace, http://linux.die.net/man/2/ptrace

  22. How to acquire memory from a running Linux system, https://gist.github.com/adulau/5094750

  23. Sebastian, P., Yanick, F., Antonio, B., Christopher, K., Giovanni, V.: Execute This! Analyzing Unsafe and Malicious Dynamic Code Loading in Android Applications. In: Network and Distributed System Security Symposium (2014)

    Google Scholar 

  24. Thanasis, P., Giannis, V., Elias, A., Michalis, P., Sotiris, I.: Rage Against the Virtual Machine:Hindering Dynamic Analysis of Android Malware. In: European Workshop on Systems Security (2014)

    Google Scholar 

  25. Joe, S., Andrew, C., Lodovico, M., Golden, G.R.: Acquisition and analysis of volatile memory from android devices. Elsevier 8(3-4), 175–184 (2012)

    Google Scholar 

  26. Axelle, A., Ruchna, N.: Obfuscation in Android Malware and how to fight back. Virus Bulletin (2014)

    Google Scholar 

  27. Yury, Z., Maqsood, A., Olga, G., Bruno, C., Fabio, M.: StaDynA: Addressing the Problem of Dynamic Code. In: ACM Conference on Data and Application Security and Privacy (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National University of Science and Technology, Islamabad, Pakistan

    Faisal Nasim, Baber Aslam, Waseem Ahmed & Talha Naeem

Authors
  1. Faisal Nasim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Baber Aslam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Waseem Ahmed
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Talha Naeem
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faisal Nasim .

Editor information

Editors and Affiliations

  1. University of Mohammed V, Rabat, Morocco

    Said El Hajji

  2. University of Caen, Caen, France

    Abderrahmane Nitaj

  3. LAGA,Universities of Paris 8 and Paris 13, Saint-Denis Cedex 02, France

    Claude Carlet

  4. University of Mohammed V, Rabat, Morocco

    El Mamoun Souidi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Nasim, F., Aslam, B., Ahmed, W., Naeem, T. (2015). Uncovering Self Code Modification in Android. In: El Hajji, S., Nitaj, A., Carlet, C., Souidi, E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science(), vol 9084. Springer, Cham. https://doi.org/10.1007/978-3-319-18681-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-18681-8_24

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-18680-1

  • Online ISBN: 978-3-319-18681-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation