Android系统应用程序DEX文件保护方法研究  被引量：5

作　　者：袁晓筱 罗森林[1] 杨鹏 YUAN Xiaoxiao;LUO Senlin;YANG Peng(Information System&Security and Countermeasures Experiments Center,Beijing Institute of Technology,Beijing 100081,China;National Computer Network Emergency Response Technical Team Coordination Center of China,Beijing 100094,China)

机构地区：[1]北京理工大学信息系统及安全对抗实验中心,北京100081 [2]国家计算机网络与信息安全管理中心,北京100094

出　　处：《信息网络安全》2020年第7期60-69,共10页Netinfo Security

基　　金：国家242信息安全专项[2019A021]。

摘　　要：针对函数级DEX文件保护方法在函数修复过程中难以抵御动态恢复攻击且无法兼容ART虚拟机的问题,文章提出一种基于函数抽取和隐式恢复的DEX文件保护方法。该方法首先对DEX文件中的关键函数进行抽取,然后对DEX文件进行重构、整体加密、重命名和隐藏,接着通过修改APP启动入口和更换smali文件实现加壳,最后添加修复SO库完成对APK的加固。应用程序启动时,利用壳程序解密获取原DEX文件,并将原DEX解析加载到内存中,分别基于Dalvik虚拟机和ART虚拟机对加固函数进行修复,正常执行应用程序内部逻辑。以自主开发APK中的DEX文件为实验对象进行实验,结果表明,该方法能有效抵御静态分析和动态恢复攻击,同时能兼容两种虚拟机,且函数运行的时间增量为常量。Aiming at the problem that the existing DEX file protection method is difficult to resist dynamic recovery attack and cannot be compatible with ART virtual machine, a DEX file protection method based on function extraction and implicit recovery is proposed. The method first extracts the key functions in the DEX file, then reconstructs, encrypts, renames and hides the DEX file, and then adds the shell by modifying the APP startup entry and replacing the smali file, and finally adding the repair SO library to complete the reinforcement of the APK. When the application starts, the shell program is used to decrypt and obtain the original DEX file, and the original DEX parsing is loaded into the memory. Finally, the hardening function is repaired based on the Dalvik virtual machine and the ART virtual machine respectively, and the internal logic of the application is normally executed. Take the DEX files in the self-developed APK as experimental subjects. The experimental results show that the proposed method can effectively resist static analysis and dynamic recovery attacks, and is compatible with both virtual machines, and the time increment of function running is constant.

关 键 词：ANDROID DEX文件保护 函数抽取 隐式恢复 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]