CN111639311A - Method, apparatus, computer device and medium for preventing decompiling of executable files - Google Patents
Method, apparatus, computer device and medium for preventing decompiling of executable files Download PDFInfo
- Publication number
- CN111639311A CN111639311A CN202010471738.1A CN202010471738A CN111639311A CN 111639311 A CN111639311 A CN 111639311A CN 202010471738 A CN202010471738 A CN 202010471738A CN 111639311 A CN111639311 A CN 111639311A
- Authority
- CN
- China
- Prior art keywords
- executable file
- node
- file
- server
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000008569 process Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 9
- 230000008901 benefit Effects 0.000 description 5
- 238000004806 packaging method and process Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012858 packaging process Methods 0.000 description 3
- 238000012856 packing Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present application relates to a method, apparatus, computer device and medium for preventing decompiling of executable files. The method for preventing the decompiling of the executable file comprises the following steps: the node acquires the encrypted first executable file and file information of the first executable file; the node acquires a key for decrypting the first executable file from the first server according to the file information and the user information of the node; and the node decrypts the first executable file by using the key and loads the decrypted second executable file into the memory. By the method and the device, the technical problem of source code leakage in the related technology is solved, and the safety of the source code is improved.
Description
Technical Field
The present application relates to the field of computer network security, and more particularly, to a method, apparatus, computer device, and computer-readable storage medium for preventing decompiling of executable files.
Background
In a conventional manner, as shown in fig. 1, Source code (Source) is compiled by a Compiler (Compiler) to successfully generate a Bytecode (Bytecode) into a packet on a hard Disk (Disk) (so-called a packaging process), and then the packet can be loaded into a memory of a computer and form a Bytecode (Bytecode), which can be loaded into a memory of the JVM by the JVM (java Runtime environment) and executed or executed by the computer in a loading process via a class Loader (call Loader) handler, wherein the class Loader is a tool for loading the Bytecode (Bytecode), and it can be said that the Bytecode (Bytecode) compiled by the Compiler must be identified by the class Loader (call Loader) or else cannot be executed. In this scheme, when the source code is generated into a packet by the compiler, the packet can be decompiled into the source code by the decompiler, and there is leakage of the source code, resulting in the disclosure and loss of business logic.
However, in the related art, in order to solve the above technical problem, the security performance of the source code is improved and the security is increased by encrypting the source code, compiling the encrypted source code file into an executable file, and finally packaging and distributing the executable file through a packaging tool. However, in the above scheme, the inventor finds in the research process that by means of encrypting the source code and then generating the executable file, the executable file can still be compiled into the source code by a decompiler, or the source code can be leaked.
At present, no effective solution is provided for the technical problem of source code leakage in the related art.
Disclosure of Invention
The embodiment of the application provides a method, a device, a system, a computer device and a computer readable storage medium for preventing an executable file from being decompiled, so as to at least solve the technical problem of source code leakage in the related art.
In a first aspect, an embodiment of the present application provides a method for preventing an executable file from being decompiled, where the method includes:
a node acquires an encrypted first executable file and file information of the first executable file;
the node acquires a key for decrypting the first executable file from a first server according to the file information and the user information of the node;
and the node decrypts the first executable file by using the key and loads a second executable file obtained by decryption into the memory.
In some embodiments, the node obtaining, from the first server, a key for decrypting the first executable file according to the file information and the user information of the node comprises:
the node sends the file information and the user information to the first server, and acquires an authentication token from the first server;
and the node acquires a key for decrypting the first executable file from the first server according to the authentication token.
In some embodiments, before the node obtains the encrypted first executable file and the file information of the first executable file, the method includes:
and the node encrypts the first executable file by adopting a symmetric encryption algorithm and stores a key for encrypting the first executable file into the first server.
In some embodiments, the node obtaining, from the first server, a key for decrypting the first executable file according to the file information and the user information of the node comprises:
the node sends the file information and the user information to the first server, and acquires an authentication token from the first server;
and the node acquires a key for encrypting the first executable file from the first server according to the authentication token, and uses the key for encrypting the first executable file as a key for decrypting the first executable file.
In some embodiments, the node decrypts the first executable file using the key, and loads a decrypted second executable file into the memory, including:
the node decrypts the first executable file by using the key to obtain a second executable file;
the node judges whether a use instruction input by a user is received;
and loading the second executable file into the memory when the node judges that the use instruction input by the user is received.
In some embodiments, after the node decrypts the first executable file using the key and loads the decrypted second executable file into the memory, the method further includes:
the node collects and decrypts the encrypted first executable file to obtain an operation log generated in the process of obtaining the second executable file, wherein the operation log comprises the decryption failure times of the first executable file;
the node sends the operation log to a second server so that the second server can judge whether the decryption failure times of the first executable file in preset time exceed preset times or not;
and under the condition that the second server judges that the decryption failure times of the first executable file exceed the preset times within the preset time, the node acquires a first preset limiting rule generated by the second server.
In some embodiments, after the node decrypts the first executable file using the key and loads the decrypted second executable file into the memory, the method further includes:
the node collects and decrypts the encrypted first executable file to obtain an operation log generated in the process of obtaining the second executable file, wherein the operation log comprises the user information;
the node sends the operation log to a second server so that the second server can judge whether user information corresponding to the user information exists or not;
and under the condition that the second server judges that the user information corresponding to the user information does not exist, the node acquires a second preset limiting rule generated by the second server.
An embodiment of the present application further provides an apparatus for preventing decompiling an executable file, where the apparatus includes:
the first acquisition module is used for acquiring the encrypted first executable file and the file information of the first executable file by the node;
a second obtaining module, configured to obtain, by the node, a key for decrypting the first executable file from a first server according to the file information and user information of the node;
and the decryption module is used for decrypting the first executable file by the node by using the key and loading the decrypted second executable file into the memory.
In a third aspect, an embodiment of the present application provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the computer program, implements the method for preventing decompiling an executable file according to the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which when executed by a processor, implements the method for preventing decompiling an executable file as described in the first aspect above.
Compared with the related art, the method, the device, the computer equipment and the medium for preventing the decompiling of the executable file, provided by the embodiment of the application, are used for acquiring the encrypted first executable file and the file information of the first executable file through the node; the node acquires a key for decrypting the first executable file from the first server according to the file information and the user information of the node; the node decrypts the first executable file by using the key and loads the second executable file obtained by decryption into the memory, so that the technical problem of source code leakage in the related technology is solved, and the security of the source code is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart of a compiling method of a source code in the related art;
FIG. 2 is a flow diagram of a method of preventing decompiling of an executable file according to an embodiment of the application;
FIG. 3 is a flow diagram of a method of packaging a first executable file according to an embodiment of the present application;
FIG. 4 is a timing interaction diagram corresponding to a method for preventing decompiling of an executable file according to a preferred embodiment of the present application;
FIG. 5 is a block diagram illustrating a structure of an apparatus for preventing decompiling of an executable file according to an embodiment of the present disclosure;
FIG. 6 is a block diagram II of an apparatus for preventing decompiling of an executable file according to an embodiment of the present application;
fig. 7 is a hardware configuration diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application.
It is obvious that the drawings in the following description are only examples or embodiments of the present application, and that it is also possible for a person skilled in the art to apply the present application to other similar contexts on the basis of these drawings without inventive effort. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as referred to herein means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The embodiment provides a method for preventing an executable file from being decompiled. Fig. 2 is a flowchart of a method for preventing decompiling an executable file according to an embodiment of the present application, and as shown in fig. 2, the flowchart includes the following steps:
in step S201, the node acquires the encrypted first executable file and file information of the first executable file.
Before step S201, in some embodiments, the node encrypts the first executable file by using a symmetric encryption algorithm, and stores the key for encrypting the first executable file and the file information of the first executable file in the first server, in this way, it is ensured that the first executable file is not compiled into the source code file by the decompiler, and the key for encrypting the first executable file and the file information of the first executable file are stored in the first server, so that when the node decrypts the encrypted first executable file, the node obtains the key for encrypting the first executable file from the first server according to the file information of the first executable file and the first executable file, and decrypts the first executable file.
The decryption key and the encryption key in a symmetric encryption algorithm are the same key. In this embodiment, the symmetric encryption algorithm may employ One-time pad encryption, which has the following advantages compared to other encryption methods:
the advantage 1 is that the key must be randomly generated, so that the artificial generation of the key is avoided, and the risk of being cracked is reduced.
Advantage 2, the key cannot be reused.
Advantage 3, the length of the key and the ciphertext is the same, and the length of the ciphertext is difficult to distinguish.
Meanwhile, in this embodiment, the encryption is not limited to the One-time pad encryption in the above implementation, but may be other symmetric encryption manners in the related art, and the encryption manner may be determined according to the setting of the user, and in some embodiments, asymmetric encryption may also be adopted.
After the encryption, when the encrypted first executable file needs to be decrypted, the encrypted first executable file and the file information of the first executable file may be packaged first, so as to save space, and therefore, in step S201, before the node acquires the file information of the encrypted first executable file and the first executable file in the above embodiment, the node may unpack the file information of the packaged encrypted first executable file and the first executable file, and further acquire the file information of the encrypted first executable file and the first executable file.
In step S202, the node obtains a key for decrypting the first executable file from the first server according to the file information and the user information of the node.
In some embodiments, the node may obtain the key for decrypting the first executable file from the first server according to the file information and the user information of the node by: the node sends the file information and the user information to a first server, and acquires an authentication token from the first server; the node obtains a key from the first server for decrypting the first executable file based on the authentication token. In this embodiment, the authentication token may be a kind of identity information determination for the node, and in a case that the identity information is determined, the node acquires the key for decrypting the first executable file from the first server, and by this way, security of acquiring the key for decrypting the first executable file is improved.
Meanwhile, in this embodiment, the mode adopted by the encrypted first executable file is the One-time pad encryption in the above embodiment. In some embodiments, the node may obtain the key for decrypting the first executable file from the first server according to the file information and the user information of the node by: the node sends the file information and the user information to a first server, and acquires an authentication token from the first server; the node acquires a key for encrypting the first executable file from the first server according to the authentication token, and uses the key for encrypting the first executable file as a key for decrypting the encrypted first executable file. By adopting the One-time pad encryption, the consistency of the decrypted key and the encrypted key can be ensured, and the decrypted key and the encrypted key cannot be reused after the encrypted first executable file is decrypted, so that the decrypted security is improved.
In step S203, the node decrypts the first executable file using the key, and loads the decrypted second executable file into the memory.
In this step, decryption of the encrypted first executable file is achieved based on the key for decrypting the executable file acquired in step S202.
It should be noted that the second executable file may be compiled into the source code.
Through steps S201 to S203, in this embodiment, since the node acquires the encrypted first executable file, the decompiler in the related art cannot decompilate the encrypted first executable file to obtain the corresponding source code, thereby solving the technical problem of source code leakage in the related art and improving the security of the source code.
In some embodiments, in step S203, after the node decrypts the first executable file using the key, the manner of loading the decrypted second executable file into the internal may be: the node decrypts the first executable file by using the key to obtain a second executable file; the node judges whether a use instruction input by a user is received; and loading the second executable file into the memory when the node judges that the use instruction input by the user is received. By the method, the second feasibility file is loaded according to the use instruction input by the user, and the problem that the node needs to load the second executable file every time and occupies a loaded memory can be solved.
After step S203, the node may acquire an operation log generated in a process of decrypting the encrypted first executable file to obtain a second executable file, where the operation log includes decryption failure times of the first executable file; the node sends the operation log to a second server so that the second server can judge whether the decryption failure times of the first executable file in the preset time exceed the preset times or not; and under the condition that the second server judges that the decryption failure times of the first executable file exceed the preset times within the preset time, the node acquires a second preset limiting rule generated by the second server. By the method, the decryption failure times of the first executable file can be monitored in real time, the decryption of the first executable file is limited conveniently according to the decryption times, and the problem of malicious decryption can be avoided.
In this embodiment, the first preset restriction rule may include the following policies:
early warning strategy: when the early warning is triggered, the information of the exception is generated, the exception information is not limited to whether the secret key is legal or not, whether the header field of the request file is legal or not and the like, and meanwhile, the item name, the user information and the item version information corresponding to the first executable file can be sent to a user concerned by the decryption service, and the sending mode can be short messages, mails and the like.
And (3) limiting strategy: when the decryption failure times reach the preset times, the node immediately closes the decryption times of the first executable file, for example, the limit times can be set to 0, and the limit behavior is recorded; the original decryption times can be recovered after the preset time, if the threshold value is reached again, the decryption service of the first executable file is locked, the decryption request is not accepted later unless the staff manually removes the limitation, and early warning information is sent out.
After step S203, the node may further acquire an operation log generated in a process of decrypting the encrypted first executable file to obtain a second executable file, where the operation log includes user information; the node sends the operation log to a second server so that the second server can conveniently judge whether user information corresponding to the user information exists or not; and under the condition that the second server judges that the user information corresponding to the user information does not exist, the node acquires a second preset limiting rule generated by the second server. In this embodiment, the user information may be an IP corresponding to the node, and the decryption limitation on the user information stored in this way may be implemented.
In the above embodiment, the second preset restriction rule may include the following policy:
and (3) limiting strategy: when the failure times reach the threshold times, a packing request for closing the IP request is immediately carried out, the limiting times are reduced to 0, and the limiting behavior is recorded; and recovering the original threshold value the next day, locking the user IP unpacking service if the original threshold value is reached again, and not accepting the unpacking request until the staff manually removes the limitation and sends out early warning information.
Tracking strategy: analyzing the legality of the decryption request according to decryption request information (a header field of a request file, a request IP, a request port, a request timestamp, a request parameter and a request key), and judging that the decryption request is illegal if the header field of the request file does not have the preset header field of the file, and considering that the decryption request is a malicious request; then analyzing the key, judging whether the length of the key is legal or not, and if not, considering that the key is possibly forged; finally, whether the key is generated by the node is verified again, if the decryption request is not considered as an illegal request, if the key is generated by the system, the key is considered to be invalid, the illegal of the decryption request can be ignored, and meanwhile, the legal decryption request can be sent out to give an early warning to a concerned user.
The embodiments of the present application are described and illustrated below by means of preferred embodiments.
In this embodiment, the first executable file may be packaged first, and fig. 3 is a flowchart of a method for packaging the first executable file according to an embodiment of the present application. As shown in fig. 3, the packaging process includes the following steps:
in step S301, a node packages a source code project, where the source code project carries project information, project name (project _ name), project version (version), project unique identifier (uuid), and source code (project _ source).
Step S302, the node generates user information (user _ info) according to a project name (project _ name), a project version (version) and a project unique identifier (uuid) carried by a source code project (project), and generates a key (secret _ key) according to an One-time pad algorithm, wherein in the step, the user information can be set to limit that the decryption can be performed only 6 times in every 5 minutes, and finally, the key, the user information and the key are stored in a first server.
In step S303, the node executes a package Command (package Command) to compile the source code (project _ source) into the first executable file (project _ class).
It should be noted that the compiling process may be: after the source code file is created, the source code file is compiled into a class file by a java compiler in the JVM. When java compiles a class, if the class depended by the class is not compiled, the compiler automatically compiles the class depended by the class first and then refers to the class. If the class file or the java source code file of the class on which the class depends cannot be found by the java compiler under the specified directory, an abnormal error of the Cantfound sysbol is reported.
Step S304: the node encrypts the first executable file (project _ class) with the key generated in step S302, and generates a first executable file (project _ class _ key) encrypted under a specific environment, wherein the encryption process is performed cyclically if there are a plurality of first executable files.
Step S305: and finally generating a packet corresponding to the encrypted first executable file under the specific environment by the node according to the first executable file (project _ class _ key).
In the above way, the encryption of the first executable file and the determination of the security of the first source code can be realized.
After the encrypted first executable file is packaged, in some embodiments, it is necessary to unpack a package corresponding to the encrypted first executable file, where unpacking is a reverse packaging process, and a modified place in this embodiment of the present application is not a compiler but a running environment link of the package. For example, if the jar package running environment is a JVM, the packaged package has to run under the modified JVM to be smoothly executed when it is desired to run deployment, and therefore, before loading the first executable file into the memory, the process of the modified JVM loader is to decrypt the encrypted first executable file before loading the first executable file, and then load the first executable file into the memory.
For example, in this embodiment, the node may be a JVM class loader, the first server may be an unpacking server, the second server may be a wind-control server, and fig. 4 is a timing interaction diagram corresponding to the method for preventing decompiling an executable file according to the preferred embodiment of the present application, as shown in fig. 4, the interaction flow includes:
step S401, the JVM class loader triggers a deployment command.
Step S402, the JVM class loader loads the package corresponding to the encrypted first executable file into a memory of the JVM class loader, and generates an encrypted executable file and file information that can be executed only under the same specific environment as step S304, where the file information includes the item information, the item name (project _ name), the item version (version), and the item unique identifier (uuid) in step S301.
Step S403, the JVM loader sends an authentication request to the unpacking server to obtain authentication information token according to the file information and the user information corresponding to the JVM loader, and the authentication information token is authenticated according to the user information user _ info and the file information to obtain a pass.
And S404, returning the authentication information token when the unpacking server passes the authentication. And then the JVM loader acquires the key according to the user information user _ info and the authentication information token.
Step S405, when the JVM class loader loads a class, it decrypts the class according to the first executable file and the key to generate a second executable file, and if there are multiple cycles of decryption and loading the class into the memory, the JVM class loader already loads the second executable file and the second executable file can already be executed.
It should be noted that the running process of the executable file of the JVM class loader is roughly divided into two steps: (1) loading of executable files (2) execution of executable files. Meanwhile, it is also required to explain that: the JVM class loader does not load immediately, mainly when the class is actively used when the executable file is run for the first time. In other words, the JVM class loader does not load all the used executables into memory at runtime, but loads them when used or has to load them, and only loads them once.
And step S406, the JVM loader generates the operation logs from the step S401 to the step S405 and sends the operation logs to the wind control server, and sends decryption completion information to the unpacking server, at this time, the unpacking server also sends the corresponding operation logs to the wind control server, and the wind control server stores the operation logs into a database for monitoring.
It should be noted that the main function of the wind control server is to store an operation log generated in the process of decrypting the first executable file, monitor and count the decryption condition of the decrypted first executable file in real time, facilitate the investigation of information, and automatically count the decryption times of the packet at regular time every 5 minutes, 10 minutes, 30 minutes, 1 hour, 2 hours, and 1 day by mail to the user who concerns the information. If the decryption times of some encrypted first executable files exceed the limit times, warning information is initiated, and the decryption times of the encrypted first executable files are reduced to 0.
Meanwhile, a wind control rule can be preset in the wind control server, for example, the number of times of decryption of a key in error and failure, the number of times of decryption of a key in correct and failure, and the number of times of decryption of a key in success are counted in a preset time, and a limiting strategy or an early warning strategy in the above embodiment is adopted. As another example, the number of times of decryption is requested by user information (e.g., unknown IP) that is not stored in advance is counted, and the restriction policy or the tracking policy in the above embodiment is adopted.
In summary, the present application provides a method for preventing decompiling of an executable file. Compiling the source code into an executable file by optimizing the compiling process of the source code, and encrypting the executable file to generate a final package; when the operation package is deployed, the operational JVM loader is optimized, and because the previous executable file is encrypted, the executable file needs to be decrypted and loaded into a computer memory, so that the executable file can be executed as a file compiled by a source code; in addition, the embodiment of the application can achieve the purposes of monitoring, controlling and limiting the deployment and operation process, and simultaneously prevents the problem that a decompiler compiles the source code file into the source code.
The method in the above embodiment may be applied to an apparatus, as shown in fig. 5, including: the system comprises a project deployment module, a communication module, a source code leakage prevention module, a data storage module and an operation module.
The project deployment module comprises a plurality of source code projects edited by users.
The communication module carries communication modes such as POST, Get and the like.
The source code leakage prevention module comprises a packing server, a wind control server and an unpacking server, wherein the packing server can be a node in the embodiment.
The data storage module comprises a mysql database, an es database and an mq database.
The operation module comprises an independent server and a third-party virtual host, and is used for providing an operation environment for the unpacking server.
The present embodiment further provides a device for preventing decompiling of an executable file, where the device is used to implement the foregoing embodiments and preferred embodiments, and the description of the device that has been already made is omitted. As used hereinafter, the terms "module," "unit," "subunit," and the like may implement a combination of software and/or hardware for a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 6 is a block diagram illustrating a structure of an apparatus for preventing decompiling an executable file according to an embodiment of the present application, where the apparatus includes:
a first obtaining module 61, configured to obtain, by a node, an encrypted first executable file and file information of the first executable file;
a second obtaining module 62, coupled to the first obtaining module 61, for the node to obtain, from the first server, a key for decrypting the first executable file according to the file information and the user information of the node;
and a decryption module 63, coupled to the second obtaining module 62, configured to decrypt the first executable file with the key by the node, and load the decrypted second executable file into the memory.
In some of these embodiments, the apparatus further comprises: the first sending module is used for sending the file information and the user information to a first server by the node and obtaining an authentication token from the first server; and the third obtaining module is used for obtaining the key for decrypting the first executable file from the first server by the node according to the authentication token.
In some of these embodiments, the apparatus further comprises: and the encryption module is used for encrypting the first executable file by the node by adopting a symmetric encryption algorithm and storing a key for encrypting the first executable file into the first server.
In some of these embodiments, the apparatus further comprises: the second sending module is used for sending the file information and the user information to the first server by the node and obtaining the authentication token from the first server; and the fourth obtaining module is used for obtaining the key for encrypting the first executable file from the first server by the node according to the authentication token, and using the key for encrypting the first executable file as the key for decrypting the encrypted first executable file.
In some of these embodiments, the decryption module 63 comprises: the decryption submodule is used for decrypting the first executable file by the node by using the key to obtain a second executable file; the judging submodule is used for judging whether a use instruction input by a user is received by the node; and the loading submodule is used for loading the second executable file into the memory under the condition that the node judges that the use instruction input by the user is received.
In some of these embodiments, the apparatus further comprises: the first acquisition module is used for acquiring an operation log generated in the process of decrypting the encrypted first executable file to obtain a second executable file by the node, wherein the operation log comprises decryption failure times of the first executable file; the third sending module is used for sending the operation log to the second server by the node so that the second server can conveniently judge whether the decryption failure times of the first executable file in the preset time exceed the preset times; the first judgment module is used for acquiring a first preset limiting rule generated by the second server by the node under the condition that the second server judges that the decryption failure times of the first executable file exceed the preset times within the preset time.
In some of these embodiments, the apparatus further comprises: the second acquisition module is used for acquiring an operation log generated in the process of decrypting the encrypted first executable file to obtain a second executable file by the node, wherein the operation log comprises user information; the fourth sending module is used for sending the operation log to the second server by the node so as to facilitate the second server to judge whether the user information corresponding to the user information exists or not; and the second judging module is used for acquiring a second preset limiting rule generated by the second server by the node under the condition that the second server judges that the user information corresponding to the user information does not exist.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
In addition, the method for preventing decompiling of the executable file in the embodiment of the present application described in conjunction with fig. 2 can be implemented by a computer device. Fig. 7 is a hardware configuration diagram of a computer device according to an embodiment of the present application.
The computer device may comprise a processor 71 and a memory 72 in which computer program instructions are stored.
Specifically, the processor 71 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
The memory 72 may be used to store or cache various data files that need to be processed and/or used for communication, as well as possible computer program instructions executed by the processor 71.
The processor 71 may implement any of the above-described embodiments of a method for preventing decompiling of an executable file by reading and executing computer program instructions stored in the memory 72.
In some of these embodiments, the computer device may also include a communication interface 73 and a bus 70. As shown in fig. 7, the processor 71, the memory 72, and the communication interface 73 are connected via the bus 70 to complete mutual communication.
The communication interface 73 is used for realizing communication among modules, devices, units and/or equipment in the embodiment of the present application. The communication interface 73 may also enable communication with other components such as: the data communication is carried out among external equipment, image/data acquisition equipment, a database, external storage, an image/data processing workstation and the like.
The bus 70 comprises hardware, software, or both that couple the components of the computer device to one another. Bus 70 includes, but is not limited to, at least one of the following: data Bus (Data Bus), Address Bus (Address Bus), Control Bus (Control Bus), Expansion Bus (Expansion Bus), and Local Bus (Local Bus). By way of example, and not limitation, Bus 70 may include an Accelerated Graphics Port (AGP) or other Graphics Bus, an Enhanced Industry Standard Architecture (EISA) Bus, a Front-Side Bus (FSB), a HyperTransport (HT) interconnect, an ISA (ISA) Bus, an InfiniBand (InfiniBand) interconnect, a Low Pin Count (LPC) Bus, a memory Bus, a Micro Channel Architecture (MCA) Bus, a Peripheral Component Interconnect (PCI) Bus, a PCI-Express (PCI-X) Bus, a Serial Advanced Technology Attachment (SATA) Bus, a Video electronics standards Association Local Bus (VLB) Bus, or other suitable Bus or a combination of two or more of these. Bus 70 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
The computer device may execute the method for preventing decompiling of the executable file in the embodiment of the present application based on the obtained encrypted first executable file and the file information of the first executable file, thereby implementing the method for preventing decompiling of the executable file described in conjunction with fig. 2.
In addition, in combination with the method for preventing decompiling of executable files in the above embodiments, the embodiments of the present application may be implemented by providing a computer-readable storage medium. The computer readable storage medium having stored thereon computer program instructions; the computer program instructions, when executed by a processor, implement any of the above-described embodiments of a method of preventing decompiling of an executable file.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method of preventing decompiling of an executable file, the method comprising:
a node acquires an encrypted first executable file and file information of the first executable file;
the node acquires a key for decrypting the first executable file from a first server according to the file information and the user information of the node;
and the node decrypts the first executable file by using the key and loads a second executable file obtained by decryption into the memory.
2. The method of claim 1, wherein the node obtaining a key for decrypting the first executable file from a first server according to the file information and user information of the node comprises:
the node sends the file information and the user information to the first server, and acquires an authentication token from the first server;
and the node acquires a key for decrypting the first executable file from the first server according to the authentication token.
3. The method for preventing decompilation of an executable file according to claim 1, wherein before a node obtains the encrypted first executable file and file information of the first executable file, the method comprises:
and the node encrypts the first executable file by adopting a symmetric encryption algorithm and stores a key for encrypting the first executable file into the first server.
4. The method of claim 3, wherein the node obtaining a key for decrypting the first executable file from a first server according to the file information and user information of the node comprises:
the node sends the file information and the user information to the first server, and acquires an authentication token from the first server;
and the node acquires a key for encrypting the first executable file from the first server according to the authentication token, and uses the key for encrypting the first executable file as a key for decrypting the first executable file.
5. The method of claim 1, wherein the node decrypting the first executable file using the key and loading a second executable file into a memory comprises:
the node decrypts the first executable file by using the key to obtain a second executable file;
the node judges whether a use instruction input by a user is received;
and loading the second executable file into the memory when the node judges that the use instruction input by the user is received.
6. The method of claim 1, wherein after the node decrypts the first executable file using the key and loads the decrypted second executable file into the memory, the method further comprises:
the node collects and decrypts the encrypted first executable file to obtain an operation log generated in the process of obtaining the second executable file, wherein the operation log comprises the decryption failure times of the first executable file;
the node sends the operation log to a second server so that the second server can judge whether the decryption failure times of the first executable file in preset time exceed preset times or not;
and under the condition that the second server judges that the decryption failure times of the first executable file exceed the preset times within the preset time, the node acquires a first preset limiting rule generated by the second server.
7. The method of claim 1, wherein after the node decrypts the first executable file using the key and loads the decrypted second executable file into the memory, the method further comprises:
the node collects and decrypts the encrypted first executable file to obtain an operation log generated in the process of obtaining the second executable file, wherein the operation log comprises the user information;
the node sends the operation log to a second server so that the second server can judge whether user information corresponding to the user information exists or not;
and under the condition that the second server judges that the user information corresponding to the user information does not exist, the node acquires a second preset limiting rule generated by the second server.
8. An apparatus for preventing decompiling of an executable file, the apparatus comprising:
the first acquisition module is used for acquiring the encrypted first executable file and the file information of the first executable file by the node;
a second obtaining module, configured to obtain, by the node, a key for decrypting the first executable file from a first server according to the file information and user information of the node;
and the decryption module is used for decrypting the first executable file by the node by using the key and loading the decrypted second executable file into the memory.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of preventing decompiling of an executable file according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a method of preventing decompiling of an executable file according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010471738.1A CN111639311A (en) | 2020-05-29 | 2020-05-29 | Method, apparatus, computer device and medium for preventing decompiling of executable files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010471738.1A CN111639311A (en) | 2020-05-29 | 2020-05-29 | Method, apparatus, computer device and medium for preventing decompiling of executable files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111639311A true CN111639311A (en) | 2020-09-08 |
Family
ID=72328842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010471738.1A Pending CN111639311A (en) | 2020-05-29 | 2020-05-29 | Method, apparatus, computer device and medium for preventing decompiling of executable files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111639311A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032741A (en) * | 2021-04-20 | 2021-06-25 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113495875A (en) * | 2021-06-18 | 2021-10-12 | 宇龙计算机通信科技(深圳)有限公司 | File management method and device, storage medium and electronic equipment |
| CN113553553A (en) * | 2021-07-26 | 2021-10-26 | 平安消费金融有限公司 | Decompilation prevention method and device, computer equipment and storage medium |
| CN113836582A (en) * | 2021-09-30 | 2021-12-24 | 西安诺瓦星云科技股份有限公司 | Software encryption and decryption method and device, electronic equipment and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854245A (en) * | 2009-03-31 | 2010-10-06 | 索尼达德克奥地利股份公司 | Be used to provide method, system, permit server and the software module of permission |
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN103763091A (en) * | 2014-01-09 | 2014-04-30 | 深圳市欧珀通信软件有限公司 | Encrypting method, decrypting method, encrypting device and decrypting device of application program |
| CN103947151A (en) * | 2012-08-24 | 2014-07-23 | 索尼公司 | Information processing device, information storage device, server, information processing system, information processing method, and program |
| CN104094271A (en) * | 2012-01-26 | 2014-10-08 | 微软公司 | Dynamic selection of authorization processes |
| US20150101059A1 (en) * | 2013-10-09 | 2015-04-09 | Google Inc. | Application License Verification |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN107004071A (en) * | 2015-01-12 | 2017-08-01 | 华为技术有限公司 | Software processing equipment, server system and its method |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
| CN109840398A (en) * | 2019-02-14 | 2019-06-04 | 北京儒博科技有限公司 | Software authorization method, device, equipment and storage medium |
-
2020
- 2020-05-29 CN CN202010471738.1A patent/CN111639311A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101854245A (en) * | 2009-03-31 | 2010-10-06 | 索尼达德克奥地利股份公司 | Be used to provide method, system, permit server and the software module of permission |
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN104094271A (en) * | 2012-01-26 | 2014-10-08 | 微软公司 | Dynamic selection of authorization processes |
| CN103947151A (en) * | 2012-08-24 | 2014-07-23 | 索尼公司 | Information processing device, information storage device, server, information processing system, information processing method, and program |
| US20150101059A1 (en) * | 2013-10-09 | 2015-04-09 | Google Inc. | Application License Verification |
| CN103763091A (en) * | 2014-01-09 | 2014-04-30 | 深圳市欧珀通信软件有限公司 | Encrypting method, decrypting method, encrypting device and decrypting device of application program |
| CN107004071A (en) * | 2015-01-12 | 2017-08-01 | 华为技术有限公司 | Software processing equipment, server system and its method |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
| CN109840398A (en) * | 2019-02-14 | 2019-06-04 | 北京儒博科技有限公司 | Software authorization method, device, equipment and storage medium |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032741A (en) * | 2021-04-20 | 2021-06-25 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113032741B (en) * | 2021-04-20 | 2024-01-26 | 江苏保旺达软件技术有限公司 | Class file encryption method, class file operation method, device, equipment and medium |
| CN113495875A (en) * | 2021-06-18 | 2021-10-12 | 宇龙计算机通信科技(深圳)有限公司 | File management method and device, storage medium and electronic equipment |
| CN113553553A (en) * | 2021-07-26 | 2021-10-26 | 平安消费金融有限公司 | Decompilation prevention method and device, computer equipment and storage medium |
| CN113836582A (en) * | 2021-09-30 | 2021-12-24 | 西安诺瓦星云科技股份有限公司 | Software encryption and decryption method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111639311A (en) | Method, apparatus, computer device and medium for preventing decompiling of executable files | |
| US20110289294A1 (en) | Information processing apparatus | |
| US20150095652A1 (en) | Encryption and decryption processing method, apparatus, and device | |
| CN105260663A (en) | Secure storage service system and method based on TrustZone technology | |
| WO2015192637A1 (en) | Method and apparatus for reinforced protection of software installation package | |
| KR101729960B1 (en) | Method and Apparatus for authenticating and managing an application using trusted platform module | |
| CN109657479B (en) | Data leakage prevention method and computer readable storage medium | |
| CN108509802B (en) | Application data anti-leakage method and device | |
| CN111656345B (en) | Software module enabling encryption in container files | |
| US7970133B2 (en) | System and method for secure and flexible key schedule generation | |
| CN110750791B (en) | Method and system for guaranteeing physical attack resistance of trusted execution environment based on memory encryption | |
| CN115442032A (en) | Data processing method, system on chip and readable storage medium | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN112632562B (en) | Device starting method, device management method and embedded device | |
| US20210374262A1 (en) | Instance handling of a trusted execution environment | |
| CN112328415A (en) | Interface calling method and device, computer equipment and readable storage medium | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium | |
| CN109784072B (en) | Security file management method and system | |
| US11615188B2 (en) | Executing software | |
| CN106648770B (en) | Generation method, loading method and device of application program installation package | |
| CN114070548A (en) | Software copyright encryption protection method based on soft dongle device | |
| KR102387685B1 (en) | Secure Boot Verification Method and Secure Element for the Same | |
| CN116436681B (en) | TrustZone-based security isolation system, trustZone-based security isolation method, trustZone-based security isolation terminal and storage medium | |
| CN113849819B (en) | Method, device, computer equipment and storage medium for processing command line instruction | |
| US11784978B2 (en) | Method for establishing remote work environment to ensure security of remote work user terminal and apparatus using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200908 |
|
| RJ01 | Rejection of invention patent application after publication |