CN112115428B - Code file confusion method, device, electronic equipment and storage medium - Google Patents
Code file confusion method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112115428B CN112115428B CN202010820864.3A CN202010820864A CN112115428B CN 112115428 B CN112115428 B CN 112115428B CN 202010820864 A CN202010820864 A CN 202010820864A CN 112115428 B CN112115428 B CN 112115428B
- Authority
- CN
- China
- Prior art keywords
- file
- parameter
- node
- parameter value
- configuration information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000006870 function Effects 0.000 claims abstract description 245
- 230000014509 gene expression Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000005336 cracking Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 6
- 238000013515 script Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention provides a method, a device, electronic equipment and a storage medium for confusion of code files, wherein the method comprises the following steps: determining an operator node and an operand node from the first syntax tree; creating a basic function file according to node contents corresponding to the operator nodes and the operand nodes; creating a proxy function file according to node contents and basic function files corresponding to the operand nodes; and modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining the confusion code file according to the second grammar tree. The embodiment of the invention provides a code file confusion method, electronic equipment and a storage medium, which are characterized in that by identifying an operator node and an operand node in a grammar tree, the execution functions of operators and operands are realized by a basic function, and then the operator function is mapped to the basic function by a proxy function proxy, so that the confusion of the operators and the operands can be realized, and the reverse difficulty of cracking the code file is increased.
Description
Technical Field
The present invention relates to the field of machine learning and video analysis technologies, and in particular, to a method, an apparatus, an electronic device, and a storage medium for obfuscating a code file.
Background
With the vigorous development of internet technology, WEB applications have popular among many users such as mobile phones, PCs, smart home, etc. However, the JavaScript script in the WEB page H5 is disclosed on the WEB application front-end browser, subject to the limitation of WEB development. The attacker can easily acquire and tamper with the code, which brings great potential safety hazard to the website, thereby damaging the privacy and benefits of the user. Therefore, a reinforcement technology for protecting the safety of the script code becomes important, wherein the confusion technology converts the original script code into a code which has the same operation function as the original script code but is difficult to read, and the difficulty of a cracker is greatly increased.
Existing JavaScript code protection techniques fall into two categories: 1. the JavaScript is encrypted to realize the protection effect, and the essence is encryption. 2. Confusion techniques that confuse JavaScript code streams (constants, variables, function names, etc.).
Whether encrypted with code or obfuscated with respect to data streams such as variables or constants, it is easy to reverse the code logic based on operators.
Disclosure of Invention
Aiming at the problems existing in the prior art, the embodiment of the invention provides a method and a device for confusion of code files, electronic equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a method for obfuscating a code file, including:
acquiring a first grammar tree corresponding to a source code file, and determining an operator node and an operand node belonging to the operator node according to the first grammar tree;
creating a basic function file according to node contents corresponding to the operator node and the operand node respectively;
creating a proxy function file according to node contents corresponding to the operand nodes and the basic function file;
and modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree.
Further, the modifying the first syntax tree according to the proxy function file to obtain a second syntax tree includes:
and converting the proxy function file into an updating grammar tree, and replacing an operator node and an operand node belonging to the operator node in the first grammar tree by the updating grammar tree to obtain a second grammar tree.
Further, creating a proxy function file according to node content corresponding to the operand node and the base function file, including:
the method comprises the steps of configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function call;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function call;
determining a first parameter value according to node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
Further, the first configuration information includes:
the number of function levels of the proxy function file;
the number of parameter lists of the proxy function file;
distributing parameter number for each level of proxy function file;
correspondingly, the determining the file frame of the proxy function file according to the first configuration information includes:
and generating function call code lines according to the number of function levels, the number of parameter lists and the number of distribution parameters of each level of the proxy function file, and obtaining a file frame of the proxy function file.
Further, the second configuration information includes:
the position of a first parameter value corresponding to the operand node in the parameter list;
the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
the third parameter value of the same type as the first parameter value and the position of the third parameter value in the parameter list;
correspondingly, according to the second configuration information, the first parameter value and the second parameter value are placed in a parameter list in the file frame, and a proxy function file is obtained, which comprises the following steps:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
Further, the second configuration information further includes operation types configured in each hierarchy; accordingly, the method further comprises:
determining a random operation parameter from the first parameter value, the second parameter value and the third parameter value in the parameter list, generating a confusion expression according to the operation type and the random operation parameter, and placing the confusion expression in the file framework.
Further, the second configuration information further includes a closure type; correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing a third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and according to the closure type, the parameters of the parameter list between adjacent layers have the same parameters, and the proxy function file is obtained.
Further, the second configuration information further includes redundancy parameters, and correspondingly, the method further includes:
and inserting redundant parameters into a parameter list of the last level of the proxy function file, formulating a conditional branch according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branch.
In a second aspect, an embodiment of the present invention provides a device for obfuscating a code file, including:
the acquisition module is used for acquiring a first grammar tree corresponding to the source code file, and determining an operator node and an operand node belonging to the operator node according to the first grammar tree;
the first creating module is used for creating a basic function file according to node contents corresponding to the operator node and the operand node respectively;
the second creating module is used for creating a proxy function file according to node contents corresponding to the operand nodes and the basic function file;
and the generating module is used for modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining the confusion code file corresponding to the source code file according to the second grammar tree.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the above-described method for obfuscating code files when the program is executed.
In a fourth aspect, embodiments of the present invention provide a non-transitory readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the obfuscation method of a code file as described in any of the above.
The embodiment of the invention provides a code file confusion method, electronic equipment and a storage medium, which are characterized in that by identifying an operator node and an operand node in a grammar tree, the execution functions of operators and operands are realized by a basic function, and then the operator function is mapped to the basic function by a proxy function proxy, so that the confusion of the operators and the operands can be realized, and the reverse difficulty of cracking the code file is increased.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for obfuscating code files provided by an embodiment of the present invention;
FIG. 2 is a schematic diagram of a syntax tree node provided by an embodiment of the present invention;
FIG. 3 is a representation of a base function file provided by an embodiment of the present invention;
FIG. 4 is a representation of a proxy function file provided by an embodiment of the present invention;
FIG. 5 is a representation of another proxy function file provided by an embodiment of the present invention;
FIG. 6 is a diagram showing code files before and after confusion provided by an embodiment of the present invention;
FIG. 7 is a schematic node diagram of a first syntax tree according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a device for obfuscating code files according to an embodiment of the present invention;
fig. 9 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a schematic flow chart of a method for obfuscating a code file according to an embodiment of the present invention, referring to fig. 1, the method includes:
s11, acquiring a first grammar tree corresponding to a source code file, and determining an operator node and an operand node belonging to the operator node according to the first grammar tree;
s12, creating a basic function file according to node contents corresponding to the operator node and the operand node respectively;
s13, creating a proxy function file according to node contents corresponding to the operand nodes and the basic function file;
s14, modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree.
It should be noted that, in the embodiment of the present invention, the method aims at confusing the source code file from the operator perspective. It is necessary to obtain operators from the source code file. Here, the source code file may be parsed using an Abstract Syntax Tree (AST), resulting in a corresponding syntax tree, i.e. a first syntax tree. The first syntax tree is then traversed to determine the operator nodes in the first syntax tree and the operand nodes belonging to the operator nodes, the operand nodes being the nodes located to the left and right of the operator nodes. As shown in fig. 2, four operator nodes "/+-" and left and right nodes are selected for confusion. Referring to fig. 2, the nodes on the parsed syntax tree are respectively: 1/1,4*2,1+3,8-2. For example, 1+3 can be parsed into a syntax tree, with the left node being 1, the middle node being the operator "+", and the right node being 3.
And realizing the execution function of the operator on the operand by using the basic function file according to the node contents corresponding to the operator node and the operand node respectively. Here, the node content is a type or a value represented by a node.
For example, 1/1,4×2,1+3,8-2 in fig. 2, and fig. 3 shows the corresponding basis functions, where the basis function corresponding to 1+3 in the syntax tree is nW80: function (z, Y) { return z+y; }. Both of which are functionally equivalent. Where z is the left node and Y is the right node.
In order to achieve the purpose of confusion of source code files, proxy function files are required to be created, and a mapping relation between the proxy function files and the basic function files is established, wherein the mapping relation can reflect confusion of the source code files. For this reason, the proxy function file is created according to the node content corresponding to the operand node and the base function file to realize the mapping relation.
For example, proxy function sxZa91: (z, Y) { return nW80 (z, Y) } the mapping procedure of operators and their left and right values to the basis functions can be implemented. Fig. 4 and 5 show specific code lines of the proxy function file, and fig. 6 shows a view of the code files before and after confusion.
Then modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and processing the second grammar tree by adopting an abstract grammar tree (AST) to obtain an confusion code file.
In this regard, it should be noted that, since the above-mentioned base function is obtained based on the node content, that is, the base function file is equivalent to the node content. Thus, the corresponding node content can be obtained from the proxy function file in a reverse manner. I.e. modifying the first syntax tree according to the proxy function file. The node content of the first syntax tree is modified to obtain a second syntax tree. The second syntax tree is then processed using an Abstract Syntax Tree (AST) to obtain the obfuscated code file.
According to the confusion method for the code file, the operator nodes and the operand nodes in the grammar tree are identified, the execution functions of the operators and the operands are realized by the basic function, and the operator functions are mapped to the basic function by the proxy function proxy, so that confusion of the operators and the operands can be realized, and the reverse difficulty of cracking the code file is increased.
In a further embodiment of the foregoing embodiment method, a process of modifying the first syntax tree according to the proxy function file to obtain the second syntax tree is mainly explained, and specifically the following steps are:
and converting the proxy function file into an updating grammar tree, and replacing the operator node and the operand node belonging to the operator node in the first grammar tree by the updating grammar tree to obtain a second grammar tree.
FIG. 7 is a schematic diagram of a first syntax tree in an embodiment, and in FIG. 6, the operator node is BinaryExpression, and other operand nodes belonging to the operator node are below the operator node, including left and right value nodes.
And analyzing the proxy function file by adopting an Abstract Syntax Tree (AST) to obtain an updating syntax tree. The update syntax tree is a syntax tree for modifying the first syntax tree. The operator node BinaryExpression and the operand nodes belonging to the operator node below in fig. 7 are replaced with a syntax tree for updating. After the replacement, a second syntax tree is obtained.
After the second syntax tree is obtained, the second syntax tree is restored into the confusion code file by adopting an Abstract Syntax Tree (AST).
In a further embodiment of the foregoing embodiment, the process of creating the proxy function file according to the node content corresponding to the operand node and the base function file is mainly explained as follows:
configuring first configuration information and second configuration information of the proxy function file;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function call;
determining a first parameter value according to node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information to obtain the proxy function file.
In this regard, it should be noted that, creating the proxy function requires configuring the corresponding configuration information. The configuration information can define the structural framework of the function and define the parameters of the function call.
In an embodiment of the present invention, the configuration information includes first configuration information and second configuration information. The first configuration information is used to define a structural framework, i.e. a file framework, of the proxy function file. The file frame contains a list of parameters for function calls. The second configuration information is used to define parameters of the function call.
Since the mapping relationship between the proxy function file and the base function file is to be embodied, a parameter value equivalent to the operand of the base function file is required for this. The first parameter value is determined according to the node content corresponding to the operand node, and the second parameter value is determined according to the basis function file. Here, the first parameter value may be a variable value of an operand, for example 1 or 3 of 1+3. The second parameter value may comprise a function name of the base function.
And placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information, so that a proxy function file can be obtained.
In this embodiment, the creation of the proxy function is defined by the configuration information, so as to implement a proxy function file that establishes a mapping relationship with the base function file.
In a further embodiment of the foregoing embodiment, the determining, according to the first configuration information, a file frame of the proxy function file is mainly explained as follows:
the first configuration information includes:
the number of function levels of the proxy function file (> 1);
the number of parameter lists (> 2) of proxy function files;
the number of parameters (1) is allocated per hierarchy of the proxy function file.
And generating function call code lines according to the function level number, the parameter list number and the distribution parameter number of each level of the agent function file, and obtaining a file frame of the agent function file. Since the proxy function is represented by code, the entire file frame corresponds to a code line.
For example, the proxy function o0o01llo.sxZa91 ('PW 68') (0) (0,8,3, 'PW 68') (1, 0, 'nW80', 8) equivalent to 1+3. It can be seen that the number of function levels is 4, the number of parameter lists is 4, and the number of distribution parameters of each level is 1,4 and 4.
In the embodiment of the invention, the number of each hierarchy of the proxy function, the number of the parameter list and the parameter destination are controllable and adjustable, so that the diversity of the confusion scheme can be realized.
In a further embodiment of the foregoing embodiment, the process of obtaining the proxy function file mainly includes placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information, where the process is specifically as follows:
the second configuration information includes:
the position of a first parameter value corresponding to the operand node in the parameter list;
the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and the third parameter value of the same type as the first parameter value and the position of the third parameter value in the parameter list.
And placing the first parameter value in the parameter list in the file frame according to the position of the first parameter value corresponding to the operand node in the parameter list.
And placing the second parameter values in a parameter list in the file frame according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list.
And placing the third parameter value in the parameter list in the file frame according to the position of the third parameter value in the parameter list.
For example, the proxy function o0o01llo.sxZa91 ('PW 68') (0) (0,8,3, 'PW 68') (1, 0, 'nW80', 8) equivalent to 1+3. The values 1 and 3 (first parameter values) of the left and right nodes are placed in each hierarchical parameter list, the second parameter values 'PW68' and 'nW80' (i.e., the base function name) are placed in each hierarchical parameter list, and the third parameter value (e.g., 0, 8) is placed in each hierarchical parameter list.
In the embodiment of the invention, the position of the parameter value in the parameter list is limited, so that the diversity confusion of the position of the parameter value corresponding to the operand in the list can be realized.
In a further embodiment of the above embodiment method, the second configuration information further comprises an operation type configured in each hierarchy, for which purpose a random operation parameter is determined from the first parameter value, the second parameter value and the third parameter value in the parameter list, and a confusion expression is generated according to the operation type and the random operation parameter, and the confusion expression is placed in the file frame.
Here, the operation type includes comma operators, assignment operators, and the like in the code field. Taking comma operators as an example. Comma operators refer to the fact that in the C language, multiple expressions can be separated by commas, where the values of the comma separated expressions are separately settled.
Referring to fig. 5, random operation parameters t and Z are determined from parameter lists (R), (D), (t, Z, u, D), (L, e, D, R), and a confusion expression is determined from comma operators and the random operation parameters: return v9$=t, t=z, u79=t, t=1. This expression formed by comma operators is used for code obfuscation in this embodiment, and in this expression, four comma-separated expressions are included.
The expression is placed in the file framework of the whole proxy function, and is used for realizing the transformation of parameters in the calculation process in the function execution process, so that the numerical confusion is improved.
In a further embodiment of the foregoing embodiment of the method, the second configuration information further includes a closure type, for which a first parameter value is placed in the parameter list according to a position of the first parameter value in the parameter list corresponding to the operand node, and a second parameter value is placed in the parameter list according to a number of second parameter values corresponding to the base function file and a position of the second parameter value in the parameter list; placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list; and according to the closure type, the parameters of the parameter list between adjacent layers have the same parameters, and the proxy function file is obtained.
The configuration of the closure type is equivalent to providing the proxy function with a closure feature, which is a calling feature of the function. In this embodiment, it may be understood that after the closure characteristic is configured, in the process of configuring the parameters in the parameter list, the parameters in the parameter list are made to conform to the requirement of the closure characteristic.
Referring to fig. 4, functions (O, G), functions (W, G), functions (G, W), functions (O, W). The parameters among the parameter lists of all the levels are repeated, and the parameters among the levels can be multiplexed, so that a cracker can only debug the parameter exchange step by step, and the parameter exchange cannot be confused by scripts.
See fig. 5, function (R), function (D), function (t, Z, u, D), function (L, e, D, R). Wherein, there is no repeated part of the parameters between the parameter lists of the function (R) and the function (D).
In a further embodiment of the above embodiment method, the second configuration information further includes a redundancy parameter, for which a redundancy parameter is inserted into a parameter list of a last level of the proxy function file, a conditional branch is formulated according to the redundancy parameter, and a return value outlet corresponding to the operator node is determined according to the conditional branch.
It should be noted that, since the proxy function involves a plurality of operators, it is necessary to control the return value exit of the operator node. Referring to fig. 5, the value of K64 is compared with the redundancy parameter 10, and the value of p93 is compared with the redundancy parameter 10, two conditional branches are made, the return value corresponding to the operator node is determined according to the conditional branches, and control of the return exits of the operators is realized
In a further embodiment of the foregoing embodiment of the method, the number of operators proxied by the proxy function may be increased, so that the operators are repeated continuously, and the return exits of the same function operators of the proxy function are no longer unique, so that the proxy function has a dynamic confusion effect. The pool of functions, such as proxy operators, is increasing, as are: 1+3,2+4 are mixed up, the operation operator "+" will not have a unique return branch path, and any base function of equal function can be returned. For an attacker, the code after the same confusion has the following proxy function debugging results: the debugging functions are different in different times, and the reverse cost of an attacker is greatly increased.
According to the confusion method for the code file, the operator nodes and the operand nodes in the grammar tree are identified, the execution functions of the operators and the operands are realized by the basic function, and the operator functions are mapped to the basic function by the proxy function proxy, so that confusion of the operators and the operands can be realized, and the reverse difficulty of cracking the code file is increased.
Fig. 8 is a schematic structural diagram of a code file obfuscating apparatus according to an embodiment of the present invention, referring to fig. 8, the apparatus includes an obtaining module 81, a first creating module 82, a second creating module 83, and a generating module 84, where:
an obtaining module 81, configured to obtain a first syntax tree corresponding to a source code file, and determine an operator node and an operand node belonging to the operator node according to the first syntax tree;
a first creating module 82, configured to create a base function file according to node contents corresponding to the operator node and the operand node respectively;
a second creating module 83, configured to create a proxy function file according to node content corresponding to the operand node and the base function file;
and the generating module 84 is configured to modify the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtain an obfuscated code file corresponding to the source code file according to the second syntax tree.
In a further embodiment of the foregoing embodiment apparatus, the second creating module is specifically configured to:
the method comprises the steps of configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function call;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function call;
determining a first parameter value according to node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
In a further embodiment of the foregoing embodiment apparatus, the first configuration information includes:
the number of function levels of the proxy function file;
the number of parameter lists of the proxy function file;
distributing parameter number for each level of proxy function file;
accordingly, the second creation module is specifically configured to, in determining a file frame of the proxy function file according to the first configuration information:
and generating function call code lines according to the number of function levels, the number of parameter lists and the number of distribution parameters of each level of the proxy function file, and obtaining a file frame of the proxy function file.
In a further embodiment of the foregoing embodiment apparatus, the second configuration information includes:
the position of a first parameter value corresponding to the operand node in the parameter list;
the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
the third parameter value of the same type as the first parameter value and the position of the third parameter value in the parameter list;
correspondingly, the second creating module is specifically configured to, in a process of obtaining a proxy function file, place the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
In a further embodiment of the foregoing embodiment apparatus, the second configuration information further includes a type of operation configured in each hierarchy; correspondingly, the second creation module is further configured to: determining a random operation parameter from the first parameter value, the second parameter value and the third parameter value in the parameter list, generating a confusion expression according to the operation type and the random operation parameter, and placing the confusion expression in the file framework.
In a further embodiment of the foregoing embodiment apparatus, the second configuration information further includes a closure type; the second creation module is further configured to:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing a third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and according to the closure type, the parameters of the parameter list between adjacent layers have the same parameters, and the proxy function file is obtained.
In a further embodiment of the foregoing embodiment apparatus, the second configuration information further includes redundancy parameters, and the second creating module is further configured to: and inserting redundant parameters into a parameter list of the last level of the proxy function file, formulating a conditional branch according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branch.
Since the system according to the embodiment of the present invention is the same as the method according to the above embodiment, the details of the explanation will not be repeated here.
It should be noted that, in the embodiment of the present invention, the related functional modules may be implemented by a hardware processor (hardware processor).
The confusion device for the code file provided by the embodiment of the invention realizes the execution functions of the operators and the operands by the basic functions by identifying the operator nodes and the operand nodes in the grammar tree, and maps the operators to the basic functions by the proxy function proxy operator functions, so that confusion of the operators and the operands can be realized, and the reverse difficulty of cracking the code file is increased.
Fig. 9 illustrates a physical schematic diagram of an electronic device, as shown in fig. 9, which may include: processor 91, communication interface (Communications Interface) 92, memory 93 and communication bus 94, wherein processor 91, communication interface 92, memory 93 accomplish the communication between each other through communication bus 94. The processor 91 may call logic instructions in the memory 93 to perform the following method: acquiring a first grammar tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first grammar tree, creating a basic function file according to node contents corresponding to the operand node according to node contents corresponding to the operator node and the operand node respectively, and creating a proxy function file according to the basic function file; and modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree.
Further, the logic instructions in the memory 93 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Further, embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example comprising: acquiring a first grammar tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first grammar tree, creating a basic function file according to node contents corresponding to the operand node according to node contents corresponding to the operator node and the operand node respectively, and creating a proxy function file according to the basic function file; and modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree.
In another aspect, embodiments of the present invention further provide a non-transitory readable storage medium having stored thereon a computer program, which when executed by a processor is implemented to perform the method provided in the above embodiments, for example, including: acquiring a first grammar tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first grammar tree, creating a basic function file according to node contents corresponding to the operand node according to node contents corresponding to the operator node and the operand node respectively, and creating a proxy function file according to the basic function file; and modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a readable storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for obfuscating a code file, comprising:
acquiring a first grammar tree corresponding to a source code file, and determining an operator node and an operand node belonging to the operator node according to the first grammar tree;
creating a basic function file according to node contents corresponding to the operator node and the operand node respectively;
creating a proxy function file according to node contents corresponding to the operand nodes and the basic function file;
modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree;
creating a proxy function file according to node content corresponding to the operand node and the basic function file, wherein the proxy function file comprises:
the method comprises the steps of configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function call;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function call;
determining a first parameter value according to node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
2. The method of obfuscating a code file according to claim 1, wherein modifying the first syntax tree according to the proxy function file to obtain a second syntax tree includes:
and converting the proxy function file into an updating grammar tree, and replacing an operator node and an operand node belonging to the operator node in the first grammar tree by the updating grammar tree to obtain a second grammar tree.
3. The method of obfuscating a code file according to claim 1, wherein the first configuration information includes:
the number of function levels of the proxy function file;
the number of parameter lists of the proxy function file;
distributing parameter number for each level of proxy function file;
correspondingly, the determining the file frame of the proxy function file according to the first configuration information includes:
and generating function call code lines according to the number of function levels, the number of parameter lists and the number of distribution parameters of each level of the proxy function file, and obtaining a file frame of the proxy function file.
4. A method of obfuscating a code file according to claim 1 or 3, wherein the second configuration information includes:
the position of a first parameter value corresponding to the operand node in the parameter list;
the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
the third parameter value of the same type as the first parameter value and the position of the third parameter value in the parameter list;
correspondingly, according to the second configuration information, the first parameter value and the second parameter value are placed in a parameter list in the file frame, and a proxy function file is obtained, which comprises the following steps:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
5. The method of obfuscating a code file according to claim 4, wherein the second configuration information further includes a type of operation configured in each hierarchy; accordingly, the method further comprises:
determining a random operation parameter from the first parameter value, the second parameter value and the third parameter value in the parameter list, generating a confusion expression according to the operation type and the random operation parameter, and placing the confusion expression in the file framework.
6. The method of obfuscating a code file according to claim 5, wherein the second configuration information further includes a closure type; correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to an operand node in the parameter list;
placing the second parameter values in a parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing a third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and according to the closure type, the parameters of the parameter list between adjacent layers have the same parameters, and the proxy function file is obtained.
7. The method of obfuscating a code file according to claim 6, wherein the second configuration information further includes redundancy parameters, and the method further includes:
and inserting redundant parameters into a parameter list of the last level of the proxy function file, formulating a conditional branch according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branch.
8. A code file obfuscation apparatus, comprising:
the acquisition module is used for acquiring a first grammar tree corresponding to the source code file, and determining an operator node and an operand node belonging to the operator node according to the first grammar tree;
the first creating module is used for creating a basic function file according to node contents corresponding to the operator node and the operand node respectively;
the second creating module is used for creating a proxy function file according to node contents corresponding to the operand nodes and the basic function file;
the generation module is used for modifying the first grammar tree according to the proxy function file to obtain a second grammar tree, and obtaining a confusion code file corresponding to the source code file according to the second grammar tree;
the second creating module is specifically configured to, in a process of creating a proxy function file according to node content corresponding to the operand node and the base function file:
the method comprises the steps of configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function call;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function call;
determining a first parameter value according to node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the obfuscation method of a code file according to any of claims 1-7 when the program is executed.
10. A non-transitory readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the obfuscation method of a code file according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820864.3A CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820864.3A CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112115428A CN112115428A (en) | 2020-12-22 |
| CN112115428B true CN112115428B (en) | 2024-04-09 |
Family
ID=73804676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010820864.3A Active CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112115428B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296783A (en) * | 2021-05-14 | 2021-08-24 | 北京奇艺世纪科技有限公司 | Code processing method and device, electronic equipment, storage medium and product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678961A (en) * | 2013-11-07 | 2014-03-26 | 北京深思数盾科技有限公司 | Code dynamic generating method |
| CN110502897A (en) * | 2018-05-16 | 2019-11-26 | 南京大学 | A kind of identification of webpage malicious JavaScript code and antialiasing method based on hybrid analysis |
| CN110569628A (en) * | 2019-09-09 | 2019-12-13 | 北京智游网安科技有限公司 | Code obfuscation method and device, computer device and storage medium |
| KR102096017B1 (en) * | 2018-11-29 | 2020-04-01 | 중앙대학교 산학협력단 | Method and system for predicting software bugs by embedding source code based on an abstract syntax tree |
-
2020
- 2020-08-14 CN CN202010820864.3A patent/CN112115428B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678961A (en) * | 2013-11-07 | 2014-03-26 | 北京深思数盾科技有限公司 | Code dynamic generating method |
| CN110502897A (en) * | 2018-05-16 | 2019-11-26 | 南京大学 | A kind of identification of webpage malicious JavaScript code and antialiasing method based on hybrid analysis |
| KR102096017B1 (en) * | 2018-11-29 | 2020-04-01 | 중앙대학교 산학협력단 | Method and system for predicting software bugs by embedding source code based on an abstract syntax tree |
| CN110569628A (en) * | 2019-09-09 | 2019-12-13 | 北京智游网安科技有限公司 | Code obfuscation method and device, computer device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112115428A (en) | 2020-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106462677B (en) | Method and device for protecting software project | |
| JP6926429B2 (en) | Data processing equipment, data processing methods, and programs | |
| CN109033764B (en) | Anti-confusion processing method, terminal and computer equipment | |
| US11349816B2 (en) | Obfuscating source code sent, from a server computer, to a browser on a client computer | |
| CN110704816B (en) | Interface cracking recognition method, device, equipment and storage medium | |
| CN110309629B (en) | Webpage code reinforcement method, device and equipment | |
| CN104301139A (en) | Router adaptation method and device and terminal device | |
| CA3150187C (en) | Method and apparatus for protecting web script codes | |
| US8677149B2 (en) | Method and system for protecting intellectual property in software | |
| CN112115428B (en) | Code file confusion method, device, electronic equipment and storage medium | |
| CN114035827A (en) | Application program updating method, device, equipment and storage medium | |
| Ahmed | A multi-parent genetic algorithm for the quadratic assignment problem | |
| CN108932407B (en) | Program safety protection method and device | |
| CN113703734A (en) | Applet generation method and device, electronic equipment and storage medium | |
| CN105404827B (en) | The method, apparatus and system communicated between control application program | |
| CN113449330B (en) | Method for transmitting Javascript encrypted file | |
| CN114090964A (en) | Code processing method and device, electronic equipment and readable medium | |
| CN110597516B (en) | Confusion method and device for plug-in code, electronic equipment and storage medium | |
| CN114238273A (en) | Database management method, device, equipment and storage medium | |
| CN113282892A (en) | Code obfuscation method, apparatus, computer device and storage medium | |
| CN111428209B (en) | Application program confusion method, device and storage medium | |
| CN110032832B (en) | Web application processing method and device | |
| CN113946804B (en) | Source code obfuscation method and device | |
| CN114925034A (en) | Heterogeneous data processing method and device, electronic equipment and storage medium | |
| CN110032866B (en) | Web application processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |