FineObfuscator: Defeating Reverse Engineering Attacks with Context-sensitive and Cost-efficient Obfuscation for Android Apps.

Software reverse engineering has been applied widely by analyzing software for identifying vulnerabilities and hidden functionalities, primarily without the source code. It also opens the door for malicious analyzers to learn intellectual properties, steal confidential algorithms, and potentially launch exploits against software, commonly known as reverse engineering attacks (REAs). To thwart capabilities and mitigate the effects of possible REAs, various obfuscation technologies were introduced as countermeasures and have proven their effectiveness. However, most existing technologies either obfuscate the whole software piece or the code of interest. In this paper, we present FineObfuscator, a context-sensitive system that obfuscates a significantly limited number of components in a software package and still effectively thwarts REAs. Specificaly, FineObfuscator statically analyzes the software in terms of Control Flow Graph (CFG) and inter-procedural control flow graphs (ICFGs), identifies the code snippet in critical components, obfuscates the critical components with the goal of defeating REAs. This scheme allows the obfuscation to be performed at a more fine-grained level. Furthermore, FineObfuscator accepts a collection of obfuscation policies, which allow software developers to construct a customized obfuscation strategy. We evaluate the effectiveness of FineObfuscator against some well-referred Android repositories and generate promising results with significantly fewer computing resources, compared with existing obfuscation tools.