Unpacking the packed unpacker: reversing an Android anti-analysis library

Wednesday 3 October 14:00 - 14:30, Red room

Maddie Stone (Google)

Malware authors implement many different techniques to frustrate analysis and make reverse engineering the malware more difficult. Many of these anti-analysis and anti-reverse engineering techniques attempt to send a reverse engineer down a different investigation path or require them to invest large amounts of time reversing simple code. This talk analyses one of the most robust anti-analysis native libraries we’ve seen in the Android ecosystem.

I will discuss each of the techniques the malware authors used in order to prevent reverse engineering of their Android native library, including manipulating the Java Native Interface, encryption, run-time environment checks, and more. This talk discusses the steps and the process required to proceed through the anti-analysis traps and expose what they’re trying to hide.

Other VB2018 papers

Fake News, Inc.

Andrew Brandt (Independent researcher)

Last-minute paper (TBA)

VB2018 opening address

Martijn Grooten (Virus Bulletin)