research-article

Deobfuscating Android native binary code

Authors:

Zeliang Kan,

Haoyu Wang,

Lei Wu,

Yao Guo,

Guoai XuAuthors Info & Claims

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

Pages 322 - 323

https://doi.org/10.1109/ICSE-Companion.2019.00135

Published: 25 May 2019 Publication History

Get Access

Abstract

In this paper, we propose an automated approach to facilitate the deobfuscation of Android native binary code. Specifically, given a native binary obfuscated by Obfuscator-LLVM (the most popular native code obfuscator), our deobfuscation system is capable of recovering the original Control Flow Graph. To the best of our knowledge, it is the first work that aims to tackle the problem. We have applied our system in different scenarios, and the experimental results demonstrate the effectiveness of our system based on generic similarity comparison metrics.

References

[1]

CVE-2014-3153. https://github.com/orenl/CVE-2014-3153, 2014.

Google Scholar

[2]

Benchmarks. https://github.com/tum-i22/obfuscation-benchmarks, 2016.

Google Scholar

[3]

Benjamin Bichsel, Veselin Raychev, Petar Tsankov, and Martin Vechev. Statistical deobfuscation of android applications. In ACM Sigsac Conference on Computer and Communications Security, pages 343--355, 2016.

Digital Library

Google Scholar

[4]

Pascal Junod, Julien Rinaldini, Johan Wehrli, and Julie Michielin. Obfuscator-llvm-software protection for the masses. In International Workshop on Software Protection (SPRO), pages 3--9. IEEE, 2015.

Digital Library

Google Scholar

Cited By

View all

Dong WLin JChang RWang R(2022)CaDeCFF: Compiler-Agnostic Deobfuscator of Control Flow FlatteningProceedings of the 13th Asia-Pacific Symposium on Internetware10.1145/3545258.3545269(282-291)Online publication date: 11-Jun-2022
https://dl.acm.org/doi/10.1145/3545258.3545269
Cerutti Fdi San Pietro DGringoli FLamperti G(2022)Looking for Criminal Intents in JavaScript Obfuscated CodeProcedia Computer Science10.1016/j.procs.2022.09.142207:C(867-876)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1016/j.procs.2022.09.142

Recommendations

Benchmark Dalvik and Native Code for Android System
IBICA '11: Proceedings of the 2011 Second International Conference on Innovations in Bio-inspired Computing and Applications

Google's Android Native Development Kit (NDK) is a toolset that lets you embed components to use of native code in your Android applications. It makes possible for developers to easily compile in C/C++ for the Android development platform. Generally, ...
NCScope: hardware-assisted analyzer for native code in Android apps
ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

More and more Android apps implement their functionalities in native code, so does malware. Although various approaches have been designed to analyze the native code used by apps, they usually generate incomplete and biased results due to their ...
Android: Changing the Mobile Landscape

The mobile phone landscape changed last year with the introduction of smart phones running Android, a platform marketed by Google. Android phones are the first credible threat to the iPhone market. Not only did Google target the same consumers as iPhone,...

Comments

Information & Contributors

Information

Published In

ICSE '19: Proceedings of the 41st International Conference on Software Engineering: Companion Proceedings

May 2019

369 pages

Conference Chair:
Gunter Mussbacher
McGill University, Canada
,
General Chair:
Joanne M. Atlee
University of Waterloo, Canada
,
Program Chair:
Tevfik Bultan
University of California, Santa Barbara

Publisher

IEEE Press

Publication History

Published: 25 May 2019

Check for updates

Qualifiers

Research-article

Conference

ICSE '19

Sponsor:

SIGSOFT
IEEE-CS

ICSE '19: 41st International Conference on Software Engineering

May 25 - 31, 2019

Quebec, Montreal, Canada

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
82
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

View all

Dong WLin JChang RWang R(2022)CaDeCFF: Compiler-Agnostic Deobfuscator of Control Flow FlatteningProceedings of the 13th Asia-Pacific Symposium on Internetware10.1145/3545258.3545269(282-291)Online publication date: 11-Jun-2022
https://dl.acm.org/doi/10.1145/3545258.3545269
Cerutti Fdi San Pietro DGringoli FLamperti G(2022)Looking for Criminal Intents in JavaScript Obfuscated CodeProcedia Computer Science10.1016/j.procs.2022.09.142207:C(867-876)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1016/j.procs.2022.09.142

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Benchmark Dalvik and Native Code for Android System

NCScope: hardware-assisted analyzer for native code in Android apps

Android: Changing the Mobile Landscape