JP2007079916A - Encoding method and its program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an encoding method for preventing the deterioration in the calculating efficiency of a whole program and the deterioration in a computable range, and for concealing information included in the program secret. <P>SOLUTION: From a program, n(n is a positive integer which is 2 or more) pieces of variables to be encoded are selected, and m(m is a positive integer and m≥n) pieces of encoding formulas including n pieces of independent encoding functions are defined by using encoding functions constituted of an exclusive logical sum of the selected n pieces of variables and arbitrary constants. The encoding formula constituted of the n pieces of independent encoding functions are calculated about the n pieces of variables to calculate n pieces of encoded variables corresponding to the n pieces of variables, and the n pieces of variables before encoding are expressed by using the n pieces of encoded variables, and the encoded variables are given initial values, and the merge of the continuous substitution instructions is executed. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to an encoding method for encoding a plurality of variables in a program simultaneously using exclusive OR, and the program.

  In general, software may contain information that should be kept secret from users, such as valuable algorithms and content encryption keys. On the other hand, many techniques (RE: Reverse Engineering) for analyzing software have been developed. For this reason, when software is analyzed by these techniques, there is a threat that an unauthorized person obtains confidential information. For this threat, there is a technique called obfuscation that makes it difficult to analyze software while keeping the software specifications.

As such a technique, for example, as a software obfuscation by encoding a variable, a method of encoding a variable in a source code by linear transformation has been proposed (for example, see Non-Patent Document 1). This method is intended to make software analysis difficult by encoding a single variable x into a variable X (= ax + b) by linear transformation. Here, the integers a and b used in the linear conversion become secret keys, and the purpose is to conceal the values of variables and operations in the source code.
Sato et al., IEICE Technical Report, Vol. IT-2002-49, pp. 13-18, Mar. 2002 "Program obfuscation by data encoding and operator conversion"

  However, according to the technique disclosed in Non-Patent Document 1 above, the number of variables used in the source code before obfuscation can be concealed even though the values and operations of the variables in the source code can be concealed. In addition, it was impossible to conceal the relationship of reference and substitution between variables. In addition, the number of secret key candidates is small, and it is considered vulnerable to attacks by searching for all secret keys. Further, the above method is a method of encoding a single variable with a primary variable, and there is one corresponding variable before encoding for one encoded variable. For this reason, if an attacker can obtain a decoding equation for one variable, there is a problem that the encoding for the variable can be solved.

  In order to solve the above problem, an obfuscation method that simultaneously encodes a plurality of variables included in a program can be considered. In this method, since there are a plurality of encoded variables in one decoding formula, it is not possible to obtain the relationship between the variables before encoding and the encoded variables from a single decoding formula. For this reason, even if the attacker obtains a decoding equation for one variable, there is an advantage that the encoding for the variable cannot be solved.

  However, in the above method, the variable encoding / decoding operations are complicated, and by applying obfuscation, the calculation efficiency of the entire program is greatly reduced, and further, carry by encoding occurs. There was a possibility that the calculation range would be small.

  The present invention has been made in view of the above circumstances, and provides an encoding method for concealing confidential information included in a program and a program thereof while preventing a decrease in calculation efficiency and a decrease in a computable range of the entire program The purpose is to do.

In order to solve the above-described problems, the present invention proposes the following matters.
The invention according to claim 1 is an encoding method for encoding a plurality of variables in a program, wherein a first variable for selecting n variables (n is a positive integer) to be encoded is selected from the program. By an encoding function consisting of a step and an exclusive OR of the selected n variables and an arbitrary constant, m including n independent encoding functions (m is a positive integer, m ≧ a second step of defining the encoding expression of n) and an encoding expression composed of the n independent encoding functions for the selected n variables and corresponding to the selected n variables A third step of determining the encoded m variables, a fourth step of representing the selected n variables using the encoded m variables, and the encoded Fifth step of giving initial values to variables and merging successive assignment instructions And characterized in that it has.

  The invention according to claim 2 is the encoding method according to claim 1, wherein the fourth step replaces the assignment instruction for the selected n variables with an assignment instruction for the encoded m variables. And a step of replacing each of the selected n variables with the encoded m variables obtained in the third step.

 According to a third aspect of the present invention, in the encoding method according to the first aspect, the fifth step sets an initial value as an arbitrary value satisfying mn non-trivial relational expressions in the encoded variable. It is characterized by giving as.

  The invention according to claim 4 is a program used in an encoding apparatus that encodes a plurality of variables in a program, the program being stored in a storage device, and a variable to be encoded from the stored program N independent encoding functions by a first step of selecting n (n is a positive integer) and an encoding function comprising an exclusive OR of the selected n variables and an arbitrary constant A second step of defining m (m is a positive integer, m ≧ n) encoding formulas including the above, and the encoding formula comprising the n independent encoding functions is selected by the arithmetic unit A third step of calculating the selected n variables and obtaining m encoded variables corresponding to the selected n variables, and using the encoded m variables, the selection A fourth step representing the n variables and the sign Are variables giving initial values to the, and a fifth step of executing a merging assignment consecutive instructions, characterized in that it has.

  The invention according to claim 5 is the program according to claim 4, wherein the fourth step is a step of replacing an assignment instruction for the selected n variables with an assignment instruction for the encoded m variables. And replacing each of the selected n variables with the encoded m variables obtained in the third step.

  The invention according to claim 6 provides the program according to claim 4, wherein the fifth step gives the encoded variable an arbitrary value satisfying mn non-trivial relational expressions as an initial value. It is characterized by that.

  According to the present invention, since n variables in the original software are simultaneously encoded into m variables by exclusive OR operation, the number of variables used in the original software, the initial values of the variables, There is an effect that it is possible to hide values, values held by variables, and the like. In addition, since the operation to be performed is changed as the variables are encoded, the algorithm included in the program can be concealed at the same time.

  Furthermore, according to the present invention, since a plurality of variables are encoded at the same time, even if a decoding expression for one variable is obtained, the variable cannot be decoded. In addition, since encoding and decoding of variables is performed only by exclusive OR operation, the decrease in execution efficiency is small and exclusive OR operation is an operation that does not cause a carry. There is an effect that the possible range is not limited.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 is a flowchart showing a schematic procedure of an encoding method according to an embodiment of the present invention.
In the encoding method of the present invention, n variables to be encoded are selected from a program, m encoding expressions are defined for the variables, and n variables included in the encoding expression are defined. Solve the independent equations to derive n decoding equations. Then, after the variable instruction is encoded using the derived decoding formula, post-processing is performed, and in order to realize this, as shown in FIG. Steps are executed sequentially. The detailed procedure for each step will be described below.

(S1: Selection of encoding target)
First, n variables (n is a positive integer) to be encoded are arbitrarily selected as obfuscation targets from the program. Let n variables x_1, x_2..., X_n selected by this operation.
(S2: Definition of encoding formula)
M decoding equations E_1, E_2,..., E_m (where m is a positive integer and m ≧ n) are defined as the following Equation 1. Here, X_1, X_2,..., X_m are encoded variables.

  In addition, the encoding functions E_1, E_2,..., E_m are exclusive ORs of the variables x_1, x_2,. In other words, the decoding equation E_1 is expressed by Equation 2 where C_1 is a constant.

  In addition, m encoding functions E_1, E_2,..., E_m can be arbitrarily defined, but n functions among m functions need to be independent.

  Here, the n functions f_1, f_2, ..., f_n are independent means that the functions f_1, f_2, ..., f_n are not subordinate, and the n functions f_1, f_2,. .., that f_n is subordinate means that f_ (i_1) xor f_ (i_2) xor... F_ (i_k) = C is a positive integer sequence 1 ≦ i_1 <i_2 <... <i_k ≦ n (1 ≦ k ≦ n) and the constant C is defined to exist.

  By using the above encoding formula, the substitution instruction for the variables x_1, x_2,..., X_n included in the program is replaced with the substitution instruction for the encoded variables X_1, X_2,. Can do.

(S3: Derivation of decoding formula)
The n independent equations included in the coding equation defined in S2 are regarded as simultaneous equations, solved for variables x_1, x_2,..., X_n, and n decoding equations as shown in Equation 3 below. Get. By using the decoding formula, references to variables x_1, x_2,..., X_n included in the program can be replaced with references to encoded variables X_1, X_2,.

  However, the decoding functions D_1, D_2,..., D_n are exclusive ORs of X_1, X_2,..., X_m and any constants, and are defined in S2. Depends on the encoding functions E_1, E_2, ..., E_m. By substituting the obtained n decoding expressions into the remaining mn equations, mn non-obvious relational expressions are obtained. Here, the non-trivial relational expression is a relational expression that the encoded variables X_1, X_2,..., X_m should satisfy. If this relational expression is used, a decoding expression of one variable can be expressed in 2 ^ {mn} ways, and it can be difficult to specify which variable is decoded.

(S4: Encoding variable instruction)
The uncoded variables x_1, x_2,..., X_n used in the program are replaced with all encoded variables X_1, X_2,.

(A) Encoding of assignment instruction The substitution instruction x_i ← v for the variable x_i before coding is replaced with the substitution instruction for the encoded variables X_1, X_2,.

(B) Encoding of referenced variable The uncoded variable x_i referenced in the program is replaced with the decoding equation D_i (X_1, X_2,..., X_m) obtained in S3.

(S5: Post-processing)
As post-processing, an initial value is given to the encoded variable. In addition, continuous assignment instructions are merged.

(A) Addition of initial value substitution instruction to encoded variable The encoded variables X_1, X_2,..., X_m have initial values of arbitrary values satisfying mn non-trivial relational expressions. Is assigned as

(B) Merging consecutive assignment instructions Merged assignment instructions generated in S4 are merged. Specifically, two consecutive instructions such as Expression 5 are merged into one instruction such as Expression 6.

  By repeating the processes from S1 to S5, the program can be made difficult sequentially (S6).

The above processing will be described more specifically with reference to FIGS.
Here, an example of a processing procedure in the case of obfuscating the pseudo code of the program for calculating the sum from 1 to n shown in FIG. 2 will be described.
First, two variables x and y included in the program shown in FIG. 2 are selected as encoding targets. Next, three encoding expressions shown in Equation 7 are defined.

  Here, X, Y, and Z are encoded variables used in the obfuscated program, and the functions E_1, E_2, and E_3 are the encoding functions. Also, the encoding functions E_1 and E_2 are independent.

  Next, two simultaneous equations including independent encoding functions are solved for the variables x and y. Here, since the encoding functions E_1 and E_2 are independent, Equations (1) and (2) in Equation 7 are simultaneously provided. As a result, the following two decoding formulas are obtained. In Equation 8, D_1 and D_2 are decoding functions.

  Further, by substituting the obtained decoding formula shown in Formula 8 into the coding formula (3) of Formula 7 that was not used to derive the decoding formula, the following non-trivial relational formula shown in Formula 9 is obtained. .

  By using the non-trivial relational expression shown in Expression 9, the sign expressions of the variables x and y can be expressed in two ways as shown in Expression 10 below.

  Next, the original variables x and y used in the program are replaced with the encoded variables X, Y and Z in the following procedure.

(A) Encoding of assignment instruction The substitution instruction x ← u for the variable x is replaced with the encoded substitution instruction shown in Expression 11 below. Also, the substitution instruction for the variable y is replaced with the encoded substitution instruction shown in Expression 12 below from y ← v. As a result, pseudo code of the obtained program is shown in FIG.

(B) Encoding Referenced Variables Variables x and y referenced in the program are replaced with decoding formulas D_1 (X, Y, Z) and D_2 (X, Y, Z), respectively. As shown in Equation 10, there are two methods for expressing the decoding formula. Here, an arbitrary expression is selected and replaced. As a result, pseudo code of the obtained program is shown in FIG.

Next, the following initial values satisfying the non-trivial number 9 are given to the variables X, Y, and Z.
X = 110250890, Y = −2357829, Z = −2357829
As a result, pseudo code of the obtained program is shown in FIG. Finally, continuous assignment instructions are merged. FIG. 6 shows the pseudo code of the finally obtained program. In this way, obfuscation of the program is executed in the actual processing.

  Up to this point, explanations have been made using specific examples. However, comparing FIG. 2 which is a program before encoding and FIG. 6 which is a program after encoding, it is difficult to read without changing the essential contents of the program. It can be seen that the confidential information in the program is concealed.

  As described above, in the present embodiment, it is possible to hide the number of variables used in the original software, the initial value of the variable, the value held by the variable, and the like. Also, since encoding and decoding processes are executed only by exclusive OR operation, no carry occurs. Therefore, the decrease in execution efficiency is small, and the range that can be calculated is not limited.

  The present invention can be applied to a wide range of software from source codes in high-level languages such as C and Java (registered trademark) to machine languages of various processors including those used in portable terminals and the like.

  Further, the above-described embodiment of the present invention is realized by an arithmetic device or a computer. In particular, according to the latter, a computer-readable recording including a program executed in each of S1 to S5. The encoding method of the present invention is realized by recording on a medium and causing a computer to read and execute a program recorded on the recording medium. The computer here includes an OS and hardware such as peripheral devices.

  In addition, the “computer” may include a homepage providing environment (or display environment) as long as the WWW system is used. The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Furthermore, the program is held for a certain period of time, such as a volatile memory (RAM) in a computer system that becomes a system or a client when the program is transmitted via a network such as the Internet or a communication line such as a telephone line. Including things.

  The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

The program may be for realizing a part of the functions described above.
Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

It is a figure which shows the execution procedure of the encoding method concerning embodiment of this invention. It is a figure which shows the pseudo code of the program before an encoding process. FIG. 3 is a diagram illustrating pseudo code when encoding of an assignment instruction is executed in the program of FIG. 2. It is a figure which shows the pseudo code at the time of performing further encoding of the variable referred to. It is a figure which shows the pseudo code at the time of giving an initial value to a variable. It is the figure which showed the pseudo code finally obtained by performing all the encoding processes.

Claims (6)

An encoding method for encoding a plurality of variables in a program,
A first step of selecting n variables (n is a positive integer) to be encoded from the program;
By the encoding function consisting of exclusive OR of the selected n variables and an arbitrary constant, m (m is a positive integer and m ≧ n) including n independent encoding functions. A second step of defining an encoding formula;
A third step of calculating an encoding expression comprising the n independent encoding functions for the selected n variables and obtaining m encoded variables corresponding to the selected n variables; When,
A fourth step representing the selected n variables using the encoded m variables;
A fifth step of giving an initial value to the encoded variable and merging successive assignment instructions;
An encoding method comprising: The fourth step replaces the assignment instruction for the selected n variables with an assignment instruction for the encoded m variables;
Replacing each of the selected n variables with the encoded m variables determined in the third step;
The encoding method according to claim 1, further comprising:   2. The encoding method according to claim 1, wherein the fifth step gives an arbitrary value satisfying mn non-trivial relational expressions as the initial value to the encoded variable. A program used in an encoding device for encoding a plurality of variables in a program,
A first step of storing the program in a storage device and selecting n variables (n is a positive integer) to be encoded from the stored program;
By the encoding function consisting of exclusive OR of the selected n variables and an arbitrary constant, m (m is a positive integer and m ≧ n) including n independent encoding functions. A second step of defining an encoding formula;
An arithmetic operation unit calculates an encoding expression composed of the n independent encoding functions for the selected n variables, and obtains encoded n variables corresponding to the selected n variables. 3 steps,
A fourth step representing the selected n variables using the encoded n variables;
A fifth step of giving an initial value to the encoded variable and merging successive assignment instructions;
A program that causes a computer to execute. The fourth step replaces the assignment instruction for the selected n variables with an assignment instruction for the encoded m variables;
Replacing each of the selected n variables with the encoded n variables determined in the third step;
The program according to claim 4, further comprising: 5. The program according to claim 4, wherein the fifth step gives an arbitrary value satisfying mn non-trivial relational expressions as the initial value to the encoded variable.

Images