We Can Still Crack You! General Unpacking Method for Android Packer (no root)

Presented at Black Hat Asia 2015, Unknown date/time (Unknown duration).

Recently, Android application employs some techniques to protect their code such as APKProtect, DexGuard, BangCle, Ijiami, and LIAPP. These tools modify original DEX (Dalvik Executable) or replace original DEX to second DEX(for unpacking&loader) generated by packing tool. The tools employ many anti-analysis techniques to prevent being analyzed such as anti-debugging (for gdb), anti-jdwp (for java debugger), anti-tamper and obfuscation for dalvik and native code. Even they are using self-debugging (self-ptrace) techniques. These techniques cause a reverse engineer to be annoyed and devastated. Also, tools and systems which automatically analyze Android application cannot analyze them correctly because of their anti-analysis technique. However, we propose a novel general unpacking method without getting root privilege for unpacking. In this presentation, we are going to show you how it works.

Presenters:

  • Yeongung Park - ETRI
    Santa Park works as a Security Researcher at ETRI, Korea.

Links:

Similar Presentations: