Enhanced Android App-Repackaging Attack on In-Vehicle Network
Table 7
App analysis results using automatic vulnerability analysis tool.
Obfuscation
Description
string encryption
The used string is replaced with an encrypted string, and a decryption method is added to the class file and the encrypted string is decrypted during runtime.
renaming
The classes, fields, and methods are renamed with meaningless names to make it difficult to analyze the decompiled source code.
control flow
The positions of commands in the code area of the class file are changed or trash commands are inserted to make it difficult to analyze flow during decompiling.
API hiding
Sensitive libraries are used or the method calling is hidden.
class encryption
A specific class file is encrypted and stored, and the dynamically decrypted code is run during runtime.