ASTANA: Practical String Deobfuscation for Android Applications Using Program Slicing. (arXiv:2104.02612v1 [cs.CR])

Software obfuscation is widely used by Android developers to protect the
source code of their applications against adversarial reverse-engineering
efforts. A specific type of obfuscation, string obfuscation, transforms the
content of all string literals in the source code to non-interpretable text and
inserts logic to deobfuscate these string literals at runtime. In this work, we
demonstrate that string obfuscation is easily reversible. We present ASTANA, a
practical tool for Android applications to recovers the human-readable content
from obfuscated string literals. ASTANA makes minimal assumptions about the
obfuscation logic or application structure. The key idea is to execute the
deobfuscation logic for a specific (obfuscated) string literal, which yields
the original string value. To obtain the relevant deobfuscation logic, we
present a lightweight and optimistic algorithm, based on program slicing
techniques. By an experimental evaluation with 100 popular real-world financial
applications, we demonstrate the practicality of ASTANA. We verify the
correctness of our deobfuscation tool and provide insights in the behaviour of
string obfuscators applied by the developers of the evaluated Android
applications.