Summary of the invention
It is an object of the invention to propose a kind of method of calibration of installation kit, apparatus and system, installation kit can be prevented
Check logic improves the reliability that installation kit is examined by decompiling.
According to an aspect of the invention, there is provided a kind of method of calibration of installation kit, wherein comprising steps of
The signature value of the first APK is obtained under C language environment;And it is used to ask using the label name-value pair of the first APK
It asks the required parameter of network data to carry out the first encryption, obtains encrypted word throttling;Encrypted word throttling is sent to clothes
Business device decrypts the encrypted word throttling for the signature value of preconfigured 2nd APK of server by utilizing;Wherein, described second
APK is original APK;Receiving the first APK that is used to identify returned when server does not decrypt the required parameter is quilt
The information of the APK distorted.
According to another aspect of the present invention, a kind of method of calibration of installation kit is provided, wherein comprising steps of
Receive the encrypted word throttling that client is sent;Wherein, the encrypted word throttling is using client in C language environment
The label name-value pair of first APK of lower acquisition is for requesting the required parameter of network data to be encrypted;Using pre-
The signature value of the 2nd APK first configured decrypts the encrypted word throttling;Wherein, the 2nd APK is original APK;If not decrypting
The required parameter out is then returned to client for identifying the information that the first APK is the APK being tampered.
According to another aspect of the present invention, a kind of method of calibration of installation kit is provided, wherein comprising steps of
Client obtains the signature value of the first APK under C language environment;Client utilizes the signature value of the first APK
To for requesting the required parameter of network data to carry out the first encryption, encrypted word throttling is obtained;Client is by the encryption
Byte stream is sent to server;The signature value of preconfigured 2nd APK of server by utilizing, decrypts the encrypted byte
Stream;Wherein, the 2nd APK is original APK;If not decrypting the required parameter, return to client for identifying
State the information that the first APK is the APK being tampered.
According to another aspect of the present invention, a kind of client is provided, wherein include:
First acquisition unit, for obtaining the signature value of the first APK under C language environment;
Encryption unit for the label name-value pair using the first APK is used to that the required parameter of network data is requested to carry out
First encryption obtains encrypted word throttling;
First transmission unit, for encrypted word throttling to be sent to server, so that server by utilizing is pre-configured with
The 2nd APK signature value, decrypt encrypted word throttling;Wherein, the 2nd APK is original APK;
First receiving unit, for receive returned when server does not decrypt the required parameter it is described for identifying
The information that first APK is the APK being tampered.
According to another aspect of the present invention, a kind of server is provided, wherein include:
Second receiving unit, for receiving the encrypted word throttling of client transmission;Wherein, the encrypted word throttling is to utilize
The label name-value pair for the first APK that client obtains under C language environment is for requesting the required parameter of network data to be encrypted
What processing obtained;
Decryption unit decrypts the encrypted word throttling for the signature value using preconfigured 2nd APK;Wherein, institute
Stating the 2nd APK is original APK;
Second transmission unit, if being returned to client for identifying described for not decrypting the required parameter
One APK is the information for the APK being tampered.
According to another aspect of the present invention, a kind of check system of installation kit is provided, wherein include: above-mentioned client
End and above-mentioned server.
Using the present invention, client obtains the signature value of APK in C language environment and encrypts APK using the signature value
Network data request and by encrypted byte stream be sent to server verification, due to above process logic in C language into
' * .so file ' is generated after row compiling, would become hard to crack ' * .so file ' inner logic by decompiling instrument, in breaking techniques
Ratio is greatly increased using the scheme that Java language is realized in difficulty;In server side, the signature of preconfigured original APK is utilized
Value goes to decrypt the byte stream of above-mentioned encryption, if energy successful decryption goes out above-mentioned network data request, illustrates to pacify in above-mentioned client
Dress is original APK, if above-mentioned network data request cannot be decrypted, illustrate to install in above-mentioned client is to be tampered
APK, so as to forbid being equipped with the APK being tampered client correlation function.It therefore, can be with by above-mentioned processing
It prevents the check logic of APK by decompiling, improves the reliability that installation kit is examined.
To achieve the goals above, one or more aspects of the present invention includes being particularly described below and in claim
In the feature that particularly points out.Certain illustrative aspects of the invention is described in detail in the following description and the annexed drawings.However, these
Aspect instruction is only that some of the various ways in the principles of the present invention can be used.In addition, the present invention is intended to include
All such aspects and their equivalent.
Specific embodiment
Various aspects of the disclosure is described below.It is to be understood that teaching herein can have in the form of varied
Body embodies, and any specific structure disclosed herein, function or both are only representative.Religion based on this paper
It leads, should be understood by those skilled in the art that, one aspect disclosed herein can be realized independently of any other aspect,
And two or more aspects in these aspects can combine in various manners.It is, for example, possible to use described in this paper
Any number of aspect, realization device or practices method.Further, it is possible to use other structures, function or in addition to described herein
One or more aspects except or be not one or more aspects described herein structure and function, realize this device
Or practice this method.In addition, any aspect described herein may include at least one element of claim.
Each embodiment of the invention is described below with reference to accompanying drawings.
The present invention proposes that a kind of method of calibration of installation kit, process can refer to Fig. 1;Specifically, comprising steps of
Step S101: the signature value of the first APK is obtained under C language environment;
Wherein, the first APK refers to that user downloads to the APK of client;Specifically, when obtaining the signature value of the first APK,
The signature value sign of the first APK can be obtained by getPost function call getSign function;
Step S102: it is used to request the required parameter of network data to carry out the first encryption using the label name-value pair of the first APK
Processing obtains encrypted word throttling;
Specifically, can by getPost function call encodeData function using the signature value of the first APK as plus
Close key pair network request parameter carries out the first encryption, obtains encrypted word throttling.Wherein, what the first encryption used adds
Close algorithm is reversible symmetry algorithm, and such as: DES algorithm, RC5 algorithm can also use M9 Encryption Algorithm.
Then it carries out step S103: encrypted word throttling being sent to server, for server by utilizing preconfigured the
The signature value of two APK decrypts encrypted word throttling;
Wherein, the 2nd APK is original APK;Step S101 and step S102 is carried out under C language environment, and by encrypted word
Throttling is sent to server, generates ' * .so file ' after being compiled in C language due to above process logic, passes through decompiling
Tool would become hard to crack ' * .so file ' inner logic, in breaking techniques difficulty significantly than the scheme using Java language realization
Increase;
Step S104: receiving the first APK that is used to identify returned when server does not decrypt required parameter is to be tampered
APK information.Wherein, the letter for identifying the first APK as original APK returned when server decrypts required parameter
Breath.
Above-mentioned function getPost, getSign, encodeData, realization process are all located at NDK layers of Android,
Realized with C language, belong to system primary code, ' * .so file ' can be generated after compiling, with decompiling instrument can not decompiling go out
This class file.
Using the present invention, client obtains the signature value of APK in C language environment and encrypts APK using the signature value
Network data request and by encrypted byte stream be sent to server verification, due to above process logic in C language into
' * .so file ' is generated after row compiling, would become hard to crack ' * .so file ' inner logic by decompiling instrument, in breaking techniques
Ratio is greatly increased using the scheme that Java language is realized in difficulty;In server side, the signature of preconfigured original APK is utilized
Value goes to decrypt the byte stream of above-mentioned encryption, if energy successful decryption goes out above-mentioned network data request, illustrates to pacify in above-mentioned client
The original APK of dress illustrates that installs in above-mentioned client is tampered if above-mentioned network data request cannot be decrypted
APK, so as to forbid being equipped with the APK being tampered client correlation function;Therefore the check logic of APK can be prevented
By decompiling, the reliability that installation kit is examined is improved.
In order to further prevent the check logic of APK by decompiling, the reliability of installation kit detection is improved, for above-mentioned reality
Example is applied, in step s 102, is used to request the required parameter of network data to carry out the first encryption using the label name-value pair of the first APK
When processing, it can specifically sequentially include the following steps: and 1) be carried out at the second encryption by signature value of the pre-defined algorithm to the first APK
Reason, obtains the signature value of encrypted first APK;Specifically, getPost function tune can be passed through when carrying out the second encryption
It is encrypted with getKey function according to pre-defined algorithm come the signature value to APK;Wherein, pre-defined algorithm can be md5 and add
Close algorithm is also possible to can produce the algorithm of regular length character string;2) it is used using the label name-value pair of encrypted first APK
To request the required parameter of network data to carry out the first encryption.
Corresponding, after encrypted word throttling is sent to server by step S103, preconfigured press of server by utilizing should
The signature value of encrypted 2nd APK of pre-defined algorithm decrypts encrypted word throttling.It is encrypted i other words making an appointment in client
The mode decrypted in the server, this mode only have client and server to know, simultaneously because in the environment of C language
Lower progress, therefore this mode will not be acquired by decompiling, can fully ensure that safety.
In one aspect of the invention, the initial detecting of APK first can be carried out in client, only passes through initial detecting
, just carry out the installation kit testing process in above-described embodiment after step S102;One of optional method of initial detecting
It is detection APK signature value;Specifically, initial detecting carries out after step slol, comprising steps of
The signature value of first APK is compared by client with the signature value in preconfigured 2nd APK of client, if
Equal, then client carries out the S102 step and testing process later;If unequal, return for identifying the first APK
Information for the APK being tampered.
Another optional method of initial detecting is to obtain dex (type of executable file in Android platform) file
CRC (Cyclical Redundancy Check, cyclic redundancy check) value, the CRC of the crc value and pre-configuration that will acquire
Value compares;Specifically, initial detecting carries out after step slol, comprising steps of
Client obtains the crc value of the dex file of the first APK;
Client is by the crc value of the dex file compared with the crc value of pre-configuration, wherein the crc value of pre-configuration is original
The crc value of the dex file of APK;
When the crc value of dex file is equal with the crc value of pre-configuration, client carries out above-mentioned S102 step and later
Testing process.If the crc value of dex file and the crc value of pre-configuration are unequal, returning for identifying the first APK is to be usurped
The information of the APK changed.
Another optional method of initial detecting is to detect the crc value of dex file again after detecting APK signature value;Tool
Body, initial detecting carries out after step slol, comprising steps of
The signature value of first APK is compared by client with the signature value in preconfigured 2nd APK of client, if
Equal, then client obtains the crc value of dex file;If unequal, returning for identifying the first APK is the APK being tampered
Information;
When the crc value of the dex file is equal with the crc value of pre-configuration, client carries out the S102 step and later
Testing process;If unequal, return for identifying the information that the first APK is the APK being tampered.
As long as APK, by decompiling, dex file will generate variation, crc value can also change.Therefore according to dex file
Crc value can tentatively judge whether the first APK is tampered.
One preferred embodiment process is as shown in Fig. 2, this method is based on client-side.It, can before carrying out detailed process
Advanced line code is obscured: the class name of the first APK, packet name are obscured for Window system and linux system two systems name system
System forbid strictly using filename, such as com1, Com1, wherein obscure and refer to that the class name to the first APK, packet name carry out
Reorganize and processing, obtain Window system and linux system two systems naming system forbid strictly using filename;
Then process is carried out the following processing:
Step S201: client obtains the signature value of the first APK under C language environment;
Step S202: client judge the signature value of the first APK and preconfigured 2nd APK signature value whether phase
Deng;Wherein, the 2nd APK is original APK;If judging result be it is no, carry out step S203;If the determination result is YES, then it carries out
Step S204;
Step S203: client is returned for identifying the information that the first APK is the APK being tampered;
Step S204: client obtains the crc value of the dex file of the first APK;
Step S205: client judges whether the crc value of dex file is equal with the crc value of pre-configuration;Wherein, it is pre-configured
Crc value be crc value for reference, i.e., the crc value of the dex file of original APK;When judge the crc value of dex file with it is prewired
When the crc value set is unequal, step S203 is carried out;When the crc value for judging dex file is equal with the crc value of pre-configuration, carry out
Step S206;
Step S206: client is used to request the required parameter of network data to carry out the using the label name-value pair of the first APK
One encryption obtains encrypted word throttling;Specifically, client can also by pre-defined algorithm first to the signature value of the first APK into
Row encryption;Then it is used to request the required parameter of network data to carry out the further according to the signature value of encrypted first APK
One encryption.
Step S207: encrypted word throttling is sent to server by client, for server by utilizing preconfigured second
The signature value of APK decrypts encrypted word throttling;Specifically, being used when in step S206 according to the signature value of encrypted first APK
Come when the required parameter of network data being requested to carry out the first encryption, server by utilizing is preconfigured to be encrypted by pre-defined algorithm
The signature value of the 2nd APK afterwards decrypts encrypted word throttling.
Step S208: client is received when server decrypts required parameter, by server return for identifying the
One APK is the information of original APK;And when server does not decrypt required parameter, by server return for identifying the
One APK is the information for the APK being tampered.
The invention also provides the method for calibration of another installation kit, this method is based on server side, and process can refer to
Shown in Fig. 3, comprising steps of
Step S301: server receives the encrypted word throttling that client is sent;Wherein, encrypted word throttling is to utilize client
Hold the label name-value pair of the first APK obtained under C language environment for requesting the required parameter of network data to be encrypted
It obtains;
Step S302: preconfigured 2nd APK of server by utilizing signature value decryption encrypted word throttling;Wherein, this
Two APK are original APK;
Step S303: if server decrypts required parameter, it is original for returning to client for identifying the first APK
The information of APK;If server does not decrypt required parameter, returning to client for identifying the first APK is the APK being tampered
Information.
The invention also provides the method for calibration of another installation kit, process be can refer to shown in Fig. 4, and this method is based on visitor
The interaction at family end and server, specific steps include:
Step S401: client obtains the signature value of the first APK under C language environment;
Step S402: the required parameter that client utilizes the label name-value pair of the first APK to be used to request network data carries out the
One encryption obtains encrypted word throttling;
Step S403: client sends above-mentioned encrypted word and throttles to server;
Step S404: preconfigured 2nd APK of server by utilizing signature value decryption encrypted word throttling;Wherein, this
Two APK are original APK;Then step S405 or step S406 is carried out according to decrypted result.
Step S405: if server decrypts the required parameter, returning to client for identifying the first APK is to be somebody's turn to do
The information of original APK;
Step S406: if server does not decrypt the required parameter, it is for identifying the first APK to client return
The information for the APK being tampered.
Another aspect of the present invention, it is also proposed that a kind of client 801, structural schematic diagram can refer to Fig. 5, client
801 include:
First acquisition unit 601, for obtaining the signature value of the first APK under C language environment;
Encryption unit 602 for the label name-value pair using the first APK is used to that the required parameter of network data is requested to carry out
First encryption obtains encrypted word throttling;
First transmission unit 603, for encrypted word throttling to be sent to server, so that server by utilizing is pre-configured with
The 2nd APK signature value, decrypt the encrypted word throttling;Wherein, the 2nd APK is original APK;
First receiving unit 604, for receive returned when server does not decrypt the required parameter for identifying this
The information that first APK is the APK being tampered.And receive returned when server decrypts the required parameter for identifying
First APK is the information of the original APK.
The another aspect of above-mentioned client can be additionally configured to sign name-value pair APK progress initial detecting, tool according to APK
Body, referring to Fig. 6;Client further include:
First comparing unit 605, for carrying out the signature value of the signature value of the first APK and preconfigured 2nd APK
Compare;
First notification unit 606, for notifying the encryption unit when the comparison result of first comparing unit is equal
To for requesting the required parameter of network data to carry out the first encryption;When the comparison result of first comparing unit is not phase
Whens equal, the information for being the APK being tampered for identifying the first APK is returned;Wherein, the 2nd APK is original APK.
The another aspect of above-mentioned client can be additionally configured to carry out initial detecting to APK according to crc value.Specifically,
Referring to Fig. 7, client further include:
Second acquisition unit 607, the crc value of the dex file for obtaining the first APK;
Second comparing unit 608, for the crc value of the dex file to be compared with the crc value of pre-configuration;
Second notification unit 609, for notifying the encryption unit pair when the comparison result of the second comparing unit is equal
For requesting the required parameter of network data to carry out the first encryption;When the comparison result of the second comparing unit is unequal
When, return to the information for being the APK being tampered for identifying the first APK;Wherein, the crc value of pre-configuration is the dex of original APK
The crc value of file.
Another aspect of the present invention, it is also proposed that a kind of server 802, structural schematic diagram can refer to Fig. 8, server
802 include:
Second receiving unit 701, for receiving the encrypted word throttling of client transmission;Wherein, encrypted word throttling is benefit
The label name-value pair of the first APK obtained under C language environment with client is for requesting the required parameter of network data to be added
What close processing obtained;
Decryption unit 702 throttles for decrypting the encrypted word using the signature value of preconfigured 2nd APK;Wherein, should
2nd APK is original APK;
Second transmission unit 703, if for decrypting the required parameter, to client return for identify this first
APK is the information of the original APK;If not decrypting the required parameter, returning to client for identifying the first APK is quilt
The information of the APK distorted.
Another aspect of the present invention, it is also proposed that a kind of check system of installation kit, structural schematic diagram can refer to Fig. 9,
The system includes: client 801 shown in fig. 5 and server shown in Fig. 8 802.It is also possible to the client of Fig. 6 or Fig. 7
And the server of Fig. 8.
Using the present invention, client obtains the signature value of APK in C language environment and encrypts APK using the signature value
Network data request and by encrypted byte stream be sent to server verification, due to above process logic in C language into
* .so file is generated after row compiling, being packaged party would become hard to crack the logic in * .so by decompiling instrument, in breaking techniques hardly possible
Ratio is greatly increased using the scheme that Java language is realized on degree;In server side, the signature value of preconfigured original APK is utilized
The byte stream for decrypting above-mentioned encryption is gone to illustrate to install in above-mentioned client if energy successful decryption goes out above-mentioned network data request
Original APK illustrate that installs in above-mentioned client is tampered if the request of above-mentioned network data cannot be decrypted
APK, so as to forbid being equipped with the APK being tampered client correlation function;Therefore the check logic of APK can be prevented
By decompiling, the reliability that installation kit is examined is improved.
In addition, typically, mobile terminal of the present invention can be various hand-held terminal devices bluetooth-capable, example
Such as mobile phone bluetooth-capable, personal digital assistant (PDA).
In addition, being also implemented as being executed by the processor (such as CPU) in mobile terminal according to the method for the present invention
Computer program, and store in a memory in the mobile terminal.When the computer program is executed by processor, sheet is executed
The above-mentioned function of being limited in the method for invention.
In addition, it is also implemented as a kind of computer program product according to the method for the present invention, the computer program product
Including computer-readable medium, be stored on the computer-readable medium for execute limited in method of the invention it is above-mentioned
The computer program of function.
In addition, above method step and system unit also can use controller and for storing so that controller is real
The computer readable storage devices of the computer program of existing above-mentioned steps or Elementary Function are realized.
Those skilled in the art will also understand is that, various illustrative logical blocks, mould in conjunction with described in disclosure herein
Block, circuit and algorithm steps may be implemented as the combination of electronic hardware, computer software or both.It is hard in order to clearly demonstrate
This interchangeability of part and software, with regard to various exemplary components, square, module, circuit and step function to its into
General description is gone.This function is implemented as software and is also implemented as hardware depending on concrete application and application
To the design constraint of whole system.Those skilled in the art can realize described in various ways for every kind of concrete application
Function, but this realization decision should not be interpreted as causing a departure from the scope of the present.
Although content disclosed above shows exemplary embodiment of the present invention, it should be noted that without departing substantially from power
Under the premise of benefit requires the scope of the present invention limited, it may be many modifications and modify.It is real according to invention described herein
The function, step and/or movement for applying the claim to a method of example are not required to the execution of any particular order.In addition, although the present invention
Element can describe or require in the form of individual, be unless explicitly limited odd number it is also contemplated that multiple.
Although describing each embodiment according to the present invention above with reference to figure to be described, those skilled in the art
Member can also do it should be appreciated that each embodiment proposed to aforementioned present invention on the basis of not departing from the content of present invention
Various improvement out.Therefore, protection scope of the present invention should be determined by the content of appended claims.