CROSS-VERSION BINARY MATCHING IN ANDROID APPLICATIONS WITH LAYOUT OBFUSCATION

Layout obfuscation can erase the original semantics information in the Android application, which is one of the effective means to resist reverse engineering. Due to the frequent release of Android application, security analysts often need to reverse multiple versions of the same application. However, the layout obfuscation makes it difficult to transfer knowledge obtained by reversing one version to target versions. Therefore, we design a cross-version code matching tool ApkMatcher. The tool utilized anti-obfuscation code features to construct matching rules for accurately matching the same code elements of different versions, thereby transferring reverse knowledge of known versions to target versions. We selected 190 pairs with each having two obfuscated versions to conduct an experimental evaluation. The results show that the code matching precision rate reached 89%, of which the matching precision rate for functions is 44% higher than that of existing methods.