AutoD: Intelligent Blockchain Application Unpacking Based on JNI Layer Deception Call

Among all ongoing attacks on mobile, those targeting blockchain-wallet applications raise pressing concerns due to the risks of potential monetary loss. These attacks mainly focus on the theft and forwarding of keys in executable files. The challenge is that these malicious code behaviors are not detectable with the usual detection methods. We propose in this article the implementation of an unpacking system to the intelligent block-chain applications: AutoD, based on the JNI layer deception-call in Android ART. This solution can successfully restore the decrypted Dex file during the execution of the reinforced blockchain applications. The core idea is to first transfer the Dex from memory to the sdcard completely according to the DexFile structure. Then through deception-calling on every method of every class, AutoD successfully repairs the function-extracting protection component in Dex. Experimental results show that AutoD offers full repair on the function-ex-tracting protection component, where most of the malicious code usually hides.