ASTANA: Practical String Deobfuscation for Android Applications Using Program Slicing
This addresses a security vulnerability for Android developers and reverse engineers, but it is incremental as it focuses on a specific type of obfuscation.
The paper tackles the problem of reversing string obfuscation in Android applications by presenting ASTANA, a tool that recovers human-readable content from obfuscated strings using program slicing, demonstrating practicality by correctly deobfuscating 100 real-world financial apps.
Software obfuscation is widely used by Android developers to protect the source code of their applications against adversarial reverse-engineering efforts. A specific type of obfuscation, string obfuscation, transforms the content of all string literals in the source code to non-interpretable text and inserts logic to deobfuscate these string literals at runtime. In this work, we demonstrate that string obfuscation is easily reversible. We present ASTANA, a practical tool for Android applications to recovers the human-readable content from obfuscated string literals. ASTANA makes minimal assumptions about the obfuscation logic or application structure. The key idea is to execute the deobfuscation logic for a specific (obfuscated) string literal, which yields the original string value. To obtain the relevant deobfuscation logic, we present a lightweight and optimistic algorithm, based on program slicing techniques. By an experimental evaluation with 100 popular real-world financial applications, we demonstrate the practicality of ASTANA. We verify the correctness of our deobfuscation tool and provide insights in the behaviour of string obfuscators applied by the developers of the evaluated Android applications.