信息网络安全 ›› 2014, Vol. 15 ›› Issue (10): 11-17.doi: 10.3969/j.issn.1671-1122.2014.10.003

• •    

面向Android应用程序的代码保护方法研究

徐剑1,2, 武爽3, 孙琦1, 周福才1   

  1. 1. 东北大学软件学院,辽宁沈阳 110819
    2中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
    3.公安边防部队广州指挥学校,广东广州 510663
  • 收稿日期:2014-09-03 出版日期:2014-10-01 发布日期:2015-08-17
  • 作者简介:

    徐剑(1978-),男,辽宁,讲师,博士,主要研究方向:密码学与网络安全、云计算安全技术等;武爽(1982-),女,吉林,助理工程师,本科,主要研究方向:网络安全;孙琦(1992-),男,江苏,本科,主要研究方向:网络与信息安全;周福才(1964-),男,吉林,教授,博士,主要研究方向:密码学与网络安全、可信计算、电子商务基础理论与关键技术。

  • 基金资助:
    国家科技重大专项基金[2013ZX03002006]、辽宁省科技攻关项目[2013217004]、辽宁省博士启动基金[20141012]、中央高校基本科研业务费专项资金[N130317002]

Research on Code Protection Method for Android Applications

Jian XU1,2, Shuang WU3, Qi SUN1, Fu-cai ZHOU1   

  1. 1. Software College, Northeastern University, Shenyang Liaoning 110819,China
    2.State Key Laboratory of Information Security , Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093,China
    3.Guangzhou Command School of The Public Security Border Forces, Guangzhou Guangdong 510663,China
  • Received:2014-09-03 Online:2014-10-01 Published:2015-08-17

摘要:

近年来,Android操作系统快速发展,逐渐成为移动设备最常用的操作系统之一。与此同时,Android系统的安全问题也日益明显。由于Android系统自身的安全体系不够健全以及Android应用代码保护方法缺失,大量Android应用面临逆向工程、盗版、恶意代码植入等威胁。文章针对Android应用所面临的这些安全问题进行分析,并指出问题存在的原因。在此基础上,设计了一个完整的Android应用程序代码保护方法,该方法由PC端处理模块、Android端处理模块以及Android代码开发规范构成。为使该方法更具可操作性,文章还给出了一些关键技术的实现,包括基于AES算法的加密保护、伪加密、加壳、代码混淆以及特殊编码规则等。文章提出的面向Android应用程序的代码保护方法借鉴了传统的保护方法,结合Android系统的自身特性,采用文件加密、代码混淆、反动态调试、完整性校验以及加壳等技术,从对抗静态攻击和对抗动态调试两个方面提高了应用抗攻击的能力。因此,该方法不仅具有一定的理论意义,还具有一定的实际应用价值。

关键词: Android应用程序, 代码保护, 逆向工程

Abstract:

Android is gaining its popularity in recent years and it has become one of the most common operating systems for mobile devices. However, security problems of Android system appear to be increasingly severe. Due to the fact that security mechanism of Android is not perfect and the protection methods of Android application codes are insufficient, a vast majority of Android applications are confronted with reverse engineering, software pirating and malware implantation threats. This paper analyzes the security problems of Android applications and also points out the reasons of these security problems. The code protection method for Android applications is also given in this paper. The method includes module on pc, module on Android and code development specification of Android applications. In order to make the method more maneuverability, this paper also gives the implementations of some key technologies in the method, which include the encryption protection based on AES algorithm, pseudo encryption, packer, code confusion and special coding rules etc. Integrating with some tradition code protection methods, the proposed method of Android application code protection makes uses of file encryption, code obfuscation, anti-debugging techniques, integrity checkout and packer techniques in order to enhance the abilities of counteracting the static attacks and dynamic debugging. Therefore, this method not only has a certain theoretical significance, but also has certain actual application value.

Key words: Android application, code protection, reverse engineering

中图分类号: