A Generalized Obfuscation Method to Protect Software of Mobile Apps

As the world is becoming more mobile, mobile applications (or apps) are an integral part of our everyday personal and professional lives. Despite their unprecedented utility, these apps can pose serious security risks since a lot of critical or sensitive information is contained in the distributed software. Therefore, preventing a legitimate software from malicious reverse engineering and other white-box attack is a challenging task. Code obfuscation is a commonly used method to protect software. However, most obfuscation methods merely make the control flow of the program complicated rather than hide the inner logic, and then they are often defeated by reverse engineering. In this paper, we present a new generalized approach to code obfuscation that aims at hiding the basic mathematical operations of the program. This approach splits the basic operations into a set of sub-operations that are replaced by the results retrieved from the protected lookup tables. In order to increase the difficulty for attack analysis, we design the random bijection method and structure similarity method to make the control flow of different obfuscated operation indistinguishable from each other. We also implement our proposed obfuscation method on both source code level and binary code level to demonstrate its broad applicability and examine the performance from multiple dimensions.