Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application

Q2 Computer Science

International Journal of Interactive Mobile Technologies Pub Date : 2023-10-10 DOI:10.3991/ijim.v17i19.42575

None Ilham, None Muhammad Niswar, None Ady Wahyudi Paundu

{"title":"Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application","authors":"None Ilham, None Muhammad Niswar, None Ady Wahyudi Paundu","doi":"10.3991/ijim.v17i19.42575","DOIUrl":null,"url":null,"abstract":"The rapid growth of Android applications has led to more cybercrime cases, specifically Reverse Engineering attacks, on Android apps. One of the most common cases of reverse engineering is application repackaging, where the application is downloaded via the Play Store or the official website and then repackaged with various additions or changes. One of the ways to avoid Application Repackaging attacks is to check the signature of an application. However, hackers can manipulate the application by adding a hook, i.e., replacing the original function for getting signatures with a new modified function in the application. In this research, the development of a verification method for Android applications is carried out by utilizing Dex CRC and the Blake2 algorithm, which will be written in C using the Java Native Interface (JNI). The results of this study indicate that the verification method using Dex CRC and the Blake2 algorithm can effectively protect Android applications from Application Repackaging attacks without burdening application performance.","PeriodicalId":53486,"journal":{"name":"International Journal of Interactive Mobile Technologies","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Interactive Mobile Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3991/ijim.v17i19.42575","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 0

Abstract

The rapid growth of Android applications has led to more cybercrime cases, specifically Reverse Engineering attacks, on Android apps. One of the most common cases of reverse engineering is application repackaging, where the application is downloaded via the Play Store or the official website and then repackaged with various additions or changes. One of the ways to avoid Application Repackaging attacks is to check the signature of an application. However, hackers can manipulate the application by adding a hook, i.e., replacing the original function for getting signatures with a new modified function in the application. In this research, the development of a verification method for Android applications is carried out by utilizing Dex CRC and the Blake2 algorithm, which will be written in C using the Java Native Interface (JNI). The results of this study indicate that the verification method using Dex CRC and the Blake2 algorithm can effectively protect Android applications from Application Repackaging attacks without burdening application performance.

查看原文本刊更多论文

基于Dex CRC和Blake2算法的签名验证防止Android应用的逆向工程攻击

Android应用程序的快速增长导致了更多的网络犯罪案件，特别是针对Android应用程序的逆向工程攻击。最常见的逆向工程案例之一是应用程序重新打包，即通过Play Store或官方网站下载应用程序，然后通过各种添加或更改重新打包。避免应用程序重新打包攻击的方法之一是检查应用程序的签名。然而，黑客可以通过添加钩子来操纵应用程序，即用应用程序中修改过的新函数替换用于获取签名的原始函数。在本研究中，利用Dex CRC和Blake2算法开发了一种Android应用程序的验证方法，该方法将使用Java Native Interface (JNI)用C语言编写。研究结果表明，采用Dex CRC和Blake2算法的验证方法可以有效地保护Android应用程序免受应用程序重新包装攻击，而不会增加应用程序性能的负担。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Interactive Mobile Technologies Computer Science-Computer Networks and Communications

CiteScore

5.20

自引率

0.00%

发文量

250

审稿时长

8 weeks

期刊介绍： This interdisciplinary journal focuses on the exchange of relevant trends and research results and presents practical experiences gained while developing and testing elements of interactive mobile technologies. It bridges the gap between pure academic research journals and more practical publications. So it covers the full range from research, application development to experience reports and product descriptions. Fields of interest include, but are not limited to: -Future trends in m-technologies- Architectures and infrastructures for ubiquitous mobile systems- Services for mobile networks- Industrial Applications- Mobile Computing- Adaptive and Adaptable environments using mobile devices- Mobile Web and video Conferencing- M-learning applications- M-learning standards- Life-long m-learning- Mobile technology support for educator and student- Remote and virtual laboratories- Mobile measurement technologies- Multimedia and virtual environments- Wireless and Ad-hoc Networks- Smart Agent Technologies- Social Impact of Current and Next-generation Mobile Technologies- Facilitation of Mobile Learning- Cost-effectiveness- Real world experiences- Pilot projects, products and applications