TY - JOUR
T1 - PackerGrind
T2 - An Adaptive Unpacking System for Android Apps
AU - Xue, Lei
AU - Zhou, Hao
AU - Luo, Xiapu
AU - Yu, Le
AU - Wu, Dinghao
AU - Zhou, Yajin
AU - Ma, Xiaobo
PY - 2020
Y1 - 2020
N2 - App developers are increasingly using packing services (or packers) to protect their code against being reverse engineered or modified. However, such packing techniques are also leveraged by the malicious developers to prevent the malware from being analyzed and detected by the static malware analysis and detection systems. Though there are already studies on unpacking packed Android apps, they usually leverage the manual reverse engineered packing behaviors to unpack apps packed by the specific packers and cannot be applied to the evolving and new packers. In this paper, we propose a novel unpacking approach with the capacity of adaptively unpacking the evolving and newly encountered packers. Also, we develop a new system, named PackerGrind, based on this adaptive approach for unpacking Android packers. The evaluation with real packed apps demonstrates that PackerGrind can successfully reveal packers? protection mechanisms, effectively handle their evolution and recover Dex files with low overhead.
AB - App developers are increasingly using packing services (or packers) to protect their code against being reverse engineered or modified. However, such packing techniques are also leveraged by the malicious developers to prevent the malware from being analyzed and detected by the static malware analysis and detection systems. Though there are already studies on unpacking packed Android apps, they usually leverage the manual reverse engineered packing behaviors to unpack apps packed by the specific packers and cannot be applied to the evolving and new packers. In this paper, we propose a novel unpacking approach with the capacity of adaptively unpacking the evolving and newly encountered packers. Also, we develop a new system, named PackerGrind, based on this adaptive approach for unpacking Android packers. The evaluation with real packed apps demonstrates that PackerGrind can successfully reveal packers? protection mechanisms, effectively handle their evolution and recover Dex files with low overhead.
KW - Androids
KW - Humanoid robots
KW - Monitoring
KW - Open area test sites
KW - Runtime
KW - Subspace constraints
KW - Tools
UR - http://www.scopus.com/inward/record.url?scp=85085766485&partnerID=8YFLogxK
U2 - 10.1109/TSE.2020.2996433
DO - 10.1109/TSE.2020.2996433
M3 - Journal article
AN - SCOPUS:85085766485
SN - 0098-5589
JO - IEEE Transactions on Software Engineering
JF - IEEE Transactions on Software Engineering
ER -