面向安卓热更新的dex注入漏洞的自动化检测系统  

AUTOMATIC DETECTION SYSTEM FOR ANDROID DEX INJECTION VULNERABILITY CAUSED BY HOT UPDATE

在线阅读下载全文

作  者:彭涛 吕星航[2,3] 汤俊伟 张自力 刘军平 胡新荣 何儒汉 吴忠华[4] Peng Tao;LüXinghang;Tang Junwei;Zhang Zili;Liu Junping;Hu Xinrong;He Ruhan;Wu Zhonghua(Hubei Provincial Engineering Research Center for Intelligent Textile and Fashion,Wuhan 430200,Hubei,China;Engineering Research Center of Hubei Province for Clothing Information,Wuhan 430200,Hubei,China;School of Computer Science and Artificial Intelligence,Wuhan Textile University,Wuhan 430200,Hubei,China;Wuhan Aopu Information Technology Co.,Ltd.,Wuhan 430200,Hubei,China)

机构地区:[1]湖北省服装信息化工程技术研究中心,湖北武汉430200 [2]纺织服装智能化湖北省工程研究中心,湖北武汉430200 [3]武汉纺织大学计算机与人工智能学院,湖北武汉430200 [4]武汉奥浦信息技术有限公司,湖北武汉430200

出  处:《计算机应用与软件》2025年第3期363-370,391,共9页Computer Applications and Software

摘  要:安卓应用热更新推送补丁包过程中,由于没有添加数字签名,攻击者可以劫持篡改dex文件,导致dex注入,造成严重后果。针对上述问题,提出一种基于mitmproxy的自动化检测系统Homide,该系统首先利用mitmproxy获取客户端与服务端之间交互的所有数据包,同时定位dex文件,然后向dex注入代码并采用中间人攻击的方式推送给客户端执行,最后通过应用输出的日志信息来验证是否存在dex注入漏洞。针对应用市场中的513个应用,Homide成功检测出新的17个存在dex注入的应用,实验结果表明,Homide能有效检测出真实世界中因热更新导致dex注入的应用。During the process of pushing patch packages for Android application hot updates,as no digital signature is added,attackers can hijack and tamper with the dex file,leading to dex injection with serious consequences.To address the above problems,an automatic detection system Homide based on mitmproxy is proposed.It used mitmproxy to obtain all the packets interacted between the client and the server,while locating the dex file.It injected code into the dex and pushed it to the client for execution using a man-in-the-middle attack.The log information output by the application was used to verify whether there was a dex injection vulnerability.For 513 applications in the application market,Homide successfully detected 17 new applications with dex injection.The experimental results show that Homide can effectively detect real-world applications with dex injection due to hot updates.

关 键 词:漏洞检测 中间人攻击 自动化检测 mitmproxy dex注入 

分 类 号:TP3[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象