Empirical analysis of anti-reversing schemes for protecting mobile codes in the internet-of-things

Abstract

Java-based Android apps are primarily composed of managed code. Managed codes can be easily modified; therefore many static prevention techniques are applied. However, static prevention techniques can be immobilised by dynamic reverse engineering tools. Reverse engineering tools for such managed code operate using QEMU-based emulator methods. Among the many anti-reversing techniques to detect tampering of the application, schemes that terminate the application when an emulator has been detected are being used. In this paper, we compare and analyse the characteristics of the various schemes used to detect emulator-based reverse engineering tools and report experimental results on the effectiveness of the methods in question.