Android Application Protection against Static Reverse Engineering based on Multidexing

Nak Young Kim¹, Jaewoo Shim¹, Seong-je Cho¹, Minkyu Park²⁺, and Sanghcul Han²

¹Dankook University, Yongin, Gyeonggi 16890 Korea

{iuasdofil, 32131715, sjcho}@dankook.ac.kr

²Konkuk University, Chungju, Chungbuk 27478 Korea

{minkyup, schan}@kku.ac.kr

Abstract

DEX files are executable files of Android applications. Since DEX files are in the format of Java bytecodes, their Java source codes can be easily obtained using static reverse engineering tools. This results in numerous Android application thefts. There are some tools (e.g. bangcle, ijiami, liapp) that protect Android applications against static reverse engineering utilizing dynamic code loading. These tools usually encrypt classes.dex in an APK file. When the application is launched, the encrypted classes.dex file is decrypted and dynamically loaded. However, these tools fail to protect multidex APKs, which include more than one DEX files (classes2.dex, classes3.dex, ...) to accommodate large-sized execution codes. In this paper, we propose a technique that protects multidex Android applications against static reverse engineering. The technique can encrypt/decrypt multiple DEX files in APK files and dynamically load them. The experimental results show that the proposed technique can effiectively protect multidex APKs. 

Keywords: Android, Reverse engineering, Multidex, Dynamic code loading, Packing.

+: Corresponding author: Minkyu Park
Department of Computer Engineering, Konkuk University, 268 Chungwondaero, Chungju-si, Chungbuk-do, 27478, Korea, Tel: +82-43-840-3559

Journal of Internet Services and Information Security (JISIS), 6(4): 54-64, November 2016 [pdf]