Endoscope: Unpacking Android Apps with VM-Based Obfuscation

Code virtualization has long been used for code protection by both benign and malicious programs. In recent years we have seen an increasing number of mobile apps adopting this technique. The difficulties to reverse-engineer them lie in that one needs to figure out the virtual machine’s mechanism of fetching and executing instructions, before one can understand higher-level semantics of virtualized program. Due to the heterogeneity of custom instructions, Common Tools like jadx and IDA cannot recognize VM’s instructions like they do with dex/x86/arm instructions... By: Fan Wu , Xuankai Zhang Full Abstract and Presentation Materials: #endoscope-unpacking-android-apps-with-vm-based-obfuscation-33137