these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

wip conclusion
Some checks failed
/ test_checkout (push) Has been cancelled
Details

Browse source
This commit is contained in:
Jean-Marie 'Histausse' Mineau 2025-09-23 03:51:04 +02:00
parent 10df431972
commit e845197c0b
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
3 changed files with 5 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

2
4_class_loader/6_conclusion.typ
View file

@ -6,7 +6,7 @@
#todo[Ca serait bien de faire un PR ou deux a Jadx/Androguard/Soot quand même]
This chapter has presented three shadow attacks that allow malware developers to fool static analysis tools when reversing an Android application.
By including multiple classes with the same name or by using the same name as a class of the #Asdk, the developer can mislead a reverser or impact the result of a flow analysis, such as the ones of Androguard or Flowdroid.
By including multiple classes with the same name or by using the same name as a class of the #Asdk, the developer can mislead a reverse engineer or impact the result of a flow analysis, such as the ones of Androguard or Flowdroid.
We explored if such shadow attacks are present in as dataset of #nbapk applications .
We found that on average, #shadowsdk of applications are shadowing the #SDK, mainly for retro-compatibility purposes and library embedding.