Dare: Dalvik Retargeting

Motivation

Smartphone applications are frequently incompletely vetted, poorly isolated, and installed by users without restraint. Such behavior is fraught with peril: applications containing malicious logic or critical vulnerabilities are likely to be identified only after substantial damage has already occurred. Unfortunately, the limitations of application markets make them a poor agent for certifying that applications are secure.

Retargeting Android Applications

Dare is a project which aims at enabling Android application analysis. The Dare tool retargets Android applications in .dex or .apk format to traditional .class files. These .class files can then be processed by existing Java tools, including decompilers. Thus, Android applications can be analyzed using a vast range of techniques developed for traditional Java applications.

Dare adopts a principled approach to Dalvik retargeting. Its typed intermediate representation uses a strong type inference algorithm and allows translation to Java bytecode using only 9 rules for all 257 Dalvik opcodes. An important feature of Dare is its ability to rewrite unverifiable input bytecode so that the output Java bytecode is verifiable. More details are available in our FSE paper available on the publications page. In particular, the use of stronger methods makes it a better retargeting tool than ded, our first (ad hoc) retargeting tool.

An example application of our retargeting techniques is the analysis of decompiled applications. We describe such an analysis (using ded as a retargeting tool) in our USENIX Security paper. That study was a first step in the analysis of Android applications. An important limitation was that the ded retargeting process sometimes failed. Dare is more reliable at retargeting Android bytecode and generates verifiable Java bytecode in a vast majority of cases. In order to enable the analysis of retargeted Android code by other researchers, we are making Dare available for download. Please see the installation page for downloads and installation instructions. Dare is open source and released under the GPL. Please see the source page for instructions on how to download and build the source code.

This research was supported by the National Science Foundation Grant No. CNS-0905447, CNS-1064944 and CNS-0643907.

Contact

Please post any questions related to the installation or usage of Dare to the Dare support mailing list.