these-ammii/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

wip
All checks were successful
/ test_checkout (push) Successful in 51s
Details

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-07-16 16:01:35 +02:00
parent 655bff8de2
commit e6c8b0ee6c
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
9 changed files with 28 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

10
4_class_loader/2_classloading.typ
View file

@ -1,13 +1,13 @@
#import "../lib.typ": todo, ie, etal, num
#import "../lib.typ": todo, ie, etal, num, DEX
#import "X_var.typ": *
== Analyzing the class loading process <sec:cl-loading>
== Analyzing the Class Loading Process <sec:cl-loading>
For building obfuscation techniques based on the confusion of tools with class loaders, we manually studied the code of Android that handles class loading.
In this section, we report the inner workings of ART and we focus on the specificities of class loading that can bring confusion.
Because the class loading implementation has evolved over time during the multiple iterations of the Android operating system, we mainly describe the behavior of ART from Android version 14 (SDK 34).
=== Class loaders
=== Class Loaders
When ART needs to access a class, it queries a `ClassLoader` to retrieve its implementation.
Each class has a reference to the `ClassLoader` that loaded it, and this class loader is the one that will be used to load supplementary classes used by the original class.
@ -109,7 +109,7 @@ This could mislead the reverser if they use the one that has the lowest priority
To determine if a class is impacted by the priority given to `BootClassLoader`, we need to obtain the list of classes that are part of Android #ie the #platc.
We discuss in the next section how to obtain these classes from the emulator.
=== Determining #platc
=== Determining Platform Classes
#figure(
image(
@ -174,7 +174,7 @@ Our manual investigations suggest that the documentation is not well synchronize
We conclude that it can be dangerous to trust the documentation and that gathering information from the emulator or phone is the only reliable source.
Gathering the precise list of classes and the associated bytecode is not a trivial task.
=== Multiple DEX files <sec:cl-collision>
=== Multiple #DEX Files <sec:cl-collision>
For the application class files, Android uses its specific format called DEX: all the classes of an application are loaded from the file `classes.dex`.
With the increasing complexity of Android applications, the need arrised to load more methods than the DEX format could support in one #dexfile.