你所有的根检查都属于我们:根检测的悲哀状态

Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access Pub Date : 2015-11-02 DOI:10.1145/2810362.2810364

Nathan S. Evans, Azzedine Benameur, Yun Shen

{"title":"你所有的根检查都属于我们:根检测的悲哀状态","authors":"Nathan S. Evans, Azzedine Benameur, Yun Shen","doi":"10.1145/2810362.2810364","DOIUrl":null,"url":null,"abstract":"In our research, most of our analysis was based on statically reverse engineering the applications. However we wanted to combine this with dynamic analysis to make sure our findings were correct and observable at runtime. For this, we initially created \"AndroPoser\". AndroPoser is a library we inject into Android processes leveraging a feature of the dynamic linker that allows us to transparently modify the runtime behavior of selected functions using LD_PRELOAD. This dynamic library interposition allowed us to hook functions and modify the data they manipulate and/or their return code. We realized that this could be used not only as a support tool for our analysis, but also to subdue any native code that checks for evidence of root access.","PeriodicalId":332932,"journal":{"name":"Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2015-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"All your Root Checks are Belong to Us: The Sad State of Root Detection\",\"authors\":\"Nathan S. Evans, Azzedine Benameur, Yun Shen\",\"doi\":\"10.1145/2810362.2810364\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In our research, most of our analysis was based on statically reverse engineering the applications. However we wanted to combine this with dynamic analysis to make sure our findings were correct and observable at runtime. For this, we initially created \\\"AndroPoser\\\". AndroPoser is a library we inject into Android processes leveraging a feature of the dynamic linker that allows us to transparently modify the runtime behavior of selected functions using LD_PRELOAD. This dynamic library interposition allowed us to hook functions and modify the data they manipulate and/or their return code. We realized that this could be used not only as a support tool for our analysis, but also to subdue any native code that checks for evidence of root access.\",\"PeriodicalId\":332932,\"journal\":{\"name\":\"Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-11-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2810362.2810364\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2810362.2810364","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

在我们的研究中，我们的大多数分析都是基于静态的应用程序逆向工程。然而，我们希望将其与动态分析相结合，以确保我们的发现在运行时是正确的和可观察的。为此，我们最初创建了“AndroPoser”。AndroPoser是我们注入Android进程的一个库，它利用了动态链接器的一个特性，允许我们使用LD_PRELOAD透明地修改所选函数的运行时行为。这种动态库的插入允许我们钩住函数并修改它们操作的数据和/或它们的返回代码。我们意识到，这不仅可以用作我们分析的支持工具，还可以用来抑制检查根访问证据的任何本机代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

All your Root Checks are Belong to Us: The Sad State of Root Detection

In our research, most of our analysis was based on statically reverse engineering the applications. However we wanted to combine this with dynamic analysis to make sure our findings were correct and observable at runtime. For this, we initially created "AndroPoser". AndroPoser is a library we inject into Android processes leveraging a feature of the dynamic linker that allows us to transparently modify the runtime behavior of selected functions using LD_PRELOAD. This dynamic library interposition allowed us to hook functions and modify the data they manipulate and/or their return code. We realized that this could be used not only as a support tool for our analysis, but also to subdue any native code that checks for evidence of root access.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 13th ACM International Symposium on Mobility Management and Wireless Access

自引率

0.00%

发文量