Exploring Advanced Obfuscation Techniques in Mobile App Security

post post challenge challenge presentation n.w
1 / 17
Embed
Share

This presentation delves into the intricacies of obfuscation techniques in the context of mobile app security and reverse engineering. The group discusses the challenges, solutions, and related works in this field, exploring unique approaches to obfuscating code to enhance security measures. They present a detailed analysis of articles and tools such as Obfuscapk and Allatori, highlighting the importance of manual obfuscation activities and ProGuard configurations. Overall, the session offers valuable insights into enhancing app security through innovative obfuscation methods.

  • Mobile App Security
  • Obfuscation Techniques
  • Reverse Engineering
  • ProGuard
  • App Obfuscation
rayaanacharya
xaniyahk Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Post Post- -Challenge Challenge Presentation Presentation COMPSCI702 Group 3 Jitong Wang, William Que, Louis Wang, Juyou Qi 27/05/2021

  2. Agenda Introduction 01 Related work 02 AGENDA Proposed idea 03 Evaluation & Discussion 04 Reverse engineering 05 2

  3. Introduction /01 The context, problem and solution for our project and obfuscation techniques.

  4. Introduction Context 01 We often have to consider both sides of the coin, i.e. active obfuscation and reverse engineering. Problem 02 There is rarely a dedicated security person involved Related Work 03 Five articles that we have researched and found best practices. Solution & its novelty 04 We chose three obfuscation methods stacked in thousands of ways when the corresponding tool is selected. 4

  5. Related Work /02 The background knowledge related to our project.

  6. Articles 04.Statistical Deobfuscation of Android 01.Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild Applications A large scale investigation on Android obfuscation and depict a holistic view of the usage of obfuscation in the wild DeGuard: the deobfuscation tool for ProGuard 02.Who Changed You? Obfuscator Identification for Android 05.Obfuscapk: An open-source black-box obfuscation tool for Android apps Machine learning aid identification of obfuscation techniques Free, open-source, extensible automatic obfuscation tool, which does not require source code 03.AndrODet: An adaptive Android obfuscation detector Developed a recognition software called AndrODet, which can achieve an accuracy rate of 92.02%, 81.41% and 68.32% when recognising three typical obfuscation patterns 6

  7. Tools Obfuscapk A modular architecture that can be easily extended, developed in Python, making it easy for programming beginners to get started, Allatori covers all major obfuscation techniques with Optimising the final APK size, being easily good stability and performance. integrated within Android Studio, and covering a wide range of obfuscation techniques. 7

  8. Proposed idea /03 The main obfuscation idean

  9. Proposed idea Manual obfuscation Activity Rename Common obfuscation ProGuard configuration Automatic obfuscation Obfuscator and parameters options for the Obfuscapk tool 9

  10. Proposed idea Activity Rename Obfuscapk ProGuard Random strings following the rules below: a) Start with gsdn b) Add three random characters c) Add ane d) Add three more random characters e) End with laf Source code Junk Code (ArithmeticBranch & Nop) CallIndirection Goto Optimisation level at 5 Keep the error code and error line number Keep inner classes, signature and enclosing method Keep our Wikipedia service Rename source file, repackage classes APK

  11. Evaluation & Discussion /04 Technique strength Performance overhead Size overhead Limitation Possible extensions

  12. Evaluation Performance Storage Execution time (ET) and loading time (LT) The size of original APK is 2.72 MB The obfuscated application takes more time to run The size of obfuscated APK is 3.16 MB Basic obfuscation tech techniques should not affect overall performance Minor impact on performance 12

  13. Discussion Limitations Obfuscation tools were operated independently Design of the parameters is relatively conservative Possible Extensions Manual obfuscation part should be integrated into Obfuscapk A usable GUI should be designed Debugging and Updates A mapping file has been created for manual obfuscation Proguard also produced a mapping file 13

  14. Reverse engineering /05 Technical details about reverse engineering of other groups apps.

  15. Our methods Tools Step 1 We mix-used JADX,JDA and Deguard for our reverse engineering. Export .gradle project from JADX and open in Android Studio for For each app we assigned, we applied all three tools to better structure understanding and code reading. decompile and choose the best outcome for our further manual work. Step2 Always start with onCreate() function Analyze according to the run--time output and recover the variables usages. Look for classes, try to recover the business logic of the application. Step3 Delete trash codes, mostly are try-catches. If time allows, rebuid a new project in Android Studio. 15

  16. Reverse Engineering Tools Time consuming Using multiple tools to analyze the code is It is time consuming to recover split classes with juck classes refer to each other as well as containing junk codes. An experienced hacker may find out the logic immediately, we need much more time to find related classes and find out whether it is used or not. necessary. There are still a wide range of tools to try. Experiences Knowledge of Java and Android iis very important in reverse engineering It is also helpful if you can read smali code directly. , 16

  17. Thanks for your listening Jitong Wang, William Que, Louis Wang, Juyou Qi

Related


CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

CSE 122 Winter 2024 - Lecture 18: Putting It All Together Review

lochlan
Principles and Applications of Symmetry in Magnetism Summer School Lecture

Principles and Applications of Symmetry in Magnetism Summer School Lecture

eleanora
Spring 2BL : Lecture 5

Spring 2BL : Lecture 5

zakai
An Overview of AI Applications in Medicine - Lecture Highlights

An Overview of AI Applications in Medicine - Lecture Highlights

denise
Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

Enhancing Student Learning Through Formative Assessment in Lecture-Based Courses

varian
2D Geometric Transformations for Computer Graphics

2D Geometric Transformations for Computer Graphics

maira
Thermal Physics Lecture by Dr. Erwin Sitompul at President University

Thermal Physics Lecture by Dr. Erwin Sitompul at President University

mckinzle
Introduction to Code Reasoning in CSE331 Lecture

Introduction to Code Reasoning in CSE331 Lecture

yrose
Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

Advanced Topics in Communication Systems: Lecture 18 Overview and Final Exam Details

smiha
Proper Handling and Storage of Lecture Bottles in Laboratories

Proper Handling and Storage of Lecture Bottles in Laboratories

gwy_ke

More Related Content