CN112306547A - Method and device for identifying firmware encryption mode - Google Patents
Method and device for identifying firmware encryption mode Download PDFInfo
- Publication number
- CN112306547A CN112306547A CN202011056589.9A CN202011056589A CN112306547A CN 112306547 A CN112306547 A CN 112306547A CN 202011056589 A CN202011056589 A CN 202011056589A CN 112306547 A CN112306547 A CN 112306547A
- Authority
- CN
- China
- Prior art keywords
- firmware
- encryption
- file
- decryption
- searching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000007704 transition Effects 0.000 claims abstract description 20
- 230000004048 modification Effects 0.000 claims abstract description 18
- 238000012986 modification Methods 0.000 claims abstract description 18
- 238000005516 engineering process Methods 0.000 claims abstract description 12
- 238000012545 processing Methods 0.000 claims description 11
- 238000004422 calculation algorithm Methods 0.000 claims description 8
- 238000013478 data encryption standard Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/74—Reverse engineering; Extracting design information from source code
Abstract
The invention discloses a method and a device for identifying a firmware encryption mode, wherein the method comprises the following steps: aiming at the encrypted firmware, acquiring a transition version of the firmware, and searching a file with an update keyword in the name from the transition version; according to the name of the found file, a file comparison technology is utilized to find out a modification code in the corresponding file in the new version of the firmware; identifying an executable program used for encryption from the found modification codes, and searching encryption and decryption keywords in the executable program after reversely analyzing the executable program; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware. By applying the method and the device, the encryption mode of the firmware can be automatically judged, so that the safety of the firmware is analyzed based on the identified encryption mode, and whether the security of the firmware has a bug or not is evaluated.
Description
Technical Field
The present invention relates to the field of firmware technologies, and in particular, to a method and an apparatus for identifying a firmware encryption scheme.
Background
Firmware is a program written in EPROM (erasable programmable read only memory) or EEPROM (electrically erasable programmable read only memory).
The firmware refers to a device "driver" stored in the device, and through the firmware, the operating system can implement the operation of a specific machine according to the standard device driver, for example, the optical disc drive and the recorder have internal firmware.
Firmware is software that acts as the most basic and bottom layer of a system. In a hardware device, the firmware is the soul of the hardware device, and because some hardware devices have no other software components except for the firmware, the firmware determines the functions and performances of the hardware device.
In order to analyze the security of the firmware, it is necessary to identify whether the firmware is encrypted, and if so, to evaluate whether the encryption algorithm itself and the application are secure, and whether a vulnerability exists.
However, in the prior art, it is necessary to manually determine whether the firmware is encrypted and whether the encryption can be analyzed, and machine automation-assisted identification cannot be achieved.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method and an apparatus for identifying a firmware encryption scheme, which can automatically determine the firmware encryption scheme, so as to analyze the security of the firmware based on the identified encryption scheme and evaluate whether there is a bug in the security of the firmware.
Based on the above object, the present invention provides a method for identifying a firmware encryption scheme, comprising:
aiming at the encrypted firmware, acquiring a transition version of the firmware, and searching a file with an update keyword in the name from the transition version;
according to the name of the found file, a file comparison technology is utilized to find out a modification code in the corresponding file in the new version of the firmware;
identifying an executable program used for encryption from the found modification codes, and searching encryption and decryption keywords in the executable program after reversely analyzing the executable program;
and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
Further, before the obtaining the transitional version of the firmware for the encrypted firmware, the method further includes:
calculating an entropy value of an incremental offset of the firmware of a binary file;
if the firmware has a high-entropy value of a portion above a first threshold, confirming that the firmware has been encrypted; wherein the high entropy value refers to an entropy value above a second threshold.
Wherein the first threshold is specifically 50%, and the second threshold is specifically 0.8.
The invention also provides a device for identifying the firmware encryption mode, which comprises:
the transition version searching module is used for acquiring the transition version of the encrypted firmware and searching a file with an updated keyword in the transition version;
the new version searching module is used for searching the modification codes in the corresponding files in the new version of the firmware by using a file comparison technology according to the names of the searched files; identifying an executable program for encryption from the found modified code;
the encryption and decryption code searching module is used for searching the encryption and decryption keywords in the executable program after the executable program is subjected to reverse analysis; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
The present invention also provides an electronic device comprising a central processing unit, a signal processing and storage unit, and a computer program stored on the signal processing and storage unit and executable on the central processing unit, wherein the central processing unit executes the method for identifying a firmware encryption scheme as described above.
In the technical scheme of the invention, aiming at encrypted firmware, a transition version of the firmware is obtained, and a file with an updated keyword in the name is searched from the transition version; according to the name of the found file, a file comparison technology is utilized to find out a modification code in the corresponding file in the new version of the firmware; identifying an executable program used for encryption from the found modification codes, and searching encryption and decryption keywords in the executable program after reversely analyzing the executable program; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware. Therefore, the encryption mode of the firmware can be automatically judged, so that the safety of the firmware is analyzed based on the identified encryption mode, and whether the firmware is safe or not is evaluated.
Further, in the technical scheme of the invention, before the encryption mode of the firmware is identified, whether the firmware is encrypted can be automatically judged according to the entropy value of the firmware.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for identifying a firmware encryption scheme according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an entropy distribution of an increment offset of firmware of a binary file according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating an entropy distribution of delta offsets for firmware of another binary file according to an embodiment of the present invention;
fig. 4 is a block diagram of an internal structure of an identification apparatus for firmware encryption according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The technical solution of the embodiments of the present invention is described in detail below with reference to the accompanying drawings.
The specific identification method for the firmware encryption mode provided by the embodiment of the invention has the flow shown in fig. 1, and comprises the following steps:
step S101: judging whether the firmware is encrypted according to the calculated entropy value of the firmware to be identified; if yes, continue to execute step S102; otherwise, the identification of the encryption mode of the firmware is finished.
In this step, an entropy value of an increment offset of a firmware to be identified of a binary file is calculated, and if the firmware has a high entropy value of a part more than a first threshold, it is determined that the firmware is encrypted; wherein the high entropy value refers to an entropy value above a second threshold. The first and second thresholds may be set by a technician according to experience, for example, the first threshold is set to be 50% and the second threshold is set to be 0.8.
In particular, in some cases, the publisher does not mention whether the firmware is encrypted, and then an entropy calculation method can be used to determine whether the firmware is encrypted, entropy being a measure of randomness, with values between 0-1, higher values indicating better randomness, values near 1 being considered high entropy, and vice versa. Encrypted or compressed data has a higher entropy value.
Entropy distribution information of the binary file delta offset can be used to determine which portion of the binary file is encrypted/compressed and which portion is code.
For example, as shown in FIG. 2, the entropy value is almost constant above 0.9, meaning that it is likely that it is encrypted in different parts of the firmware.
For example, with the entropy distribution shown in FIG. 3, the entropy of the initial portion is low, then high all the time, then falls again, and then rises again, indicating that it is a mixture of code and encrypted/compressed data.
This pattern is often seen for unencrypted firmware, which initially has fluctuating entropy and higher entropy data in subsequent portions. This may mean that there is code in the initial part of the binary file that will dynamically decompress the code during device boot.
Therefore, a part with an entropy greater than a second threshold (such as 0.8) can be regarded as encrypted, and if the part with an entropy above the first threshold (such as 50%) of the firmware is higher than the second threshold, the firmware can be regarded as encrypted.
Step S102: for the encrypted firmware, acquiring a transition version of the firmware, and searching a file with an update key name from the transition version.
Specifically, for encrypted firmware, a transition version of the firmware is obtained, and a file with a name having an update keyword, such as a keyword or a combination keyword of "firmware", "update", "upgrade", "download", and the like, is found from the transition version.
Step S103: and searching for the modification codes in the corresponding files in the new version of the firmware by using a file comparison technology according to the searched file names.
In this step, an automatic file comparison technology is used to perform file comparison between the new version of the firmware and the firmware to be decrypted (i.e., the old version of the firmware), and according to the name of the found file, which modifications are introduced into the new version of the firmware compared with the firmware to be decrypted (i.e., the old version of the firmware) are checked.
Step S104: and identifying the executable program used for encryption from the searched modified code, and searching the encryption and decryption keywords in the executable program after reversely analyzing the executable program.
Specifically, an executable program for encryption is identified from the searched modified code, and after the executable program is analyzed reversely, encryption and decryption keys such as "AES (advanced encryption standard)", "DES (data encryption standard)", "ECC (elliptic curve encryption algorithm)", "RSA (asymmetric encryption algorithm)", "CRYPTO (encryption function)" and the like in the executable program are searched.
Step S105: and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
Specifically, the encryption algorithm of the firmware is obtained by locating the encryption/decryption code according to the searched encryption/decryption keyword, so that the encryption mode of the firmware is obtained.
Based on the above identification method of the firmware encryption manner, an embodiment of the present invention provides an identification apparatus of the firmware encryption manner, and an internal structural block diagram is shown in fig. 4, and includes the following modules: a transitional version searching module 401, a new version searching module 402 and an encryption and decryption code searching module 403.
The transitional version searching module 401 is configured to, for the encrypted firmware, obtain a transitional version of the firmware, and search for a file with an update keyword in a name from the transitional version;
the new version searching module 402 is configured to search, according to the name of the searched file, a modification code in the corresponding file in the new version of the firmware by using a file comparison technique; identifying an executable program for encryption from the found modified code;
the encryption/decryption code searching module 403 searches for the encryption/decryption keywords in the executable program after performing reverse analysis on the executable program; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
Further, the apparatus for identifying a firmware encryption manner provided in the embodiment of the present invention may further include: an entropy calculation module 404.
The entropy calculation module 404 is configured to calculate an entropy of an incremental offset of the firmware of the binary file; if the firmware has a high-entropy value of a portion above a first threshold, confirming that the firmware has been encrypted; wherein the high entropy value refers to an entropy value above a second threshold.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an apparatus for identifying a firmware encryption manner provided in this embodiment, where the apparatus may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute a relevant program to implement the method for identifying the firmware encryption scheme provided in the embodiment of the present invention.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module, and can be connected with a nonlinear receiver to receive information from the nonlinear receiver, so as to realize information input and output. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
In the technical scheme of the invention, aiming at encrypted firmware, a transition version of the firmware is obtained, and a file with an updated keyword in the name is searched from the transition version; according to the name of the found file, a file comparison technology is utilized to find out a modification code in the corresponding file in the new version of the firmware; identifying an executable program used for encryption from the found modification codes, and searching encryption and decryption keywords in the executable program after reversely analyzing the executable program; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware. Therefore, the encryption mode of the firmware can be automatically judged, so that the safety of the firmware is analyzed based on the identified encryption mode, and whether the firmware is safe or not is evaluated.
Further, in the technical scheme of the invention, before the encryption mode of the firmware is identified, whether the firmware is encrypted can be automatically judged according to the entropy value of the firmware.
Computer-readable media of the present embodiments, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A method for identifying a firmware encryption mode is characterized by comprising the following steps:
aiming at the encrypted firmware, acquiring a transition version of the firmware, and searching a file with an update keyword in the name from the transition version;
according to the name of the found file, a file comparison technology is utilized to find out a modification code in the corresponding file in the new version of the firmware;
identifying an executable program used for encryption from the found modification codes, and searching encryption and decryption keywords in the executable program after reversely analyzing the executable program;
and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
2. The method of claim 1, further comprising, prior to the obtaining the interim version of the firmware for the encrypted firmware:
calculating an entropy value of an incremental offset of the firmware of a binary file;
if the firmware has a high-entropy value of a portion above a first threshold, confirming that the firmware has been encrypted; wherein the high entropy value refers to an entropy value above a second threshold.
3. Method according to claim 1, characterized in that the first threshold value is in particular 50% and the second threshold value is in particular 0.8.
4. The method of claim 1, wherein the updating the keyword specifically comprises: update, download, or upgrade.
5. The method of claim 1, wherein the encryption/decryption key specifically comprises: advanced encryption standard AES, data encryption standard DES, elliptic curve encryption algorithm ECC, asymmetric encryption algorithm RSA and encryption function CRYPTO.
6. An apparatus for recognizing a firmware encryption scheme, comprising:
the transition version searching module is used for acquiring the transition version of the encrypted firmware and searching a file with an updated keyword in the transition version;
the new version searching module is used for searching the modification codes in the corresponding files in the new version of the firmware by using a file comparison technology according to the names of the searched files; identifying an executable program for encryption from the found modified code;
the encryption and decryption code searching module is used for searching the encryption and decryption keywords in the executable program after the executable program is subjected to reverse analysis; and positioning the encryption and decryption code according to the searched encryption and decryption keywords to obtain the encryption mode of the firmware.
7. The apparatus of claim 6, further comprising:
the entropy calculation module is used for calculating the entropy of the increment offset of the firmware of the binary file; if the firmware has a high-entropy value of a portion above a first threshold, confirming that the firmware has been encrypted; wherein the high entropy value refers to an entropy value above a second threshold.
8. The device according to claim 6, characterized in that the first threshold is in particular 50%; and
the second threshold is specifically 0.8.
9. The apparatus of claim 6, wherein the updating the keyword specifically comprises: update, download, or upgrade; and
the encryption and decryption key specifically includes: advanced encryption standard AES, data encryption standard DES, elliptic curve encryption algorithm ECC, asymmetric encryption algorithm RSA and encryption function CRYPTO.
10. An electronic device comprising a central processing unit, a signal processing and storage unit, and a computer program stored on the signal processing and storage unit and executable on the central processing unit, characterized in that the central processing unit implements the method according to any of claims 1-5 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011056589.9A CN112306547A (en) | 2020-09-29 | 2020-09-29 | Method and device for identifying firmware encryption mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011056589.9A CN112306547A (en) | 2020-09-29 | 2020-09-29 | Method and device for identifying firmware encryption mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112306547A true CN112306547A (en) | 2021-02-02 |
Family
ID=74489423
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011056589.9A Pending CN112306547A (en) | 2020-09-29 | 2020-09-29 | Method and device for identifying firmware encryption mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112306547A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080256527A1 (en) * | 2007-04-16 | 2008-10-16 | Sumsung Electronics Co., Ltd. | Method of generating firmware update file, method and apparatus for updating firmware by using the firmware update file |
| US9395968B1 (en) * | 2006-06-30 | 2016-07-19 | American Megatrends, Inc. | Uniquely identifying and validating computer system firmware |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| CN109583189A (en) * | 2018-12-13 | 2019-04-05 | 深圳忆联信息系统有限公司 | Firmware method for secure loading, device, computer equipment and storage medium |
| US20200082088A1 (en) * | 2018-09-11 | 2020-03-12 | Qualcomm Incorporated | User/Enterprise Data Protection Preventing Non-Authorized Firmware Modification |
-
2020
- 2020-09-29 CN CN202011056589.9A patent/CN112306547A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9395968B1 (en) * | 2006-06-30 | 2016-07-19 | American Megatrends, Inc. | Uniquely identifying and validating computer system firmware |
| US20080256527A1 (en) * | 2007-04-16 | 2008-10-16 | Sumsung Electronics Co., Ltd. | Method of generating firmware update file, method and apparatus for updating firmware by using the firmware update file |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| US20200082088A1 (en) * | 2018-09-11 | 2020-03-12 | Qualcomm Incorporated | User/Enterprise Data Protection Preventing Non-Authorized Firmware Modification |
| CN109583189A (en) * | 2018-12-13 | 2019-04-05 | 深圳忆联信息系统有限公司 | Firmware method for secure loading, device, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| BEY0ND: "加密固件分析实战", HTTPS://WWW.FREEBUF.COM/ARTICLES/TERMINAL/234978.HTML, pages 1 - 8 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10481964B2 (en) | Monitoring activity of software development kits using stack trace analysis | |
| CN107622198B (en) | Method, apparatus, and computer-readable storage medium for implementing device fingerprinting | |
| JP6689283B2 (en) | Method and apparatus for assigning device fingerprints to internet devices | |
| US20160162686A1 (en) | Method for verifying integrity of dynamic code using hash background of the invention | |
| US11275835B2 (en) | Method of speeding up a full antivirus scan of files on a mobile device | |
| CN102713845B (en) | A radio handheld device and method for starting the radio handheld device | |
| KR102006242B1 (en) | Method and system for identifying an open source software package based on binary files | |
| CN111460448B (en) | Malicious software family detection method and device | |
| US20040122877A1 (en) | Permission token managemnet system, permission token management method, program and recording medium | |
| CN115357897A (en) | Open source software identification method and device | |
| CN108334775B (en) | Method and device for detecting jail-crossing plug-in | |
| CN112306547A (en) | Method and device for identifying firmware encryption mode | |
| CN109002710B (en) | Detection method, detection device and computer readable storage medium | |
| CN108664796B (en) | So file protection method and device | |
| CN112632551B (en) | Third-party library information leakage detection method and device | |
| CN111104648A (en) | Software processing method and device, application program and electronic equipment | |
| CN111158728B (en) | Firmware upgrading method, firmware starting method and device | |
| CN113987471A (en) | Executable file execution method and device, electronic equipment and computer readable medium | |
| CN113434122A (en) | Multi-role page creation method and device, server and readable storage medium | |
| CN113220314A (en) | APP resource loading and APK generation method, device, equipment and medium | |
| CN114402286A (en) | File processing method, file processing device and terminal equipment | |
| KR101745821B1 (en) | Method and system for secure booting | |
| US20180181727A1 (en) | Electronic device, method for controlling thereof and computer-readable recording medium | |
| KR101556908B1 (en) | Apparatus For Protecting Binary Code | |
| CN115221492B (en) | Authentication method and device based on hardware key, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210608 Address after: 100085 room 0106-640, 1st floor, No.26, shangdixinxi Road, Haidian District, Beijing Applicant after: Beijing Zhilian Anhang Technology Co.,Ltd. Address before: 100876 No.406, 4th floor, building 21, 10 Xitucheng Road, Haidian District, Beijing Applicant before: Beijing ruanhui Technology Co.,Ltd. |