midskip

4_class_loader/3_obfuscation.typ

@@ -1,4 +1,4 @@
-#import "../lib.typ": eg, paragraph, DFG, DEX, API, SDK, APK, ART, AOSP
+#import "../lib.typ": eg, paragraph, DFG, DEX, API, SDK, APK, ART, AOSP, midskip
 #import "../lib.typ": todo, jfl-note
 #import "X_var.typ": *
 
@@ -257,7 +257,7 @@ Flowdroid does have a record of #SDK classes, and gives priority to the actual #
 Unfortunately, Flowdroid does not have a record of all platform classes, meaning that using #hidec breaks the flow tracking. 
 Solving this issue would require finding the bytecode of all the platform classes of the Android version targeted, and, as we said previously, it requires extracting this information from the emulator or phone.
 
-#v(2em)
+#midskip
 
 We have seen that tools can be impacted by shadow attacks. In the next section, we will investigate whether these attacks are used in the wild.
 

4_class_loader/4_in_the_wild.typ

@@ -1,4 +1,4 @@
-#import "../lib.typ": num, todo, paragraph, SDK, APK, API, ART, DEX
+#import "../lib.typ": num, todo, paragraph, SDK, APK, API, ART, DEX, midskip
 #import "X_var.typ": *
 
 == Shadow Attacks in the Wild <sec:cl-wild>
@@ -285,7 +285,7 @@ When looking at this new code stored in the field, we found that it does almost
 Thus, we believe that the developer has upgraded their obfuscation techniques, replacing a native library with inline base64 encoded bytecode. 
 The shadow attack could be unintentional, but it strengthens the masking of the new implementation.
 
-#v(2em)
+#midskip
 
 As a conclusion, we observed that:
 - #SDK shadowing is performed by #shadowsdk of applications, but is unintentional: these classes are embedded for retro-compatibility purposes or because the developer added a library already present in Android.