• Stars
    star
    283
  • Rank 146,066 (Top 3 %)
  • Language Smali
  • License
    GNU General Publi...
  • Created over 7 years ago
  • Updated about 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Tool for leaking and bypassing Android malware detection system

AVPASS

AVPASS is a tool for leaking the detection model of Android malware detection systems (i.e., antivirus software), and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and can also infer detection rules so that it can disguise any Android malware as a benign application by automatically transforming the APK binary. To prevent leakage of the application logic during transformation, AVPASS provides an Imitation Mode that allows malware developers to safely query curious detection features without sending the entire binary.

AVPASS offers several useful features to transform any Android malware so it can bypass anti-virus software. Below are the main features AVPASS offers:

  • APK obfuscation with more than 10 modules
  • Feature inference for the detection system by using individual obfuscation
  • Rule inference of the detection system by using the 2k factorial experiment
  • Targeted obfuscation to bypass a specific detection system
  • Safe query support by using Imitation Mode

DISCLAIMER

All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. The authors and SSLab group will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law. (Disclaimer taken from: here)

DEMO

  • Bypassing API-, Dataflow-, Interaction-based detection systems

DEMO1

  • Inferring and Bypassing AVs through VirusTotal

DEMO2

License

This project is released under the GPL license.

Running & Docs

More documentation is available in docs/README.md.

Authors and Contact

These are the list of contributors for implementing AVPASS:

  • Jinho Jung
  • Chanil Jeon
  • Max Wolotsky
  • Insu Yun
  • Arbis Arthur Batenburg

Send us email for any questions.

Main contact point: Jinho Jung ([email protected])

Contribute

If you want to contribute, please pick up something from our Github issues.

Cite

  • Black Hat USA 2017
@inproceedings{jung:avpass-bh,
  title        = {{AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically}},
  author       = {Jinho Jung and Chanil Jeon and Max Wolotsky and Insu Yun and Taesoo Kim},
  booktitle    = {Black Hat USA Briefings (Black Hat USA)},
  month        = jul,
  year         = 2017,
  address      = {Las Vegas, NV},
}

More Repositories

1

Rudra

Rust Memory Safety & Undefined Behavior Detection
Rust
1,314
star
2

qsym

QSYM: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing
C++
627
star
3

winnie

Winnie is an end-to-end system that makes fuzzing Windows applications easy
C
528
star
4

pwn2own2020

Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
C++
401
star
5

DrK

The DrK Attack - Proof of concept
Python
343
star
6

opensgx

OpenSGX
C
288
star
7

DIE

Fuzzing JavaScript Engines with Aspect-preserving Mutation
TypeScript
221
star
8

janus

Janus: a state-of-the-art file system fuzzer on Linux
C
206
star
9

hydra

Hydra: an Extensible Fuzzing Framework for Finding Semantic Bugs in File Systems
C
156
star
10

ArcHeap

ArcHeap: Automatic Techniques to Systematically Discover New Heap Exploitation Primitives
C
141
star
11

freedom

A DOM fuzzer
Python
139
star
12

cs3210-rustos-public

Lab assignments for Georgia Tech CS 3210 "Design of Operating Systems"
Rust
111
star
13

perf-fuzz

C
94
star
14

sgx-tutorial-ccs17

SGX Tutorial at CCS17: SGX Security and Privacy
83
star
15

mosaic

C++
78
star
16

autofz

autofz: Automated Fuzzer Composition at Runtime
C
72
star
17

apollo

A toolchain for automatically detecting, reporting, and diagnosing performance bugs in DBMSs.
HCL
68
star
18

kernel-analyzer

C++
65
star
19

fuzzification

We hinder fuzzing
C
64
star
20

apisan

APISan: Sanitizing API Usages through Semantic Cross-Checking
C++
60
star
21

fxmark

FxMark: Filesystem Multicore Scalability Benchmark
Filebench WML
58
star
22

libmpk

C
48
star
23

deadline

C++
45
star
24

unisan

UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
C++
43
star
25

shfllock

C
40
star
26

Rudra-PoC

Trophy case for Rudra bugs.
Rust
36
star
27

DIE-corpus

Corpus set used by DIE
Raku
36
star
28

aslr-guard

Preventing code-reuse attacks by stopping code pointer leakages
35
star
29

sgx101-gitbook

Synced with SGX101 gitbook.
30
star
30

kenali-kernel

Modified Nexus 9 kernel for Kenali Project
C
29
star
31

krace

Source code release for the KRace project
Python
27
star
32

hdfi

Hardware-assisted Data-flow Isolation
C
26
star
33

t-sgx

Compiler-based tool that protects Intel SGX applications against controlled-channel attacks
C++
26
star
34

caver

C++
25
star
35

juxta

C++
23
star
36

sgx-bomb

Makefile
15
star
37

RoboFuzz

Fuzzing framework for Robot Operating System (ROS) and ROS-based robotic systems
Python
15
star
38

cst-locks

C
13
star
39

SNAP

C
12
star
40

platpal

C++
12
star
41

blockchain-lab-pwneth

Solidity
11
star
42

ucognito

C
11
star
43

branch-shadowing

The branch shadowing attack: Proof of concept
C++
10
star
44

latr

Latr: Lazy Translation Coherence - ASPLOS'18
C
10
star
45

desensitization

Python
10
star
46

Rudra-Artifacts

Rudra's artifact evaluation submission
Rust
8
star
47

fakeroot-p

Makefile
8
star
48

vbench

VBench: Multicore Scalability Application Benchmark
Python
8
star
49

lkl-hydra

C
7
star
50

Pridwen

Universally Hardening SGX Programs via Load-Time Synthesis
C++
7
star
51

Sense

Code for Sense (NDSS'24)
C++
6
star
52

AndroidCoverageAgent

Coverage gathering JVMTI agent for Android
C++
6
star
53

kup

Prototype for seamlessly updating Linux kernel with application checkpoint-and-restart
5
star
54

eCS

Enlightened Critical Sections
C
4
star
55

bunshin

Python
4
star
56

playcrawl

Crawler for Googleplay
HTML
4
star
57

ordo

C
3
star
58

ACon2

Solidity
3
star
59

lkl

C
2
star
60

sgx101

A place to start designing application with Intel SGX in mind.
HTML
2
star
61

AndroidIntentFuzzer

Greybox fuzzing for Android Intent receivers
Kotlin
1
star