Adaptive Unpacking of Android Apps

More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.