CN103324870B - A kind of guard method of java applet - Google Patents

A kind of guard method of java applet Download PDF

Info

Publication number
CN103324870B
CN103324870B CN201310270708.4A CN201310270708A CN103324870B CN 103324870 B CN103324870 B CN 103324870B CN 201310270708 A CN201310270708 A CN 201310270708A CN 103324870 B CN103324870 B CN 103324870B
Authority
CN
China
Prior art keywords
file
decrypted result
length
call back
back function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310270708.4A
Other languages
Chinese (zh)
Other versions
CN103324870A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201310270708.4A priority Critical patent/CN103324870B/en
Publication of CN103324870A publication Critical patent/CN103324870A/en
Application granted granted Critical
Publication of CN103324870B publication Critical patent/CN103324870B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The present invention discloses the guard method of a kind of java applet, relates to information security field.The method includes, W1: call back function receives parameter and therefrom obtains file size and file, it may be judged whether be first time load document, if it is, perform W2;Otherwise, W3 is performed;W2: judge whether encryption lock to be detected, if it is, set up data communication with encryption lock, by initialisation identifications set, obtains decruption key from encryption lock and preserves to buffer area, then performing W3;Otherwise, fault processing is carried out;W3: judge whether file is destroyed, if destroyed, then prompting file is destroyed, and carries out fault processing;Otherwise, from buffer area, obtain decruption key, according to decipherment algorithm and decruption key, described file is decrypted, obtains decrypted result, and obtain decrypted result length, return decrypted result and decrypted result length, return principal function.The beneficial effects of the present invention is, improve the safety of java applet.

Description

A kind of guard method of java applet
Technical field
The present invention relates to information security field, particularly to the guard method of a kind of java applet.
Background technology
Java language is a widest popular programming language, has the biggest user group, its advantage It is cross-platform and convenient transmission, but the compiling result of java applet is not machine dependent machine Code, but the byte code files of a kind of Java standard definition, this byte code files saves greatly The oss message of amount, and this byte code files is easy to be disassembled, and dis-assembling obtains Source code readability is very strong, which results in the person of harboring evil designs and can arbitrarily distort dis-assembling and obtain The source code arrived, compiles it into new byte code files the most again and issues, bring to java applet Potential safety hazard.
Summary of the invention
For solving the defect of prior art, the invention provides the guard method of a kind of java applet.
1, the guard method of a kind of java applet, it is characterised in that include,
When call back function is called, perform step S1 to step S3,
Step S1: described call back function receives parameter and therefrom obtains file size and file, it is judged that institute Stating file size and whether described file meets pre-conditioned, if met, then performing step S2 , otherwise, return principal function;
Step S2: judge whether described file is destroyed, if destroyed, then prompting file is destroyed , carry out fault processing, return principal function;Otherwise, step S3 is performed;
Step S3: obtain decipherment algorithm from the loading interpreter at current call back function place, from encryption Lock obtains decruption key, according to described decipherment algorithm and described decruption key in described file Ciphertext be decrypted, obtain decrypted result, according to decrypted result obtain decrypted result length, Return decrypted result and decrypted result length, return principal function;
Or, described step S3 is, obtains ciphertext and send it to set up with it from described file The encryption lock of data communication, obtains deciphering from the loading interpreter at current call back function place and calculates Method, and send it to set up the encryption lock of data communication with it, described encryption lock is according to deciphering Described ciphertext is decrypted by algorithm and decruption key, obtains decrypted result, and described encryption lock will Described decrypted result returns to described call back function, described call back function receiving and deciphering result, and Obtaining decrypted result length, described call back function returns decrypted result and decrypted result length, returns Return principal function.
Also including before described step S1, described call back function judges whether notification event is predeterminable event , if it is, perform step S1;Otherwise, principal function is returned.
Described file specifically includes, the deception part that pre-sets, reserved byte, encryption identification and Ciphertext.
Described judge whether described file size and described file meet pre-conditioned, specifically include,
Judge that whether described file size is more than the first preset length, and judge whether described file is The file of encryption;If it is, described file size and described file meet pre-conditioned, no Then, described file size and described file do not meet pre-conditioned.
Described first preset length is specifically, the length of length and described reserved byte of described deception part The result that degree is added;
Described judge whether file is the file encrypted, specifically include, obtain from described file and add Secret mark is known, if getting encryption identification, and the encryption identification got and predetermined encryption mark Sensible same, it is determined that file is the file encrypted;Otherwise, it determines be not the file encrypted 。
Described judge whether described file is destroyed, specifically include,
The predeterminated position of the ciphertext from described file obtains the first check value, and ciphertext removes the first school The part testing value uses specific mode to calculate, and the result of calculation obtained is the second check value, Judge that described first check value is the most identical with described second check value, if identical, then it represents that Described file is not destroyed, and otherwise, represents that described file is destroyed.
Also include after obtaining decruption key from encryption lock described in described step S3, initialization is marked Know set, decruption key is preserved to buffer area;Described initialisation identifications is initially reset state 。
Described step S3 includes,
Judge whether it is first time load document according to initialisation identifications, if it is, perform step S3 ;Otherwise, from buffer area, read decruption key, close according to described decipherment algorithm and described deciphering Ciphertext in described file is decrypted by key, obtains decrypted result, obtains according to decrypted result Decrypted result length, returns decrypted result and decrypted result length, returns principal function.
Described judge whether it is for the first time load document according to initialisation identifications, specifically include:
Judge whether initialisation identifications is reset state, if it is, determining is first time load document ;Otherwise, it determines be not first time load document.
Technical solution of the present invention have the beneficial effect that this programme is applicable not only to Java desktop programs, also It is applicable to Java web program.By using Java Virtual Machine to call call back function to bytecode literary composition Part is decrypted, the byte code files after then virtual machine performs deciphering again, thus improves Ja The safety of va program.
Accompanying drawing explanation
The method flow diagram of the guard method of a kind of java applet that Fig. 1 provides for embodiment 1;
The method flow diagram of the guard method of a kind of java applet that Fig. 2 provides for embodiment 1.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this Invention embodiment does and describes in detail further.
In embodiment of the present invention, in loading interpreter, register JVMTI(virtual machine tool interface) return Letter of transfer number or JVMPI(virtual machine monitor interface) call back function, when performing to load interpreter , by calling JVMTI or JVMPI call back function, realize the file to having encrypted and be decrypted 。
Embodiment 1
Initialization of virtual machine,
Registration JVMTI_EVENT_CLASS_FILE_LOAD_HOOK event so that virtual machine loading classes Time call JVMTI call back function;
Or the notification event NotifyEvent of registration JVMPI so that adjust the when of virtual machine loading classes Use JVMPI call back function.
When JVMTI_EVENT_CLASS_FILE_LOAD_HOOK event registration success, the most not re-registration The notification event NotifyEvent of JVMPI.
Before JVMTI call back function or JVMPT call back function are called, need to reset initialisation identifications 。
When JVMTI call back function is called, as it is shown in figure 1, perform following operation, specifically include:
Step 101:JVMTI call back function receives parameter, and therefrom obtains file size and file, sentences It is pre-conditioned whether disconnected file size and file meet first;
It is to perform step 102, no, return principal function.
In the present embodiment, JVMTI call back function is,
JNICALL MyjvmtiEventClassFileLoadHook(jvmtiEnv *jvmti_env,
JNIEnv* jni_env,
jclass class_being_redefined,
jobject loader,
const char* name,
jobject protection_domain,
jint class_data_len,
const unsigned char* class_data,
jint* new_class_data_len,
unsigned char** new_class_data)
Wherein jint class_data_len is file size, const unsigned char* Class_dataclass is file;
File includes, the deception part that pre-sets, reserved byte, encryption identification, ciphertext;
Judge that file size and file meet the first pre-conditioned needs and meet following condition simultaneously:
1, file size is more than the first preset length, and wherein, the first preset length is the length of deception part The result that degree is added with the length of reserved byte;
2, file is encrypted, and wherein, the predeterminated position from file obtains encryption identification, it is judged that File encryption identifies whether to identify, if it is, file is encrypted into predetermined encryption;No Then, file is encrypted the most.
If meet above-mentioned two condition simultaneously, then file size and file meet first pre-conditioned, Otherwise, not meet first pre-conditioned for file size and file.
Such as, the file size that JVMTI call back function receives is 2144 bytes, and the file received is ,
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00 0B07002B01……
00000000000000000000……
627452514D653E642F5D007AA36307FF234BE9308E3BC49992DABC1ED36B 3DC4CFE6BDCFC137CFD2414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5 B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549 B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B BA23B7B750E724FE30A2 65C23048068CAF8E9F33382D891978208014AB73513F9099D58B6A20;
Wherein, deception part totally 859 bytes are
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00 0B07002B01……
Reserved byte totally 256 bytes are 00000000000000000000 ...
Encryption identification totally 10 bytes are 627452514D653E642F5D;
Ciphertext is 925 bytes altogether,
007AA36307FF234BE9308E3BC49992DABC1ED36B3DC4CFE6BDCFC137CFD2 414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5 B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549 B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B BA23B7B750E724FE30A265C23048068CAF8E9F33382D891978208014AB73 513F9099D58B6A20;
First preset length is 859 bytes of length, 256 words of length with reserved byte of deception part The result that joint is added, i.e. 1115 bytes, 2144 bytes of file size are preset long more than first Spend 1115 bytes, meet file size more than the first preset length.
Predeterminated position from file obtains encryption identification, specifically, cheat partial-length and write down characters in advance The result that the length of joint is added is as initial address, i.e. initial address is 1115, obtains 10 words The data of joint length are identical with predetermined encryption mark, and meeting file is the file encrypted.
In sum, it is pre-conditioned that the file size received and file meet first.
Step 102: judge whether it is first time load document according to initialisation identifications;
It is to perform step 103;No, perform step 106.
In the present embodiment, concrete, it is judged that whether initialisation identifications resets, if it is represent it is the Once Load document;Otherwise, represent it is not first time load document.
Step 103: obtain operation information, it may be judged whether get operation information;
It is to perform step 104;No, prompting does not gets operation information, quits a program.
In the present embodiment, operation information includes, encryption identification, encryption lock type information and fileinfo ;
Obtain operation information, particularly as follows:
JVMTI call back function opens the loading interpreter at current JVMTI call back function place in the way of reading File, from the acquisition operation information loaded interpreter file opened;
Such as, after opening loading interpreter file in the way of reading, from the end loading interpreter file Starting to obtain the operation information of 310 byte lengths, the operation information of acquisition is,
627452514D653E642F5D1200BC08040001000000780000004CC4F8C80000 000000000000000000000000000000000000000000000000000000000000 1995EF8B0000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 00000000000000007E620D4E305207639A5B8476A052C65B019500000000 000000000000……;
Wherein, encryption identification totally 10 bytes are, 627452514D653E642F5D;
Encryption lock type information and fileinfo be,
1200BC08040001000000780000004CC4F8C8000000000000000000000000 00000000000000000000000000000000000000001995EF8B000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000 000000000000000000007E620D4E305207639A5B8476A052C65B01950000 0000000000000000……;
Step 104: judge whether encryption lock to be detected;
It is to set up data communication with encryption lock, performs step 105;No, report an error, quit a program.
In the present embodiment, it may be judged whether method encryption lock being detected, specifically include A to E:
A: obtain encryption identification, encryption lock type information and fileinfo from operation information;
B: judge the encryption identification got from operation information and the encryption identification got from file The most identical;
If it is, perform C;Otherwise, expression is not detected by encryption lock.
C: encryption lock type information and fileinfo are write relief area;
D: initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform E;
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise , represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
E: judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return D.
Step 105: obtain decruption key from encryption lock, by initialisation identifications set, by decruption key Preserve to buffer area;
In the present embodiment, after obtaining decruption key, disconnect the data communication with encryption lock.
Such as, the decruption key of acquisition is:
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C, 0x0D,0x0E,0x0F,0x11;
Step 106: obtain the first check value from file, uses specific mode calculation document, obtains Result of calculation is the second check value, it is judged that the first check value and the second check value are the most identical;
It is to perform step 107;No, prompting file is destroyed, and quits a program.
In the present embodiment, from file, obtain the first check value specifically, obtain in file ciphertext Rear four bytes are the first check value, then to the part removed in ciphertext beyond the first check value Use CRC32 mode to calculate, obtain the second check value.
Such as, the first check value of acquisition is D58B6A20.
Step 107: distribute the first internal memory;
In the present embodiment, as a example by the call back function in step 101, wherein unsigned char** New_class_data is the first internal memory.
Step 108: obtain decruption key from buffer area, obtains decipherment algorithm according to operation information, and According to decipherment algorithm and decruption key, the specified portions in file is deciphered, obtains decrypted result, And obtain decrypted result length, decrypted result and decrypted result length are preserved to the first internal memory, Then step 109 is performed;
In the present embodiment, obtain decipherment algorithm according to the encryption identification in operation information, to close in file Literary composition is decrypted;In step 103 as a example by operation information sample data, obtain and in operation information The decipherment algorithm that encryption identification 627452514D653E642F5D is corresponding.Wherein, decipherment algorithm bag Include 3DES, RC4 etc..Decrypted result and decrypted result length are preserved to unsigned char* * in new_class_data.
Step 109: return the decrypted result in the first internal memory and decrypted result length, prompting deciphering completes , return principal function;
In the present embodiment, a length of 1015 bytes of decrypted result of return;The decrypted result returned is ,
CAFEBABE0000003100390A0010001B09001C001D07001E0A0003001B0800 1F0A000300200A000F00210800220A000300230A002400250700260A000B 001B0A000B00270A0028002907002A07002B0100063C696E69743E010003 2829560100 04436F646501000F4C696E654E756D6265725461626C650100046D61696E 010016285B4C6A6176612F6C616E672F537472。
When JVMPI call back function is called, as in figure 2 it is shown, perform following operation, specifically include:
Step 201:JVMPI call back function judges whether notification event is predeterminable event;
It is to perform step 202;No, the new-classdata pointer in notification event object is pointed to Hook-classdata, returns principal function.
In the present embodiment, predeterminable event is JVMPI-EVENT-CLASS-LOAD-HOOK;Such as, JVM PI call back function is, notifyEvent (JVMPI_Event * event);Pass through event-> e vent_type == JVMPI_EVENT_CLASS_LOAD_HOOK;Realize judging notification event Whether it is predeterminable event.
Step 202: receive parameter, and therefrom obtain file size and file, it is judged that file size and literary composition It is pre-conditioned whether part meets first;
It is to perform step 203;No, return principal function.
In the present embodiment, the file that JVMTI call back function gets includes, deception part, reserved byte , encryption identification, ciphertext;
Judge that file size and file meet the first pre-conditioned needs and meet following condition simultaneously:
1, file size is more than the first preset length, and wherein, the first preset length is the length of deception part The result that degree is added with the length of reserved byte, it is preferred that a length of 256 words of reserved byte Joint;
2, file is the file encrypted, and wherein, the predeterminated position from file obtains encryption identification, Judge whether file is the file encrypted according to encryption identification, if encryption identification adds for presetting Secret mark is known, then file is encrypted;Otherwise, file is encrypted the most.
If meeting above-mentioned two condition, then to meet first pre-conditioned, otherwise for file size and file , it is pre-conditioned that file size and file do not meet first.
Such as, reception parameter is JVMPI-EVENT, according to event-> u.class_load_hook.cl ass_data_len;Obtaining file size, the file size of acquisition is 2144 bytes;According to Event-> u.class_load_hook.class_data obtains file, and the file of acquisition is,
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00 0B07002B01……
00000000000000000000……
627452514D653E642F5D007AA36307FF234BE9308E3BC49992DABC1ED36B 3DC4CFE6BDCFC137CFD2414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5 B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549 B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B BA23B7B750E724FE30A265C23048068CAF8E9F33382D891978208014AB73 513F9099D58B6A20;
Wherein, deception part totally 859 bytes are
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00 0B07002B01……
Reserved byte totally 256 bytes are 00000000000000000000 ...
Encryption identification totally 10 bytes are 627452514D653E642F5D;
Ciphertext totally 925 bytes are
007AA36307FF234BE9308E3BC49992DABC1ED36B3DC4CFE6BDCFC137CFD2 414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5 B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549 B7D38AA3A27B 068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96BBA23B7B750E7 24FE30A265C23048068CAF8E9F33382D891978208014AB73513F9099D58B 6A20;
First preset length is 859 bytes of length, 256 words of length with reserved byte of deception part The result that joint is added, i.e. 1115 bytes, 2144 bytes of file size are preset long more than first Spend 1115 bytes, meet file size more than the first preset length.
Encryption identification is obtained, specifically, cheat the length phase of partial-length and reserved byte from file The result added is as initial address, i.e. initial address is 1115, obtains the number of 10 byte lengths According to identical with predetermined encryption mark, meeting file is the file encrypted.
In sum, it is pre-conditioned that the file size received and file meet first.
Step 203: judge whether it is first time load document according to initialisation identifications;
It is to perform step 204;No, perform step 207.
In the present embodiment, concrete, it is judged that whether initialisation identifications resets, if it is represent it is the Load document;Otherwise, represent it is not first time load document.
Step 204: obtain operation information, it may be judged whether get operation information;
It is to perform step 205;No, prompting does not gets operation information, quits a program.
In the present embodiment, operation information includes, encryption identification, encryption lock type information and fileinfo ;
Obtain operation information, particularly as follows:
JVMPI call back function opens the loading interpreter at current JVMPI call back function place in the way of reading File, from the acquisition operation information loaded interpreter file opened;
Such as, after opening loading interpreter file in the way of reading, from the end loading interpreter file Starting to obtain the operation information of 310 byte lengths, the operation information of acquisition is,
627452514D653E642F5D1200BC08040001000000780000004CC4F8C80000 000000000000000000000000000000000000000000000000000000000000 1995EF8B0000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 00007E620D4E305207639A5B8476A052C65B019500000000000000000000 ……;
Wherein, encryption identification totally 10 bytes are, 627452514D653E642F5D;
Encryption lock type information and fileinfo be,
1200BC08040001000000780000004CC4F8C8000000000000000000000000 00000000000000000000000000000000000000001995EF8B000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000000000 000000000000000000000000000000000000000000000000000000007E62 0D4E305207639A5B8476A052C65B019500000000000000000000……;
Step 205: judge whether encryption lock to be detected;
It is to set up data communication with encryption lock, performs step 206;No, report an error, quit a program.
In the present embodiment, it may be judged whether detect that the concrete grammar of encryption lock is identical with step 104.
Step 206: obtain decruption key from encryption lock, by initialisation identifications set, by decruption key Preserve to buffer area;
In the present embodiment, after obtaining decruption key, disconnect the data communication with encryption lock.
Such as, the decruption key of acquisition is:
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C, 0x0D,0x0E,0x0F,0x11;
Step 207: obtain the first check value from file, uses specific mode calculation document, obtains Result of calculation is the second check value, it is judged that the first check value and the second check value are the most identical;
It is to perform step 208;No, prompting file is destroyed, and quits a program.
In the present embodiment, from file, obtain the first check value specifically, obtain in file ciphertext Rear four bytes are the first check value, then to the part removed in ciphertext beyond the first check value Use CRC32 mode to calculate, obtain the second check value.
Such as, the first check value obtained from file is D58B6A20.
Step 208: distribute the second internal memory;
In the present embodiment, according to event-> u.class_load_hook.malloc_f (event-> u.c lass_load_hook.class_data_len-14-clsLen);Realize distribution the second internal memory.
Step 209: obtain decruption key from buffer area, obtains decipherment algorithm according to operation information, and According to decipherment algorithm and decruption key, the specified portions in file is deciphered, obtains decrypted result, And obtain decrypted result length, decrypted result and decrypted result length are preserved to the second internal memory, Then step 210 is performed;
In the present embodiment, obtain decipherment algorithm according to the encryption identification in operation information, to close in file Literary composition is decrypted;Wherein, decipherment algorithm includes 3DES, RC4 etc..According to event-> u.clas s_load_hook.new_class_data_len =
event->u.class_load_hook.class_data_len-14-clsLen;Obtain deciphering knot Really length;According to event-> u.class_load_hook.new_class_data=buf; Decrypted result and decrypted result length are preserved to the second internal memory.
Step 210: return the decrypted result in the second internal memory and decrypted result length, prompting deciphering completes , return principal function;
In the present embodiment, a length of 1015 bytes of decrypted result of return;The decrypted result returned is ,
CAFEBABE0000003100390A0010001B09001C001D07001E0A0003001B0800 1F0A000300200A000F00210800220A000300230A002400250700260A000B 001B0A000B00270A0028002907002A07002B0100063C696E69743E010003 282956010004436F646501000F4C696E654E756D6265725461626C650100 046D61696E010016285B4C6A6176612F6C616E672F537472。
It should be noted that in embodiment of the present invention, when the first call back function is called, operation Method is as follows,
Step W1: the first call back function receives parameter and therefrom obtains file size and file, it is judged that literary composition It is first pre-conditioned whether part length and file meet, if met, then performs step W2;No Then, principal function is returned;
Step W2: detection encryption lock, if be detected that encryption lock, then sets up data communication with encryption lock , the ciphertext of acquisition from file, and ciphertext is sent to encryption lock, then perform step W3;
Step W3: encryption lock receives ciphertext, deciphers ciphertext according to decruption key and decipherment algorithm, To decrypted result, return decrypted result;
Step W4: the first call back function receiving and deciphering result, obtains decrypted result according to decrypted result long Degree, returns decrypted result length and decrypted result, and decrypted result and decrypted result length is protected Deposit to the first internal memory, point out successful decryption, return principal function;
When the second call back function is called, operational approach is as follows,
Step V1: the second call back function receives parameter and therefrom obtains file size and file, it is judged that literary composition It is first pre-conditioned whether part length and file meet, if met, then performs step V2;No Then, principal function is returned;
Step V2: detection encryption lock, if be detected that encryption lock, then sets up data communication with encryption lock , from The ciphertext obtained in file, and ciphertext is sent to encryption lock, then perform step V3;
Step V3: encryption lock receives ciphertext, deciphers ciphertext according to decruption key and decipherment algorithm, To decrypted result, return decrypted result;
Step V4: the second call back function receiving and deciphering result, obtains decrypted result according to decrypted result long Degree, returns decrypted result length and decrypted result, and decrypted result and decrypted result length is protected Deposit to the second internal memory, point out successful decryption, return principal function;Above-mentioned embodiment is equally Realize the object of the invention.
It should be noted that in embodiment of the present invention, when the first call back function is called, step Determining it is first time load document in 102, performing step 104 '.
Step 104 ': judge whether encryption lock to be detected, lead to if it is, set up data with encryption lock Letter, performs step 105 to step 107;Otherwise, fault processing is carried out.
Wherein, it may be judged whether method encryption lock being detected, including A ' to B ',
A ': initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform B ';
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise , represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
B ': judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return A '.
Corresponding step 108 replaces with 108 ';
Step 108 ': from buffer area, obtain decruption key, according to default decipherment algorithm and decruption key Specified portions in file is decrypted, obtains decrypted result, and obtain decrypted result length , decrypted result and decrypted result length are preserved to the first internal memory;Then step 109 is performed.
When the second call back function is called, step 203 is determining it is load document, execution for the first time Step Rapid 205 '.
Step 205 ': judge whether encryption lock to be detected, lead to if it is, set up data with encryption lock Letter, performs step 206 to step 208;Otherwise, fault processing is carried out.
Wherein, it may be judged whether method encryption lock being detected, including A ' ' to B ' ',
A ' ': initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform B ' ';
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise , represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
B ' ': judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return A ' '.
Corresponding step 209 replaces with 209 ';
Step 209 ': from buffer area, obtain decruption key, according to default decipherment algorithm and decruption key Specified portions in file is decrypted, obtains decrypted result, and obtain decrypted result length , decrypted result and decrypted result length are preserved to the first internal memory;Then step 210 is performed. Above-mentioned embodiment equally realizes the object of the invention.
It should be noted that report an error, quit a program, it is also possible to for, carry out fault processing, then return Return principal function.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention not office Being limited to this, any those familiar with the art is in the technical scope that the invention discloses , change can be readily occurred in or replace, all should contain within protection scope of the present invention.Therefore , protection scope of the present invention should described be as the criterion with scope of the claims.

Claims (9)

1. the guard method of a java applet, it is characterised in that include,
When call back function is called, perform step S1 to step S3,
Step S1: described call back function receives parameter and therefrom obtains file size and file, it is judged that described literary composition Whether part length and described file meet pre-conditioned, if met, then perform step S2, otherwise, return Principal function;
Step S2: judge whether described file is destroyed, if broken Bad, then prompting file is destroyed, and carries out fault processing, returns principal function;Otherwise, step S3 is performed;
Step S3: obtain decipherment algorithm from the loading interpreter at current call back function place, from encryption lock Obtain decruption key, according to described decipherment algorithm and described decruption key, the ciphertext in described file is solved Close, obtain decrypted result, obtain decrypted result length according to decrypted result, return decrypted result and deciphering knot Really length, returns principal function;
Or, described step S3 is, obtains ciphertext and send it to set up with it data from described file The encryption lock of communication, obtains decipherment algorithm from the loading interpreter at current call back function place, and by described Decipherment algorithm is sent to set up the encryption lock of data communication with it, described encryption lock according to described decipherment algorithm and Described ciphertext is decrypted by decruption key, obtains decrypted result, and described decrypted result is returned by described encryption lock Back to described call back function, described call back function receiving and deciphering result, and obtain decrypted result length, described Call back function returns decrypted result and decrypted result length, returns principal function;
Described call back function is specially JVMTI call back function or JVMPI call back function.
2. the method for claim 1, it is characterised in that when described call back function is specially JVMPI During call back function, also including before described step S1, described call back function judges whether notification event is default Event, if it is, perform step S1;Otherwise, principal function is returned.
3. the method for claim 1, it is characterised in that
Described file specifically includes, deception part, reserved byte, encryption identification and the ciphertext pre-set.
4. method as claimed in claim 3, it is characterised in that
Described judge whether described file size and described file meet pre-conditioned, specifically include,
Judge that whether described file size is more than the first preset length, and judge whether described file is to encrypt File;If it is, described file size and described file meet pre-conditioned, otherwise, described file Length and described file do not meet pre-conditioned.
5. method as claimed in claim 4, it is characterised in that
Described first preset length is specifically, the length phase of length and described reserved byte of described deception part The result added;
Described judge whether file is the file encrypted, specifically include, obtain from described file and add secret mark Knowing, if getting encryption identification, and the encryption identification got is identical with predetermined encryption mark, the most really Determining file is the file encrypted;Otherwise, it determines be not the file encrypted.
6. the method for claim 1, it is characterised in that described judge whether described file is destroyed, Specifically include,
The predeterminated position of the ciphertext from described file obtains the first check value, and ciphertext removes the first check value Part use specific mode calculate, the result of calculation obtained is the second check value, it is judged that described first Check value is the most identical with described second check value, if identical, then it represents that described file would not be destroyed, no Then, represent that described file is destroyed.
7. the method for claim 1, it is characterised in that from encryption lock described in described step S3 Also include after middle acquisition decruption key, by initialisation identifications set, decruption key is preserved to buffer area; Described initialisation identifications is initially reset state.
8. method as claimed in claim 7, it is characterised in that described step S3 includes,
Judge whether it is first time load document according to initialisation identifications, if it is, perform step S3;No Then, from buffer area, decruption key is read, according to described decipherment algorithm and described decruption key to described file In ciphertext be decrypted, obtain decrypted result, according to decrypted result obtain decrypted result length, return solve Close result and decrypted result length, return principal function.
9. method as claimed in claim 8, it is characterised in that described judge whether according to initialisation identifications It is first time load document, specifically includes:
Judge whether initialisation identifications is reset state, if it is, determining is first time load document;No Then, determine it is not first time load document.
CN201310270708.4A 2013-07-01 2013-07-01 A kind of guard method of java applet Active CN103324870B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310270708.4A CN103324870B (en) 2013-07-01 2013-07-01 A kind of guard method of java applet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310270708.4A CN103324870B (en) 2013-07-01 2013-07-01 A kind of guard method of java applet

Publications (2)

Publication Number Publication Date
CN103324870A CN103324870A (en) 2013-09-25
CN103324870B true CN103324870B (en) 2016-08-10

Family

ID=49193609

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310270708.4A Active CN103324870B (en) 2013-07-01 2013-07-01 A kind of guard method of java applet

Country Status (1)

Country Link
CN (1) CN103324870B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105022936A (en) * 2014-04-30 2015-11-04 北京畅游天下网络技术有限公司 Class file encryption and decryption method and class file encryption and decryption device
CN106650342B (en) * 2016-11-29 2023-06-23 北京握奇智能科技有限公司 Jar package reinforcement method and system
CN111273916A (en) * 2018-12-04 2020-06-12 北京京东金融科技控股有限公司 Algorithmic heat deployment method, apparatus, computer system and medium
CN111654774A (en) * 2020-06-08 2020-09-11 歌尔科技有限公司 Earphone charging box, finding method, system and computer readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101980160B (en) * 2010-10-28 2013-02-13 飞天诚信科技股份有限公司 Implementing method for encrypted .NET program
CN102360412B (en) * 2011-09-26 2014-07-02 飞天诚信科技股份有限公司 Method and system for protecting Java source code

Also Published As

Publication number Publication date
CN103324870A (en) 2013-09-25

Similar Documents

Publication Publication Date Title
JP6888011B2 (en) Mobile device with a reliable execution environment
Carvalho et al. Heartbleed 101
CN103324870B (en) A kind of guard method of java applet
Chatzikonstantinou et al. Evaluation of cryptography usage in android applications
CN106294102B (en) Application program testing method, client, server and system
CN107169324A (en) A kind of Android application reinforcement means based on dynamic encryption and decryption
CN103310150A (en) Method and device for detecting portable document format (PDF) vulnerability
Saltaformaggio et al. Screen after Previous Screens:{Spatial-Temporal} Recreation of Android App Displays from Memory Images
Apostolopoulos et al. Discovering authentication credentials in volatile memory of android mobile devices
US10205739B2 (en) Security protocol monitoring
CN105827574A (en) File access system, file access method and file access device
CN105930728B (en) A kind of application checking method and device
CN108133147B (en) Method and device for protecting executable code and readable storage medium
CN105653902B (en) Software registration method and device register code generating method and device
CN107169318A (en) A kind of method and device of application security protection
Zhou et al. Ui obfuscation and its effects on automated ui analysis for android apps
CN106789051B (en) method, device and computing equipment for protecting files
CN109344656A (en) A kind of data encrypting/de-encrypling method of database, device and equipment
Graf et al. Checking applications using security APIs with JOANA
CN113467784A (en) Application program processing method and device and computer readable storage medium
CN108985096A (en) A kind of enhancing of Android SQLite database security, method for safely carrying out and device
CN106874748A (en) A kind of method and apparatus that user data is provided
CN106856497A (en) The binding method and device of a kind of mobile device and accessory
CN103034811A (en) File processing method and system and device
CN102722682B (en) Protection method for Excel document

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant