Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis...
Transcript of Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis...
![Page 1: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/1.jpg)
Efficient Code Obfuscation for Android
Master Thesis Defense Presentation
Author: Supervisor:Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer: Prof. Jean-Sébastien CORON Advisor: Dr. Ralf-Philipp WEINMANN
![Page 2: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/2.jpg)
2
In the next 30 mins...
![Page 3: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/3.jpg)
3
In the next 30 mins...
![Page 4: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/4.jpg)
4
What is obfuscation?
&
Why is it useful?
![Page 5: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/5.jpg)
5
Introductio
Java
API
DVM + Libs
Kernel
![Page 6: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/6.jpg)
6
Introductio
Java
API
DVM + Libs
Kernel
![Page 7: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/7.jpg)
7
Dalvik Virtual Machine
● Register based (32-bits)● Optimized for Android:
– Slower CPU
– Little RAM: 20 MB
– No swap
– Quick replication (UID)
– Energy efficient
● Instruction set: 218 different opcodes (~26 groups) 38 unused opcodes
![Page 8: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/8.jpg)
8
Build, install, verify → obfuscate?
++ VFY, dexopt
![Page 9: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/9.jpg)
9
Tools: analysis & protection
● Protection– ProGuard– dalvik-obfuscator
– APKfuscator
– DexGuard
● Analysis – androguard
– baksmali (apktool)
– dedexer
– dexdump
– dex2jar
– dexter
– dexguard
– IDA pro
– radare2
– …
![Page 10: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/10.jpg)
10
How are apps protected currently?
![Page 11: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/11.jpg)
11
Case Study
● ~1700 APK files
● Only free apps!
● Two phases:
(1) coarse automation
(2) manual
● Profiling the apps:– ProGuard obfucation
– Base64 strings
– Dynamic code
– Native code
– Crypto code
– Reflection
– Header size
– Encoding
![Page 12: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/12.jpg)
12
Case Study: results (pt1)
● ProGuard
● Reflection ● Header size● Encoding
● Base 64
![Page 13: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/13.jpg)
13
Case Study: results (pt2)
● Base 64 – Multimedia (GIF, JPEG, PNG)
– Text (ASCII, UTF-8 text)
● UTF-8 names of fields and classes
– 文章 :Ljava/util/ArrayList;
● Interesting strings:– http://media.admob.com/ Tel://6509313940
– http://dl.dropbox.com/u/...../inmobi_mraid.js
– plaintext passwords
![Page 14: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/14.jpg)
14
Conclusions
● ProGuard usage popular● UTF-8 names found in very few apps
(breaks some tools)● Reflection & native → hide code from static analysis
But basically... all we wanted, we could find it.
![Page 15: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/15.jpg)
15
What can we do to protect better our apps?
![Page 16: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/16.jpg)
16
(Yet another) obfuscator
A similar approach to dalvik-obfuscator – Four transformations – Design accents on: generic, cheap
![Page 17: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/17.jpg)
17
Adding Native Call Wrappers
● Targets: metadata information extraction● Adds complexity: data flow, control flow
![Page 18: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/18.jpg)
18
Packing Numeric Variables
● Targets: data extraction● Adds complexity: data flow, control flow
![Page 19: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/19.jpg)
19
Packing Numeric Variables (ctd)
![Page 20: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/20.jpg)
20
Packing Numeric Variables (ctd)
![Page 21: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/21.jpg)
21
Packing Numeric Variables (ctd)
![Page 22: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/22.jpg)
22
Strings obfuscation
● Targets: metadata information extraction● Adds complexity: data flow, control flow
![Page 23: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/23.jpg)
23
Add “bad” code
● Targets: defeat popular static analysis tools● Adds complexity: control flow
![Page 24: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/24.jpg)
24
Obfuscator evaluation
● All transformations applied together: < +1MB
● UTF-8 names + our obfuscator = good protection
![Page 25: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/25.jpg)
25
What are our limits?
![Page 26: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/26.jpg)
26
What can(not) we do?
● Static techniques– Encoding
– Reordering code and data
– Merging and splitting code
– Jump exploit limitations
● Dynamic techniques (possible with a custom class loader)– Dynamic code changes
– Code encryption
![Page 27: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/27.jpg)
27
Summary
● Proved applications undergo few protection
● Proposed an obfuscator implementation
(code available on GitHub)
● An attempt to discuss what techniques from
x86 can be applied on Dalvik bytecode
![Page 28: Efficient Code Obfuscation for Android · Efficient Code Obfuscation for Android Master Thesis Defense Presentation Author: Supervisor: Alexandrina Kovacheva Prof. Alex BIRYUKOV Reviewer:](https://reader035.fdocuments.us/reader035/viewer/2022071217/604d4d49d63bf24c3a7c8b16/html5/thumbnails/28.jpg)
28
Question time
&&
Thank you!