This commit is contained in:
parent
de9674f09c
commit
96b8d24b29
GPG key ID:
B66AEEDA9B645AD2
13 changed files with 26 additions and 24 deletions
|
|
@ -1,4 +1,4 @@
|
|||
#import "../lib.typ": APK, etal, ART, SDK, eg, DEX, eg, pb3, pb3-text
|
||||
#import "../lib.typ": APK, etal, ART, SDK, eg, DEX, eg, pb3, pb3-text, midskip
|
||||
#import "../lib.typ": todo, jm-note, jfl-note
|
||||
|
||||
=== Allowing Static Analysis Tools to Analyse Obfuscated Application <sec:bg-soa-th>
|
||||
|
|
@ -81,7 +81,7 @@ Those cases are quite common; being able to solve those without resorting to dyn
|
|||
On the other hand, COAL will struggle to solve cases with complex string manipulation and is simply not able to handle cases that rely on external data (#eg downloaded from the internet at runtime).
|
||||
Likewise, this can only access code loaded dynamically if the code was present inside the application without any kind of obfuscation (#eg a #DEX file in the assets of the application can be analysed, but not if it is ciphered).
|
||||
|
||||
#v(2em)
|
||||
#midskip
|
||||
|
||||
Instrumenting applications to encode the result of an analysis as a unified representation has been explored before.
|
||||
It has been used by tools like AppSpear and DexLego to expose heavily obfuscated bytecode collected dynamically.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue