Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Anti-ProGuard: Towards automated deobfuscation of android apps

: Baumann, R.; Protsenko, M.; Müller, T.


Association for Computing Machinery -ACM-:
4th Workshop on Security in Highly Connected IT Systems, SHCIS 2017. Proceedings : Neuchâtel, Switzerland, June 19 - 22, 2017
New York: ACM, 2017
ISBN: 978-1-4503-5271-0
Workshop on Security in Highly Connected IT Systems (SHCIS) <4, 2017, Neuchâtel>
Fraunhofer AISEC ()

A wide adoption of obfuscation techniques by Android application developers, and especially malware authors, introduces a high degree of complication into the process of reverse engineering, analysis, and security evaluation of third-party and potentially harmful apps. In this paper we present the early results of our research aiming to provide reliable means for automated deobfuscation of Android apps. According to the underlying approach, deobfuscation of a given app is performed by matching its code parts to the unobfuscated code stored in a database. For this purpose we apply well-known software similarity algorithms, such as SimHash and n-gram based ones. As a source of unobfuscated code can serve open source apps and libraries, as well as previously analyzed and manually deobfuscated code. Although the presented techniques are generic in their nature, our current prototype mainly targets Proguard, as one of the most widely used protection tools for Android performing primarily renaming obfuscation. The evaluation of the presented Anti-ProGuard tool witnesses its e ectiveness for the considered task and supports the feasibility of the proposed approach.