Abstract
Information leaks can occur through many Android applications, including unauthorized access to sensors data. Hooking is an important technique for protecting Android applications and add security features to them even without its source code. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even though some approaches are able to hook these methods, they have limitations or are complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which does not need any modifications to both the Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, this study combines this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.
Highlights
Most Android devices have built-in sensors that measure motion, orientation, and various environmental conditions
Security-sensitive data leakage can occur through many Android applications
We present a practical framework for hooking native methods in shared libraries in Android
Summary
Most Android devices have built-in sensors that measure motion, orientation, and various environmental conditions. PLT hook directly modifies the Global Offset Table (GOT) in Executable and Linkable Format (ELF) files to jump to user-defined hook function code when calling external functions of the shared library [23] It is less technically difficult, requiring only the calculation and modification of memory addresses. The sections which have the methods’ reference contain .got which stores the entry address of external invocation, .data.rel.ro which has the vtable of C++ class and has the pointer to the virtual methods and other relocation section This hooking method is achieved by absolute address calculation and rewriting this address to the new function’s address to redirect control flows to the patch code. Since this method can hook C++ inner functions, using it can make up for the lack of the PLT method
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have