Abstract:

The authors proposed a new Android repackaging method based on Android app characteristics. The new method can repackage apps without decompiling nor modifying the code and also supports packed apps. The method leverages multiple new code injection techniques to attach code to the app. Then, it adds a hook framework to provide capabilities to modify the code behaviors. Finally, the app’s behaviors will be changed during runtime, thus the app is repackaged. A prototype framework is also implemented. The experiments demonstrate that the framework is compatible to different Android platforms and multiple packers. This research has proved that the current packing techniques have some flaws and the method can be used in dynamic code analysis, defense policies deployment and app modification.

Key words: Android, repackaging method research, noninvasive, packed apps

摘要：

通过分析Android的应用特点, 提出一种新的Android重打包方法。该方法可以在不反编译、不修改原有应用代码的基础上, 实现对Android应用的重打包, 并支持主流加壳工具。该方法利用多种新的代码注入技术, 引入额外代码; 加载Hook框架, 提供代码修改能力; 最后动态修改应用行为, 实现应用重打包。实现了原型框架, 并通过实验, 验证了该框架在多个Android系统版本及多个加壳服务上的有效性。既证明了现有加壳技术的缺陷, 又可以用于对Android应用的动态调试、防御功能部署以及应用修改等。

关键词: Android, 重打包, 非侵入式, 加壳