Malware authors implement many different techniques to frustrate analysis and make reverse engineering malware more difficult. Many of these anti-analysis and anti-reverse engineering techniques attempt to send a reverse engineer down an incorrect investigation path or require them to invest large amounts of time reversing simple code. This talk analyzes one of the most robust anti-analysis native libraries we've seen in the Android ecosystem.
I will discuss each of the techniques the malware author used in order to prevent reverse engineering of their Android native library including manipulating the Java Native Interface, encryption, run-time environment checks, and more. This talk discusses not only the techniques the malware author implemented to prevent analysis, but also the steps and process for a reverse engineer to proceed through the anti-analysis traps. This talk will give you the tools to expose what Android malware authors are trying to hide.