Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (7): 293-301.doi: 10.11896/jsjkx.221100147

• Information Security • Previous Articles     Next Articles

Locating Third-party Library Functions in Obfuscated Applications

YUAN Jiangfeng, LI Haoxiang, YOU Wei, HUANG Jianjun, SHI Wenchang, LIANG Bin   

  1. School of Information,Renmin University of China,Beijing 100872,China
  • Received:2022-11-17 Revised:2023-03-27 Online:2023-07-15 Published:2023-07-05
  • About author:YUAN Jiangfeng,born in 1998,postgraduate,is a member of China Computer Federation.His main research interests include mobile security and program analysis.LIANG Bin,born in 1973,Ph.D,professor,is a member of China Computer Federation.His main research interests include software analysis,AI security and mobile security.
  • Supported by:
    National Natural Science Foundation of China(U1836209,62272465,62002361) and CCF-Huawei Populus Euphratica Innovation Research Funding(CCF-HuaweiSE2021002).

PDF (PC)

586

Abstract: Third-party libraries are an important part of Android applications.When enforcing security enhancement or analysis based on application repackaging,it is often necessary to locate specific functions in third-party library.To this end,there is a need to map the functions of the third-party library to the disassembly code of the target application.However,many applications are obfuscated,which brings challenges to locating third-party library functions.In the disassembly code of the obfuscated application,the discriminated fingerprints are often eliminated,hence the code becomes obscure and difficult to analyze.Due to the lack of location fingerprints,it is very difficult to identify a specific function from the huge code space.So far,the existing studies only focus on identifying which third-party libraries are included in the target application rather than locating specific functions.In this paper,a method to locate the third-party functions in obfuscated applications is presented.In the first place,the obfuscator and obfuscation parameters used in the target application are identified.The source code of the third-party library is obfuscated in the same way as done for the target application.The stage is called as obfuscation alignment in this study.On this basis,we introduce some location fingerprints into the target functions with static instrumentation,and extract the structural features to identify the function location from the target application.Experiments show that the proposed method can identify the obfuscation tools and obfuscation parameters with high accuracy,and can accurately locate the third-party library functions for popular obfuscated close-source applications.

Key words: Android application, Repackaging, Obfuscation, Third-party library, Location

CLC Number: 

  • TP309.2
[1]DONG S,LI M,DIAO W,et al.Understanding Android obfuscation techniques:A large-scale investigation in the wild[C]//International Conference on Security and Privacy in Communication Systems.Cham:Springer,2018:172-192.
[2]YOU G,KIM G,CHO S,et al.A Comparative Study on Optimization,Obfuscation,and Deobfuscation tools in Android[J].Journal of Internet Services and Information Security,2021,11(1):2-15.
[3]AONZO S,GEORGIU G C,VERDERAME L,et al.Obfuscapk:An open-source black-box obfuscation tool for Android apps[J].SoftwareX,2020,11:100403.
[4]BALACHANDRAN V,TAN D J J,THING V L L.Controlflow obfuscation for Android applications[J].Computers & Security,2016,61:72-93.
[5]KOVACGEVA A.Efficient code obfuscation for Android[C]//International Conference on Advances in Information Technology.Cham:Springer,2013:104-119.
[6]GUO R,LIU Q,ZHANG M,et al.A Survey of Obfuscation and Deobfuscation Techniques in Android Code Protection[C]//2022 7th IEEE International Conference on Data Science in Cyberspace(DSC).IEEE,2022:40-47.
[7]YOU G,KIM G,PARK J,et al.Reversing obfuscated control flow structures in android apps using redex optimizer[C]//The 9th International Conference on Smart Media and Applications.2020:272-276.
[8]YOU G,KIM G,HAN S,et al.Deoptfuscator:Defeating Ad-vanced Control-flow Obfuscation Using Android Runtime(ART)[J].IEEE Access,2022,10:61426-61440.
[9]WERMKE D,HUAMAN N,ACAR Y,et al.A large scale investigation of obfuscation use in google play[C]//Proceedings of the 34th Annual Computer Security Applications Conference.2018:222-235.
[10]ZHANG X,BREITINGER F,LUECHINGER E,et al.Android application forensics:A survey of obfuscation,obfuscation detection and deobfuscation techniques and their impact on investigations[J].Forensic Science International:Digital Investigation,2021,39:301285.
[11]MAIORCA D,ARIU D,CORONA I,et al.Stealth attacks:An extended insight into the obfuscation effects on android malware[J].Computers & Security,2015,51:16-31.
[12]WANG Y,ROUNTEV A.Who changed you? Obfuscator identification for Android[C]//2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems(MOBILESoft).IEEE,2017:154-164.
[13]BICHSEL B,RAYCHEV V,TSANKOV P,et al.Statistical deobfuscation of android applications[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:343-355.
[14]MIRZAEI O,DE FUENTES J M,TAPIADOR J,et al.AndrODet:An adaptive Android obfuscation detector[J].Future Ge-neration Computer Systems,2019,90:240-261.
[15]HUANG J,XUE B,JIANG J,et al.Scalably Detecting Third-Party Android Libraries With Two-Stage Bloom Filtering[J].IEEE Transactions on Software Engineering,2023,49(4):2272-2284.
[16]ZHANG J,BERESFORD A R,KOLLMANN S A.Libid:reliable identification of obfuscated third-party android libraries[C]//Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis.2019:55-65.
[17]WANG Y,WU H,ZHANG H,et al.Orlis:Obfuscation-resilient library detection for Android[C]//2018 IEEE/ACM 5th International Conference on Mobile Software Engineering and Systems(MOBILESoft).IEEE,2018:13-23.
[18]ELSERSY W F,FEIZOLLAH A,ANUAR N B.The rise of obfuscated Android malware and impacts on detection methods[J].PeerJ Computer Science,2022,8:e907.
[19]GRAUX P,LALANDE J F,TONG V V T.Obfuscated android application development[C]//Proceedings of the Third Central European Cybersecurity Conference.2019:1-6.
[20]BAUMANN R,PROTSENKO M,MULLER T.Anti-proguard:Towards automated deobfuscation of android apps[C]//Proceedings of the 4th Workshop on Security in Highly Connected IT Systems.2017:7-12.
[21]ZHANG Y,DAI J,ZHANG X,et al.Detecting third-party li-braries in android applications with high precision and recall[C]//2018 IEEE 25th International Conference on Software Analysis,Evolution and Reengineering(SANER).IEEE,2018:141-152.
[22]MA Z,WANG H,GUO Y,et al.Libradar:fast and accurate detection of third-party libraries in android apps[C]//Proceedings of the 38th International Conference on Software Engineering Companion.2016:653-656.
[23]BACKES M,BUGUEL S,DERR E.Reliable third-party library detection in android and its security applications[C]//Procee-dings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.2016:356-367.
[24]JUNG J H,KIM J Y,LEE H C,et al.Repackaging attack on Android banking applications and its countermeasures[J].Wireless Personal Communications,2013,73(4):1421-1437.
[25]LEE Y,WOO S,LEE J,et al.Enhanced Android app-repackaging attack on in-vehicle network[J].Wireless Communications and Mobile Computing,2019,2019:1-13.
[26]MA H,LI S,GAO D,et al.Active warden attack:On the(in) effectiveness of Android app repackage-proofing[J].IEEE Tran-sactions on Dependable and Secure Computing,2021,19(5):3508-3520.
[27]LI Y X,LIN B G.Design of application security policy reinforcement system based on Android repackaging[J].Netinfo Security,2014(1):5.
[28]SALEM A,PAULUS F F,PRETSCHNER A.Repackman:A tool for automatic repackaging of android apps[C]//Proceedings of the 1st International Workshop on Advances in Mobile App Analysis.2018:25-28.
[1] DU Hao, WANG Yunchao, YAN Chenyu, LI Xingwei. Test Cases Generation Techniques for Root Cause Location of Fault [J]. Computer Science, 2023, 50(7): 10-17.
[2] TU Sipan, ZHANG Lin, LIU Xiping. Double Dummy Location Selection Algorithm Based on Behavior Correlation [J]. Computer Science, 2023, 50(5): 348-354.
[3] LUO Xiaohui, WU Yun, WANG Chenxing, YU Wenting. Sequential Recommendation Model Based on User’s Long and Short Term Preference [J]. Computer Science, 2023, 50(4): 47-55.
[4] SONG Wenkai, YOU Wei, LIANG Bin, HUANG Jianjun, SHI Wenchang. Research on PoC Refactoring of Third-party Library in Heterogeneous Environment [J]. Computer Science, 2023, 50(4): 277-287.
[5] WANG Jiwang, SHEN Liwei. Fine-grained Action Allocation and Scheduling Method for Dynamic Heterogeneous Tasks in Multi-robot Environments [J]. Computer Science, 2023, 50(2): 244-253.
[6] CHEN Yipeng, YANG Zhe, GU Fei, ZHAO Lei. Resource Allocation Strategy Based on Game Theory in Mobile Edge Computing [J]. Computer Science, 2023, 50(2): 32-41.
[7] LI Xiaohuan, CHEN Bitao, KANG Jiawen, YE Jin. Coalition Game-assisted Joint Resource Optimization for Digital Twin-assisted Edge Intelligence [J]. Computer Science, 2023, 50(2): 42-49.
[8] SHAO Zi-hao, YANG Shi-yu, MA Guo-jie. Foundation of Indoor Information Services:A Survey of Low-cost Localization Techniques [J]. Computer Science, 2022, 49(9): 228-235.
[9] GUO Peng-jun, ZHANG Jing-zhou, YANG Yuan-fan, YANG Shen-xiang. Study on Wireless Communication Network Architecture and Access Control Algorithm in Aircraft [J]. Computer Science, 2022, 49(9): 268-274.
[10] WANG Lei, LI Xiao-yu. LBS Mobile Privacy Protection Scheme Based on Random Onion Routing [J]. Computer Science, 2022, 49(9): 347-354.
[11] YU Bin, LI Xue-hua, PAN Chun-yu, LI Na. Edge-Cloud Collaborative Resource Allocation Algorithm Based on Deep Reinforcement Learning [J]. Computer Science, 2022, 49(7): 248-253.
[12] TANG Feng, FENG Xiang, YU Hui-qun. Multi-task Cooperative Optimization Algorithm Based on Adaptive Knowledge Transfer andResource Allocation [J]. Computer Science, 2022, 49(7): 254-262.
[13] LI Meng-fei, MAO Ying-chi, TU Zi-jian, WANG Xuan, XU Shu-fang. Server-reliability Task Offloading Strategy Based on Deep Deterministic Policy Gradient [J]. Computer Science, 2022, 49(7): 271-279.
[14] WANG Yi, LI Zheng-hao, CHEN Xing. Recommendation of Android Application Services via User Scenarios [J]. Computer Science, 2022, 49(6A): 267-271.
[15] PIAO Yong, ZHU Si-yuan, LI Yang. Hybrid Housing Resource Recommendation Based on Combined User and Location Characteristics [J]. Computer Science, 2022, 49(6A): 733-737.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.