时刻关注Eleden-Tech科技及其国内外合作伙伴相关动态!聚焦新产品推出,版本更新,市场活动,技术交流与展会信息等。
DexGuard introduces code virtualization for Android Apps
来源: | 作者:Eleden-Tech | 发布时间: 2019-01-21 | 1681 次浏览 | 分享到:
DexGuard 8.3 introduces a new strong outer protection layer: code virtualization ......

DexGuard 8.3 introduces a new strong outer protection layer: code virtualization. It protects parts of your codebase from static analysis by replacing the original code with a randomized instruction set interpreted by a generated virtual machine (VM). Code virtualization is an alternative to class encryption.

Layers of code protection

 
DexGuard applies various layers of code protection to shield it from illegitimate static code analysis. One of the most fundamental layers is name obfuscation, the substitution of human-readable names within the application with functionally equivalent random characters. ProGuard only applies name obfuscation to the actual code. DexGuard takes it a step further and also applies it to Android-specific data, files and resources. DexGuard also provides string encryption to shield data that is stored as simple strings in your APK, it hides standard library method calls by replacing them with reflections calls, transforms trivial arithmetic expressions into more complex formulations etc. All of these hardening techniques prevent attackers from simply clicking and dragging your APK into a decompiler and exploring the code to determine the role of the various classes, fields or methods.

At a higher level, DexGuard conceals the well-chosen human code structure and reorders it into a functionally equivalent but convoluted control flow. The obfuscated code confuses and crashes decompilers because it doesn’t resemble in any way to the code produced by standard compilers. It also makes it much harder to debug-step through a method to deduce its functionality as the control flow is redirected all over the place. This kind of obfuscation is a strong option to protect sensitive algorithms or protocol implementations.

The final step is to hide parts of your mobile app. This is what class encryption achieves: it effectively makes your code invisible for static analysis. For that reason, class encryption (and by extension, packing) is a very effective outer defense layer for your Android application. This is how it is works: a class is encrypted into a stream of seemingly meaningless bits. The class is only decrypted at runtime, when it is needed, and made available to the app (see Figure 1).

Code virtualization

 
DexGuard 8.3 introduces code virtualization for Android applications. This code hardening technique has the same aim as class encryption: hiding (parts of) the application’s code to protect them against static analysis.

Code virtualization transforms your method body into a stream of instructions for a randomized virtual machine that is injected into your app. This transformation happens at build time. DexGuard carefully analyses how your method code behaves and generates small and efficient VMs, each with their own unique instruction set. Once the VMs have been generated, DexGuard re-implements your method on the new instruction set. Each time your method is called, the new implementation is loaded and an interpreter on the native VM executes the instructions.

Class encryption and code virtualization

Figure 1: the result of applying class encryption (left) and code virtualization (right)

The result is that your original method code is no longer to be found inside the application. Also, and contrary to class encryption, the original code is never reconstructed at runtime. Everything happens in application space (see Figure 1), which means that the overhead of class loading is avoided. The generated code is included in the standard DEX files that contain the code of the application and is optimized during installation by the Android system.

Code virtualization combines well with other DexGuard techniques like API call hiding, string encryption or control flow obfuscation. For maximal protection, you can even combine it with class encryption. Applying these different layers of protection ensures that unobfuscated method calls can not easily be detected and that no 1:1 correspondence can be found with previously released versions of your app.

Class encryption or code virtualization: performance considerations

 
To be able to decide whether to use class encryption or code virtualization (or both), it is crucial to be aware of the possibilities and restrictions of either hardening technique.

First, code virtualization enables you to protect classes than cannot be encrypted. The Android OS and Dalvik VM restrict which classes can be encrypted. For example, activities mentioned in the Android manifest need be available at all time. Code virtualization allows you to wrap these classes in a strong outer protection layer.

Second, class encryption and code virtualization have a markedly different impact on app performance. Class encryption introduces unavoidable computational overhead, caused by the loading of the bitstream to decrypt the encrypted classes and the process of making the decrypted classes available to your application. The impact of the decryption varies from application to application. For that reason, DexGuard allows you to determine where to apply class encryption so that you can throttle the overhead. Properties of the target devices also influence the performance of class encryption, such as I/O speed and available disk space.

产品快速衔接
  • 自动化源代码审计工具
  • 自动化模糊(黑盒)测试工具
  • 自动化漏洞评估管理系统
  • Android安卓系统应用程序App安全加固:ProGuard
  • Android安卓系统应用程序App安全加固: DexGuard
  • iOS苹果系统应用程序App安全加固: iXGuard
  • Secure JTAG: 安全JTAG接口
  • Cyber CPU: 网络CPU
  • Secure Clock: 安全时钟
  • Active Shield: 物理主动防护
激情视频照片国产在线观看|国产精品人人做人人爽_日日噜噜夜夜狠狠久久av_免费播放一区二区三区_日本精品高清一区二区