This is a contribution by GSoC student Ziyue Yang, find him on Github yzygitzh.
My project for GSoC 2017 is Android Sandbox Detection and Countermeasure, which came out to be the ReDroid toolbox. This post was presented for the final evaluation of my GSoC 2017 project.
ReDroid is a toolbox for automatically detecting and countering anti-sandbox behaviors in Android apps. You can:
Before GSoC 2017 begins, my GSoC mentor Yuanchun Li discussed with me about the proposal for the GSoC project. Generally our goal was to develop some mechanism that can counter anti-sandbox techniques presented in Android apps.
First, We raised three related research questions to solve:
After that, we came out with a plan with three stages:
|Investigating and collecting sandbox-detection techniques used in Android app||Done||Investigated anti-emulator, DenDroid and a malware dataset provided by contagiominidump.blogspot.com|
|Implementing a detection-aware system||Done||Modified Android source to enable robust and automatic trace collection; Implemented a runtime trace collecting system based on DroidBot and a heuristic trace difference detection system|
|Implementing an undetectable system||Partly
|Implemented a dynamic control flow correction system based on JDWP and Xposed, which is capable for modifying method return values; Modified Android source to enable dynamic control flow correction without known by apps|
For more details, please visit this page