基于bytecode混淆的Android应用保护方法研究与实现

发布时间：2018-03-27 19:07

本文选题：Android软件安全　切入点：代码混淆　出处：《西北大学》2017年硕士论文

【摘要】：随着智能手机的发展,全球Android应用程序的年下载量超过3000亿次。然而,在应用爆发式增加的同时,其自身所遭受大量的二次打包、代码注入等非法攻击也越来越多。因此,研究一种有效的保护方法势在必行,众所周知代码混淆是最有效的保护方法之一。已有的Android应用代码混淆保护方法分为两大类:一种是基于Java源码进行混淆处理,但是这种方法不能保护开发商的知识产权;另外一种是基于Android bytecode指令的混淆,这种方法并没有提供复杂的数据流混淆和控制流混淆相结合的技术。本文提出一种基于bytecode混淆的Android应用保护方法,该方法不仅不需要提供应用程序源代码和修改虚拟机解释器,而且还增加了逆向工具进行逆向分析时的难度。本文主要研究工作包括四个方面:1)针对近年来出现的大量逆向工具能够辅助攻击者非法获取应用程序关键代码的问题,提出了混淆代码中变量的存储方式和函数调用的返回值获取方式的数据流混淆方法,经过该方法加固后的应用程序是不易被逆向的。2)为了进一步增加逆向工程的难度,本文还结合了控制流平展技术和路径模糊技术来增加应用程序的控制流复杂度。3)本文详细的分析解释了 Android运行时系统对于bytecode运行之前的静态分析检测原理,根据这个检测机制的漏洞解决了这个寄存器类型冲突问题。4)设计并实现了基于bytecode混淆的Android应用保护系统DexPro,通过选取常用的算法作为混淆测试的实例,对其加固前后的代码大小和性能消耗进行了对比分析。实验结果表明该混淆方法对于保护Android应用软件是有效且实用的。
[Abstract]:With the development of smartphones, Android applications worldwide have been downloaded more than 300 billion times a year. However, with the increase of application exploits, the number of illegal attacks such as secondary packaging, code injection and other illegal attacks is increasing. It is imperative to study an effective protection method, and it is well known that code confusion is one of the most effective protection methods. Existing Android application code obfuscation protection methods can be divided into two categories: one is based on Java source code confusion processing, But this approach does not protect developers' intellectual property rights; the other is confusion based on the Android bytecode directive. This method does not provide a complex technique of data stream confusion and control flow confusion. In this paper, a Android application protection method based on bytecode obfuscation is proposed. This method not only does not need to provide the source code of the application and modify the virtual machine interpreter. This paper mainly includes four aspects: 1) aiming at the problem that a large number of reverse tools can assist an attacker to obtain the key code of an application illegally in recent years. In order to increase the difficulty of reverse engineering, the method of obfuscation of data flow between the storage of variables in the obfuscation code and the method of obtaining the return value of the function call is proposed. The application program strengthened by this method is not easily reversed. 2) in order to further increase the difficulty of reverse engineering, This paper also combines the control flow flattening technology and the path fuzzy technology to increase the complexity of the control flow of the application. 3) this paper analyzes and explains the static analysis and detection principle of the Android runtime system before the bytecode runs in detail. According to the flaw of the detection mechanism, the register type conflict problem is solved. (4) the Android application protection system based on bytecode confusion is designed and implemented, and the common algorithm is selected as the example of confusion test. The code size and performance consumption before and after reinforcement are compared and analyzed. The experimental results show that the confusion method is effective and practical in protecting Android application software.
【学位授予单位】：西北大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP316;TP309

【相似文献】