Unpacking Android Apps via a Hardware-Assisted Approach

主讲人：薛磊 助理教授、博导

题  目：Unpacking Android Apps via a Hardware-Assisted Approach

日  期：2021年10月15日 上午09:00-12:00

地  点：哈工大（深圳）L416

*** 欢迎各界人士参加 ***

摘要:

Android packers have been widely adopted by developers to protect apps from being plagiarized. Meanwhile, various unpacking

tools unpack the apps through direct memory dumping. To defend against these off-the-shelf unpacking tools, packers start to adopt virtual machine (VM) based protection techniques, which replace the original Dalvik bytecode (DCode) with customized bytecode (PCode) in memory. This defeats the unpackers using memory dumping mechanisms. However, little is known about whether such packers can provide enough protection to Android apps.

To shed light on these questions, we take the first step towards demystifying the protections provided to the apps by the VM-based packers and propose novel program analysis techniques to investigate existing commercial VM-based packers including a learning phase and a deobfuscation phase. We aim at deobfuscating the VM-protected DCode in three scenarios, recovering the original DCode or its semantics with training apps, and restoring the semantics without training apps. We also develop a prototype named Parema to automate much work of the deobfuscation procedure. By applying it to the online VM-based Android packers, we reveal that all evaluated packers do not provide adequate protection and could be compromised.

主讲人简历:

薛磊，助理教授、博导。薛磊博士现为香港理工大学计算学系助理教授（研究），长期从事系统安全、软件工程、网络安全和网联汽车安全等相关领域的研究，目前已发表30余篇系统安全、软件工程相关论文，其中以第一作者身份发表CCF-A类会议和期刊论文10篇，包括IEEE S&P、USENIX Security、ICSE、ISSTA、TIFS、TSE等，并申请和授权多项中国和美国发明专利。目前主持国家自然科学青年基金、CCF-腾讯犀牛鸟基金等项目，并担任多个国际会议的TPC成员以及TIFS、TDSC、TMC等期刊审稿人。