these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
thesis/6_conclusion/1_contributions.typ
Jean-Marie 'Histausse' Mineau 3f3f03c97d
All checks were successful
/ test_checkout (push) Successful in 1m43s
Details
fix
2025-09-23 03:52:22 +02:00

36 lines
2.5 KiB
Typst
Raw Blame History

#import "../lib.typ": etal, SDK, todo
#import "../3_rasta/X_var.typ" as rasta
#import "../4_class_loader/X_var.typ" as cl
== Contributions of this Thesis
In this thesis, we presented the following contributions.
First, we explored the reusabiliy of static analysis tools.
Based on a systematic literature review by Li #etal, we identified 22 tools of interest, published between 2012 and 2017.
To estimate the current usability of those tools, we tested their most recent version on a large dataset of #rasta.NBTOTALSTRING applications.
We then counted the number of analysis the finished and return a result.
We established that #rasta.resultunusable of #rasta.nbtoolsselectedvariations tools are not reusable.
We were not able to use two of them, even with the help of the authors, while 10 others failed to finish their analysis more than half of the times.
The study of the succes rate of the tools for applications grouped by their caracteristics showed that the greater bytecode size increase the chance of analysis failure.
The same goes for min #SDK version to a lesser extent, and it appears that analyses of malwares are less likely to encounter a fatal error than analyses of goodware.
In the process of testing the tools, we built docker images of working setup for the tools.
We released those images in the hope to help future researcher that would want to use those tools.
Our second contributions models the default class loading behaviour of Android and introduced a class of obfuscation based on it: shadow attacks.
We showed that, by including multiple classes with the same name in an application, or including classes with the same name as classes in the android #SDK, and application can mislead a reverse engineer or impact the results of analysis tools.
We scanned a dataset of rescent applications and found that although those situations appear in wild, shadow attacks do no seam to be actually used.
Instead, we believe that classes from the #SDK are added either for retro-compatibility or due to the developper being unaware that a library was already present in the Android #SDK, and the few cases were classes are present multiple times in the application look like mistakes during the compilation of the application.
Still, #cl.shadowsdk of the applications we tested were shadowing classes from targeted #SDK version.
/*
* Futur work: mon unique pov pour le futur: what need to be done
*
* Take aways depuis l'intro
* puis résumé des contributions majeurs, un paragraphe par contrib
*
*/
Reference in a new issue View git blame Copy permalink