String Deobfuscation
Scheme based on Dynamic Code Extraction for Mobile Malwares WooJong Yoo, Myeongju Ji, MinKoo Kang, and Jeong Hyun Yi+ Soongsil
University, Seoul, 06978, Korea {msecwj, wlaudwn007, minku1024}@gmail.com,
jhyi@ssu.ac.kr Abstract Various code protection schemes are being
implemented to offer protection and address the vulnerabilities of Android
applications. Among these schemes, code obfuscation is widely used. Because the
program code string is especially fundamental in identifying methods or
variables, if this information is exposed to the attacker, reverse
engineering analysis becomes that much easier. Consequently, string
encryption should be prioritized among obfuscation techniques. If malware
rather than normal code happens to misuse such a protection function, it can
actually bring about an opposite effect by making code analysis more
difficult. Hence, in this paper, we first propose a string deobfuscation scheme that, to effectively analyze malware
that uses string encryption, acquires the decrypted string through dynamic
code extraction and then introduce the system design and implementation. Keywords: Deobfuscation,
Malwares, Reverse Engineering. +: Corresponding author: Jeong Hyun Yi IT Convergence Practice (INPRA), Vol. 4, No. 2, pp. 1-8, June 2016 [pdf] |