these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

wip
All checks were successful
/ test_checkout (push) Successful in 1m34s
Details

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-09-09 17:05:19 +02:00
parent e9bc1572e9
commit ed8bbd12e5
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
8 changed files with 85 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

7
2_background/8_instrumentation.typ
View file

@ -8,7 +8,7 @@ The term can also be used more generally to describe operation that modify the a
In this section, we will focus on the use of instrumentation that make an application easier to analyse by other tools, instead of just collecting additionnal information at runtime.
I the previous section, we gave the example of AppSpear~@yang_appspear_2015, that reconstruct #DEX files intercepted at runtime and repackage the #APK with the new code in it.
DexLeog~@dexlego has a similar but a lot more aggressive technique.
DexLego~@dexlego has a similar but a lot more aggressive technique.
It targets heavily obfuscated packer that decrypt then reencrypt the methods instructions just in time.
To get the bytecode, DexLego log each instruction executed by the #ART, and reconstruct the methods, then the #DEX files, from this stream of instructions.
The main limitation of this technique is that it carrys over the limitation of dynamic analysis to static analysis: the bytecode injected in the application is limited to the instructions executed during the dynamic analysis.
@ -35,8 +35,7 @@ It has been used by tools like AppSpear and DexLego to expose heavily obfuscated
Similarly, DroidRA compute reflection information computed statically and inject the actual method calls inside the application it returns.
However, AppSpear and DexLego focus primarely on specific obfuscation techniques, making there implementation difficult to port to more rescent version of Android, and DroidRA suffers the limitation of static analysis.
We believe that instrumentation is a promising approach to encode those information.
#jm-note(side: right)[Especially, we think that using it to provide information collected by even a simple dynamic analysis could be significantly beneficial for many tools.][Urf, this is over promising considering the work done in @sec:th]
#jm-note(side: left)[#pb3: #pb3-text][Yeah no, this need a revision]
Especially, we think that it could be used to provide dynamic information that are not available to static analysis tools like DroidRA.
To explore this possibility, we will try to anwser our third problem statement #pb3: #pb3-text