• Title/Summary/Keyword: Repackaging

Search Result 20, Processing Time 0.019 seconds

Android Game Repackaging Detection Technique using Shortened Instruction Sequence (축약된 인스트럭션 시퀀스를 이용한 안드로이드 게임 리패키징 탐지 기법)

  • Lee, Gi Seong;Kim, Huy Kang
    • Journal of Korea Game Society
    • /
    • v.13 no.6
    • /
    • pp.85-94
    • /
    • 2013
  • Repackaging of mobile games is serious problem in the Android environment. In this paper, we propose a repackaging detection technique using shortened instruction sequence. By using shortened instruction sequence, the proposed technique can be applicable to a mobile device and can block repackaged apps coming from various sources. In the experiment, our technique showed high accuracy of repackaging detection.

Conceptual Design for Repackaging of PWR Spent Nuclear Fuel (경수로 사용후핵연료 재포장 개념(안) 수립)

  • Sang-Hwan Lee;Chang-Min Shin;HyunGoo Kang;Chun-Hyung Cho;HaeRyong Jung
    • Journal of Radiation Industry
    • /
    • v.17 no.4
    • /
    • pp.519-532
    • /
    • 2023
  • Spent nuclear fuel(SNF) is stored in nuclear power plants for a certain period of time and then transported to an interim storage facility. After that, SNF is finally repackaged in a disposal canister at an encapsulation plant for final disposal. Finland and Sweden, leading countries in SNF disposal technology, have already completed designing of spent fuel encapsulation plant. In particular, the encapsulation plant construction in Finland is near completion. When it comes to South Korea, as the amount of SNF production and disposal plan is different from those in Finland and Sweden, it is difficult to apply the concepts of these contries as is. Therefore, it is necessary to establish the spent fuel repackaging concept and to derive each operating and repackaging procedures by considering annual disposal plan of South Korea. The results of this study is expected to be used to establish the concept of optimized encapsulation plant through further research.

Design and Implementation of Android Repackaging Detection Technique (안드로이드 리패키징(Repackaging) 탐지 기술 설계 및 구현)

  • Park, Jong-seop;Park, Sang-ho;Park, Chanam;Lee, Jong-ho;Shin, Donghwi
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2012.04a
    • /
    • pp.661-664
    • /
    • 2012
  • 스마트폰 사용이 급증하고 있는 현재, 안드로이드 OS 기반 스마트폰 점유율이 가장 큰 상승세를 보이고 있다. 하지만 안드로이드 OS는 자가-서명 인증서(self-signed certificate)로 애플리케이션을 검증하여, 많은 보안상의 취약점을 내재하고 있다. 자가-서명 인증서의 검증 취약점을 이용하여, 악의적인 공격자는 기존 정상 애플리케이션에 악성코드를 삽입, 리패키징(Repackaging) 하여 마켓에 유포할 수 있다. 이러한 문제를 해결하기 위해서, 본 논문에서는 안드로이드 애플리케이션의 서명 파일을 이용한 애플리케이션 리패키징 여부를 탐지하는 기술을 설계 및 구현한다.

Detecting Repackaged Applications using the Information of App Installation in Android Smartphones (안드로이드 스마트폰에서 앱 설치 정보를 이용한 리패키징 앱 탐지 기법)

  • Joun, Young Nam;Ahn, Woo Hyun
    • Convergence Security Journal
    • /
    • v.12 no.4
    • /
    • pp.9-15
    • /
    • 2012
  • In recently years, repackaged malwares are becoming increased rapidly in Android smartphones. The repackaging is a technique to disassemble an app in a market, modify its source code, and then re-assemble the code, so that it is commonly used to make malwares by inserting malicious code in an app. However, it is impossible to collect all the apps in many android markets including too many apps. To solve the problem, we propose RePAD (RePackaged App Detector) scheme that is composed of a client and a remote server. In the smartphone-side, the client extracts the information of an app with low CPU overhead when a user installs the app. The remote server analyzes the information to decide whether the app is repackaged or not. Thus, the scheme reduces the time and cost to decide whether apps are repackaged. For the experiments, the client and server are implemented as an app on Galaxy TAB and PC respectively. We indicated that seven pairs of apps among ones collected in official and unofficial market are repackaged. Furthermore, RePAD only increases the average of CPU overhead of 1.9% and the maximum memory usage of 3.5 MB in Galaxy TAB.

Identification of Counterfeit Android Malware Apps using Hyperledger Fabric Blockchain (블록체인을 이용한 위변조 안드로이드 악성 앱 판별)

  • Hwang, Sumin;Lee, Hyung-Woo
    • Journal of Internet Computing and Services
    • /
    • v.20 no.2
    • /
    • pp.61-68
    • /
    • 2019
  • Although the number of smartphone users is continuously increasing due to the advantage of being able to easily use most of the Internet services, the number of counterfeit applications is rapidly increasing and personal information stored in the smartphone is leaked to the outside. Because Android app was developed with Java language, it is relatively easy to create counterfeit apps if attacker performs the de-compilation process to reverse app by abusing the repackaging vulnerability. Although an obfuscation technique can be applied to prevent this, but most mobile apps are not adopted. Therefore, it is fundamentally impossible to block repackaging attacks on Android mobile apps. In addition, personal information stored in the smartphone is leaked outside because it does not provide a forgery self-verification procedure on installing an app in smartphone. In order to solve this problem, blockchain is used to implement a process of certificated application registration and a fake app identification and detection mechanism is proposed on Hyperledger Fabric framework.

Consortium Blockchain based Forgery Android APK Discrimination DApp using Hyperledger Composer (Hyperledger Composer 기반 컨소시움 블록체인을 이용한 위조 모바일 APK 검출 DApp)

  • Lee, Hyung-Woo;Lee, Hanseong
    • Journal of Internet Computing and Services
    • /
    • v.20 no.5
    • /
    • pp.9-18
    • /
    • 2019
  • Android Application Package (APK) is vulnerable to repackaging attacks. Therefore, obfuscation technology was applied inside the Android APK file to cope with repackaging attack. However, as more advanced reverse engineering techniques continue to be developed, fake Android APK files to be released. A new approach is needed to solve this problem. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of theprevious block, a timestamp and transaction data. Once recorded, the data inany given block cannot be altered retroactively without the alteration of all subsequent blocks. Therefore, it is possible to check whether or not theAndroid Mobile APK is forged by applying the blockchain technology. In this paper, we construct a discrimination DApp (Decentralized Application) against forgery Android Mobile APK by recording and maintaining the legitimate APK in the consortium blockchain framework like Hyperledger Fabric by Composer. With proposed DApp, we can prevent the forgery and modification of the appfrom being installed on the user's Smartphone, and normal and legitimate apps will be widely used.

Awareness on expiration date of repackaged prescription medications and pulverization of solid pills: A questionnaire study (소분조제된 처방약의 사용기한과 성인 산제조제에 대한 인식)

  • Kim, So Yeon;Choi, Yeo Jin;Sohn, Hyun Soon
    • Korean Journal of Clinical Pharmacy
    • /
    • v.31 no.2
    • /
    • pp.96-103
    • /
    • 2021
  • Background: The number of elderly people with comorbidities who experience dysphagia associated with geriatric disorders, such as stroke, Parkinson's disease, and Alzheimer's dementia, is increasing. Consequently, the demand for long-term prescriptions of powdered medications is expected to rise. Most patients procure repackaged prescription medications from pharmacies; however, the guidelines regarding their expiration dates are unclear. Objectives: The aim of this study was to assess awareness among adults regarding the expiration dates and drug stability issues associated with repackaged prescription medications, including powdered medications. Methods: A questionnaire with 16 components was designed and distributed online (August 1-September 1, 2019) to adults aged 19 years or older. Statistical analyses, including descriptive analysis and chi-square test, were conducted on the obtained data. A p-value <0.05 was considered significant. Results: Data from 254 respondents were analyzed; 191 (75.20%) respondents worked in non-healthcare-related fields. A significant number of healthcare workers recognized the stability issues associated with powdered medications (p<0.001). However, a large proportion of healthcare workers were not aware of the expiration dates (p>0.05). Conclusions: More than half of the total respondents, including healthcare workers, were not familiar with the appropriate expiration dates of repackaged prescription medications. The establishment of evidence-based guidelines regarding drug expiration dates and the dissemination of awareness among patients are required. Furthermore, clinical practices including repackaging or pulverizing medications for long-term prescriptions should be avoided owing to the associated drug stability issues.

A Strengthened Android Signature Management Method

  • Cho, Taenam;Seo, Seung-Hyun
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.3
    • /
    • pp.1210-1230
    • /
    • 2015
  • Android is the world's most utilized smartphone OS which consequently, also makes it an attractive target for attackers. The most representative method of hacking used against Android apps is known as repackaging. This attack method requires extensive knowledge about reverse engineering in order to modify and insert malicious codes into the original app. However, there exists an easier way which circumvents the limiting obstacle of the reverse engineering. We have discovered a method of exploiting the Android code-signing process in order to mount a malware as an example. We also propose a countermeasure to prevent this attack. In addition, as a proof-of-concept, we tested a malicious code based on our attack technique on a sample app and improved the java libraries related to code-signing/verification reflecting our countermeasure.

Smart and Secure Point of Sale Framework with Threat Modeling and Formal Verification

  • Mona faraj Nasser alwahabi;Shaik Shakeel Ahamad
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.6
    • /
    • pp.41-48
    • /
    • 2024
  • Existing PoS (Point of Sale) based payment frameworks are vulnerable as the Payment Application's integrity in the smart phone and PoS are compromised, vulnerable to reverse engineering attacks. In addition to these existing PoS (Point of Sale) based payment frameworks do not perform point-to-point encryption and do not ensure communication security. We propose a Smart and Secure PoS (SSPoS) Framework which overcomes these attacks. Our proposed SSPoS framework ensures point-to-point encryption (P2PE), Application hardening and Application wrapping. SSPoS framework overcomes repackaging attacks. SSPoS framework has very less communication and computation cost. SSPoS framework also addresses Heartbleed vulnerability. SSPoS protocol is successfully verified using Burrows-Abadi-Needham (BAN) logic, so it ensures all the security properties. SSPoS is threat modeled and implemented successfully.

A Scheme for Identifying Malicious Applications Based on API Characteristics (API 특성 정보기반 악성 애플리케이션 식별 기법)

  • Cho, Taejoo;Kim, Hyunki;Lee, Junghwan;Jung, Moongyu;Yi, Jeong Hyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.187-196
    • /
    • 2016
  • Android applications are inherently vulnerable to a repackaging attack such that malicious codes are easily inserted into an application and then resigned by the attacker. These days, it occurs often that such private or individual information is leaked. In principle, all Android applications are composed of user defined methods and APIs. As well as accessing to resources on platform, APIs play a role as a practical functional feature, and user defined methods play a role as a feature by using APIs. In this paper we propose a scheme to analyze sensitive APIs mostly used in malicious applications in terms of how malicious applications operate and which API they use. Based on the characteristics of target APIs, we accumulate the knowledge on such APIs using a machine learning scheme based on Naive Bayes algorithm. Resulting from the learned results, we are able to provide fine-grained numeric score on the degree of vulnerabilities of mobile applications. In doing so, we expect the proposed scheme will help mobile application developers identify the security level of applications in advance.