Research And Implementation Of Android Application Reinforcement Based On LLVM

With the rapid development of Internet and the gradual popularization of 5G technology,mobile devices have been integrated into all aspects of social and economic life.Android operating system accounts for most of the share of mobile Internet,but different from the unified application distribution center of IOS system,Android operating system does not have the unified application distribution mechanism,and applications can come from any channel or application market,which causes Android applications to be seriously affected by the retyping problem.It also brings huge economic losses to the application developers and makes users feel more comfortable faced with a variety of security threats.Therefore,it is of great significance to study the reinforcement and protection of Android applications.Java layer code is the main part of Android applications,while the context semantics of Java layer code and Smali instructions are obvious.Currently,the commonly used protection methods cannot cope with dynamic analysis due to the large protection grain.The research in the past two years mainly focuses on the protection of Android local layer code,so there is an urgent need for effective protection methods of Android Java layer code.This thesis proposes a method of Android application reinforcement based on LLVM,which transforms Android Java layer code into C code and protects it from confusion.The work and innovation of this thesis are as follows:(1)In view of the problem that the performance cost of Android bytecode protection program is too large and the ability to resist reverse is insufficient,this thesis uses the decision model proposed in this thesis to select the key function in Android bytecode,and then extracts the key function from the DEX file and decompiles it into Smali code,then uses the decompiler engine proposed in this thesis to transform Smali code into C code,and finally modifies the property of the function to native and the APK is repackaged.After decompiling the function,it is found that there is only the declaration of the function but no specific implementation in Java layer,which indicates that the function has been successfully localized.The purpose of Android bytecode conversion is to reduce the semantic information of the code itself,increase its security and reduce the performance consumption caused by confusion.(2)Taking the data of bytecode function as the research object,the obfuscation protection of string constant and integer variable is carried out respectively.String constant is the key to locate code segment in reverse analysis,but the current string protection method is easy to be reversed.In this thesis,we use logic mapping to generate key,then XOR encrypt the string,and then insert decryption function for dynamic decryption.The effect and performance consumption before and after obfuscation show that the performance consumption caused by obfuscation is less.Data is mainly composed of integer numbers,but the current research on integer protection is too little.In this thesis,we use double split to replace and confuse integer variables,split the integer variables in the function into high and low positions with equal length,and replace the corresponding operations of integer variables to confuse the logical relationship between the data in the function;By analyzing the effect and performance consumption before and after confusion,the results show that the code expansion effect of integer number splitting is significant.(3)Taking the control flow of bytecode function as the research object,the control flow is flattened and the false control flow is inserted.The existing control flow planarization methods are easy to be reversed by the symbolic execution method.In this thesis,NCNN framework is introduced based on the original control flow planarization,generates a group of routing vectors to control the distribution and scheduling of basic blocks,so that the reverse analysis can not connect the adjacent two basic blocks for analysis.The effect before and after the control flow planarization and the performance consumption of the program are found that although the performance consumption is large and the code expansion effect is significant.Based on the existing number theory formula,this thesis constructs uncertain opaque predicates to generate false control flow,and inserts different opaque predicates into different program structures to complicate the control flow,thus interfering with the analysis of reversers.The comparative analysis shows that inserting uncertain opaque predicates can not only make the code expand significantly,but also reduce the performance consumption.Based on the above research and the actual needs of users,this thesis designs and implements an Android application reinforcement system.The system can realize the selection function of obfuscation scheme,support users to manually input key functions for protection,and also can directly obfuscate the selected SO file.Four common shelling tools and two latest shelling methods are selected to conduct reverse analysis on the Android application after reinforcement,and the experimental results prove the security of the method proposed in this thesis;six common Android applications are selected to test the CPU occupation and memory consumption of the program after reinforcement,which proves the low consumption of the method proposed in this thesis.