An obfuscation method to build a fake call flow graph by hooking method calls

Author

Fukuda, Kenji ; Tamada, Haruaki

Author_Institution

Div. of Frontier Inf., Kyoto Sangyo Univ., Kyoto, Japan

fYear

2014

fDate

June 30 2014-July 2 2014

Firstpage

1

Lastpage

6

Abstract

This paper proposes an obfuscation method against illegal analysis. The proposed method tries to build a fake call flow graph from debugging tools. The call flow graph represents relations among methods, and helps understanding of a program. The fake call flow graph leads misunderstanding of the program. We focus on a hook mechanism of the method call for changing a callee. We conduct two experiments to evaluate the proposed method. First experiment simulates attacks by existing tools: Soot, jad, Procyon, and Krakatau. The Procyon only succeeded decompilation, the others crashed. Second experiment evaluates understandability of the obfuscated program by the hand. Only one subject in the nine subjects answered the correct value. The experiments shows the proposed method has good tolerance against existing tools, and high difficulty of understanding even if the target program is tiny and simple program.

Keywords

flow graphs; program debugging; software tools; Krakatau; Procyon; Soot; debugging tools; fake call flow graph; hooking method calls; illegal analysis; jad; obfuscation method; Buildings; DVD; Educational institutions; Flow graphs; Java; Runtime; Software; Call Flow Graph; Hook Mechanism; Java 7; Obfuscation;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), 2014 15th IEEE/ACIS International Conference on

Conference_Location

Las Vegas, NV

Type

conf

DOI

10.1109/SNPD.2014.6888726

Filename

6888726