st statistical de deobfuscati tion fo for android
play

St Statistical De Deobfuscati tion fo for Android Applications - PowerPoint PPT Presentation

Nov 24, 2023 •197 likes •520 views

St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar Martin Bichsel Raychev Tsankov Vechev Department of Computer Science Why De-obfuscate? Android binaries (APKs) (no code available) Number of APKs

  1. St Statistical De Deobfuscati tion fo for Android Applications Benjamin Veselin Petar Martin Bichsel Raychev Tsankov Vechev Department of Computer Science

  2. Why De-obfuscate? Android binaries (APKs) (no code available) Number of APKs on Google Play 2.4M APKs ’10 ’12 ’14 ’16 Google Play

  3. Layout Obfuscation in Android Non-descriptive names package com.example.dbhelper package a.b.c class DBHelper extends SQLiteHelper { class a extends SQLiteHelper { SQLiteDatabase db ; SQLiteDatabase b ; Some names Obfuscate public DBHelper (Context ctx) { public a (Context ctx) { remain db = getWritableDatabase(); b = getWritableDatabase(); } } Cursor execSQL (String str) { Cursor c (String str) { return db .rawQuery(str); return b .rawQuery(str); } } Names provide } } key semantic information

  4. Layout Obfuscation in Android Non-descriptive names package com.example.dbhelper package a.b.c Security Challenges class DBHelper extends SQLiteHelper { class a extends SQLiteHelper { SQLiteDatabase db ; SQLiteDatabase b ; Some names Obfuscate Code Inspection public DBHelper (Context ctx) { public a (Context ctx) { remain db = getWritableDatabase(); b = getWritableDatabase(); } } Third-party Library Detection Cursor execSQL (String str) { Cursor c (String str) { return db .rawQuery(str); … many others return b .rawQuery(str); } } Names provide } } key semantic information

  5. Layout Obfuscation in Android Non-descriptive names package com.example.dbhelper package a.b.c class DBHelper extends SQLiteHelper { class a extends SQLiteHelper { SQLiteDatabase db ; SQLiteDatabase b ; Can we reverse Some names public DBHelper (Context ctx) { public a (Context ctx) { layout obfuscation remain db = getWritableDatabase(); b = getWritableDatabase(); } } Cursor execSQL (String str) { Cursor c (String str) { return db .rawQuery(str); return b .rawQuery(str); } } Names provide } } key semantic information

  6. Layout Obfuscation in Android Non-descriptive names package com.example.dbhelper package a.b.c class DBHelper extends SQLiteHelper { class a extends SQLiteHelper { SQLiteDatabase db ; SQLiteDatabase b ; public DBHelper (Context ctx) { public a (Context ctx) { www.apk-deguard.com db = getWritableDatabase(); b = getWritableDatabase(); } } Cursor execSQL (String str) { Cursor c (String str) { return db .rawQuery(str); return b .rawQuery(str); } } Names provide } } key semantic Yes, with roughly 80% accuracy! information

  7. www.apk-deguard.com Released last week, so far: > 5K users > 5GB APKs Reddit posts/comments Tweets . . . . . .

  8. How Does DeGuard Work?

  9. DeGuard: System Overview class a extends SQLiteHelper { class DBHelper extends SQLiteHelper{ SQLiteDatabase b ; SQLiteDatabase db ; Static MAP public a (Context ctx) { public DBHelper (Context ctx) { Transform analysis Inference b = getWritableDB(); db = getWritableDB(); } } } } Obfuscated Code De-obfuscated Code Prediction Phase Learning Phase Probabilistic model 𝑄 ) Open-source, Static Training unobfuscated analysis applications Semantic representation

  10. Probabilistic Graphical Models

  11. Probabilistic Graphical Models class a extends SQLiteHelper { name1 name2 weight SQLiteDatabase b ; 𝑔 % SQLiteHelper DBUtils 0.3 public a (Context ctx) { 𝑔 & SQLiteHelper DBHelper 0.2 b = getWritableDB(); } SQLiteHelper a name1 name2 weight extends } 𝑔 ) DBUtils instance 0.5 field-in 𝑔 * DBHelper db 0.4 gets getWritableDB b 𝑔 + … … … name1 name2 weight 𝑔 ' getWritableDB db 0.7 Graph + features define a probabilistic graphical model 𝑔 ( getWritableDB instance 0.4 𝑄 ) = 𝑃 𝐿 = 𝑄 𝑏, 𝑐 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑕𝑓𝑢𝑋𝑠𝑗𝑢𝑏𝑐𝑚𝑓𝐸𝐶 ) Known variables 𝐿 = 1 𝑎 exp (0.3 I 𝑔 % 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑏 Unknown variables 𝑃 + 0.2 I 𝑔 & 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑏 + ⋯ ) 𝑔 % , 𝑔 & , . . Feature functions

  12. Probabilistic Graphical Models class a extends SQLiteHelper { name1 name2 weight SQLiteDatabase b ; 𝑔 % SQLiteHelper DBUtils 0.3 public a (Context ctx) { 𝑔 & SQLiteHelper DBHelper 0.2 b = getWritableDB(); } SQLiteHelper a name1 name2 weight extends } 𝑔 ) DBUtils instance 0.5 field-in 𝑔 * DBHelper db 0.4 Next gets getWritableDB b 𝑔 + … … … How are the weights name1 name2 weight and features learned? 𝑔 ' getWritableDB db 0.7 Graph + features define a probabilistic graphical model 𝑔 ( getWritableDB instance 0.4 𝑄 ) = 𝑃 𝐿 = 𝑄 𝑏, 𝑐 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑕𝑓𝑢𝑋𝑠𝑗𝑢𝑏𝑐𝑚𝑓𝐸𝐶 ) Known variables 𝐿 = 1 𝑎 exp (0.3 I 𝑔 % 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑏 Unknown variables 𝑃 + 0.2 I 𝑔 & 𝑇𝑅𝑀𝑗𝑢𝑓𝐼𝑓𝑚𝑞𝑓𝑠, 𝑏 + ⋯ ) 𝑔 % , 𝑔 & , . . Feature functions

  13. Learning

  14. Learning Actual graphs have >1,000 nodes >2,000 name1 name2 weight 𝑔 % SQLiteHelper DBUtils 0.3 Dependency graphs Unobfuscated 𝑔 & SQLiteHelper DBHelper 0.2 APKs name1 name2 𝑔 ' getWritableDB db 0.7 Static Train 𝑔 % SQLiteHelper DBUtils 𝑔 ( getWritableDB instance 0.4 analysis Model 𝑔 & SQLiteHelper DBHelper 𝑔 ) DBUtils instance 0.5 𝑔 ' getWritableDB db 𝑔 * DBHelper db 0.4 Feature 𝑔 ( getWritableDB instance 𝑔 + … … … templates 𝑔 ) DBUtils instance 𝑔 * DBHelper db 28 templates 𝑔 + … … Compute weights that maximize >100,000 Features (with 𝑄 𝑃 = 𝑝 N 𝐿 = 𝑙 N for all candidate names) training samples (𝑝 N , 𝑙 N )

  15. DeGuard: System Overview class a extends SQLiteHelper { class DBHelper extends SQLiteHelper{ SQLiteDatabase b ; SQLiteDatabase db ; Static MAP public a (Context ctx) { public DBHelper (Context ctx) { Transform analysis Inference b = getWritableDB(); db = getWritableDB(); } } } } Obfuscated Code De-obfuscated Code Prediction Phase Learning Phase Probabilistic model 𝑄 ) Open-source, Static Training unobfuscated analysis applications

  16. DeGuard: System Overview class a extends SQLiteHelper { class DBHelper extends SQLiteHelper{ SQLiteDatabase b ; SQLiteDatabase db ; Static MAP public a (Context ctx) { public DBHelper (Context ctx) { Transform analysis Inference b = getWritableDB(); db = getWritableDB(); } } } } Obfuscated Code De-obfuscated Code Prediction Phase Probabilistic model 𝑄 )

  17. Prediction Phase name1 name2 weight SQLiteHelper DBUtils 0.3 class a extends SQLiteHelper { SQLiteHelper DBHelper 0.2 SQLiteDatabase b ; Static public a (Context ctx) { analysis SQLiteHelper a b = getWritableDB(); extends } field-in Obfuscated Code } gets getWritableDB b name1 name2 weight name1 name2 weight DBUtils instance 0.5 getWritableDB db 0.7 DBHelper db 0.4 getWritableDB instance 0.4 DBUtils db 0.2 DBHelper instance 0.2

  18. Prediction Phase name1 name2 weight SQLiteHelper DBUtils 0.3 MAP Inference class a extends SQLiteHelper { SQLiteHelper DBHelper 0.2 SQLiteDatabase b ; Program 𝑝 ⃗ = 𝑏𝑠𝑕𝑛𝑏𝑦 𝑄 𝑃 = 𝑝 ⃗′ 𝐿 = 𝑙 public a (Context ctx) { analysis SQLiteHelper a b = getWritableDB(); 𝑝 ⃗′ ∈ Ω extends } field-in Obfuscated Code } Candidate assignment 𝒑 𝑸 𝒑 𝒍) * gets getWritableDB b a = DBUtils b = instance 1.2 a = DBHelper b = db 1.3 name1 name2 weight a = DBUtils b = db 0.8 name1 name2 weight DBUtils instance 0.5 getWritableDB db 0.7 a = DBHelper b = instance 1.2 DBHelper db 0.4 getWritableDB instance 0.4 DBUtils db 0.2 DBHelper instance 0.2 *Non-normalized

  19. Prediction Phase name1 name2 weight SQLiteHelper DBUtils 0.3 MAP Inference class a extends SQLiteHelper { SQLiteHelper DBHelper 0.2 SQLiteDatabase b ; Program 𝑝 ⃗ = 𝑏𝑠𝑕𝑛𝑏𝑦 𝑄 𝑃 = 𝑝 ⃗′ 𝐿 = 𝑙 public a (Context ctx) { analysis SQLiteHelper a b = getWritableDB(); 𝑝 ⃗′ ∈ Ω extends } field-in Obfuscated Code } Candidate assignment 𝒑 𝑸 𝒑 𝒍) * gets getWritableDB b a = DBUtils b = instance 1.2 a = DBHelper b = db 1.3 name1 name2 weight a = DBUtils b = db 0.8 name1 name2 weight DBUtils instance 0.5 getWritableDB db 0.7 a = DBHelper b = instance 1.2 DBHelper db 0.4 getWritableDB instance 0.4 DBUtils db 0.2 DBHelper instance 0.2 *Non-normalized

  20. Prediction Phase name1 name2 weight SQLiteHelper DBUtils 0.3 class a extends SQLiteHelper { SQLiteHelper DBHelper 0.2 SQLiteDatabase b ; Static public a (Context ctx) { analysis SQLiteHelper DBHelper b = getWritableDB(); extends } field-in Obfuscated Code } gets getWritableDB db class DBHelper extends SQLiteHelper { SQLiteDatabase db ; name1 name2 weight public DBHelper (Context ctx) { name1 name2 weight DBUtils instance 0.5 Transform db = getWritableDB(); getWritableDB db 0.7 DBHelper db 0.4 } getWritableDB instance 0.4 DBUtils db 0.2 Deobfuscated Code } DBHelper instance 0.2

Recommend

St Statistical De De-ob obfu fusc scation ion for or Android oid Pe Petar Tsankov, ETH

St Statistical De De-ob obfu fusc scation ion for or Android oid Pe Petar Tsankov, ETH

www.srl.inf.ethz.ch St Statistical De De-ob obfu fusc scation ion for or Android oid Pe Petar Tsankov, ETH Zurich DeGua De uard Team Te Benjamin Veselin Petar Martin Bichsel Raychev Tsankov Vechev Why De-obfuscate Android

429 views • 32 slides
Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2

Developers Google Maps Android API v2 Make your Android app pop with Google Maps Android API v2 Anthony Morris Jan-Felix Schmakeit Tech Lead, Android Maps API Android Developer Relations Code, Slides, Worksheet: http://goo.gl/MfY67 Welcome!

687 views • 49 slides
Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to

Introduction to Android Development What is Android? Android is the customizable, easy to use operating system that powers more than a billion devices across the globe - from phones and tablets to watches, TV, cars and more to come.

464 views • 21 slides
CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest

Project #1: Color Guess Game CS619 Android 101 BENCE CSERNA Android: Manifest example Android: Manifest <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="net.cserna.bence.colorguess

201 views • 3 slides
What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4

What other Android APIs may be useful for ubicomp? Speaking to Android Ref: Professional Android 4 Development, Meier, Ch 11, pg 437 Speech recognition: Accept inputs as speech (instead of typing) e.g. dragon dictate app? Note: Google

333 views • 16 slides
Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android

Android AsyncTask AsyncTask Android AsyncTask is an abstract class provided by Android which gives us the liberty to perform heavy tasks in the background and keep the UI thread light thus making the application more responsive. Basic

240 views • 5 slides
Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview

Android Android Application Development - Ashwin Agenda Android Platform Overview Installation Building Blocks Application Development Development Tools Source walk through Introduction to Android Open software

978 views • 49 slides
CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android?

CS371m - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

1.49k views • 70 slides
CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android?

CS378 - Mobile Computing Android Overview and Android Development Environment What is Android? A software stack for mobile devices that includes An operating system Middleware Key Applications Uses Linux to provide core

583 views • 31 slides
Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the

Android Malware Analysis on Attacks and Defense Android malware Android malware With the explosive growth of mobile device market and usage, there is an increasing number of malicious mobile applications targeting these devices and

819 views • 44 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
Services Android Services A Service is an application component that runs in the background, not

Services Android Services A Service is an application component that runs in the background, not

Lesson 22 Lesson 22 Android Android Services Victor Matos Cleveland State University Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work

692 views • 26 slides
Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working

Android Pre-requisites 1 Android To Dos Make sure you have working install of Android Studio Make sure it works by running Hello, world App On emulator

666 views • 24 slides
Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware

Android Michael Greifeneder Image source: Android homepage Inhalt Overwiew Hardware Software Development Tools Basics Debugging/Emulator Location Demo Android And Me Why I like Android Blend of Linux

1.01k views • 25 slides
CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu

CS 528 Mobile and Ubiquitous Computing Lecture 2: Android Introduction and Setup Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android

388 views • 38 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is

CS 403X Mobile and Ubiquitous Computing Lecture 2: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Google: Owns Android, maintains it, extends it Distributes Android OS,

589 views • 35 slides
CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is

CS 528 Mobile and Ubiquitous Computing Lecture 1b: Introduction to Android Emmanuel Agu What is Android? Android is worlds leading mobile operating system Open source (https://source.android.com/setup/) Google: Owns Android,

652 views • 43 slides
ANDROID PROGRAMMING - INTRODUCTION Roberto Beraldi Web resources (android) Code

ANDROID PROGRAMMING - INTRODUCTION Roberto Beraldi Web resources (android) Code

ANDROID PROGRAMMING - INTRODUCTION Roberto Beraldi Web resources (android) Code https://developer.android.com/guide/index.html http://www.vogella.com/tutorials/android.html

1.49k views • 60 slides
CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program

CS 403X Mobile and Ubiquitous Computing Lecture 2: Android UI Design, First Android Program Emmanuel Agu Android UI Design in XML Recall: Files Hello World Android Project XML file used to design Android UI 3 Files: Activity_main.xml: XML

1.18k views • 92 slides
HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android

HELLO WORLD ON ANDROID Create a new Android Project Open File->New->Android project Application name Company domain Project location Hello World Project Target Android Devices Hello World Project Add an

213 views • 18 slides
Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on:

Lesson 25 Android Google Maps Android API V2 Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html Portions of this page are reproduced from work created and shared by Google

518 views • 41 slides
2.) Modify the Layout of your Fragment The Layout of the Fragment contains a ListView (hence we

2.) Modify the Layout of your Fragment The Layout of the Fragment contains a ListView (hence we

PEM (Android) WS 2015/16 Assignment 01 Assignment 01 First Steps Prepare the Android development environment and create your first test app to check all involved components Download the Android development IDE Android Studio from

577 views • 4 slides
Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Programming with Android: System Architecture Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android Architecture: An Overview Android Java Virtual Machine Android Components: Activities Android

752 views • 51 slides
Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android

Programming with Android: System Architecture Luca Bedogni Dipartimento di Scienze dellInformazione Universit di Bologna Outline Android Architecture: An Overview Android Java Virtual Machine Android Components: Activities Android

804 views • 56 slides

More recommend