DexHunter: Toward extracting hidden code from packed android applications

Yueqian Zhang, Xiapu Luo, Haoyang Yin

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

53 Citations (Scopus)

Abstract

The rapid growth of mobile application (or simply app) economy provides lucrative and profitable targets for hackers. Among OWASP’s top ten mobile risks for 2014, the lack of binary protections makes it easy to reverse, modify, and repackage Android apps. Recently, a number of packing services have been proposed to protect Android apps by hiding the original executable file (i.e., dex file). However, little is known about their effectiveness and efficiency. In this paper, we perform the first systematic investigation on such services by answering two questions: (1) what are the major techniques used by these services and their effects on apps? (2) can the original dex file in a packed app be recovered? If yes, how? We not only reveal their techniques and evaluate their effects, but also propose and develop a novel system, named DexHunter, to extract dex files protected by these services. It is worth noting that DexHunter supports both the Dalvik virtual machine (DVM) and the new Android Runtime (ART). The experimental results show that DexHunter can extract dex files from packed apps effectively and efficiently.
Original languageEnglish
Title of host publicationComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
PublisherSpringer Verlag
Pages293-311
Number of pages19
ISBN (Print)9783319241760
DOIs
Publication statusPublished - 1 Jan 2015
Event20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria
Duration: 21 Sep 201525 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9327
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference20th European Symposium on Research in Computer Security, ESORICS 2015
Country/TerritoryAustria
CityVienna
Period21/09/1525/09/15

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this