Android self-replicating spread app principle Learning (translation)

Android self-replicating spread APP principle Learning ( translation )

1 Background Introduction

Paper Link: http://arxiv.org/abs/1511.00444

Project Address: Https://github.com/Tribler/self-compile-Android

After dinner, I saw this paper, was attracted, and immediately translated summed up a bit. If there is a mistake welcome treatise.

The research starting point of this paper is relatively tall here we will not say, in short, is to achieve a self-networking through mobile devices, in the event of a disaster, the mobile phone can automatically transfer key data, reduce losses. The entire goal is achieved by designing an "autonomous app" that enables self-compiling, self-mutation, and viral propagation. Let's take a look at the core principles of it directly.

2 design of the autonomous app

1. Requires the ability to use a variety of network connection methods such as WiFi, cellular network, Bluetooth and so on.

2. The best system itself is open source, mainly to facilitate access to software compilation tools and to understand the relevant compilation process.

So I chose the Android system. Also note that the key features of the autonomous app are best done without the need for root privileges.

3.1 virus-type transmission

CORE schematic diagram

In short, in the same wireless domain, can be transmitted through NFC and Bluetooth, and then in this domain if a machine can be connected to the external network, then through the machine to spread to the external network.

3.2 Self-compiling

In order to be able to run apps on various devices and platforms, this app must contain all the system versions of the compilation suite. The most effective way is to embed an app compilation factory in this app, which contains all the necessary compilation and connection tools. The following 3 types of original data are required to complete self-compilation:

①app source code;

② third-party library;

③ compiling, linking tools

Of course, there are some NDK tools required if the app contains C + + code.

3.3 Self-variation

The main purpose is to make the app survive in a variety of different environments through mutation. The main way is to let the app itself be able to put code, resource files, and new or changed library files together, let it become a million essential oil app, and then adapt to various devices (of course, in the case of malicious code, can be mutated to reduce the probability of the killing of soft-reported poison).

3.4 Harmless components

Embedding some harmless components in the app (both hardware and software) or embedding "critical logic" in harmless apps can confuse users and reduce the probability of discovery. such as embedding in a calculator. Of course, in order to avoid being checked, the app is best to use someone else's, or the default debug key.

4 Concrete implementations

The main thing is to build an inline compilation environment, and this compilation environment is all java. Since Android itself is open source, it is not difficult to get each compilation tool and to understand how it is compiled, and other tools are basically written in Java in addition to AAPT.

The specific compilation process is shown in Figure 3. Of course there are many related articles on the Internet.

4.1 rewrite aapt

AAPT's function here is not much to say. The main view is how to port this part of the native code into Java code. There is already a ready tool for this work, which is javaidedroid. It is also important to note that the native library files that aapt need at work are all concentrated in a so file. So in order to achieve full NDK independence, it is only necessary to port the AAPT code.

4.2 Java Compiler

Here you choose the Java compiler ECJ that uses eclipse, because this compiler is written in Java.

4.3 Dalvik Conversion

Android uses the DEX format executable file. The Dalvik VM was used in the previous version of Android5.0 to run the Dex file, but art was used instead of the DVM, but art was backwards compatible, so it was also the execution of the Dex file. Therefore, the Java bytecode needs to be converted to the Dalvik bytecode in DEX format. The entire conversion effort is implemented through a toolkit called DX. DX in the conversion of the time to eat memory, if you convert too many things at once easy to crash, but fortunately we can block the above mentioned in the various Java libraries to convert. After the conversion is complete, it is combined by Dexmerger. The good news is that both DX and Dexmerger are written in Java.

4.4 Packaging Tools

The APK package is mainly implemented through the Apkbuilder tool, which is also written in Java. Apkbuilder includes the Android.jar library file for completing Java code compilation, which is used to complete the last linked Java KeyStore file (which is used when the APK is signed), and so on.

4.5 Signature Issue

If the package name of the two apk is the same and the signature is the same, the new apk will replace the old one perfectly. But the self-mutating apk does not work. It is either installed as a new app or is rejected because the package name is the same but the signature is different. So in order to solve this problem, the Zipsigner tool can be used to sign the APK using any key store file (which itself contains debug key by default). So you can use the tool to sign the self-mutating apk using the Debug key.

4.6 Wireless transmission

The main thing is to turn on Bluetooth transmission via NFC and then transfer the APK file via Bluetooth. The entire transmission process can be done automatically.

5 Summary

This paper first proposed and implemented in the Android platform can automatically recompile, self-mutation and viral spread of the "autonomous app", although the author's starting point is good, but will inevitably be used by the people to make malicious code to spread. It is also easy to think that we can completely replace these Android platform compiler tools with other system platform compiler tools, the program through the detection of the current system environment, select the appropriate compilation suite, in order to achieve cross-platform infection.

Android self-replicating spread app principle Learning (translation)