Semantic Redirection Obfuscation: A Control flow Obfuscation Based on Android Runtime

摘要

Reverse engineering, repackaging and misuse of Android apps are becoming more and more widespread. Many obfuscation schemes are not enough against sustainably evolving reverse engineering techniques, while others have performance problems or limitations. In this paper, we propose a novel scheme that redirects method invocation dynamically to hide the actual control flow of the program. Firstly, some pivotal methods are replaced by others unrelated methods, so that the actual semantics of the program no longer appear. Then by modifying the entry address of the methods in the obfuscated code, the methods execution automatically jumps to the corresponding target methods without any code modification. In order to accurately restore the control flow, the encrypted mapping is decrypted using dynamic passwords from the server in the standalone Java interpreter. Since the obfuscated program semantics and program execution results can not be significantly different, it is almost impossible to reveal the real logic of the program through static analysis. The scheme can also effectively increase the difficulty of dynamic analysis. The evaluation results show that the semantic redirection obfuscation scheme can well hide the actual control flow of the program and both the time and space consumption introduced are acceptable.