AutoD: Intelligent Blockchain Application Unpacking Based on JNI Layer Deception Call

Among all ongoing attacks on mobile, those targeting blockchain-wallet applications raise pressing concerns due to the risks of potential monetary loss. These attacks mainly focus on the theft and forwarding of keys in executable files. The challenge is that these malicious code behaviors are not detectable with the usual detection methods. We propose in this article the implementation of an unpacking system to the intelligent block-chain applications: AutoD, based on the JNI layer deception-call in Android ART. This solution can successfully restore the decrypted Dex file during the execution of the reinforced blockchain applications. The core idea is to first transfer the Dex from memory to the sdcard completely according to the DexFile structure. Then through deception-calling on every method of every class, AutoD successfully repairs the function-extracting protection component in Dex. Experimental results show that AutoD offers full repair on the function-ex-tracting protection component, where most of the malicious code usually hides.

[1]  Binxing Fang,et al.  A Survey on Access Control in the Age of Internet of Things , 2020, IEEE Internet of Things Journal.

[2]  Mohsen Guizani,et al.  Vcash: A Novel Reputation Framework for Identifying Denial of Traffic Service in Internet of Connected Vehicles , 2019, IEEE Internet of Things Journal.

[3]  M. Shamim Hossain,et al.  Enforcing Position-Based Confidentiality With Machine Learning Paradigm Through Mobile Edge Computing in Real-Time Industrial Informatics , 2019, IEEE Transactions on Industrial Informatics.

[4]  Mu Zhang,et al.  Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation , 2018, NDSS.

[5]  Juanru Li,et al.  AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware , 2015, RAID.

[6]  Xiapu Luo,et al.  DexHunter: Toward Extracting Hidden Code from Packed Android Applications , 2015, ESORICS.

[7]  Nicolas Christin,et al.  Evading android runtime analysis via sandbox detection , 2014, AsiaCCS.

[8]  Tzi-cker Chiueh,et al.  A Study of the Packer Problem and Its Solutions , 2008, RAID.

[9]  Somesh Jha,et al.  OmniUnpack: Fast, Generic, and Safe Unpacking of Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[10]  Heng Yin,et al.  Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[11]  Wenke Lee,et al.  PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).