38238com尼斯人 > 学术信息 > 正文



来源: 点击: 时间:2021年12月28日 10:54






Android packers have been widely adopted by developers to protect apps from being plagiarized. Meanwhile, various unpacking tools unpack the apps through direct memory dumping. To defend against these off-the-shelf unpacking tools, packers start to adopt virtual machine (VM) based protection techniques, which replace the original Dalvik bytecode (DCode) with customized bytecode (PCode) in memory. This defeats the unpackers using memory dumping mechanisms. However, little is known about whether such packers can provide enough protection to Android apps.

To shed light on these questions, we take the first step towards demystifying the protections provided to the apps by the VM-based packers and propose novel program analysis techniques to investigate existing commercial VM-based packers including a learning phase and a deobfuscation phase. We aim at deobfuscating the VM-protected DCode in three scenarios, recovering the original DCode or its semantics with training apps, and restoring the semantics without training apps. We also develop a prototype named Parema to automate much work of the deobfuscation procedure. By applying it to the online VM-based Android packers, we reveal that all evaluated packers do not provide adequate protection and could be compromised.


香港理工大学计算学系助理教授(研究)、博士生导师,长期从事系统安全、软件工程、网络安全和网联汽车安全等相关领域的研究,目前已发表30余篇系统安全、软件工程相关论文,其中以第一作者身份发表CCF-A类会议和期刊论文10篇,包括IEEE S&P、USENIX Security、ICSE、ISSTA、TIFS、TSE等,并申请和授权多项中国和美国发明专利。目前主持国家自然科学青年基金、CCF-腾讯犀牛鸟基金等项目,并担任多个国际会议的TPC成员以及TIFS、TDSC、TMC等期刊审稿人。

  • 常用系统:
  • 38238com尼斯人
  • |
  • 38238com尼斯人行政管理系统
  • |
  • 会议预订系统
  • |

联系方式:0731-88836659 地址:湖南省长沙市岳麓区38238com尼斯人计算机楼

Copyright ? 2017-2019 38238com尼斯人 All Rights Reserved.

38238com尼斯人 | 管理员登录 | 院长信箱
38238com尼斯人-威尼斯wns 9778