Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation

Abstract

Android applications are becoming more and more obfuscated to prevent reverse engineering. While obfuscation can be applied on both, the Dalvik bytecode and the native code, the former is more challenging to analyze due to the structure of the bytecode as well as the API provided by Android Runtime. The purpose of this talk is to present dynamic binary instrumentation techniques that can help reverse engineers to deal with obfuscated codes. These techniques aim to be obfuscator resilient so that it does not rely on a special kind of obfuscation neither a specific obfuscator.

Publication
Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation

Slides

Whitepaper

Demo #1: Snapchat

Demo #2: Legu Packer

Note: The videos are intentionally quick. Do not hesite to pause them.