Abstract
Hooking is an important technique for monitoring application performance and adding features to applications. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even some approaches are able to hook these methods, it has limitations or is complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which doesn’t need any modifications to both Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, we combine this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Gasparis, I., Qian, Z., Song, C., Krishnamurthy, S.: Detecting android root exploits by learning from root providers. In: 26th USENIX Security Symposium, p. 1129–1144 (2017)
Yerima, S.Y., Sezer, S., Mcwilliams, G.: Analysis of Bayesian classification-based approaches for android malware detection. IET Inf. Secur. 8(1), 25–36 (2014)
Sbîrlea, D., Burke, M.G., Guarnieri, S., Pistoia, M., Sarkar, V.: Automatic detection of inter-application permission leaks in android applications. IBM J. Res. Dev. 57(6), 10:1–10:12 (2013)
Rastogi, V., Chen, Y., Jiang, X.: Droidchameleon: evaluating android anti-malware against transformation attacks. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 329–334. Association for Computing Machinery, New York (2013)
Spreitzenbarth, M., Freiling, F., Echtler, F., Schreck, T., Hoffmann, J.: Mobile-sandbox: having a deeper look into android applications. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing. SAC 2013, pp. 1808–1815. Association for Computing Machinery, New York (2013)
Backes, M., Bugiel, S., Hammer, C., Schranz, O., Von Styp-Rekowsky, P.: Boxify: full-fledged app sandboxing for stock android. In: Proceedings of the 24th USENIX Conference on Security Symposium. SEC 2015, pp. 691–706. USENIX Association, USA (2015)
Xu, R., Saïdi, H., Anderson, R.: Aurasium: practical policy enforcement for android applications. In: Proceedings of the 21st USENIX Conference on Security Symposium. Security 2012, p. 27. USENIX Association, USA (2012)
Cydia substrate for android. http://www.cydiasubstrate.com. Accessed 2020 10 July
Virtualxposed. https://github.com/android-hacker/VirtualXposed. Accessed 10 July 2020
Lee, B., Lu, L., Wang, T., Kim, T., Lee, W.: From zygote to morula: Fortifying weakened ASLR on android. In: 2014 IEEE Symposium on Security and Privacy, pp. 424–439 (2014)
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.: A secure environment for untrusted helper applications confining the wily hacker. In: Proceedings of the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography. SSYM 1996, vol. 6. p. 1. USENIX Association, USA (1996)
Frida.re. https://frida.re. Accessed 10 July 2020
Mulliner, C., Oberheide, J., Robertson, W., Kirda, E.: Patchdroid: scalable third-party security patches for android devices. In: Proceedings of the 29th Annual Computer Security Applications Conference. ACSAC 2013, pp. 259–268. Association for Computing Machinery, New York (2013)
You, W., Liang, B., Shi, W., Wang, P., Zhang, X.: TAINTMAN: an art-compatible dynamic taint analysis framework on unmodified and non-rooted android devices. IEEE Trans. Depend. Secure Comput. 17(1), 209–222 (2020)
Sun, M., Wei, T., Lui, J.: Taintart: a practical multi-level information-flow tracking system for android runtime. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS 2016, pp. 331–342. Association for Computing Machinery, New York (2016)
Bianchi, A., Fratantonio, Y., Kruegel, C., Vigna, G.: NJAS: sandboxing unmodified applications in non-rooted devices running stock android. In: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices. SPSM 2015, pp. 27–38. Association for Computing Machinery, New York (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Feng, S., Tan, Ya., Zhao, G., Kuang, X., Yu, X., Wang, J. (2020). A VirtualXposed-Based Inline Hooking Framework for Android Native Methods. In: Xiang, Y., Liu, Z., Li, J. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2020. Communications in Computer and Information Science, vol 1298. Springer, Singapore. https://doi.org/10.1007/978-981-15-9031-3_22
Download citation
DOI: https://doi.org/10.1007/978-981-15-9031-3_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9030-6
Online ISBN: 978-981-15-9031-3
eBook Packages: Computer ScienceComputer Science (R0)