these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

midskip
All checks were successful
/ test_checkout (push) Successful in 1m44s
Details

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-10-04 00:29:34 +02:00
parent de9674f09c
commit 96b8d24b29
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
13 changed files with 26 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

4
4_class_loader/4_in_the_wild.typ
View file

@ -1,4 +1,4 @@
#import "../lib.typ": num, todo, paragraph, SDK, APK, API, ART, DEX
#import "../lib.typ": num, todo, paragraph, SDK, APK, API, ART, DEX, midskip
#import "X_var.typ": *
== Shadow Attacks in the Wild <sec:cl-wild>
@ -285,7 +285,7 @@ When looking at this new code stored in the field, we found that it does almost
Thus, we believe that the developer has upgraded their obfuscation techniques, replacing a native library with inline base64 encoded bytecode.
The shadow attack could be unintentional, but it strengthens the masking of the new implementation.
#v(2em)
#midskip
As a conclusion, we observed that:
- #SDK shadowing is performed by #shadowsdk of applications, but is unintentional: these classes are embedded for retro-compatibility purposes or because the developer added a library already present in Android.