Tencent security apkpecker launched dex-vmp automatic shelling service

In recent days, , Tencent security Cohen lab ApkPecker Online automatic shelling service , Help security personnel to better conduct security audit . After a large-scale test, the results show that , ApkPecker The success rate of shelling is more than 85%.

Mobile application shelling is the most basic operation of mobile application reverse and malicious application analysis , Mainly in the process of mobile application security audit and virus analysis , Help the security personnel take off the shell code of the application , So as to analyze the key code . Mobile application shelling helps developers discover the security problems of the application development code itself in time, and examine and find malicious behavior . Enterprises, especially large-scale enterprises, often need to use the application security development and reinforcement services provided by the third-party supply chain , Security personnel need to verify its security , Mobile application shelling is one of the necessary steps .

Generally speaking , The safety personnel usually use the manual method for shelling , First, it is restricted by the level of security researchers themselves , Second, there is a lot of repetitive work , Consume enterprise safety manpower . The existing automatic shelling tools on the market can not solve the problem DEX Virtualization reinforcement solution , And the interpreter customized by the manufacturer will be replaced regularly Opcode The mapping table , As a result, many automatic shelling services cannot be restored completely and effectively DEX Code .

Based on this insight , Tencent security Cohen laboratory based on years of security research experience , Introduce advanced automatic shelling scheme , Support recovery of common DEX Encryption and instruction extraction . meanwhile , For manufacturers DEX Virtualization protection (DEX-VMP), ApkPecker Targeted shelling and recovery were also carried out .

ApkPecker On the basis of determining the format of manufacturer's bytecode , adopt AI Learn from the vendor interpreter binary opcode handler Runtime behavior for , So as to automatically restore the factory interpreter's opcode semantics , Restore the original Dalvik Bytecode , And rewrite DEX file .ApkPekcer Our shelling solution has solved opcode handler The difficulty of identification , Automated restore is DEX-VMP Protected code , Improve the integrity and automation of shelling . After a large-scale test, the results show that ,ApkPecker The success rate of shelling is more than 85%.

ApkPecker It is a fully automatic one developed by Tencent security Cohen laboratory Android Application vulnerability scanning tool , The system passes through Android Application lifecycle modeling and application attack surface modeling , Using static data flow analysis and Taint Analysis Technology , Improve the accuracy of vulnerability detection .ApkPecker Can output high quality vulnerability scanning report , Provide high quality vulnerability information and full path of vulnerability trigger , Pinpoint vulnerabilities and provide repair advice , Help mobile security personnel solve existing pain points , Enhance application security .

The automation of this launch APK Shelling service , It is also another upgrade of its overall capability .Apkpecke Dedicated to being a digital assistant for security researchers , The majority of mobile application developers can use ApkPecker Effectively defend against all kinds of mobile application risks , Build from APP Security management of the whole life cycle of products from development to user interaction , Carry out safety risk detection and control , For the user's mobile information 、 Property security escort .