Giter Club home page Giter Club logo

Comments (6)

ClaudiuGeorgiu avatar ClaudiuGeorgiu commented on May 28, 2024

Hi, the AdvancedReflection obfuscator modifies only the calls to the methods of this list, as described in the readme:

Uses reflection to invoke dangerous APIs of the Android Framework. In order to find out if a method belongs to the Android Framework, Obfuscapk refers to the mapping discovered by Backes et al.

so if you're not getting any error it means that those methods weren't found, so no obfuscation was performed.

from obfuscapk.

justinagain avatar justinagain commented on May 28, 2024

That is super interesting. I saw that file - but did not notice it went down to the method level. So, two things:

  1. There are malware detection tools that can take the occurrence of the Android package names (not to the level of the method call) and use it as a feature to successfully discriminate between malware and benign apps with high precision and recall. The Backes paper is great - but I think a relaxed version of this obfuscator that obfuscates all these packages would be wonderful.
  2. Now the fun part. I could probably augment this file - right? Add all the method calls for these APIs, and it would work?

Thanks!

from obfuscapk.

packmad avatar packmad commented on May 28, 2024

If I have understood correctly, you can just use the "Reflection" plugin!

from obfuscapk.

justinagain avatar justinagain commented on May 28, 2024

No - because the Reflection plugin specifically ignores reflecting on calls that are Android specific. What I am saying is if the AdvancedReflection did a wider range of obfuscation of Android specific calls - it would cause a lot of grief for many malware detection tools that analyze dex files (things that do control flow analysis for example or that do simple counts of the number of calls to Android APIs). Granted - it would slow the app to keep layering reflection but who knows by how much.

from obfuscapk.

packmad avatar packmad commented on May 28, 2024

First, yes, you can manually add more entries to the Backes's list.

The problem, and the reason of two different plug in, is that if you use the reflection in order to invoke every android API the app becomes unusable.

Now let's focus on this issue. What is exactly your problem?

from obfuscapk.

justinagain avatar justinagain commented on May 28, 2024

At this point - no problem. I'll try and add more items to the list selectively. You can consider this ticket closed.

from obfuscapk.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.