Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/87780
Title: | A comparison of Android reverse engineering tools via program behaviors validation based on intermediate languages transformation | Authors: | Arnatovich, Yauhen Leanidavich Wang, Lipo. Ngo, Ngoc Minh Soh, Charlie |
Keywords: | Intermediate Languages Event-based Testing |
Issue Date: | 2018 | Source: | Arnatovich, Y. L., Wang, L., Ngo, N. M., & Soh, C. (2018). A comparison of Android reverse engineering tools via program behaviors validation based on intermediate languages transformation. IEEE Access, 6, 12382-12394. | Series/Report no.: | IEEE Access | Abstract: | In Android, performing a program analysis directly on an executable source is usually inconvenient. Therefore, a reverse engineering technique has been adapted to enable a user to perform a program analysis on a textual form of the executable source which is represented by an intermediate language (IL). For Android, Smali, Jasmin, and Jimple ILs have been introduced to represent applications executable Dalvik bytecode in a human-readable form. To use these ILs, we downloaded three of the most popular Android reversing tools, including Apktool, dex2jar, and Soot, which perform transformation of the executable source into Smali, Jasmin, and Jimple ILs, respectively. However, the main concern here is that inaccurate transformation of the executable source may severely degrade the program analysis performance, and obscure the results. To the best of our knowledge, it is still unknown which tool most accurately performs a transformation of the executable source so that the re-assembled Android applications can be executed, and their original behaviors remain intact. Therefore, in this paper, we conduct an experiment to identify the tool which most accurately performs the transformation. We designed a statistical event-based comparative scheme, and conducted a comprehensive empirical study on a set of 1,300 Android applications. Using the designed scheme, we compare Apktool, dex2jar, and Soot via random-event-based and statistical tests to determine the tool which allows the re-assembled applications to be executed, and evaluate how closely they preserve their original behaviors. Our experimental results show that Apktool, using Smali IL, perform the most accurate transformation of the executable source since the applications, which are assembled from Smali, exhibit their behaviours closest to the original ones. | URI: | https://hdl.handle.net/10356/87780 http://hdl.handle.net/10220/45482 |
DOI: | 10.1109/ACCESS.2018.2808340 | Schools: | School of Electrical and Electronic Engineering | Rights: | © 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information. | Fulltext Permission: | open | Fulltext Availability: | With Fulltext |
Appears in Collections: | EEE Journal Articles |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
A comparison of Android reverse engineering tools via program behaviors validation based on intermediate languages transformation.pdf | 7.45 MB | Adobe PDF | View/Open |
SCOPUSTM
Citations
20
25
Updated on Mar 22, 2024
Web of ScienceTM
Citations
20
20
Updated on Oct 28, 2023
Page view(s) 10
785
Updated on Mar 28, 2024
Download(s) 10
401
Updated on Mar 28, 2024
Google ScholarTM
Check
Altmetric
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.