wip
This commit is contained in:
Jean-Marie Mineau
parent
346151125e
commit
b5583dbae9
GPG key ID:
B66AEEDA9B645AD2
8 changed files with 110 additions and 41 deletions
|
|
@ -121,7 +121,7 @@ The contributions of this thesis are the following:
|
|||
Based on this model, we define a class of obfuscation techniques that we call _shadow attacks_ where a class definition in an #APK shadows the actual class definition.
|
||||
We show that common state-of-the-art tools like Jadx or Flowdroid do not implement this model correctly and thus can fall for those shadow attacks.
|
||||
We analysed a large number of recent Android applications and found that applications with class shadowing do exist, though they are the result of quirks in the #APK compilation process and not deliberate obfuscation attempts.
|
||||
This work was published in the Digital Threats journal~@classloaderinthemiddle. #todo[update ref when not 'just published' anymore]
|
||||
This work was published in the Digital Threats journal~@classloaderinthemiddle.
|
||||
+ We propose an approach to allow static analysis tools to analyse applications that perform dynamic code loading:
|
||||
We collect at runtime the bytecode dynamically loaded and the reflection calls information, and patch the #APK file to perform those operations statically.
|
||||
Finally, we evaluate the impact this transformation has on the tools we containerised previously.#jfl-note[Dire 2 mots sur la méthode de patch qui a été reimplémentée pour être robuste? \ jm: j'ai pas eu le temps de comparer avec soot/droidRA, je trouve que sans xp ca fait trop trust me bro #emoji.cat.face.cry]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue