Reversing Obfuscated Control Flow Structures in Android Apps using ReDex Optimizer

Reversing Obfuscated Control Flow Structures in Android Apps using ReDex Optimizer

연구 분야: Analysis

학회: SMA 2020: The 9th International Conference on Smart Media and Applications

Code obfuscation is a technique that makes programs harder to understand. Malware writers widely the obfuscation technique to evade detection from anti-malware software, or to deter reverse engineering attempts for their malicious code. If we de-obfuscate the obfuscated code and restore it to the original code before obfuscation was applied, we can analyze the obfuscated malware effectively and efficiently. In this paper, we apply ReDex optimizer for reversing the control-flow obfuscation performed by the Obfuscapk system on open-source Android applications. We then analyze the effectiveness and limitations of ReDex in terms of its deobfuscation ability to reverse the control-flow obfuscation of Android apps. The experimental results show that ReDex can recover 1089 of 1108 apps obfuscated with control-flows obfuscation techniques of Obfuscapk obfuscator. During the process of optimizing bytecode, ReDex reduces the number of methods and fields significantly while it has a limitation in removing dead codes related to both useless goto statements and random nop instructions.