Volume 6 - Issue 4
Android Application Protection against Static Reverse Engineering based on Multidexing
- Nak Young Kim
Dankook University, Yongin, Gyeonggi 16890 Korea
iuasdofil@dankook.ac.kr
- Jaewoo Shim
Dankook University, Yongin, Gyeonggi 16890 Korea
32131715@dankook.ac.kr
- Seong-je Cho
Dankook University, Yongin, Gyeonggi 16890 Korea
sjcho@dankook.ac.kr
- Minkyu Park
Konkuk University, Chungju, Chungbuk 27478 Korea
minkyup@kku.ac.kr
- Sanghcul Han
Konkuk University, Chungju, Chungbuk 27478 Korea
schan@kku.ac.kr
Keywords: Android, Reverse engineering, Multidex, Dynamic code loading, Packing
Abstract
DEX files are executable files of Android applications. Since DEX files are in the format of Java
bytecodes, their Java source codes can be easily obtained using static reverse engineering tools. This
results in numerous Android application thefts. There are some tools (e.g. bangcle, ijiami, liapp)
that protect Android applications against static reverse engineering utilizing dynamic code loading.
These tools usually encrypt classes.dex in an APK file. When the application is launched, the encrypted
classes.dex file is decrypted and dynamically loaded. However, these tools fail to protect
multidex APKs, which include more than one DEX files (classes2.dex, classes3.dex, ...)
to accommodate large-sized execution codes. In this paper, we propose a technique that protects
multidex Android applications against static reverse engineering. The technique can encrypt/decrypt
multiple DEX files in APK files and dynamically load them. The experimental results show that the
proposed technique can effiectively protect multidex APKs.