Unpacking the packed unpacker: reversing an Android anti-analysis library

This paper was presented by Maddie Stone (Google) at VB2018 in Montreal, QC, Canada.

Unpacking the packed unpacker: reversing an Android anti-analysis library

Malware authors implement many different techniques to frustrate analysis and make reverse engineering the malware more difficult. Many of these anti-analysis and anti-reverse engineering techniques attempt to send a reverse engineer down a different investigation path or require them to invest large amounts of time reversing simple code. This talk analyses one of the most robust anti-analysis native libraries we’ve seen in the Android ecosystem.

I will discuss each of the techniques the malware authors used in order to prevent reverse engineering of their Android native library, including manipulating the Java Native Interface, encryption, run-time environment checks, and more. This talk discusses the steps and the process required to proceed through the anti-analysis traps and expose what they’re trying to hide.

https://www.virusbulletin.com/confere...