CN105718765A - Method for achieving code obfuscation through finite automaton - Google Patents
Method for achieving code obfuscation through finite automaton Download PDFInfo
- Publication number
- CN105718765A CN105718765A CN201610052303.7A CN201610052303A CN105718765A CN 105718765 A CN105718765 A CN 105718765A CN 201610052303 A CN201610052303 A CN 201610052303A CN 105718765 A CN105718765 A CN 105718765A
- Authority
- CN
- China
- Prior art keywords
- character string
- code
- markov chain
- function
- program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000006870 function Effects 0.000 claims abstract description 42
- 230000008569 process Effects 0.000 claims abstract description 16
- 239000012634 fragment Substances 0.000 claims description 5
- 238000005336 cracking Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 claims description 3
- 238000011946 reduction process Methods 0.000 claims description 2
- 230000007704 transition Effects 0.000 claims description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention discloses a method for achieving code obfuscation through a Markov chain, and belongs to the field of computer safety.A constant character string in a code can be encrypted in a compiling stage of the program source code so as not to be recognized during disassembling; meanwhile, in a function calling process, an independent execution instruction is generated through a forward Markov chain code, in other words, the protected function is called after transfer of multiple states, function obfuscation in a running memory is achieved, and then software or a special code segment is protected.The constant character string and a function address can be effectively obfuscated, and reverse engineering analysis program difficulty is greatly increased.
Description
Technical field
The present invention relates to a kind of method utilizing finite automata to realize Code obfuscation, belong to technical field of computer programs.
Background technology
In recent years, along with the progress of information technology, create outstanding in a large number software, APP on the market, they provide various convenient function.Current Code Obfuscation Security Technology mainly has two types, and one is that source code is obscured, and one is that binary code is obscured.Wherein, source code obscure have several as follows: directly source code is obscured, and pretreatment is obscured, abstract syntax tree, and bytecode obscures (JAVA).But due to the characteristic of platform and language, these softwares can be cracked by reverse-engineering easily, obtain and there is very strong readable source code (especially Android platform and JAVA language).Once be cracked, not only directly can be invaded the intellectual property of author, also having the risk adding malicious code after being cracked, make the security privacy of general user be on the hazard.This is a very serious safety problem.In order to reduce the risk cracked by reverse-engineering, Code obfuscation means important as one, comparatively effective, should be given sufficient attention and study.
Summary of the invention
In order to overcome the deficiencies in the prior art; the present invention provides a kind of method utilizing finite automata to realize Code obfuscation; the template meta-programming characteristic that core concept is by C++11 compiler realizes multiple obfuscator; including the string obfuscator that hides character, non-explicit call function obfuscator; the internal model adopting automat of obfuscator carries out the functions such as various debugging identifications again, and then realizes the protection to software or special code fragment.
A kind of method utilizing finite automata to realize Code obfuscation; by utilize C++11 14 language standards provide new features; use template meta-programming characteristic and the finite automata of compiler, it is achieved multiple obfuscator, and then realize the protection to software or special code fragment.
The enforcement of the present invention is not construed as a kind of of the present invention is limited, the improvement of the unsubstantiality that those skilled in the art does on the basis of the present invention, as: the method is directly used in Code obfuscation, it should fall into the protection domain of claims of the present invention.
A kind of method utilizing Markov chain to realize Code obfuscation; can in the compilation phase of program source code; constant character string in code is encrypted; so as to not can recognize that in dis-assembling; meanwhile, by the front unrelated execution instruction of slotting Markov chain code building in function call process, protected function after namely being turned, is recalled by some states; the function realized in running memory is obscured, and then realizes the protection to software or special code fragment.
It is an advantage of the invention that employ multiple C++11 14 provide new characteristic of speech sounds, achieve Code obfuscation, it is possible to effectively obscure constant character string and function address, considerably increase the difficulty of converse works analyzing program.
Accompanying drawing explanation
When considered in conjunction with the accompanying drawings, by referring to detailed description below, can more completely be more fully understood that the present invention and easily learn the advantage that many of which is adjoint, but accompanying drawing described herein is used for providing a further understanding of the present invention, constitute the part of the present invention, the schematic description and description of the present invention is used for explaining the present invention, is not intended that inappropriate limitation of the present invention, such as figure wherein:
Fig. 1 is the overview flow chart that the present invention realizes Code obfuscation;
Fig. 2 is the workflow diagram that the present invention obscures constant character string;
Fig. 3 is the workflow diagram that ambiguity function of the present invention calls;
Fig. 4 is the Markov chain example schematic that detailed description of the invention ambiguity function builds when calling.
Below in conjunction with drawings and Examples, the present invention is further described.
Detailed description of the invention
Obviously, the many modifications and variations that those skilled in the art do based on the objective of the present invention belong to protection scope of the present invention.
Embodiment 1: as shown in Figure 1, Figure 2, Figure 3, Figure 4, a kind of method utilizing finite automata to realize Code obfuscation, it is not limited to method of obscuring in the past somewhat innovation again, offers the same old stuff but with a different label, and the C++11 14 new characteristic of speech sounds provided is provided, by a kind of new way and coordinate finite automata to carry out Code obfuscation, not only improve efficiency but also be easily achieved.
By utilize C++11 14 language standards provide new features; the template meta-programming characteristic using compiler realizes multiple obfuscator; including the string obfuscator that hides character, non-explicit call function obfuscator; the model adopting automat inside obfuscator carries out the functions such as various debugging identifications, and then realizes the protection to software or special code fragment.
A kind of method utilizing finite automata to realize Code obfuscation, including techniques below scheme:
Encryption constant character string step:
Constant character string in code is encrypted by this programme, so as to become not can recognize that in dis-assembling, the speed of the reverse-engineering that effectively slows down.
Finite automata is utilized to carry out obscuring step:
This programme utilizes finite automata, coordinates template meta-programming characteristic, makes function call become to be difficult to identification in dis-assembling, significantly improve the difficulty of reverse-engineering.
Key step:
Step one, encryption constant character string step:
Define a template, add following steps afterwards:
1) becomed privileged by template, add multiple cipher mode;
2) obtain the compiler time by context, generate time-based random number key;
3) utilize variable element template, receive the arbitrary constant character string of length;
4) template meta-programming encryption constant character string is utilized;
Step 2, finite automata is utilized to carry out obscuring step:
Define a template, add following steps afterwards:
Step 1), utilize Boost storehouse structure finite automata;
Step 2), becomed privileged by template, for template add multiple finite automatas;
Step 3), by context obtain the compiler time, generate time-based random number, select different finite automatas.
Step 4), before function call, run compiling time train out report system;
Step 5), the parameter of function being intended to protection is obscured.
Embodiment 2: as shown in Figure 1, Figure 2, Figure 3, Figure 4, a kind of method utilizing finite automata to realize Code obfuscation, comprise the following steps:
Step 1. obscures constant character string;For program source code is intended to carry out obscuring the constant character string A of operation, carry out the operation of following steps:
Step 1-1: randomly select a kind of as the cipher mode to constant character string A from default multiple cipher mode;Wherein, the cipher mode preset need to meet symmetric cryptography;This step should occur, in program compilation process, namely not affect the operational efficiency of program;
Step 1-2: use time-based pseudo random number algorithm to generate random number K, numerical value K as the key used in the cipher mode chosen in step 1-1, participate in the encryption to constant character string A;This step should occur, in program compilation process, namely not affect the operational efficiency of program;
Step 1-3: create character string relief area Buffer, constant character string A is stored in the Buffer of relief area;
Step 1-4: the random key K generated according to the step 1-1 cipher mode chosen and step 1-2, the constant character string A in the character string relief area Buffer created in step 1-3 is encrypted, and the result after encryption is stored in the Buffer of relief area;This step should occur in program compilation process;
After completing above-mentioned steps, the operation of obscuring of constant character string A is terminated;When meeting with reverse cracking, internal memory will not demonstrate and originally should be constant character string A expressly, but the mess code after encryption, protect raw information;
Step 1-5: when running in program, need the character string after obscuring is reduced to original character string, it is reduced to original character string by the content after encryption in the Buffer of character string relief area, reduction process adopts the manner of decryption corresponding with cipher mode described in step 1-1, and uses the key K in step 2 to reduce;This step should occur in program operation process.
Step 2. utilizes Markov chain to call to obscure;For program source code is intended to carry out obscuring the function F of operation, carry out the operation of following steps:
Step 2-1: if containing constant character string in the parameter of function F, then described constant character string is obscured by method described in step 1;
Step 2-2: preset multiple Markov chain, each Markov chain comprises multiple different state, and each state points to different execution instructions, and the transition probability between multiple states of single Markov chain presets;This step should occur in program compilation process;
Step 2-3: randomly select a default Markov chain code, when the function F in program source code is called, at the code of the Markov chain of the previously inserted selected instantiation of function F;This step should occur in program compilation process;
After completing above-mentioned steps, namely complete pairing functions F obscure operation;Actual call function F time, can first run one section of execution instruction specified by selected Markov chain code before function F performing in running memory;Due to the operation each time of Markov chain, the execution instruction that its state path generates all differs, therefore, if meeting with reverse cracking, then one section of independent code before what Markov chain generated be placed in function F can play the effect of ambiguity function F.
The application relational language defines:
Finite automata: namely finite-state automata (Finitestatemachine) is a kind of computation model taken out for studying the calculating process of limited memory and some class of languages.Finite-state automata has the state of limited quantity, and each state can move to zero or more state, and input word string determines to perform the migration of which state.Finite-state automata can be expressed as a directed graph.
Template meta-programming: template meta-programming (Templatemetaprogramming) is a kind of metaprogramming techniques, and compiler uses template to produce temporary source code, then mixes with remaining source code again and compiles.The output of these templates includes compiling constant in period, data structure and complete function.So utilize template can be thought of as the operation of compiling duration.
Variable element template: when variable element template is pattern plate programming, the situation that the number of template parameter is variable.In C++ version before C++11, the parameter of template is always fixed, and this has limited to the use of pattern plate programming.
Context: context refers to confirmable value or function during code compilation again.
Embodiment 3: as shown in Figure 4, a kind of method utilizing finite automata to realize Code obfuscation, the Markov chain built when ambiguity function calls comprises the following steps:
Step 1-1: set several state of automata.According to the complexity needed for this example, set 5 states (State1, State2, State3, State4, State5), and using State1 as the beginning state of this automat, using State5 as the done state of automat;
Step 1-2: set the state that can jump to for each state.In this example, State1 can jump to State2, State3;State2 can jump to State3, State4;State3 can jump to State1 or oneself state;State4 can jump to State3, State5;State5 can terminate the operation of automat;
Step 1-3: the states that can redirect for each state all arrange and redirect probability, each state all redirect state redirect probability and be necessary for 1.
In this example, State1 has the probability of 0.3 to jump to State2, has the probability of 0.7 to jump to State3;State2 has the probability of 0.1 to jump to State3, has the probability of 0.9 to jump to State4;State3 has the probability of 0.8 to jump to State1, has the probability of 0.2 to jump to State3;State4 has the probability of 0.5 to jump to State3, has the probability of 0.5 to jump to State5.
As it has been described above, embodiments of the invention have been explained, but as long as can have a lot of deformation essentially without the inventive point and effect that depart from the present invention, this will be readily apparent to persons skilled in the art.Therefore, such variation is also integrally incorporated within protection scope of the present invention.
Claims (4)
1. one kind utilizes the method that Markov chain realizes Code obfuscation; it is characterized in that can in the compilation phase of program source code; constant character string in code is encrypted; so as to not can recognize that in dis-assembling; meanwhile, by the front unrelated execution instruction of slotting Markov chain code building in function call process, protected function after namely being turned, is recalled by some states; the function realized in running memory is obscured, and then realizes the protection to software or special code fragment.
2. a kind of method utilizing Markov chain to realize Code obfuscation according to claim 1, it is characterised in that comprise the following steps:
Step 1. obscures constant character string;For program source code is intended to carry out obscuring the constant character string A of operation, carry out the operation of following steps:
Step 1-1: randomly select a kind of as the cipher mode to constant character string A from default multiple cipher mode;Wherein, the cipher mode preset need to meet symmetric cryptography;This step should occur, in program compilation process, namely not affect the operational efficiency of program;
Step 1-2: use time-based pseudo random number algorithm to generate random number K, numerical value K as the key used in the cipher mode chosen in step 1-1, participate in the encryption to constant character string A;This step should occur, in program compilation process, namely not affect the operational efficiency of program;
Step 1-3: create character string relief area Buffer, constant character string A is stored in the Buffer of relief area;
Step 1-4: the random key K generated according to the step 1-1 cipher mode chosen and step 1-2, the constant character string A in the character string relief area Buffer created in step 1-3 is encrypted, and the result after encryption is stored in the Buffer of relief area;This step should occur in program compilation process;
Step 1-5: when running in program, need the character string after obscuring is reduced to original character string, it is reduced to original character string by the content after encryption in the Buffer of character string relief area, reduction process adopts the manner of decryption corresponding with cipher mode described in step 1-1, and uses the key K in step 2 to reduce;This step should occur in program operation process.
Step 2. utilizes Markov chain to call to obscure;For program source code is intended to carry out obscuring the function F of operation, carry out the operation of following steps:
Step 2-1: if containing constant character string in the parameter of function F, then described constant character string is obscured by method described in step 1;
Step 2-2: preset multiple Markov chain, each Markov chain comprises multiple different state, and each state points to different execution instructions, and the transition probability between multiple states of single Markov chain presets;This step should occur in program compilation process;
Step 2-3: randomly select a default Markov chain code, when the function F in program source code is called, at the code of the Markov chain of the previously inserted selected instantiation of function F;This step should occur in program compilation process.
3. a kind of method utilizing Markov chain to realize Code obfuscation according to claim 2, it is characterised in that after completing the step of step 1-4 in step 1, the operation of obscuring of constant character string A is terminated;When meeting with reverse cracking, internal memory will not demonstrate and originally should be constant character string A expressly, but the mess code after encryption, protect raw information.
4. a kind of method utilizing Markov chain to realize Code obfuscation according to claim 2, it is characterised in that after completing the step of step 2-3, namely complete pairing functions F obscure operation;Actual call function F time, can first run one section of execution instruction specified by selected Markov chain code before function F performing in running memory;Due to the operation each time of Markov chain, the execution instruction that its state path generates all differs, therefore, if meeting with reverse cracking, then one section of independent code before what Markov chain generated be placed in function F can play the effect of ambiguity function F.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610052303.7A CN105718765A (en) | 2016-01-26 | 2016-01-26 | Method for achieving code obfuscation through finite automaton |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610052303.7A CN105718765A (en) | 2016-01-26 | 2016-01-26 | Method for achieving code obfuscation through finite automaton |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105718765A true CN105718765A (en) | 2016-06-29 |
Family
ID=56154936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610052303.7A Pending CN105718765A (en) | 2016-01-26 | 2016-01-26 | Method for achieving code obfuscation through finite automaton |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105718765A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107247906A (en) * | 2017-06-30 | 2017-10-13 | 武汉斗鱼网络科技有限公司 | A kind of encryption method and device for data |
| CN107463810A (en) * | 2017-08-15 | 2017-12-12 | 合肥爱吾宠科技有限公司 | The method that protecting computer software is realized based on network communication |
| CN108446541A (en) * | 2018-02-12 | 2018-08-24 | 北京梆梆安全科技有限公司 | Source code reinforcement means and device based on finite state machine and semiology analysis |
| CN108470083A (en) * | 2018-02-02 | 2018-08-31 | 宁波大学 | It is a kind of that finite state construction method is obscured based on Kruskal algorithms |
| CN110059455A (en) * | 2019-04-09 | 2019-07-26 | 北京迈格威科技有限公司 | Code encryption method, apparatus, electronic equipment and computer readable storage medium |
| CN110135133A (en) * | 2019-04-19 | 2019-08-16 | 肖银皓 | A kind of integrated source code of compression towards microcontroller obscures method and system |
| CN110888644A (en) * | 2019-12-06 | 2020-03-17 | 成都安恒信息技术有限公司 | JavaScript code obfuscation method for user-defined obfuscation scheme |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | API use action discovering and malice deciding method after confusion of multi-tier synergism |
| CN101853357A (en) * | 2010-04-28 | 2010-10-06 | 北京飞天诚信科技有限公司 | Software protection method |
| CN101986326A (en) * | 2010-12-01 | 2011-03-16 | 浙江核新同花顺网络信息股份有限公司 | Method and device for protecting software security |
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN105005718A (en) * | 2015-06-23 | 2015-10-28 | 电子科技大学 | Method for implementing code obfuscation by Markov chain |
-
2016
- 2016-01-26 CN CN201610052303.7A patent/CN105718765A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101359352A (en) * | 2008-09-25 | 2009-02-04 | 中国人民解放军信息工程大学 | API use action discovering and malice deciding method after confusion of multi-tier synergism |
| CN101853357A (en) * | 2010-04-28 | 2010-10-06 | 北京飞天诚信科技有限公司 | Software protection method |
| CN101986326A (en) * | 2010-12-01 | 2011-03-16 | 浙江核新同花顺网络信息股份有限公司 | Method and device for protecting software security |
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN105005718A (en) * | 2015-06-23 | 2015-10-28 | 电子科技大学 | Method for implementing code obfuscation by Markov chain |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107247906A (en) * | 2017-06-30 | 2017-10-13 | 武汉斗鱼网络科技有限公司 | A kind of encryption method and device for data |
| CN107247906B (en) * | 2017-06-30 | 2019-09-10 | 武汉斗鱼网络科技有限公司 | A kind of encryption method and device for data |
| CN107463810A (en) * | 2017-08-15 | 2017-12-12 | 合肥爱吾宠科技有限公司 | The method that protecting computer software is realized based on network communication |
| CN108470083A (en) * | 2018-02-02 | 2018-08-31 | 宁波大学 | It is a kind of that finite state construction method is obscured based on Kruskal algorithms |
| CN108446541A (en) * | 2018-02-12 | 2018-08-24 | 北京梆梆安全科技有限公司 | Source code reinforcement means and device based on finite state machine and semiology analysis |
| CN108446541B (en) * | 2018-02-12 | 2021-10-29 | 北京梆梆安全科技有限公司 | Source code reinforcing method and device based on finite-state machine and symbol execution |
| CN110059455A (en) * | 2019-04-09 | 2019-07-26 | 北京迈格威科技有限公司 | Code encryption method, apparatus, electronic equipment and computer readable storage medium |
| CN110135133A (en) * | 2019-04-19 | 2019-08-16 | 肖银皓 | A kind of integrated source code of compression towards microcontroller obscures method and system |
| CN110135133B (en) * | 2019-04-19 | 2021-08-17 | 佛山市微风科技有限公司 | Microcontroller-oriented compression integrated source code obfuscation method and system |
| CN110888644A (en) * | 2019-12-06 | 2020-03-17 | 成都安恒信息技术有限公司 | JavaScript code obfuscation method for user-defined obfuscation scheme |
| CN110888644B (en) * | 2019-12-06 | 2023-03-31 | 成都安恒信息技术有限公司 | JavaScript code obfuscation method for custom obfuscation scheme |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105718765A (en) | Method for achieving code obfuscation through finite automaton | |
| CN105005718B (en) | A kind of method that Code obfuscation is realized using Markov chain | |
| CN103544414B (en) | A kind of degree of depth Code obfuscation method of android system application | |
| US8589897B2 (en) | System and method for branch extraction obfuscation | |
| CN108614960B (en) | JavaScript virtualization protection method based on front-end byte code technology | |
| CN106096338B (en) | A kind of virtualization software guard method obscured with data flow | |
| CN103778355B (en) | Code morphing-based binary code obfuscation method | |
| CN103413075B (en) | A kind of method and apparatus of protecting JAVA executable program by virtual machine | |
| US8429637B2 (en) | System and method for conditional expansion obfuscation | |
| CN106778101B (en) | It is a kind of that method is obscured with the Python code that shape is obscured based on control stream | |
| CN106682460B (en) | It is a kind of based on the Code obfuscation method converted twice | |
| CN108733988A (en) | The guard method of executable program on Android platform | |
| CN103413073B (en) | A kind of method and apparatus protecting JAVA executable program | |
| CN107092518A (en) | A kind of Compilation Method for protecting mimicry system of defense software layer safe | |
| US9721120B2 (en) | Preventing unauthorized calls to a protected function | |
| KR101861341B1 (en) | Deobfuscation apparatus of application code and method of deobfuscating application code using the same | |
| WO2008074382A8 (en) | Obfuscating computer program code | |
| CN107908933A (en) | A kind of character string encryption method based on intermediate language | |
| CN105354449A (en) | Scrambling and obfuscating method for Lua language and decryption method | |
| CN108509772B (en) | Source code reinforcement method and device based on execution sequence and single-point logic | |
| CN109344612A (en) | The active defense method and system inversely attacked for program code static analysis | |
| CN103927164B (en) | A kind of script obscures method and system | |
| CN105787305A (en) | Software protection method capable of resisting symbolic execution and taint analysis | |
| CN101986326A (en) | Method and device for protecting software security | |
| US20110167407A1 (en) | System and method for software data reference obfuscation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160629 |
|
| WD01 | Invention patent application deemed withdrawn after publication |