幾十年來，android 行動應用程式越來越多，如果每一個程式都需要人工手動檢測的話將會耗時非常之久，所以我們應該要找到一個更有效率的檢測方法是不需要人工手動操作APK 的。在過往有很多自動化動態檢測是需要依賴於靜態檢測提供的一些資訊，但是我們覺得靜態檢測並非那麼的穩定，很容易因為混淆加殼而讓靜態檢測失效，因此我們想要找到一個不需要依賴於靜態檢測的方法來做到自動化動態檢測。在這篇論文中我們設計了一套系統是不知道靜態檢測參與的自動化動態檢測系統。

Over the decades, more and more android applications show up. To analysis those apk efficiently without manual interaction. We need to find some method to automated analysis those application. There are some related work use static analysis to support their automated method. But in our opinion, we think static analysis is not stable, it can be messed up easily by confusing the apk or encrypting the apk. So we want to find a method that is not depend on static analysis. In this thesis, we design a framework that can do automated dynamic analysis without any static analysis.

Table of Contents i
List of Figures iii
List of Tables v

1 Introduction 1
1.1 Motivation . . .1
1.2 Contribution . . .2
1.3 Organization . . .2

2 Background 3
2.1 Android Smali . . .3
2.2 Frida . . .5

3 Related works 8
3.1 DynaLog [2] . . .8
3.2 PUMA [3] . . .9
3.3 SmartDroid [4] . . .9
3.4 DroidTrace [5] . . .10

4 Methodology 12
4.1 Overview . . .12
4.2 Compile Injector.dex . . .13
4.3 FlowController . . .14
4.4 Generate frida javascript . . .15
4.5 Server . . .15
4.6 Log Parser . . .15

5 Implementation 17
5.1 Config File . . .17
5.2 Injector . . .19
5.3 Caster . . .21
5.4 Hijack self method . . .22
5.5 Flow Controller . . .23
5.6 Strategy . . .25

6 Experiment 28
6.1 Test APK . . .28
6.2 Run on real apk . . .31
6.3 Detect new threat : StrandHogg . . .32

7 Conclusion 38
7.1 Conclusion . . .38
7.2 Future Work . . .38

Bibliography 40

[1] Frida Website, https://frida.re/
[2] M. K. Alzaylaee, S. Y. Yerima, S. Sezer, in 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security). Dynalog: an automated dynamic analysis framework for characterizing android applications, (2016), pp. 1–8.
[3] Sanz, Borja & Santos, Igor & Laorden, Carlos & Ugarte-Pedrero, Xabier & Bringas, Pablo & Alvarez, Gonzalo. (2013). PUMA: Permission Usage to Detect Malware in Android. 10.1007/978-3-642-33018-6_30.
[4] Zheng, Cong & Zhu, Shixiong & Dai, Shuaifu & Gu, Guofei & Gong, Xiaorui & Han, Xinhui & Zou, Wei. (2012). SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications. Proceedings of the ACM Conference on Computer and Communications Security. 93-104. 10.1145/2381934.2381950.
[5] M. Zheng, M. Sun and J. C. S. Lui, ”DroidTrace: A ptrace based Android dynamic analysis system with forward execution capability,” 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), Nicosia, 2014, pp. 128-133, doi: 10.1109/IWCMC.2014.6906344.