WO2020206905A1 - Code segment protection method and apparatus, computer device, and storage medium - Google Patents

Code segment protection method and apparatus, computer device, and storage medium Download PDF

Info

Publication number
WO2020206905A1
WO2020206905A1 PCT/CN2019/102568 CN2019102568W WO2020206905A1 WO 2020206905 A1 WO2020206905 A1 WO 2020206905A1 CN 2019102568 W CN2019102568 W CN 2019102568W WO 2020206905 A1 WO2020206905 A1 WO 2020206905A1
Authority
WO
WIPO (PCT)
Prior art keywords
code segment
identifier
core
protected
query
Prior art date
Application number
PCT/CN2019/102568
Other languages
French (fr)
Chinese (zh)
Inventor
许剑勇
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020206905A1 publication Critical patent/WO2020206905A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code

Definitions

  • This application relates to a code segment protection method, device, computer equipment and storage medium.
  • a code segment protection method including:
  • the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
  • the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
  • a code segment protection device including:
  • An obtaining module configured to obtain a code segment to be protected, and the code segment to be protected carries a code segment identifier
  • a query module configured to query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
  • the extraction module is configured to extract a core code segment from the code segment to be protected according to the code segment identifier when the complexity level exceeds a preset level, wherein the core identifier corresponds to the core code segment The code segment identifier;
  • the first obfuscation module is used to obfuscate the core code segment according to obfuscation logic to obtain an obfuscated code segment;
  • the generating module is used to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  • a computer device including a memory and one or more processors, the memory stores computer readable instructions, when the computer readable instructions are executed by the processor, the one or more processors execute The following steps:
  • the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
  • the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
  • One or more non-volatile computer-readable storage media storing computer-readable instructions.
  • the one or more processors execute the following steps:
  • the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
  • the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
  • Fig. 1 is an application scenario diagram of a code segment protection method according to one or more embodiments.
  • Fig. 2 is a schematic flowchart of a code segment protection method according to one or more embodiments.
  • Fig. 3 is a schematic flowchart of code segment obfuscation steps according to one or more embodiments.
  • Fig. 4 is a block diagram of a code segment protection device according to one or more embodiments.
  • Figure 5 is a block diagram of a computer device according to one or more embodiments.
  • the code segment protection method provided in this application can be applied to the application environment as shown in FIG. 1.
  • the terminal 102 communicates with the server 104 through the network.
  • the server 104 obtains the code segment to be protected from the terminal 102, and the code segment to be protected carries a code segment identifier.
  • the server 104 queries the complexity level corresponding to the code segment to be protected. When the complexity level exceeds the preset level, the server 104 selects a core identifier from the code segment identifier, and extracts the core code segment from the code segment to be protected according to the core identifier, where the core identifier is a code segment identifier corresponding to the core code segment.
  • the server 104 obfuscates the extracted core code segment according to the obfuscation logic to obtain the obfuscated code segment, and the server 104 obtains the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  • the terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices.
  • the server 104 may be implemented by an independent server or a server cluster composed of multiple servers.
  • a code segment protection method is provided. Taking the method applied to the server in FIG. 1 as an example, the method includes the following steps:
  • the code segment to be protected refers to a code segment that needs to be completely or partially obfuscated.
  • the code segment to be protected may adopt corresponding obfuscation rules to replace the information contained in the corresponding code segment to obtain a functionally equivalent but difficult to understand form.
  • the server may replace the formats or names of different sub-code segments in the code segment to be protected.
  • Code segment identifiers refer to the identifiers of different sub-code segments contained in the code segment to be protected, which can be class identifiers, method identifiers, parameter identifiers, etc. in the code segment.
  • the code segment identifier is the class name, method name, parameter type, parameter name, etc. contained in the code segment.
  • the server receives the code segment to be protected sent by the terminal, and the code segment to be protected carries a corresponding code segment identifier.
  • the server receives the code segment to be protected sent by the terminal, and the code segment to be protected carries the corresponding class name, method name, and specific parameter name.
  • the server can query whether there is a code segment to be filtered according to the code segment identifier. When there is a code segment to be filtered, if the code segment to be filtered is also obfuscated, the corresponding reflection mechanism cannot be implemented. Therefore, the code segment to be filtered cannot be obfuscated. Therefore, when the server finds the code to be filtered according to the code segment identifier The code segment to be protected cannot be confused as a whole.
  • the code segment to be filtered refers to the code segment included in the code segment to be protected that cannot be confused.
  • the reflection mechanism means that in the running state, for any class, all attributes and methods in the class can be obtained.
  • the corresponding configuration folder can also be obtained by querying the code segment to be filtered, and querying whether the configuration folder contains the code segment identifier corresponding to the corresponding code segment to be filtered.
  • the server determines that the code segment to be protected contains the code segment to be filtered.
  • the configuration folder refers to the folder where the code segments that do not need to be obfuscated are stored before the different code segments are obfuscated.
  • S204 Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected.
  • the complexity level refers to a reference index that characterizes the complexity of the code segment to be protected. It may be that the higher the complexity level, the more complex the core code segment.
  • the server when the server obtains the code segment to be protected, it queries the complexity level of the code segment to be protected according to the complexity judgment logic. It may be that when the server obtains the code segment to be protected, it queries the number of code lines of the code segment to be protected, and obtains the pre-stored complexity level corresponding to the number of code lines according to the number of code lines.
  • the preset complexity level according to the number of lines of code can be that the more lines of code, the higher the level of complexity of the code; it can also be to query whether the code to be protected is added with an importance label, when the importance label is displayed, the more important. The higher the level of complexity.
  • S206 When the complexity level exceeds the preset level, select a core identifier from the code segment identifier, and extract the core code segment from the code segment to be protected according to the core identifier, where the core identifier is related to the core identifier.
  • the code segment ID corresponding to the code segment.
  • the core identifier refers to a pre-stored identifier that is included in the code segment to be protected that characterizes the sub-code segment that implements the core function.
  • the core identifier may be the class identifier, method identifier, parameter identifier, etc. of the code segment that implements the core function included in the code segment to be protected.
  • the core identifier is the class name, method name, parameter type, parameter name, etc. corresponding to the core code segment contained in the code segment to be protected.
  • the core code segment refers to the code segment included in the code segment to be protected to realize the corresponding core function.
  • the core function is the function of capturing images
  • the core code segment is the code segment for capturing corresponding images.
  • the server when the server obtains the complexity level of the code segment to be protected, the server obtains the pre-stored preset level, and the server compares the obtained complexity level of the code segment to be protected with the preset level. When the complexity level exceeds the preset level, the server obtains the code segment identifier, and compares the code segment identifier with the preset core identifier to be compared. When the comparison is successful, the server uses the successfully compared code segment identifier as the core identifier, and the sub-code segment corresponding to the core identifier is the core code segment.
  • the server compares the obtained complexity level with the preset level.
  • the server obtains the preset core code identifier, and compares the code segment identifier with the preset core identifier to be compared.
  • the comparison is successful, it is determined that the code segment identifier is a core identifier. Therefore, the sub-code segment corresponding to the core identifier and the next code segment identifier is the core code segment.
  • the core code segment is extracted, so that only the simple framework corresponding to the core code segment is retained, such as the corresponding parameter setting framework, that is, the retained framework can be used as the framework core code segment.
  • the server generates a separate core code segment from the extracted core code segment, and the single core code segment can be used as a proxy core code segment. That is, when the code segment to be protected is executed, when the server executes to the framework core code segment, the server can jump to the proxy core code segment, thereby directly executing the proxy core code segment.
  • the proxy core code segment has a new code identifier, that is, the proxy code segment identifier, such as the corresponding code segment name.
  • the code segment identifier corresponding to the core code segment of the framework remains unchanged, that is, the code segment identifier corresponding to the unextracted core code segment remains unchanged.
  • the obfuscation logic refers to obfuscating the code segment, that is, replacing the corresponding code format in the code segment, so as to obtain the relevant logic rules of the code segment that is not easy to find.
  • Obfuscated code segment refers to a code segment that is difficult to understand but is functionally equivalent to the core code segment after replacing it according to the obfuscation logic.
  • the server extracts the core code segment, it queries the pre-stored obfuscation logic, and then the server will obfuscate the extracted core code segment according to the obfuscation logic, that is, it can format the extracted core code segment according to the obfuscation logic.
  • the core code segment is used as the proxy core code segment to obtain the corresponding obfuscation logic.
  • the confusion logic is to identify the core code corresponding to the agent core code segment, such as replacing the code segment name of the agent core code segment, or replacing the case in the agent core code segment.
  • the target code segment refers to the code segment corresponding to the core function included in the protected code segment to be obfuscated, and the code segment that cannot be obfuscated is not obfuscated.
  • the server obtains the obfuscated code segment, the obfuscated code segment, the core code segment of the framework, and the code segment to be filtered contained in the code segment to be protected are used as the target code segment. It may be that the server extracts the core code segment to generate the proxy core code segment, and the framework core code segment remains in the code segment to be protected.
  • the server associates the proxy core code segment with the framework core code segment, and associates the to-be-filtered code segment with the core proxy code segment to obtain the target code segment, so that the target code segment contains the core function that can be obfuscated Code segments and code segments that cannot be obfuscated.
  • the server when the server obtains the code segment to be protected, it does not need to obfuscate the entire code segment to be protected, thereby avoiding that when there is a code segment that cannot be obfuscated in the code segment to be protected, the entire code segment to be protected cannot be confused. Therefore, the flexibility of obfuscation can be improved, and the core code segment can be extracted and obfuscated, thereby improving the security of the code segment.
  • Figure 3 provides a flow diagram of the code segment obfuscation step.
  • the code segment obfuscation step that is, the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, including: obtaining the obfuscation logic, according to the obfuscation logic Query the information to be confused contained in the core code segment; extract the confusion feature corresponding to the information to be confused, query the replacement information corresponding to the information to be confused according to the confusion feature; use the replacement information to replace the information to be confused to obtain the confusion code segment.
  • the obfuscation logic refers to the preset logic of selecting the information to be obfuscated, and the obfuscation logic can be preset with a corresponding identifier associated with the code segment.
  • the obfuscation logic can be preset with corresponding code names, class names, variable names, or related code identifiers to be converted to case.
  • To-be-obfuscated information refers to the relevant information contained in the code segment to be protected that can be obfuscated by obfuscation logic.
  • the replacement information refers to the detailed information that can replace the obfuscated information, which can be to replace the original code segment name with common characters.
  • the server extracts the core code segment, and uses the extracted core code segment as the proxy core code segment.
  • the server obtains the obfuscation logic, queries the different information to be obfuscated contained in the core code segment of the agent according to the obfuscation logic, and then queries the replacement information according to the code segment identifier corresponding to the core code segment, and uses the replacement information to replace the information to be obfuscated to obtain confusion Code snippet. It can be that when the server extracts the core code segment, the core code segment is used as the proxy core code segment.
  • the server obtains the obfuscation logic, and the server compares the different identifiers corresponding to the obfuscation logic with the different identifiers corresponding to the core code segment of the agent, and selects the corresponding code line according to the obfuscation logic, so that the successfully compared identifiers and code lines are regarded as to be confused information. Furthermore, the server finds the replacement information corresponding to the information to be confused, such as general character identifiers, conversion characters, etc., according to the confusion logic. The server replaces the successfully matched identifiers and code lines corresponding to the core code segment according to the replacement information.
  • the server when the server queries the information to be confused from the core code segment, it can query the replacement information corresponding to the information to be confused, and then use the replacement information to replace the information to be confused to obtain the obfuscated code segment. Confusion is simple and easy, and the efficiency is high.
  • after replacing the obfuscated information with the replacement information to obtain the target code segment it includes: storing the obfuscated code segment in an encrypted folder, and obtaining the first storage path corresponding to the encrypted folder; querying the code segment to be protected The second storage path associated with the core code segment in; change the second storage path to the first storage path.
  • an encrypted folder refers to a folder that stores all obfuscated code segments among the code segments to be protected.
  • the first storage path refers to the query path where the encrypted folder can be found, so that the obfuscated code segment can be queried according to the query path.
  • the second storage path refers to the query path associated with the unobfuscated core code segment in the code segment to be protected.
  • the query path may be the same storage path as the code segment to be protected. Specifically, when the server obtains the obfuscated code segment, usually the obfuscated code segment is saved to the same path as the code segment to be protected.
  • the server obtains the encrypted folder and stores the obfuscated code segment in the encrypted folder , And then obtain the first storage path corresponding to the encrypted folder.
  • the server queries the second storage path associated with the core code segment from the code segment to be protected, and then changes the second storage path to the first storage path, which ensures that the target code segment obtained after obfuscation of the code segment to be protected is executed.
  • the server executes to the core code segment, since the core code segment only retains the framework core code segment after obfuscation, it is possible to jump to the encrypted folder to accurately find the obfuscated code segment and execute the corresponding obfuscated code segment.
  • the server can store the obfuscated code segment separately in the encrypted folder, which can further improve the security of the core code, and the server can obtain the first storage path corresponding to the encrypted folder, and query the code segment and the core code.
  • the second storage path associated with the segment is changed to the first storage path to ensure the correct execution of the obfuscated code segment.
  • the method includes: querying the first subcode segment identifier corresponding to the obfuscated code segment; and querying the second subcode segment identifier corresponding to the core code segment ; Establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
  • the first sub-code segment identifier refers to the code segment identifier corresponding to the obfuscated code segment, and may be the code segment name corresponding to the obfuscated code segment.
  • the second sub-code segment identifier refers to the code segment identifier corresponding to the core code segment, and may be the code segment name corresponding to the core code segment without obfuscation.
  • the server obtains the obfuscated code segment after obfuscation of the core code segment, and then queries the obfuscated code segment to obtain the first subcode identifier.
  • the server queries the second subcode identifier corresponding to the core code segment, and then associates the first subcode identifier with the second subcode identifier to obtain the mapping relationship, that is, the server can directly query the corresponding subcode segment through the mapping relationship Logo. It may be that when the server obtains the obfuscated code segment, it queries whether the obfuscated code segment contains the corresponding preset code segment name.
  • the preset code segment name may be the name of the included code segment included in the replacement information, etc., when When the name of the preset code segment is found, the name of the preset code segment is the first sub-code segment identifier, and the server queries the second sub-code segment identifier from the core code segment, that is, the server can directly obtain the preset code segment
  • the code segment name is the second sub-code segment identifier, and the server establishes a mapping relationship between the first sub-code identifier and the second sub-code identifier.
  • the server when the server obtains the first sub-code segment identifier of the obfuscated code segment, and obtains the second sub-code segment identifier corresponding to the core code segment, the first sub-code segment identifier and the second sub-code segment identifier can be combined
  • the identification establishes a mapping relationship, so that the core code segment can be directly found through the obfuscated code segment, and it is convenient to query when an error occurs in the obfuscated code segment, thereby improving query efficiency.
  • the method includes: receiving a running instruction of the running target code segment, and running the protection code segment according to the running instruction to obtain the running result; Whether the result contains the operating error status identifier, when the operating error status identifier is included, query the second subcode segment identifier corresponding to the operating error status identifier; query the first code associated with the second subcode segment identifier according to the mapping relationship Mark, and output the first code mark.
  • the running error status identifier refers to the corresponding error prompt information when an error occurs in the running target code segment, and the error status identifier can display the cause of the running error corresponding to the target code segment and the code line corresponding to the running error.
  • the target code segment can also be run first.
  • the server receives the running instruction to run the target code segment, and the server runs the obtained target code segment line by line according to the running instruction to obtain the running result.
  • the running result obtained by the server query is error-free, the corresponding running pass result is output.
  • the server queries the code line corresponding to the error status identifier, queries the second subcode segment identifier of the obfuscated code segment corresponding to the code line, and then according to the mapping relationship.
  • the server finds the first sub-code segment identifier corresponding to the second sub-code segment identifier, and outputs the first sub-code segment identifier and the second sub-code segment identifier to troubleshoot the cause of the operation error, and you can query whether Is there a problem with the unobfuscated core code segment, whether it is the obfuscated logic that causes the obfuscation error and the target code obfuscation error.
  • the server displays a corresponding run button on the display interface, and the user clicks the run button to generate a run instruction, and then the server runs the target code segment line by line according to the generated run instruction.
  • the server runs to the obfuscated code segment, the obfuscated code segment is found through the stored first storage path, so as to complete the operation of the target code segment, and then the server generates the running result.
  • the running result that has passed is output; when there is an error in the running result, the running error status identifier is queried, and the corresponding code line is queried according to the running error status identifier, and then the code line is queried to include If there is an obfuscated code segment of the code line, the second sub-code segment identifier corresponding to the obfuscated code segment containing the code line can be found. Since the second sub-code segment identifier corresponds to the obfuscated code segment, in order to query the cause of the operation error status identifier in the operation of the target code segment, the core code segment corresponding to the obfuscated code segment can be queried. That is, the server can query the first subcode segment identifier according to the second subcode segment identifier and the mapping relationship, and output the first subcode segment identifier and the second subcode segment identifier.
  • the target code segment can be pre-run to obtain the running result, so that the running result of the target code segment can be verified in advance, and the running failure caused by the direct use of the target code segment can be avoided. Ensure the accuracy of the target code segment. Furthermore, when the running result is a running error, query the running error status identifier, query the second subcode segment identifier according to the running error status identifier, and query the first subcode segment identifier corresponding to the second subcode segment identifier according to the mapping relationship, Ensure that the query error is comprehensive and accurate when there is an error in the target code segment.
  • after querying the complexity level corresponding to the code segment to be protected it includes: when the complexity level does not exceed the preset level, querying the filter field according to the code segment identifier; adding the filter field to the code segment to be protected; The code segment to be protected with the added filter field is obfuscated by obfuscation logic to obtain the target code segment.
  • the filter field refers to the addition of a corresponding comment field, so that when the code segment to be protected is confused, the code segment with the comment field added is skipped, so that the code segment with the comment field added is not confused.
  • the server finds that the complexity level corresponding to the code segment to be protected does not exceed the preset level, it is simple and easy to query line by line whether the code segment to be protected contains code segments that do not need to be filtered. Then the server compares the complexity level of the code segment to be protected, and when the complexity level does not exceed the preset level, the server obtains the corresponding filter field. The server queries the filtering code segment contained in the code segment to be protected according to the code segment identifier.
  • the server adds a filter field to the filter code segment, and the server can directly obfuscate the code segment without the filter field added to the protected code segment according to the obfuscation logic to obtain the obfuscated code segment, the obfuscated code segment and the filter field to be filtered with the added filter field
  • the code segment is associated as the target code segment.
  • the server obtains the code segment identifier corresponding to the filter code segment, and matches the filter code segment identifier with the corresponding identifier contained in the code segment to be protected.
  • the server sets the sub-code segment corresponding to the successfully-matched code segment identifier as the filtering code segment.
  • the server obtains the corresponding filter field, such as the corresponding comment field, and adds the comment field to the filter code segment.
  • the server obtains the corresponding obfuscated logic, which can be to replace the code segment name of the corresponding sub-code segment, or replace the case of the code line, etc., so that the server can obtain the obfuscated code segment, and then the obfuscated code segment and the filtered code segment Make the association to get the target code segment. And when the server obtains the corresponding target code segment, the server can establish a corresponding mapping relationship between the obfuscated code segment and the unobfuscated code segment, and then can run the corresponding target code segment to query whether the running result has errors. When there is no error, the server can directly output the prompt message of successful operation; when the operation fails, the server queries the specific failed sub-code segment, and outputs the relevant sub-code segment identification.
  • the server when the server finds that the complexity level of the code segment to be protected does not exceed the preset level, it can directly obtain the corresponding filter field, and add the filter field to the code segment to be protected, thereby adopting obfuscation logic.
  • the target code segment is obtained by obfuscation of the protected code segment. Since the complexity level does not exceed the preset level, it is simple and easy to directly add the corresponding filter field to the protected code segment, which can improve the efficiency of protecting the code segment.
  • the code segment to be protected is the code segment of the shooting function in the application program as an example for illustration: when the server receives the code segment to be protected as the code segment of the image capture function, the server queries the code segment to be protected.
  • the complexity level of the protection code segment can be the number of code lines of the query code segment, or whether it carries an important level indication, and the server determines the complexity level.
  • the server can be more complex as the number of lines of code is greater, or the more important the importance level carried, the higher the complexity level.
  • the server obtains the complexity level the server obtains the preset level and compares the complexity level with the preset level.
  • the corresponding core code can be found For example, if the core code segment is the code segment named CameraActivity, then extract the code segment to establish the proxy core code segment, such as generating a proxy code segment with the class name CameraApiProxy, the proxy code segment is also generated The proxy core code segment, and the code segment name is CameraActivity, only the corresponding frame is reserved, and then the code segment with the class name CameraApiProxy is confused.
  • the code segment name is replaced by the corresponding common characters, such as A, Commonly recognized characters of B and C, or the corresponding code lines are replaced with uppercase and lowercase letters, etc., to obtain the obfuscated code segment.
  • the server associates the obfuscated code segment with the code segment whose class name is the frame reserved in CameraActivity, and associates the code segment with the unobfuscated code segment in the code segment to be protected to obtain the target code segment.
  • the server may add the obfuscated code segment obtained by obfuscation of the code segment whose class name is CameraApiProxy to the encrypted folder storing different obfuscated code segments, and obtain the first storage path in the encrypted folder. Furthermore, the server changes the second storage path associated with the code segment whose class name is CameraActivity to the first storage path, so that the corresponding obfuscated code segment can be accurately found when the corresponding target code segment is executed. And the server associates the code segment identifier of the code segment with the obfuscated class name CameraApiProxy with the code segment identifier of the code segment with the unobfuscated class name CameraActivity.
  • the server can associate the two class names to obtain the mapping relationship.
  • the server can receive a running instruction, and run the obtained target code segment according to the running instruction. When the target code segment runs correctly, it will directly output the prompt message of the correct operation; when there is an error in the operation, the server will query the operation error status identification from the operation result. If the error reason of the specific code line is prompted, it will be based on the operation error code Line query whether the code line is included in the code segment with the class name CameraApiProxy. When it is included in the code segment, the code segment with the class name CameraActivity is also queried through the mapping relationship, so that both codes are identified Output, easy to query specific errors.
  • the server when the server receives that the complexity level of the code segment to be protected does not exceed the preset level, it can directly add the code segment that does not need to be confused in the code segment to be protected, that is, add the corresponding filter field to the filter code segment.
  • the filter field can be Yes: If a field in the code segment to be protected is not obfuscated, add @KeepFromProguard public class User ⁇ ; if an attribute in the code segment to be protected is not obfuscated, add @KeepFromProguard public int id; a single method in the code segment to be protected If you don’t obfuscate, add @KeepFromProguard public booleanisValid() ⁇ to add the above filter fields, you can obfuscate the entire protected code segment, that is, during the obfuscation process, the code segment with the above filter fields will be skipped , Thereby improving the efficiency of obfuscation of the code segment to be protected.
  • a code segment protection device including: an acquisition module 410, a query module 420, a first obfuscation module 430, and a generation module 440, wherein:
  • the obtaining module 410 is configured to obtain a code segment to be protected, and the code segment to be protected carries a code segment identifier.
  • the query module 420 is used to query the complexity level corresponding to the code segment to be protected, and the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
  • the extraction module 430 is used to select the core identifier from the code segment identifier when the complexity level exceeds the preset level, and extract the core code segment from the code segment to be protected according to the core identifier, where the core identifier corresponds to the core code segment Code segment ID.
  • the first obfuscation module 440 is used to obfuscate the extracted core code segments according to obfuscation logic to obtain obfuscated code segments.
  • the generating module 450 is used to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  • the first obfuscation module 440 includes:
  • the first query unit is used to obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic.
  • the second query unit is configured to query the replacement information corresponding to the information to be confused according to the confusion logic.
  • the replacement unit is used to replace the obfuscated information with the replacement information to obtain the obfuscated code segment.
  • the code segment protection device 400 includes:
  • the storage module is used to store the obfuscated code segment in the encrypted folder and obtain the first storage path corresponding to the encrypted folder.
  • the path extraction module is used to query the second storage path associated with the core code segment in the code segment to be protected.
  • the change module is used to change the second storage path to the first storage path.
  • the code segment protection device 400 includes:
  • the first identification query unit is used to query the identification of the first sub-code segment corresponding to the obfuscated code segment.
  • the second identification query unit is used to query and query the second sub-code segment identifier corresponding to the core code segment.
  • the establishment module is used to establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
  • the code segment protection device 400 includes:
  • the receiving module is used to receive the running instruction of the running target code segment, and run the target code segment according to the running instruction to obtain the running result.
  • the third identification query module is used to query whether the operating result contains the operating error status identifier, and when the operating error status identifier is included, query the second sub-code segment identifier corresponding to the operating error status identifier.
  • the output module is used to query the first subcode segment identifier associated with the second subcode segment identifier according to the mapping relationship, and output the first subcode segment identifier and the second subcode segment identifier.
  • the code segment protection device 400 includes:
  • the filter field query module is used to query the filter field according to the code segment identifier when the complexity level does not exceed the preset level.
  • Add module used to add filter fields to the code segment to be protected.
  • the second obfuscation module is used to obfuscate the to-be-protected code segment to which the filter field is added by obfuscation logic to obtain the target code segment.
  • Each module in the above code segment protection device can be implemented in whole or in part by software, hardware, and a combination thereof.
  • the foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
  • a computer device is provided.
  • the computer device may be a server, and its internal structure diagram may be as shown in FIG. 5.
  • the computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, computer readable instructions, and a database.
  • the internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium.
  • the computer equipment database is used to store code segment protection data.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the computer-readable instruction is executed by the processor to realize a code segment protection method.
  • FIG. 5 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied.
  • the specific computer device may Including more or fewer parts than shown in the figure, or combining some parts, or having a different arrangement of parts.
  • a computer device including a memory and one or more processors.
  • the memory stores computer readable instructions.
  • one or more processors are caused to perform the following steps: Obtain the code to be protected Segment, the code segment to be protected carries a code segment identifier; the complexity level corresponding to the code segment to be protected is queried, and the complexity level is preset, which is a reference index used to characterize the complexity of the code segment to be protected; when the complexity level exceeds the preset Level, the core identifier is selected from the code segment identifier, and the core code segment is extracted from the code segment to be protected according to the core identifier, where the core identifier is the code segment identifier corresponding to the core code segment; the core code segment Obtain the obfuscated code segment by obfuscation according to the obfuscation logic; and obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  • the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, including: obtaining the obfuscation logic, and querying the core code segment for the to-be-contained code segment according to the obfuscation logic.
  • Obfuscation information query the replacement information corresponding to the information to be confused according to the obfuscation logic; use the replacement information to replace the information to be confused to obtain the obfuscated code segment.
  • the processor when the processor executes the computer-readable instruction, after replacing the obfuscated information with the replacement information to obtain the target code segment, it includes: storing the obfuscated code segment in an encrypted folder, and obtaining the first corresponding to the encrypted folder. Storage path; query the second storage path associated with the core code segment in the code segment to be protected; change the second storage path to the first storage path.
  • the processor executes the computer-readable instruction to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment, it includes: querying the first subcode segment identifier corresponding to the obfuscated code segment; and querying the core code The second sub-code segment identifier corresponding to the segment; the mapping relationship is established between the first sub-code segment identifier and the second sub-code segment identifier.
  • the processor includes: receiving a running instruction of the running target code segment, and running the target according to the running instruction The code segment obtains the running result; query whether the running result contains the operating error status identifier, when the operating error status identifier is included, query the second subcode segment identifier corresponding to the operating error status identifier; query the second subcode segment according to the mapping relationship The code segment identifies the associated first sub-code segment identifier, and outputs the first sub-code segment identifier and the second sub-code segment identifier.
  • the processor executes the computer-readable instruction to query the complexity level corresponding to the code segment to be protected, it includes: when the complexity level does not exceed the preset level, query the filter field according to the code segment identifier; Add to the code segment to be protected; use obfuscation logic to obfuscate the code segment to be protected with the filter field added to obtain the target code segment.
  • One or more non-volatile computer-readable storage media storing computer-readable instructions.
  • the one or more processors perform the following steps:: Obtain the protection to be protected Code segment, the code segment to be protected carries a code segment identifier; query the complexity level corresponding to the code segment to be protected, the complexity level is preset, and is used to characterize the reference index of the complexity of the code segment to be protected; When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifier, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier corresponds to the core code segment Code segment identification; Obtain the obfuscated code segment by obfuscating the core code segment according to the obfuscation logic; and Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  • the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, which includes: obtaining the obfuscation logic, and querying the core code segment for the contained code according to the obfuscation logic Information to be confused; query the replacement information corresponding to the information to be confused according to the confusion logic; use the replacement information to replace the information to be confused to obtain a confused code segment.
  • the target code segment is obtained by using the replacement information to replace the obfuscated information with replacement information, including: storing the obfuscated code segment in an encrypted folder, and obtaining the first corresponding to the encrypted folder A storage path; query the second storage path associated with the core code segment in the code segment to be protected; change the second storage path to the first storage path.
  • the method when the computer-readable instruction is executed by the processor, after obtaining the target code segment corresponding to the code segment to be protected according to the obfuscated code segment, the method includes: querying the identifier of the first sub-code segment corresponding to the obfuscated code segment; and querying the core The second sub-code segment identifier corresponding to the code segment; the mapping relationship is established between the first sub-code segment identifier and the second sub-code segment identifier.
  • the mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier is established, including: receiving a running instruction for running the target code segment, and running according to the running instruction
  • the target code segment obtains the running result; query whether the running result contains the running error status identifier, when the running error status identifier is included, query the second sub-code segment identifier corresponding to the running error status identifier; query the second sub-code segment identifier according to the mapping relationship
  • the subcode segment identifies the associated first subcode segment identifier, and outputs the first subcode segment identifier and the second subcode segment identifier.
  • the computer-readable instruction after the computer-readable instruction is executed by the processor to query the complexity level corresponding to the code segment to be protected, it includes: when the complexity level does not exceed the preset level, query the filter field according to the code segment identifier; The field is added to the code segment to be protected; the code segment to be protected with the added filter field is obfuscated by obfuscation logic to obtain the target code segment.
  • Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • ROM read only memory
  • PROM programmable ROM
  • EPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • Volatile memory may include random access memory (RAM) or external cache memory.
  • RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A code segment protection method, comprising: acquiring a code segment to be protected, said code segment carrying a code segment identifier; querying a complexity level corresponding to said code segment, wherein the complexity level is a preset reference index for characterizing the degree of complexity of said code segment; when the complexity level exceeds a preset level, selecting a core identifier from the code segment identifier, and according to the core identifier, extracting a core code segment from said code segment to be protected, wherein the core identifier is a code segment identifier corresponding to the core code segment; obfuscating the extracted core code segment according to an obfuscation logic to obtain an obfuscated code segment; and obtaining, according to the obfuscated code segment, a target code segment corresponding to said code segment to be protected.

Description

代码段保护方法、装置、计算机设备和存储介质Code segment protection method, device, computer equipment and storage medium
相关申请的交叉引用Cross references to related applications
本申请要求于2019年04月12日提交中国专利局,申请号为201910296112.9,申请名称为“代码段保护方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 12, 2019. The application number is 201910296112.9, and the application name is "Code segment protection method, device, computer equipment and storage medium". The entire content is by reference Incorporated in this application.
技术领域Technical field
本申请涉及一种代码段保护方法、装置、计算机设备和存储介质。This application relates to a code segment protection method, device, computer equipment and storage medium.
背景技术Background technique
随着计算机技术的发展,需要开发越来越多的应用程序,而对应用程序进行开发之后,为了避免应用程序中的核心程序段被盗用,则会对核心程序段进行混淆。With the development of computer technology, more and more application programs need to be developed. After the application program is developed, in order to avoid the core program segment in the application program from being misappropriated, the core program segment will be confused.
传统地,在混淆过程中,是统一对待保护程序段进行混淆,而当待保护程序段中包含有通用程序段时,需要根据通用程序段实现相应的反射机制,而若对通用程序段进行了混淆则无法正常实现反射机制,因此通用程序段则无法进行混淆,导致整个待保护程序段均无法进行混淆,导致对代码段进行混淆而得到保护的灵活性差。Traditionally, in the process of obfuscation, the program segments to be protected are uniformly confused. When the program segment to be protected contains general program segments, the corresponding reflection mechanism needs to be implemented according to the general program segment. Obfuscation means that the reflection mechanism cannot be implemented normally. Therefore, the general program segment cannot be obfuscated. As a result, the entire program segment to be protected cannot be obfuscated, resulting in poor flexibility for obfuscating the code segment to be protected.
发明内容Summary of the invention
根据本申请公开的各种实施例,提供一种代码段保护方法、装置、计算机设备和存储介质。According to various embodiments disclosed in the present application, a code segment protection method, device, computer equipment, and storage medium are provided.
一种代码段保护方法,包括:A code segment protection method, including:
获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
一种代码段保护装置,包括:A code segment protection device, including:
获取模块,用于获取待保护代码段,所述待保护代码段携带有代码段标识;An obtaining module, configured to obtain a code segment to be protected, and the code segment to be protected carries a code segment identifier;
查询模块,用于查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的, 用于表征所述待保护代码段的复杂度的参考指标;A query module, configured to query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
提取模块,用于当所述复杂等级超过预设等级时,则根据所述代码段标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;The extraction module is configured to extract a core code segment from the code segment to be protected according to the code segment identifier when the complexity level exceeds a preset level, wherein the core identifier corresponds to the core code segment The code segment identifier;
第一混淆模块,用于将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及The first obfuscation module is used to obfuscate the core code segment according to obfuscation logic to obtain an obfuscated code segment; and
生成模块,用于根据所述混淆代码段得到所述待保护代码段对应的目标代码段。The generating module is used to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
一种计算机设备,包括存储器和一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device, including a memory and one or more processors, the memory stores computer readable instructions, when the computer readable instructions are executed by the processor, the one or more processors execute The following steps:
获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤:One or more non-volatile computer-readable storage media storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors execute the following steps:
获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
本申请的一个或多个实施例的细节在下面的附图和描述中提出。本申请的其它特征和优点将从说明书、附图以及权利要求书变得明显。The details of one or more embodiments of the application are set forth in the following drawings and description. Other features and advantages of this application will become apparent from the description, drawings and claims.
附图说明Description of the drawings
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to more clearly describe the technical solutions in the embodiments of the present application, the following will briefly introduce the drawings needed in the embodiments. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without creative work.
图1为根据一个或多个实施例中代码段保护方法的应用场景图。Fig. 1 is an application scenario diagram of a code segment protection method according to one or more embodiments.
图2为根据一个或多个实施例中代码段保护方法的流程示意图。Fig. 2 is a schematic flowchart of a code segment protection method according to one or more embodiments.
图3为根据一个或多个实施例中代码段混淆步骤的流程示意图。Fig. 3 is a schematic flowchart of code segment obfuscation steps according to one or more embodiments.
图4为根据一个或多个实施例中代码段保护装置的框图。Fig. 4 is a block diagram of a code segment protection device according to one or more embodiments.
图5为根据一个或多个实施例中计算机设备的框图。Figure 5 is a block diagram of a computer device according to one or more embodiments.
具体实施方式detailed description
为了使本申请的技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the technical solutions and advantages of the present application clearer, the following further describes the present application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and not used to limit the application.
本申请提供的代码段保护方法,可以应用于如图1所示的应用环境中。终端102通过网络与服务器104进行通信。服务器104从终端102获取到待保护代码段,待保护代码段携带有代码段标识。服务器104查询待保护代码段对应的复杂等级。当复杂等级超过预设等级时,则服务器104从代码段标识中选取核心标识,根据核心标识从待保护代码段中提取核心代码段,其中,核心标识是与核心代码段对应的代码段标识。服务器104将提取到的核心代码段按照混淆逻辑进行混淆得到混淆代码段,服务器104根据混淆代码段得到待保护代码段对应的目标代码段。终端102可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑和便携式可穿戴设备,服务器104可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The code segment protection method provided in this application can be applied to the application environment as shown in FIG. 1. The terminal 102 communicates with the server 104 through the network. The server 104 obtains the code segment to be protected from the terminal 102, and the code segment to be protected carries a code segment identifier. The server 104 queries the complexity level corresponding to the code segment to be protected. When the complexity level exceeds the preset level, the server 104 selects a core identifier from the code segment identifier, and extracts the core code segment from the code segment to be protected according to the core identifier, where the core identifier is a code segment identifier corresponding to the core code segment. The server 104 obfuscates the extracted core code segment according to the obfuscation logic to obtain the obfuscated code segment, and the server 104 obtains the target code segment corresponding to the code segment to be protected according to the obfuscated code segment. The terminal 102 may be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices. The server 104 may be implemented by an independent server or a server cluster composed of multiple servers.
在其中一个实施例中,如图2所示,提供了一种代码段保护方法,以该方法应用于图1中的服务器为例进行说明,包括以下步骤:In one of the embodiments, as shown in FIG. 2, a code segment protection method is provided. Taking the method applied to the server in FIG. 1 as an example, the method includes the following steps:
S202:获取待保护代码段,待保护代码段携带有代码段标识。S202: Obtain a code segment to be protected, which carries a code segment identifier.
具体地,待保护代码段是指需要全部或者部分进行混淆的代码段。待保护代码段可以是采用对应的混淆规则将相应的代码段中包含的信息进行替换,得到功能上等价但是难于理解的形式。例如,服务器可以对待保护代码段中不同的子代码段的格式或者名称等进行替换等。代码段标识是指包含在待保护代码段中的不同子代码段的标志,可以是代码段中的类标识,方法标识,参数标识等。例如,代码段标识是代码段中包含的类名称、方法名称、参数类型、参数名称等。具体地,服务器接收到终端发送的待保护代码段,且待保护代码段上携带有相应的代码段标识。例如,服务器接收到终端发送的待保护代码段,待保护代码段中携带有相应的类名称、方法名称、具体参数名称。服务器根据代码段标识可以查询到是否存在有过待滤代码段。当存在有待过滤代码段时,由于若对待过滤代码段也进行混淆时,则无法实现相应的反射机制,因此,待过滤代码段不能进行混淆,所以,当服务器根据代码段标识查找到待过滤代码段时,待保护代码段不能进行整体混淆。Specifically, the code segment to be protected refers to a code segment that needs to be completely or partially obfuscated. The code segment to be protected may adopt corresponding obfuscation rules to replace the information contained in the corresponding code segment to obtain a functionally equivalent but difficult to understand form. For example, the server may replace the formats or names of different sub-code segments in the code segment to be protected. Code segment identifiers refer to the identifiers of different sub-code segments contained in the code segment to be protected, which can be class identifiers, method identifiers, parameter identifiers, etc. in the code segment. For example, the code segment identifier is the class name, method name, parameter type, parameter name, etc. contained in the code segment. Specifically, the server receives the code segment to be protected sent by the terminal, and the code segment to be protected carries a corresponding code segment identifier. For example, the server receives the code segment to be protected sent by the terminal, and the code segment to be protected carries the corresponding class name, method name, and specific parameter name. The server can query whether there is a code segment to be filtered according to the code segment identifier. When there is a code segment to be filtered, if the code segment to be filtered is also obfuscated, the corresponding reflection mechanism cannot be implemented. Therefore, the code segment to be filtered cannot be obfuscated. Therefore, when the server finds the code to be filtered according to the code segment identifier The code segment to be protected cannot be confused as a whole.
需要说明的是,待过滤代码段是指包含在待保护代码段中不能进行混淆的代码段。反射机制是指运行状态中,对于任意一个类,均可获取到该类中的所有属性和方法。查询待过滤代码段还可以获取到相应的配置文件夹,查询配置文件夹中是否包含有相应的待过滤代码段对应的代码段标识。当存在有待过滤代码段对应的代码段标识时,则服务器判定待 保护代码段中包含有待过滤代码段。配置文件夹是指在对不同的代码段进行混淆之前,存储有无需进行混淆的代码段的文件夹。It should be noted that the code segment to be filtered refers to the code segment included in the code segment to be protected that cannot be confused. The reflection mechanism means that in the running state, for any class, all attributes and methods in the class can be obtained. The corresponding configuration folder can also be obtained by querying the code segment to be filtered, and querying whether the configuration folder contains the code segment identifier corresponding to the corresponding code segment to be filtered. When there is a code segment identifier corresponding to the code segment to be filtered, the server determines that the code segment to be protected contains the code segment to be filtered. The configuration folder refers to the folder where the code segments that do not need to be obfuscated are stored before the different code segments are obfuscated.
S204:查询待保护代码段对应的复杂等级,复杂等级为预先设定的,用于表征待保护代码段的复杂度的参考指标。S204: Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected.
具体地,复杂等级是指表征待保护代码段的复杂程度的参考指标,可以是,当复杂等级越高则核心代码段越复杂。具体地,当服务器获取到待保护代码段,则根据复杂度判断逻辑查询待保护代码段的复杂等级。可以是,服务器获取到待保护代码段时,查询待保护代码段的代码行数,根据代码行数,获取到预存储的与代码行数对应的复杂等级。其中,根据代码行数预设的复杂等级可以是当代码行数越多,则代码的复杂等级越高;还可以是查询待保护代码是否添加有重要度标签,当重要度标签显示越重要,则复杂等级越高。Specifically, the complexity level refers to a reference index that characterizes the complexity of the code segment to be protected. It may be that the higher the complexity level, the more complex the core code segment. Specifically, when the server obtains the code segment to be protected, it queries the complexity level of the code segment to be protected according to the complexity judgment logic. It may be that when the server obtains the code segment to be protected, it queries the number of code lines of the code segment to be protected, and obtains the pre-stored complexity level corresponding to the number of code lines according to the number of code lines. Among them, the preset complexity level according to the number of lines of code can be that the more lines of code, the higher the level of complexity of the code; it can also be to query whether the code to be protected is added with an importance label, when the importance label is displayed, the more important. The higher the level of complexity.
S206:当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,核心标识是与核心代码段对应的代码段标识。S206: When the complexity level exceeds the preset level, select a core identifier from the code segment identifier, and extract the core code segment from the code segment to be protected according to the core identifier, where the core identifier is related to the core identifier. The code segment ID corresponding to the code segment.
具体地,核心标识是指预存储的、待保护代码段中包含的表征实现核心功能的子代码段的标志。核心标识可以是待保护代码段中包含的实现核心功能的代码段的类标识、方法标识、参数标识等。例如,核心标识是待保护代码段中包含的核心代码段对应的类名称、方法名称、参数类型、参数名称等。核心代码段是指包含在待保护代码段中实现相应核心功能的代码段。例如,在应用程序中,核心功能为采集图像功能,核心代码段为采集相应的图像的代码段。Specifically, the core identifier refers to a pre-stored identifier that is included in the code segment to be protected that characterizes the sub-code segment that implements the core function. The core identifier may be the class identifier, method identifier, parameter identifier, etc. of the code segment that implements the core function included in the code segment to be protected. For example, the core identifier is the class name, method name, parameter type, parameter name, etc. corresponding to the core code segment contained in the code segment to be protected. The core code segment refers to the code segment included in the code segment to be protected to realize the corresponding core function. For example, in an application program, the core function is the function of capturing images, and the core code segment is the code segment for capturing corresponding images.
具体地,当服务器获取到待保护代码段的复杂等级时,服务器获取预存储的预设等级,服务器将获取到的待保护代码段的复杂等级与预设等级进行比较。当复杂等级超过预设等级时,服务器获取到代码段标识,将代码段标识与预设的待比对核心标识进行比对。当比对成功时,服务器将比对成功的代码段标识作为核心标识,该核心标识所对应的子代码段为核心代码段。Specifically, when the server obtains the complexity level of the code segment to be protected, the server obtains the pre-stored preset level, and the server compares the obtained complexity level of the code segment to be protected with the preset level. When the complexity level exceeds the preset level, the server obtains the code segment identifier, and compares the code segment identifier with the preset core identifier to be compared. When the comparison is successful, the server uses the successfully compared code segment identifier as the core identifier, and the sub-code segment corresponding to the core identifier is the core code segment.
当服务器得到待保护代码段对应的复杂等级时,服务器将获取到的复杂等级与预设等级进行比较。当复杂等级超过预设等级时,服务器获取到预设的核心代码标识,将代码段标识与预设的待比对核心标识进行比对。当比对成功时,则判定该代码段标识为核心标识。因此该核心标识与下一代码段标识之间对应的子代码段即为核心代码段。将核心代码段进行提取,从而仅仅保留核心代码段对应的简单框架,如相应的参数设定的框架,即、被保留下的框架可以作为框架核心代码段。进而服务器将提取的核心代码段生成单独的核心代码段,该单独的核心代码段可以作为代理核心代码段。即、在执行该待保护代码段时,服务器执行至框架核心代码段时,服务器可以跳转至代理核心代码段,从而直接执行代理核心代码段。该代理核心代码段具有新的代码标识,即、代理代码段标识,如相应的代码段名称等。而框架核心代码段对应的代码段标识仍不变,即、未提取出来的核心代码段对应的代码段标识仍不变。When the server obtains the complexity level corresponding to the code segment to be protected, the server compares the obtained complexity level with the preset level. When the complexity level exceeds the preset level, the server obtains the preset core code identifier, and compares the code segment identifier with the preset core identifier to be compared. When the comparison is successful, it is determined that the code segment identifier is a core identifier. Therefore, the sub-code segment corresponding to the core identifier and the next code segment identifier is the core code segment. The core code segment is extracted, so that only the simple framework corresponding to the core code segment is retained, such as the corresponding parameter setting framework, that is, the retained framework can be used as the framework core code segment. Furthermore, the server generates a separate core code segment from the extracted core code segment, and the single core code segment can be used as a proxy core code segment. That is, when the code segment to be protected is executed, when the server executes to the framework core code segment, the server can jump to the proxy core code segment, thereby directly executing the proxy core code segment. The proxy core code segment has a new code identifier, that is, the proxy code segment identifier, such as the corresponding code segment name. The code segment identifier corresponding to the core code segment of the framework remains unchanged, that is, the code segment identifier corresponding to the unextracted core code segment remains unchanged.
S208:将核心代码段按照混淆逻辑进行混淆得到混淆代码段。S208: Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment.
具体地,混淆逻辑是指对代码段进行混淆,即、将代码段中相应的代码格式等进行替换,从而得到不易查找的代码段的相关逻辑规则。混淆代码段是指按照混淆逻辑进行替换后的得到的难于理解,但是功能上与核心代码段等价的代码段。当服务器将核心代码段进行提取,则查询预存储的混淆逻辑,进而服务器将提取到的核心代码段按照混淆逻辑进行混淆,也即可以是按照混淆逻辑将提取到的核心代码段进行相应的格式等进行替换从而得到混淆代码段。可以是,服务器提取到核心代码段,是将核心代码段作为代理核心代码段,从而获取到对应的混淆逻辑。如混淆逻辑是将代理核心代码段对应的核心代码标识,如代理核心代码段的代码段名称进行替换,也可以是将代理核心代码段中进行大小写替换等。Specifically, the obfuscation logic refers to obfuscating the code segment, that is, replacing the corresponding code format in the code segment, so as to obtain the relevant logic rules of the code segment that is not easy to find. Obfuscated code segment refers to a code segment that is difficult to understand but is functionally equivalent to the core code segment after replacing it according to the obfuscation logic. When the server extracts the core code segment, it queries the pre-stored obfuscation logic, and then the server will obfuscate the extracted core code segment according to the obfuscation logic, that is, it can format the extracted core code segment according to the obfuscation logic. Wait for replacement to get the obfuscated code segment. It may be that when the server extracts the core code segment, the core code segment is used as the proxy core code segment to obtain the corresponding obfuscation logic. For example, the confusion logic is to identify the core code corresponding to the agent core code segment, such as replacing the code segment name of the agent core code segment, or replacing the case in the agent core code segment.
S210:根据混淆代码段得到待保护代码段对应的目标代码段。S210: Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
具体地,目标代码段是指对待保护代码段中包含的核心功能对应的代码段进行混淆,而对不能进行混淆的代码段不进行混淆的代码段。当服务器得到混淆代码段时,则将混淆代码段,框架核心代码段以及待保护代码段中包含的待过滤代码段作为目标代码段。可以是,服务器将核心代码段进行提取生成代理核心代码段,且待保护代码段中保留有框架核心代码段。服务器将代理核心代码段与框架核心代码段进行关联,且将待过滤代码段与核心代理代码段进行关联,从而得到目标代码段,从而该目标代码段中包含有可以进行混淆的实现核心功能的代码段以及不能进行混淆的代码段。Specifically, the target code segment refers to the code segment corresponding to the core function included in the protected code segment to be obfuscated, and the code segment that cannot be obfuscated is not obfuscated. When the server obtains the obfuscated code segment, the obfuscated code segment, the core code segment of the framework, and the code segment to be filtered contained in the code segment to be protected are used as the target code segment. It may be that the server extracts the core code segment to generate the proxy core code segment, and the framework core code segment remains in the code segment to be protected. The server associates the proxy core code segment with the framework core code segment, and associates the to-be-filtered code segment with the core proxy code segment to obtain the target code segment, so that the target code segment contains the core function that can be obfuscated Code segments and code segments that cannot be obfuscated.
本实施例中,服务器在获取到待保护代码段时,无需对待保护代码段整体进行混淆,从而避免当待保护代码段中存在不能进行混淆的代码段时则整体待保护代码段均无法进行混淆,从而可以提高混淆的灵活性,且可以对核心代码段进行提取并进行混淆,从而提高代码段的安全性。In this embodiment, when the server obtains the code segment to be protected, it does not need to obfuscate the entire code segment to be protected, thereby avoiding that when there is a code segment that cannot be obfuscated in the code segment to be protected, the entire code segment to be protected cannot be confused. Therefore, the flexibility of obfuscation can be improved, and the core code segment can be extracted and obfuscated, thereby improving the security of the code segment.
在一些实施例中,请参见图3,提供一代码段混淆步骤的流程示意图,代码段混淆步骤,也即将核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:获取混淆逻辑,根据混淆逻辑从核心代码段中查询所包含的待混淆信息;提取待混淆信息对应的混淆特征,根据混淆特征查询与待混淆信息对应的替换信息;采用替换信息对待混淆信息进行替换得到混淆代码段。In some embodiments, please refer to Figure 3, which provides a flow diagram of the code segment obfuscation step. The code segment obfuscation step, that is, the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, including: obtaining the obfuscation logic, according to the obfuscation logic Query the information to be confused contained in the core code segment; extract the confusion feature corresponding to the information to be confused, query the replacement information corresponding to the information to be confused according to the confusion feature; use the replacement information to replace the information to be confused to obtain the confusion code segment.
具体地,混淆逻辑是指预设的选取到待混淆信息的逻辑,混淆逻辑中可以预设有相应的与代码段相关联的标识。例如,混淆逻辑可以预设有相应的代码名称、类名称、变量名称或者待转换大小写的相关代码标识。待混淆信息是指包含在待保护代码段中可以采用混淆逻辑进行混淆的相关信息,可以是根据混淆逻辑对应的核心代码段对应的代码段标识,如代码段名称等,也可以是替换代码行中的大小写等。替换信息是指可以替换混淆信息的详细信息,可以是,采用通用的字符替换原有的代码段名称等。具体地,服务器提取到核心代码段,从而将提取到的核心代码段作为代理核心代码段。服务器获取到混淆逻辑,根据混淆逻辑查询代理核心代码段中包含的不同待混淆信息,进而服务器根据的核心代码段对应的代码段标识查询到替换信息,采用替换信息将待混淆信息进行替换得到混淆代码段。 可以是,当服务器提取到核心代码段,将该核心代码段作为代理核心代码段。服务器获取到混淆逻辑,服务器根据混淆逻辑对应的不同标识与代理核心代码段对应的不同标识进行比对,并根据混淆逻辑选择相应的代码行,从而将比对成功的标识以及代码行作为待混淆信息。进而服务器根据混淆逻辑,查询到待混淆信息对应的替换信息,如通用的字符标识,转换字符等。服务器将核心代码段对应的比对成功的标识以及代码行按照替换信息进行替换,如将代码段对应的比对成功的标识按照通用的字符标识进行替换,将代码行中包含的不同代码进行大小写的替换,从而替换得到混淆代码段,其中,比对成功的标识可以是核心代码段对应的代码段名称,参数名称等。Specifically, the obfuscation logic refers to the preset logic of selecting the information to be obfuscated, and the obfuscation logic can be preset with a corresponding identifier associated with the code segment. For example, the obfuscation logic can be preset with corresponding code names, class names, variable names, or related code identifiers to be converted to case. To-be-obfuscated information refers to the relevant information contained in the code segment to be protected that can be obfuscated by obfuscation logic. It can be the code segment identifier corresponding to the core code segment corresponding to the obfuscation logic, such as the code segment name, etc., or it can be a replacement code line Capitalization and so on. The replacement information refers to the detailed information that can replace the obfuscated information, which can be to replace the original code segment name with common characters. Specifically, the server extracts the core code segment, and uses the extracted core code segment as the proxy core code segment. The server obtains the obfuscation logic, queries the different information to be obfuscated contained in the core code segment of the agent according to the obfuscation logic, and then queries the replacement information according to the code segment identifier corresponding to the core code segment, and uses the replacement information to replace the information to be obfuscated to obtain confusion Code snippet. It can be that when the server extracts the core code segment, the core code segment is used as the proxy core code segment. The server obtains the obfuscation logic, and the server compares the different identifiers corresponding to the obfuscation logic with the different identifiers corresponding to the core code segment of the agent, and selects the corresponding code line according to the obfuscation logic, so that the successfully compared identifiers and code lines are regarded as to be confused information. Furthermore, the server finds the replacement information corresponding to the information to be confused, such as general character identifiers, conversion characters, etc., according to the confusion logic. The server replaces the successfully matched identifiers and code lines corresponding to the core code segment according to the replacement information. For example, replaces the successfully matched identifiers corresponding to the code segment according to the common character identifiers, and size the different codes contained in the code lines Write replacement, thereby replacing the obfuscated code segment, where the identification of successful comparison can be the code segment name corresponding to the core code segment, parameter name, etc.
本实施例中,服务器在从核心代码段中查询包含的待混淆信息时,则可以查询到待混淆信息对应的替换信息,进而采用替换信息对待混淆信息进行替换得到混淆代码段,对核心代码段进行混淆简单易行,混淆效率高。In this embodiment, when the server queries the information to be confused from the core code segment, it can query the replacement information corresponding to the information to be confused, and then use the replacement information to replace the information to be confused to obtain the obfuscated code segment. Confusion is simple and easy, and the efficiency is high.
在其中一个实施例中,采用替换信息对待混淆信息进行替换得到目标代码段之后,包括;将混淆代码段存储至加密文件夹,并获取加密文件夹对应的第一存储路径;查询待保护代码段中的核心代码段关联的第二存储路径;将第二存储路径更改为第一存储路径。In one of the embodiments, after replacing the obfuscated information with the replacement information to obtain the target code segment, it includes: storing the obfuscated code segment in an encrypted folder, and obtaining the first storage path corresponding to the encrypted folder; querying the code segment to be protected The second storage path associated with the core code segment in; change the second storage path to the first storage path.
具体地,加密文件夹是指存储有所有的待保护代码段中的混淆代码段的文件夹。第一存储路径是指可以查找到加密文件夹的查询路径,从而根据该查询路径可以查询到混淆代码段。第二存储路径是指待保护代码段中未经混淆的核心代码段关联的查询路径,通常该查询路径可以是与待保护代码段相同的存储路径。具体地,当服务器得到混淆代码段时,通常混淆代码段是与待保护代码段保存至相同的路径,为了进一步提高安全性,则服务器获取到加密文件夹,将混淆代码段存储至加密文件夹,进而获取到存储到与加密文件夹对应的第一存储路径。服务器从待保护代码段查询与核心代码段关联的第二存储路径,进而将第二存储路径更改为第一存储路径,也即可以保证在执行对待保护代码段进行混淆后得到的目标代码段时,当服务器执行至核心代码段时,由于核心代码段在进行混淆后仅仅保留了框架核心代码段,从而可以跳转到加密文件夹准确查找到混淆代码段,从而执行对应的混淆代码段。Specifically, an encrypted folder refers to a folder that stores all obfuscated code segments among the code segments to be protected. The first storage path refers to the query path where the encrypted folder can be found, so that the obfuscated code segment can be queried according to the query path. The second storage path refers to the query path associated with the unobfuscated core code segment in the code segment to be protected. Generally, the query path may be the same storage path as the code segment to be protected. Specifically, when the server obtains the obfuscated code segment, usually the obfuscated code segment is saved to the same path as the code segment to be protected. To further improve security, the server obtains the encrypted folder and stores the obfuscated code segment in the encrypted folder , And then obtain the first storage path corresponding to the encrypted folder. The server queries the second storage path associated with the core code segment from the code segment to be protected, and then changes the second storage path to the first storage path, which ensures that the target code segment obtained after obfuscation of the code segment to be protected is executed. When the server executes to the core code segment, since the core code segment only retains the framework core code segment after obfuscation, it is possible to jump to the encrypted folder to accurately find the obfuscated code segment and execute the corresponding obfuscated code segment.
本实施例中,服务器可以将混淆代码段单独存储至加密文件夹,可以进一步提高核心代码的安全性,且服务器可以获取到加密文件夹对应的第一存储路径,并查询代码段中与核心代码段关联的第二存储路径,将第二存储路径更改为第一存储路径,保证执行混淆代码段正确。In this embodiment, the server can store the obfuscated code segment separately in the encrypted folder, which can further improve the security of the core code, and the server can obtain the first storage path corresponding to the encrypted folder, and query the code segment and the core code. The second storage path associated with the segment is changed to the first storage path to ensure the correct execution of the obfuscated code segment.
在一些实施例中,根据混淆代码段得到待保护代码段对应的目标代码段之后,包括:查询混淆代码段对应的第一子代码段标识;并查询核心代码段对应的第二子代码段标识;将第一子代码段标识与第二子代码段标识建立映射关系。In some embodiments, after obtaining the target code segment corresponding to the code segment to be protected from the obfuscated code segment, the method includes: querying the first subcode segment identifier corresponding to the obfuscated code segment; and querying the second subcode segment identifier corresponding to the core code segment ; Establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
具体地,第一子代码段标识是指混淆代码段对应的代码段标识,可以是混淆代码段所对应的代码段名称等。第二子代码段标识是指核心代码段所对应的代码段标识,可以是未进行混淆时的核心代码段对应代码段名称等。具体地,服务器对核心代码段进行混淆之后 得到混淆代码段,进而从混淆代码段中查询得到第一子代码标识。进而服务器再查询到核心代码段对应的第二子代码标识,进而将第一子代码标识与第二子代码标识进行关联得到映射关系,也即服务器可以通过映射关系直接查询到对应的子代码段标识。可以是,服务器得到混淆代码段时,则从混淆代码段中查询是否包含有相应的预设代码段名称,该预设代码段名称可以是包含在替换信息中的包含的代码段名称等,当查询到包含有预设代码段名称时,则该预设代码段名称为第一子代码段标识,进而服务器从核心代码段中查询第二子代码段标识,也即服务器可以直接获取到预设的代码段名称,该代码段名称即为第二子代码段标识,进而服务器将第一子代码标识与第二子代码标识建立映射关系。Specifically, the first sub-code segment identifier refers to the code segment identifier corresponding to the obfuscated code segment, and may be the code segment name corresponding to the obfuscated code segment. The second sub-code segment identifier refers to the code segment identifier corresponding to the core code segment, and may be the code segment name corresponding to the core code segment without obfuscation. Specifically, the server obtains the obfuscated code segment after obfuscation of the core code segment, and then queries the obfuscated code segment to obtain the first subcode identifier. Then the server queries the second subcode identifier corresponding to the core code segment, and then associates the first subcode identifier with the second subcode identifier to obtain the mapping relationship, that is, the server can directly query the corresponding subcode segment through the mapping relationship Logo. It may be that when the server obtains the obfuscated code segment, it queries whether the obfuscated code segment contains the corresponding preset code segment name. The preset code segment name may be the name of the included code segment included in the replacement information, etc., when When the name of the preset code segment is found, the name of the preset code segment is the first sub-code segment identifier, and the server queries the second sub-code segment identifier from the core code segment, that is, the server can directly obtain the preset code segment The code segment name is the second sub-code segment identifier, and the server establishes a mapping relationship between the first sub-code identifier and the second sub-code identifier.
本实施例中,当服务器获取到混淆代码段的第一子代码段标识,并获取到核心代码段对应的第二子代码段标识,则可以将第一子代码段标识与第二子代码段标识建立映射关系,从而可以通过混淆代码段直接查找到核心代码段,当混淆代码段出现错误时方便查询,提高查询效率。In this embodiment, when the server obtains the first sub-code segment identifier of the obfuscated code segment, and obtains the second sub-code segment identifier corresponding to the core code segment, the first sub-code segment identifier and the second sub-code segment identifier can be combined The identification establishes a mapping relationship, so that the core code segment can be directly found through the obfuscated code segment, and it is convenient to query when an error occurs in the obfuscated code segment, thereby improving query efficiency.
在其中一个实施例中,将第一子代码段标识与第二子代码段标识建立映射关系之后,包括:接收运行目标代码段的运行指令,根据运行指令运行保护代码段得到运行结果;查询运行结果中是否包含运行错状态标识,当包含有运行错误状态标识时,则查询与运行错误状态标识对应的第二子代码段标识;根据映射关系,查询第二子代码段标识关联的第一代码标识,并将第一代码标识输出。In one of the embodiments, after establishing the mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier, the method includes: receiving a running instruction of the running target code segment, and running the protection code segment according to the running instruction to obtain the running result; Whether the result contains the operating error status identifier, when the operating error status identifier is included, query the second subcode segment identifier corresponding to the operating error status identifier; query the first code associated with the second subcode segment identifier according to the mapping relationship Mark, and output the first code mark.
具体地,运行错误状态标识是指当运行目标代码段出现错误时对应的错误提示信息,且该错误状态标识可以显示目标代码段对应的运行错误原因,以及对应运行错误的代码行。Specifically, the running error status identifier refers to the corresponding error prompt information when an error occurs in the running target code segment, and the error status identifier can display the cause of the running error corresponding to the target code segment and the code line corresponding to the running error.
具体地,当对待保护代码段中的核心代码段进行混淆得到目标代码段之后,还可以先对目标代码段进行运行。服务器接收到运行目标代码段的运行指令,服务器根据运行指令逐行运行得到的目标代码段从而得到运行结果,当服务器查询得到运行结果为无错误时,则将相应的运行通过结果输出。另外,当运行结果中包含有错误状态标识时,服务器查询错误状态标识对应的代码行,查询代码行所对应的混淆代码段的第二子代码段标识,进而根据映射关系。服务器查询到与第二子代码段标识所对应的第一子代码段标识,并将第一子代码段标识与第二子代码段标识进行输出,从而排查运行出现运行错误的原因,可以查询是否是未混淆的核心代码段出现问题,是否是混淆逻辑导致混淆出错从而对目标代码混淆出错。Specifically, after the core code segment in the code segment to be protected is obfuscated to obtain the target code segment, the target code segment can also be run first. The server receives the running instruction to run the target code segment, and the server runs the obtained target code segment line by line according to the running instruction to obtain the running result. When the running result obtained by the server query is error-free, the corresponding running pass result is output. In addition, when the running result contains the error status identifier, the server queries the code line corresponding to the error status identifier, queries the second subcode segment identifier of the obfuscated code segment corresponding to the code line, and then according to the mapping relationship. The server finds the first sub-code segment identifier corresponding to the second sub-code segment identifier, and outputs the first sub-code segment identifier and the second sub-code segment identifier to troubleshoot the cause of the operation error, and you can query whether Is there a problem with the unobfuscated core code segment, whether it is the obfuscated logic that causes the obfuscation error and the target code obfuscation error.
可以是,服务器在显示界面上显示有相应的运行按钮,用户点击运行按钮则生成运行指令,进而服务器根据生成的运行指令逐行运行目标代码段。当服务器运行至混淆代码段时,则通过存储的第一存储路径查找到混淆代码段,从而完成目标代码段的运行,进而服务器生成运行结果。当运行结果为无错误时,则输出运行通过的运行结果;当运行结果中出现错误时,则查询运行错误状态标识,根据运行错误状态标识查询对应的代码行,进而根据该代码行查询到包含有该代码行的混淆代码段,从而查找到包含该代码行的混淆代码段对应的第二子代码段标识。由于该第二子代码段标识对应的为混淆代码段,为了查询目 标代码段运行出现运行错误状态标识的原因,则可以查询到混淆代码段对应的核心代码段。即、服务器可以根据第二子代码段标识以及映射关系,查询到第一子代码段标识,将第一子代码段标识与第二子代码段标识输出。It may be that the server displays a corresponding run button on the display interface, and the user clicks the run button to generate a run instruction, and then the server runs the target code segment line by line according to the generated run instruction. When the server runs to the obfuscated code segment, the obfuscated code segment is found through the stored first storage path, so as to complete the operation of the target code segment, and then the server generates the running result. When the running result is error-free, the running result that has passed is output; when there is an error in the running result, the running error status identifier is queried, and the corresponding code line is queried according to the running error status identifier, and then the code line is queried to include If there is an obfuscated code segment of the code line, the second sub-code segment identifier corresponding to the obfuscated code segment containing the code line can be found. Since the second sub-code segment identifier corresponds to the obfuscated code segment, in order to query the cause of the operation error status identifier in the operation of the target code segment, the core code segment corresponding to the obfuscated code segment can be queried. That is, the server can query the first subcode segment identifier according to the second subcode segment identifier and the mapping relationship, and output the first subcode segment identifier and the second subcode segment identifier.
本实施例中,在服务器生成目标代码段之后,可以对目标代码段进行预先运行,从而得到运行结果,从而可以预先验证目标代码段的运行结果,避免直接使用目标代码段导致运行失败,从而可以保证目标代码段的准确性。进而当运行结果为运行错误时,则查询运行错误状态标识,根据运行错误状态标识,查询第二子代码段标识,并根据映射关系查询第二子代码段标识对应的第一子代码段标识,保证在目标代码段出现错误时查询错误全面并准确。In this embodiment, after the server generates the target code segment, the target code segment can be pre-run to obtain the running result, so that the running result of the target code segment can be verified in advance, and the running failure caused by the direct use of the target code segment can be avoided. Ensure the accuracy of the target code segment. Furthermore, when the running result is a running error, query the running error status identifier, query the second subcode segment identifier according to the running error status identifier, and query the first subcode segment identifier corresponding to the second subcode segment identifier according to the mapping relationship, Ensure that the query error is comprehensive and accurate when there is an error in the target code segment.
在一些实施例中,查询待保护代码段对应的复杂等级之后,包括:当复杂等级未超过预设等级时,则根据代码段标识查询过滤字段;将过滤字段添加至待保护代码段中;对添加了过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。In some embodiments, after querying the complexity level corresponding to the code segment to be protected, it includes: when the complexity level does not exceed the preset level, querying the filter field according to the code segment identifier; adding the filter field to the code segment to be protected; The code segment to be protected with the added filter field is obfuscated by obfuscation logic to obtain the target code segment.
具体地,过滤字段是指添加有相应的注释字段,从而在对待保护代码段进行混淆时,则跳过添加了注释字段的代码段,从而不对添加了注释字段的代码段进行混淆。具体地,当服务器查询到待保护代码段对应的复杂等级未超过预设等级时,则逐行查询待保护代码段中是否包含有无需进行过滤的代码段则简单易行。继而服务器比较待保护代码段的复杂等级,该复杂等级未超过预设等级时,则服务器获取到相应的过滤字段。服务器根据代码段标识,查询待保护代码段中包含的过滤代码段。服务器对过滤代码段添加有过滤字段,服务器可以根据混淆逻辑对待保护代码段中未添加有过滤字段的代码段直接进行混淆得到的为混淆代码段,将混淆代码段以及添加了过滤字段的待过滤代码段关联作为目标代码段。Specifically, the filter field refers to the addition of a corresponding comment field, so that when the code segment to be protected is confused, the code segment with the comment field added is skipped, so that the code segment with the comment field added is not confused. Specifically, when the server finds that the complexity level corresponding to the code segment to be protected does not exceed the preset level, it is simple and easy to query line by line whether the code segment to be protected contains code segments that do not need to be filtered. Then the server compares the complexity level of the code segment to be protected, and when the complexity level does not exceed the preset level, the server obtains the corresponding filter field. The server queries the filtering code segment contained in the code segment to be protected according to the code segment identifier. The server adds a filter field to the filter code segment, and the server can directly obfuscate the code segment without the filter field added to the protected code segment according to the obfuscation logic to obtain the obfuscated code segment, the obfuscated code segment and the filter field to be filtered with the added filter field The code segment is associated as the target code segment.
例如,服务器获取到过滤代码段对应的代码段标识,将过滤代码段标识与包含在待保护代码段中的相应标识进行匹配。当匹配成功时,服务器将该匹配成功的代码段标识所对应的子代码段设定为过滤代码段。进而服务器获取到相应的过滤字段,如相应的注释字段,将注释字段添加至过滤代码段中。服务器获取到相应的混淆逻辑,可以是对相应的子代码段的代码段名称进行替换,或者对代码行进行大小写替换等,从而服务器可以得到混淆代码段,进而将混淆代码段与过滤代码段进行关联得到目标代码段。且当服务器得到相应的目标代码段时,服务器可以将混淆代码段与未经过混淆的代码段建立相应的映射关系,进而可以运行相应的目标代码段,查询运行结果是否有错误。当不存在错误时,服务器可以直接输出运行成功的提示信息;当运行失败时,服务器查询到具体失败的子代码段,并将相关的子代码段标识进行输出。For example, the server obtains the code segment identifier corresponding to the filter code segment, and matches the filter code segment identifier with the corresponding identifier contained in the code segment to be protected. When the matching is successful, the server sets the sub-code segment corresponding to the successfully-matched code segment identifier as the filtering code segment. Then the server obtains the corresponding filter field, such as the corresponding comment field, and adds the comment field to the filter code segment. The server obtains the corresponding obfuscated logic, which can be to replace the code segment name of the corresponding sub-code segment, or replace the case of the code line, etc., so that the server can obtain the obfuscated code segment, and then the obfuscated code segment and the filtered code segment Make the association to get the target code segment. And when the server obtains the corresponding target code segment, the server can establish a corresponding mapping relationship between the obfuscated code segment and the unobfuscated code segment, and then can run the corresponding target code segment to query whether the running result has errors. When there is no error, the server can directly output the prompt message of successful operation; when the operation fails, the server queries the specific failed sub-code segment, and outputs the relevant sub-code segment identification.
本实施例中,当服务器查询到待保护代码段的复杂等级未超过预设等级时,则可以直接获取到相应的过滤字段,并将过滤字段添加至待保护代码段中,从而采用混淆逻辑对待保护代码段进行混淆得到目标代码段,则由于复杂等级未超过预设等级,则直接对待保护代码段添加相应的过滤字段简单易行,则可以提高代码段进行保护的效率。In this embodiment, when the server finds that the complexity level of the code segment to be protected does not exceed the preset level, it can directly obtain the corresponding filter field, and add the filter field to the code segment to be protected, thereby adopting obfuscation logic. The target code segment is obtained by obfuscation of the protected code segment. Since the complexity level does not exceed the preset level, it is simple and easy to directly add the corresponding filter field to the protected code segment, which can improve the efficiency of protecting the code segment.
在其中一个实施例中,以待保护代码段为在应用程序中的拍摄功能的代码段为例进行举例说明:当服务器接收到待保护代码段为采集图像功能的代码段,进而服务器查询该待保护代码段的复杂度等级,复杂度等级可以是查询代码段的代码行数、或者是否携带有重要等级表示,进而服务器确定复杂等级。服务器可以是代码行数越多则越复杂,或者是携带的重要等级越重要,则复杂等级越高。当服务器得到复杂等级时,服务器获取到预设等级,将复杂等级与预设等级进行比较。当复杂等级超过预设等级时,则该待保护代码段逐行查询是否有待过滤代码段则耗时较长,因此,根据相应的代码段标识,如相应的代码段名称查询到相应的核心代码段,如核心代码段为代码段名称为CameraActivity的代码段,进而将该代码段进行提取建立代理核心代码段,如生成一个类名称为CameraApiProxy的代理代码段,该代理代码段也即为生成的代理核心代码段,而代码段名称为CameraActivity中仅仅是保留相应的框架,进而将类名称为CameraApiProxy的代码段进行混淆,如进行代码段名称的替换,替换为相应的通识字符,如A,B,C的通识字符,或者将相应的代码行进行大小写替换等,进而得到混淆代码段。服务器并将混淆代码段与类名称为CameraActivity中保留的框架的代码段进行关联,且与待保护代码段中未经过混淆的代码段进行关联得到目标代码段。In one of the embodiments, the code segment to be protected is the code segment of the shooting function in the application program as an example for illustration: when the server receives the code segment to be protected as the code segment of the image capture function, the server queries the code segment to be protected. The complexity level of the protection code segment can be the number of code lines of the query code segment, or whether it carries an important level indication, and the server determines the complexity level. The server can be more complex as the number of lines of code is greater, or the more important the importance level carried, the higher the complexity level. When the server obtains the complexity level, the server obtains the preset level and compares the complexity level with the preset level. When the complexity level exceeds the preset level, it will take a long time for the code segment to be protected to query whether there is a code segment to be filtered line by line. Therefore, according to the corresponding code segment identifier, such as the corresponding code segment name, the corresponding core code can be found For example, if the core code segment is the code segment named CameraActivity, then extract the code segment to establish the proxy core code segment, such as generating a proxy code segment with the class name CameraApiProxy, the proxy code segment is also generated The proxy core code segment, and the code segment name is CameraActivity, only the corresponding frame is reserved, and then the code segment with the class name CameraApiProxy is confused. For example, the code segment name is replaced by the corresponding common characters, such as A, Commonly recognized characters of B and C, or the corresponding code lines are replaced with uppercase and lowercase letters, etc., to obtain the obfuscated code segment. The server associates the obfuscated code segment with the code segment whose class name is the frame reserved in CameraActivity, and associates the code segment with the unobfuscated code segment in the code segment to be protected to obtain the target code segment.
另外,服务器可以将类名称为CameraApiProxy的代码段进行混淆得到的混淆代码段添加至存储有不同的混淆代码段的加密文件夹中,并获取到加密文件夹中的第一存储路径。进而服务器将类名称为CameraActivity的代码段关联的第二存储路径更改为第一存储路径,从而使得在执行相应的目标代码段时可以准确查找到对应的混淆代码段。且服务器将混淆后的类名称为CameraApiProxy的代码段的代码段标识,与未经混淆的类名称为CameraActivity的代码段的代码段标识进行关联。服务器可以是将两者的类名称进行关联,从而得到映射关系。服务器可以接收运行指令,根据运行指令,运行得到的目标代码段。当目标代码段运行正确时,则直接输出运行正确的提示信息;当运行出现错误时,服务器从运行结果中查询到运行错误状态标识,如提示具体代码行的错误原因,则根据运行错误的代码行查询该代码行是否是包含在类名称为CameraApiProxy的代码段中,当为包含在该代码段中,则通过映射关系也查询到类名称为CameraActivity的代码段,从而将两个代码标识均进行输出,便于查询具体错误。In addition, the server may add the obfuscated code segment obtained by obfuscation of the code segment whose class name is CameraApiProxy to the encrypted folder storing different obfuscated code segments, and obtain the first storage path in the encrypted folder. Furthermore, the server changes the second storage path associated with the code segment whose class name is CameraActivity to the first storage path, so that the corresponding obfuscated code segment can be accurately found when the corresponding target code segment is executed. And the server associates the code segment identifier of the code segment with the obfuscated class name CameraApiProxy with the code segment identifier of the code segment with the unobfuscated class name CameraActivity. The server can associate the two class names to obtain the mapping relationship. The server can receive a running instruction, and run the obtained target code segment according to the running instruction. When the target code segment runs correctly, it will directly output the prompt message of the correct operation; when there is an error in the operation, the server will query the operation error status identification from the operation result. If the error reason of the specific code line is prompted, it will be based on the operation error code Line query whether the code line is included in the code segment with the class name CameraApiProxy. When it is included in the code segment, the code segment with the class name CameraActivity is also queried through the mapping relationship, so that both codes are identified Output, easy to query specific errors.
另外,当服务器接收到待保护代码段的复杂等级未超过预设等级时,则可以直接将待保护代码段中无需进行混淆的代码段,也即过滤代码段添加相应的过滤字段,过滤字段可以是:如待保护代码段中某个字段不混淆,则添加@KeepFromProguard public class User{};待保护代码段中某个属性不混淆,则添加@KeepFromProguard public int id;待保护代码段中单个方法不混淆,则添加@KeepFromProguard public booleanisValid(){},从而添加了上述的过滤字段,则可以对待保护代码段整体进行混淆,也即在混淆过程中,会跳过添加了上述过滤字段的代码段,从而提高待保护代码段混淆的效率。In addition, when the server receives that the complexity level of the code segment to be protected does not exceed the preset level, it can directly add the code segment that does not need to be confused in the code segment to be protected, that is, add the corresponding filter field to the filter code segment. The filter field can be Yes: If a field in the code segment to be protected is not obfuscated, add @KeepFromProguard public class User{}; if an attribute in the code segment to be protected is not obfuscated, add @KeepFromProguard public int id; a single method in the code segment to be protected If you don’t obfuscate, add @KeepFromProguard public booleanisValid(){} to add the above filter fields, you can obfuscate the entire protected code segment, that is, during the obfuscation process, the code segment with the above filter fields will be skipped , Thereby improving the efficiency of obfuscation of the code segment to be protected.
应该理解的是,虽然图2-3的流程图中的各个步骤按照箭头的指示依次显示,但是这 些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2-3中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that, although the various steps in the flowchart of Figs. 2-3 are displayed in sequence as indicated by the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless specifically stated in this article, the execution of these steps is not strictly limited in order, and these steps can be executed in other orders. Moreover, at least some of the steps in Figure 2-3 may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but can be executed at different times. These sub-steps or stages The execution order of is not necessarily performed sequentially, but may be performed alternately or alternately with at least a part of other steps or sub-steps or stages of other steps.
在一个实施例中,如图4所示,提供了一种代码段保护装置,包括:获取模块410、查询模块420、第一混淆模块430和生成模块440,其中:In one embodiment, as shown in FIG. 4, a code segment protection device is provided, including: an acquisition module 410, a query module 420, a first obfuscation module 430, and a generation module 440, wherein:
获取模块410,用于获取待保护代码段,待保护代码段携带有代码段标识。The obtaining module 410 is configured to obtain a code segment to be protected, and the code segment to be protected carries a code segment identifier.
查询模块420,用于查询待保护代码段对应的复杂等级,复杂等级为预先设定的,用于表征待保护代码段的复杂度的参考指标;The query module 420 is used to query the complexity level corresponding to the code segment to be protected, and the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
提取模块430,用于当复杂等级超过预设等级时,则从代码段标识中选取核心标识,根据核心标识从待保护代码段中提取核心代码段,其中,核心标识是与核心代码段对应的代码段标识。The extraction module 430 is used to select the core identifier from the code segment identifier when the complexity level exceeds the preset level, and extract the core code segment from the code segment to be protected according to the core identifier, where the core identifier corresponds to the core code segment Code segment ID.
第一混淆模块440,用于将提取到的核心代码段按照混淆逻辑进行混淆得到混淆代码段。The first obfuscation module 440 is used to obfuscate the extracted core code segments according to obfuscation logic to obtain obfuscated code segments.
生成模块450,用于根据混淆代码段得到待保护代码段对应的目标代码段。The generating module 450 is used to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
在一个实施例中,第一混淆模块440,包括:In one embodiment, the first obfuscation module 440 includes:
第一查询单元,用于获取混淆逻辑,根据所述混淆逻辑从核心代码段中查询所包含的待混淆信息。The first query unit is used to obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic.
第二查询单元,用于根据所述混淆逻辑查询与待混淆信息对应的替换信息。The second query unit is configured to query the replacement information corresponding to the information to be confused according to the confusion logic.
替换单元,用于采用替换信息对待混淆信息进行替换得到混淆代码段。The replacement unit is used to replace the obfuscated information with the replacement information to obtain the obfuscated code segment.
在一个实施例中,代码段保护装置400,包括:In one embodiment, the code segment protection device 400 includes:
存储模块,用于将混淆代码段存储至加密文件夹,并获取加密文件夹对应的第一存储路径。The storage module is used to store the obfuscated code segment in the encrypted folder and obtain the first storage path corresponding to the encrypted folder.
路径提取模块,用于查询待保护代码段中的核心代码段关联的第二存储路径。The path extraction module is used to query the second storage path associated with the core code segment in the code segment to be protected.
更改模块,用于将第二存储路径更改为第一存储路径。The change module is used to change the second storage path to the first storage path.
在一个实施例中,代码段保护装置400,包括:In one embodiment, the code segment protection device 400 includes:
第一标识查询单元,用于查询混淆代码段对应的第一子代码段标识。The first identification query unit is used to query the identification of the first sub-code segment corresponding to the obfuscated code segment.
第二标识查询单元,用于并查询核心代码段对应的第二子代码段标识。The second identification query unit is used to query and query the second sub-code segment identifier corresponding to the core code segment.
建立模块,用于将第一子代码段标识与第二子代码段标识建立映射关系。The establishment module is used to establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
在一个实施例中,代码段保护装置400,包括:In one embodiment, the code segment protection device 400 includes:
接收模块,用于接收运行目标代码段的运行指令,根据运行指令运行目标代码段得到运行结果。The receiving module is used to receive the running instruction of the running target code segment, and run the target code segment according to the running instruction to obtain the running result.
第三标识查询模块,用于查询运行结果中是否包含运行错误状态标识,当包含有运行 错误状态标识时,则查询与运行错误状态标识对应的第二子代码段标识。The third identification query module is used to query whether the operating result contains the operating error status identifier, and when the operating error status identifier is included, query the second sub-code segment identifier corresponding to the operating error status identifier.
输出模块,用于根据映射关系,查询第二子代码段标识关联的第一子代码段标识,并将第一子代码段标识与第二子代码段标识输出。The output module is used to query the first subcode segment identifier associated with the second subcode segment identifier according to the mapping relationship, and output the first subcode segment identifier and the second subcode segment identifier.
在一个实施例中,代码段保护装置400,包括:In one embodiment, the code segment protection device 400 includes:
过滤字段查询模块,用于当复杂等级未超过预设等级时,则根据代码段标识查询过滤字段。The filter field query module is used to query the filter field according to the code segment identifier when the complexity level does not exceed the preset level.
添加模块,用于将过滤字段添加至待保护代码段中。Add module, used to add filter fields to the code segment to be protected.
第二混淆模块,用于对添加了过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。The second obfuscation module is used to obfuscate the to-be-protected code segment to which the filter field is added by obfuscation logic to obtain the target code segment.
关于代码段保护装置的具体限定可以参见上文中对于代码段保护方法的限定,在此不再赘述。上述代码段保护装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific definition of the code segment protection device, please refer to the above definition of the code segment protection method, which will not be repeated here. Each module in the above code segment protection device can be implemented in whole or in part by software, hardware, and a combination thereof. The foregoing modules may be embedded in the form of hardware or independent of the processor in the computer device, or may be stored in the memory of the computer device in the form of software, so that the processor can call and execute the operations corresponding to the foregoing modules.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是服务器,其内部结构图可以如图5所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机可读指令和数据库。该内存储器为非易失性存储介质中的操作系统和计算机可读指令的运行提供环境。该计算机设备的数据库用于存储代码段保护数据。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机可读指令被处理器执行时以实现一种代码段保护方法。In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure diagram may be as shown in FIG. 5. The computer equipment includes a processor, a memory, a network interface and a database connected through a system bus. Among them, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer readable instructions, and a database. The internal memory provides an environment for the operation of the operating system and computer-readable instructions in the non-volatile storage medium. The computer equipment database is used to store code segment protection data. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer-readable instruction is executed by the processor to realize a code segment protection method.
本领域技术人员可以理解,图5中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 5 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device to which the solution of the present application is applied. The specific computer device may Including more or fewer parts than shown in the figure, or combining some parts, or having a different arrangement of parts.
一种计算机设备,包括存储器和一个或多个处理器,存储器中储存有计算机可读指令,计算机可读指令被处理器执行时,使得一个或多个处理器执行以下步骤::获取待保护代码段,待保护代码段携带有代码段标识;查询待保护代码段对应的复杂等级,复杂等级为预先设定的,用于表征待保护代码段的复杂度的参考指标;当复杂等级超过预设等级时,则从代码段标识中选取核心标识,根据核心标识从待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;将核心代码段按照混淆逻辑进行混淆得到混淆代码段;及根据混淆代码段得到待保护代码段对应的目标代码段。A computer device, including a memory and one or more processors. The memory stores computer readable instructions. When the computer readable instructions are executed by the processor, one or more processors are caused to perform the following steps: Obtain the code to be protected Segment, the code segment to be protected carries a code segment identifier; the complexity level corresponding to the code segment to be protected is queried, and the complexity level is preset, which is a reference index used to characterize the complexity of the code segment to be protected; when the complexity level exceeds the preset Level, the core identifier is selected from the code segment identifier, and the core code segment is extracted from the code segment to be protected according to the core identifier, where the core identifier is the code segment identifier corresponding to the core code segment; the core code segment Obtain the obfuscated code segment by obfuscation according to the obfuscation logic; and obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
在一个实施例中,处理器执行计算机可读指令时实现将核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:获取混淆逻辑,根据所述混淆逻辑从核心代码段中查询所包含的待混淆信息;根据所述混淆逻辑查询与待混淆信息对应的替换信息;采用替换信息对待混淆信息进行替换得到混淆代码段。In one embodiment, when the processor executes the computer-readable instructions, the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, including: obtaining the obfuscation logic, and querying the core code segment for the to-be-contained code segment according to the obfuscation logic. Obfuscation information; query the replacement information corresponding to the information to be confused according to the obfuscation logic; use the replacement information to replace the information to be confused to obtain the obfuscated code segment.
在一个实施例中,处理器执行计算机可读指令时实现采用替换信息对待混淆信息进行替换得到目标代码段之后,包括;将混淆代码段存储至加密文件夹,并获取加密文件夹对应的第一存储路径;查询待保护代码段中的核心代码段关联的第二存储路径;将第二存储路径更改为第一存储路径。In one embodiment, when the processor executes the computer-readable instruction, after replacing the obfuscated information with the replacement information to obtain the target code segment, it includes: storing the obfuscated code segment in an encrypted folder, and obtaining the first corresponding to the encrypted folder. Storage path; query the second storage path associated with the core code segment in the code segment to be protected; change the second storage path to the first storage path.
在一个实施例中,处理器执行计算机可读指令时实现根据混淆代码段得到待保护代码段对应的目标代码段之后,包括:查询混淆代码段对应的第一子代码段标识;并查询核心代码段对应的第二子代码段标识;将第一子代码段标识与第二子代码段标识建立映射关系。In one embodiment, after the processor executes the computer-readable instruction to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment, it includes: querying the first subcode segment identifier corresponding to the obfuscated code segment; and querying the core code The second sub-code segment identifier corresponding to the segment; the mapping relationship is established between the first sub-code segment identifier and the second sub-code segment identifier.
在一个实施例中,处理器执行计算机可读指令时实现将第一子代码段标识与第二子代码段标识建立映射关系之后,包括:接收运行目标代码段的运行指令,根据运行指令运行目标代码段得到运行结果;查询运行结果中是否包含运行错误状态标识,当包含有运行错误状态标识时,则查询与运行错误状态标识对应的第二子代码段标识;根据映射关系,查询第二子代码段标识关联的第一子代码段标识,并将第一子代码段标识与第二子代码段标识输出。In one embodiment, after the processor executes the computer-readable instruction to establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier, the processor includes: receiving a running instruction of the running target code segment, and running the target according to the running instruction The code segment obtains the running result; query whether the running result contains the operating error status identifier, when the operating error status identifier is included, query the second subcode segment identifier corresponding to the operating error status identifier; query the second subcode segment according to the mapping relationship The code segment identifies the associated first sub-code segment identifier, and outputs the first sub-code segment identifier and the second sub-code segment identifier.
在一个实施例中,处理器执行计算机可读指令时实现查询待保护代码段对应的复杂等级之后,包括:当复杂等级未超过预设等级时,则根据代码段标识查询过滤字段;将过滤字段添加至待保护代码段中;对添加了过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。In one embodiment, after the processor executes the computer-readable instruction to query the complexity level corresponding to the code segment to be protected, it includes: when the complexity level does not exceed the preset level, query the filter field according to the code segment identifier; Add to the code segment to be protected; use obfuscation logic to obfuscate the code segment to be protected with the filter field added to obtain the target code segment.
一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行以下步骤::获取待保护代码段,待保护代码段携带有代码段标识;查询待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;当复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;将核心代码段按照混淆逻辑进行混淆得到混淆代码段;及根据混淆代码段得到待保护代码段对应的目标代码段。One or more non-volatile computer-readable storage media storing computer-readable instructions. When the computer-readable instructions are executed by one or more processors, the one or more processors perform the following steps:: Obtain the protection to be protected Code segment, the code segment to be protected carries a code segment identifier; query the complexity level corresponding to the code segment to be protected, the complexity level is preset, and is used to characterize the reference index of the complexity of the code segment to be protected; When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifier, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier corresponds to the core code segment Code segment identification; Obtain the obfuscated code segment by obfuscating the core code segment according to the obfuscation logic; and Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
在一个实施例中,计算机可读指令被处理器执行时实现将核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:获取混淆逻辑,根据所述混淆逻辑从核心代码段中查询所包含的待混淆信息;根据所述混淆逻辑查询与待混淆信息对应的替换信息;采用替换信息对待混淆信息进行替换得到混淆代码段。In one embodiment, when the computer-readable instruction is executed by the processor, the core code segment is obfuscated according to the obfuscation logic to obtain the obfuscated code segment, which includes: obtaining the obfuscation logic, and querying the core code segment for the contained code according to the obfuscation logic Information to be confused; query the replacement information corresponding to the information to be confused according to the confusion logic; use the replacement information to replace the information to be confused to obtain a confused code segment.
在一个实施例中,计算机可读指令被处理器执行时实现采用替换信息对待混淆信息进行替换得到目标代码段之后,包括;将混淆代码段存储至加密文件夹,并获取加密文件夹对应的第一存储路径;查询待保护代码段中的核心代码段关联的第二存储路径;将第二存储路径更改为第一存储路径。In one embodiment, when the computer-readable instruction is executed by the processor, the target code segment is obtained by using the replacement information to replace the obfuscated information with replacement information, including: storing the obfuscated code segment in an encrypted folder, and obtaining the first corresponding to the encrypted folder A storage path; query the second storage path associated with the core code segment in the code segment to be protected; change the second storage path to the first storage path.
在一个实施例中,计算机可读指令被处理器执行时实现根据混淆代码段得到待保护代码段对应的目标代码段之后,包括:查询混淆代码段对应的第一子代码段标识;并查询核心代码段对应的第二子代码段标识;将第一子代码段标识与第二子代码段标识建立映射关 系。In one embodiment, when the computer-readable instruction is executed by the processor, after obtaining the target code segment corresponding to the code segment to be protected according to the obfuscated code segment, the method includes: querying the identifier of the first sub-code segment corresponding to the obfuscated code segment; and querying the core The second sub-code segment identifier corresponding to the code segment; the mapping relationship is established between the first sub-code segment identifier and the second sub-code segment identifier.
在一个实施例中,计算机可读指令被处理器执行时实现将第一子代码段标识与第二子代码段标识建立映射关系之后,包括:接收运行目标代码段的运行指令,根据运行指令运行目标代码段得到运行结果;查询运行结果中是否包含运行错误状态标识,当包含有运行错误状态标识时,则查询与运行错误状态标识对应的第二子代码段标识;根据映射关系,查询第二子代码段标识关联的第一子代码段标识,并将第一子代码段标识与第二子代码段标识输出。In one embodiment, when the computer-readable instruction is executed by the processor, the mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier is established, including: receiving a running instruction for running the target code segment, and running according to the running instruction The target code segment obtains the running result; query whether the running result contains the running error status identifier, when the running error status identifier is included, query the second sub-code segment identifier corresponding to the running error status identifier; query the second sub-code segment identifier according to the mapping relationship The subcode segment identifies the associated first subcode segment identifier, and outputs the first subcode segment identifier and the second subcode segment identifier.
在一个实施例中,计算机可读指令被处理器执行时实现查询待保护代码段对应的复杂等级之后,包括:当复杂等级未超过预设等级时,则根据代码段标识查询过滤字段;将过滤字段添加至待保护代码段中;对添加了过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。In one embodiment, after the computer-readable instruction is executed by the processor to query the complexity level corresponding to the code segment to be protected, it includes: when the complexity level does not exceed the preset level, query the filter field according to the code segment identifier; The field is added to the code segment to be protected; the code segment to be protected with the added filter field is obfuscated by obfuscation logic to obtain the target code segment.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机可读指令来指令相关的硬件来完成,所述的计算机可读指令可存储于一非易失性计算机可读取存储介质中,该计算机可读指令在执行时,可包括如上述各方法的实施例的流程。其中,本申请所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through computer-readable instructions, which can be stored in a non-volatile computer. In a readable storage medium, when the computer-readable instructions are executed, they may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other media used in the embodiments provided in this application may include non-volatile and/or volatile memory. Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. As an illustration and not a limitation, RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. In order to make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction between the combinations of these technical features, they should It is considered as the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only express several implementation manners of the present application, and the description is relatively specific and detailed, but it should not be understood as a limitation on the scope of the invention patent. It should be pointed out that for those of ordinary skill in the art, without departing from the concept of this application, several modifications and improvements can be made, and these all fall within the protection scope of this application. Therefore, the scope of protection of the patent of this application shall be subject to the appended claims.

Claims (20)

  1. 一种代码段保护方法,包括:A code segment protection method, including:
    获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
    查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
    当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
    将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
    根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  2. 根据权利要求1所述的方法,其特征在于,所述将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:The method according to claim 1, wherein the obfuscation of the core code segment according to obfuscation logic to obtain an obfuscated code segment comprises:
    获取混淆逻辑,根据所述混淆逻辑从所述核心代码段中查询所包含的待混淆信息;Obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic;
    根据所述混淆逻辑查询与所述待混淆信息对应的替换信息;及Query the replacement information corresponding to the information to be confused according to the confusion logic; and
    采用所述替换信息对所述待混淆信息进行替换得到混淆代码段。Using the replacement information to replace the information to be confused to obtain an obfuscated code segment.
  3. 根据权利要求2所述的方法,其特征在于,所述采用所述替换信息对所述待混淆信息进行替换得到目标代码段之后,包括;The method according to claim 2, wherein after said replacing the information to be confused with the replacement information to obtain the target code segment, the method comprises;
    将所述混淆代码段存储至加密文件夹,并获取所述加密文件夹对应的第一存储路径;Store the obfuscated code segment in an encrypted folder, and obtain the first storage path corresponding to the encrypted folder;
    查询所述待保护代码段中的所述核心代码段关联的第二存储路径;及Query the second storage path associated with the core code segment in the code segment to be protected; and
    将所述第二存储路径更改为所述第一存储路径。Change the second storage path to the first storage path.
  4. 根据权利要求1所述的方法,其特征在于,所述根据所述混淆代码段得到所述待保护代码段对应的目标代码段之后,包括:The method according to claim 1, wherein after obtaining the target code segment corresponding to the code segment to be protected according to the obfuscated code segment, the method comprises:
    查询所述混淆代码段对应的第一子代码段标识;Query the first sub-code segment identifier corresponding to the obfuscated code segment;
    并查询所述核心代码段对应的第二子代码段标识;及And query the second sub-code segment identifier corresponding to the core code segment; and
    将所述第一子代码段标识与所述第二子代码段标识建立映射关系。Establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
  5. 根据权利要求4所述的方法,其特征在于,所述将所述第一子代码段标识与所述第二子代码段标识建立映射关系之后,包括:The method according to claim 4, wherein after the establishing a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier, the method comprises:
    接收运行所述目标代码段的运行指令,根据所述运行指令运行所述目标代码段得到运行结果;Receiving a running instruction for running the target code segment, and running the target code segment according to the running instruction to obtain a running result;
    查询所述运行结果中是否包含运行错误状态标识,当包含有所述运行错误状态标识时,则查询与所述运行错误状态标识对应的第二子代码段标识;及Query whether the running result includes a running error status identifier, and when the running error status identifier is included, query the second sub-code segment identifier corresponding to the running error status identifier; and
    根据所述映射关系,查询所述第二子代码段标识关联的第一子代码段标识,并将所述第一子代码段标识与第二子代码段标识输出。According to the mapping relationship, query the first subcode segment identifier associated with the second subcode segment identifier, and output the first subcode segment identifier and the second subcode segment identifier.
  6. 根据权利要求1所述的方法,其特征在于,所述查询所述待保护代码段对应的复杂等级之后,包括:The method according to claim 1, wherein the querying the complexity level corresponding to the code segment to be protected comprises:
    当所述复杂等级未超过预设等级时,则根据所述代码段标识查询过滤字段;When the complexity level does not exceed the preset level, query the filter field according to the code segment identifier;
    将所述过滤字段添加至所述待保护代码段中;及Adding the filter field to the code segment to be protected; and
    对添加了所述过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。Obfuscation logic is used to obfuscate the code segment to be protected to which the filter field is added to obtain the target code segment.
  7. 一种代码段保护装置,包括:A code segment protection device, including:
    获取模块,用于获取待保护代码段,所述待保护代码段携带有代码段标识;An obtaining module, configured to obtain a code segment to be protected, and the code segment to be protected carries a code segment identifier;
    查询模块,用于查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;A query module for querying the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
    提取模块,用于当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;The extraction module is configured to select a core identifier from the code segment identifier when the complexity level exceeds a preset level, and extract the core code segment from the code segment to be protected according to the core identifier, wherein the The core identifier is a code segment identifier corresponding to the core code segment;
    第一混淆模块,用于将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及The first obfuscation module is used to obfuscate the core code segment according to obfuscation logic to obtain an obfuscated code segment; and
    生成模块,用于根据所述混淆代码段得到所述待保护代码段对应的目标代码段。The generating module is used to obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  8. 根据权利要求7所述的装置,其特征在于,所述第一混淆模块,包括:The device according to claim 7, wherein the first obfuscation module comprises:
    第一查询单元,用于获取混淆逻辑,根据所述混淆逻辑从所述核心代码段中查询所包含的待混淆信息;The first query unit is configured to obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic;
    第二查询单元,用于根据所述混淆逻辑查询与所述待混淆信息对应的替换信息;及The second query unit is configured to query the replacement information corresponding to the information to be confused according to the confusion logic; and
    替换单元,用于采用所述替换信息对所述待混淆信息进行替换得到混淆代码段。The replacement unit is used to replace the information to be confused with the replacement information to obtain an obfuscated code segment.
  9. 根据权利要求8所述的装置,其特征在于,所述代码段保护装置,包括:The device according to claim 8, wherein the code segment protection device comprises:
    存储模块,用于将所述混淆代码段存储至加密文件夹,并获取所述加密文件夹对应的第一存储路径;A storage module, configured to store the obfuscated code segment in an encrypted folder, and obtain the first storage path corresponding to the encrypted folder;
    路径提取模块,用于查询所述待保护代码段中的所述核心代码段关联的第二存储路径;及A path extraction module for querying the second storage path associated with the core code segment in the code segment to be protected; and
    更改模块,用于将所述第二存储路径更改为所述第一存储路径。The changing module is used to change the second storage path to the first storage path.
  10. 根据权利要求7所述的装置,其特征在于,所述代码段保护装置,包括:The device according to claim 7, wherein the code segment protection device comprises:
    第一标识查询单元,用于查询所述混淆代码段对应的第一子代码段标识;The first identifier query unit is used to query the identifier of the first sub-code segment corresponding to the obfuscated code segment;
    第二标识查询单元,用于并查询所述核心代码段对应的第二子代码段标识;The second identification query unit is used to query and query the second sub-code segment identifier corresponding to the core code segment;
    建立模块,用于将所述第一子代码段标识与所述第二子代码段标识建立映射关系。The establishment module is used to establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
  11. 根据权利要求10所述的装置,其特征在于,所述代码段保护装置,包括:The device according to claim 10, wherein the code segment protection device comprises:
    接收模块,用于接收运行所述目标代码段的运行指令,根据所述运行指令运行所述目标代码段得到运行结果;A receiving module, configured to receive a running instruction for running the target code segment, and run the target code segment according to the running instruction to obtain a running result;
    第三标识查询模块,用于查询所述运行结果中是否包含运行错误状态标识,当包含有所述运行错误状态标识时,则查询与所述运行错误状态标识对应的第二子代码段标识;及The third identification query module is configured to query whether the operating result includes an operating error status identifier, and when the operating error status identifier is included, query the second sub-code segment identifier corresponding to the operating error status identifier; and
    输出模块,用于根据所述映射关系,查询所述第二子代码段标识关联的第一子代码段标识,并将所述第一子代码段标识与第二子代码段标识输出。The output module is configured to query the first subcode segment identifier associated with the second subcode segment identifier according to the mapping relationship, and output the first subcode segment identifier and the second subcode segment identifier.
  12. 根据权利要求7所述的装置,其特征在于,所述代码段保护装置,包括:The device according to claim 7, wherein the code segment protection device comprises:
    过滤字段查询模块,用于当所述复杂等级未超过预设等级时,则根据所述代码段标识查询过滤字段;The filter field query module is configured to query the filter field according to the code segment identifier when the complexity level does not exceed a preset level;
    添加模块,用于将所述过滤字段添加至所述待保护代码段中;及An adding module is used to add the filter field to the code segment to be protected; and
    第二混淆模块,用于对添加了所述过滤字段的待保护代码段采用混淆逻辑进行混淆得到目标代码段。The second obfuscation module is configured to use obfuscation logic to obfuscate the code segment to be protected to which the filter field is added to obtain the target code segment.
  13. 一种计算机设备,包括存储器及一个或多个处理器,所述存储器中储存有计算机可读指令,所述计算机可读指令被所述一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:A computer device includes a memory and one or more processors. The memory stores computer-readable instructions. When the computer-readable instructions are executed by the one or more processors, the one or more Each processor performs the following steps:
    获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
    查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
    当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
    将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
    根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  14. 根据权利要求13所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤,所述将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:The computer device according to claim 13, wherein the processor further executes the following steps when executing the computer-readable instructions, and said obfuscating the core code segment according to obfuscation logic to obtain an obfuscated code segment includes :
    获取混淆逻辑,根据所述混淆逻辑从所述核心代码段中查询所包含的待混淆信息;Obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic;
    根据所述混淆逻辑查询与所述待混淆信息对应的替换信息;及Query the replacement information corresponding to the information to be confused according to the confusion logic; and
    采用所述替换信息对所述待混淆信息进行替换得到混淆代码段。Using the replacement information to replace the information to be confused to obtain an obfuscated code segment.
  15. 根据权利要求14所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤,所述采用所述替换信息对所述待混淆信息进行替换得到目标代码段之后,包括;The computer device according to claim 14, wherein when the processor executes the computer-readable instruction, the following steps are further executed, and the target code segment is obtained by replacing the information to be confused with the replacement information After that, include;
    将所述混淆代码段存储至加密文件夹,并获取所述加密文件夹对应的第一存储路径;Store the obfuscated code segment in an encrypted folder, and obtain the first storage path corresponding to the encrypted folder;
    查询所述待保护代码段中的所述核心代码段关联的第二存储路径;及Query the second storage path associated with the core code segment in the code segment to be protected; and
    将所述第二存储路径更改为所述第一存储路径。Change the second storage path to the first storage path.
  16. 根据权利要求13所述的计算机设备,其特征在于,所述处理器执行所述计算机可读指令时还执行以下步骤,所述根据所述混淆代码段得到所述待保护代码段对应的目标代码段之后,包括:The computer device according to claim 13, wherein the processor further executes the following steps when executing the computer-readable instructions, and the object code corresponding to the code segment to be protected is obtained according to the obfuscated code segment After the paragraph, include:
    查询所述混淆代码段对应的第一子代码段标识;Query the first sub-code segment identifier corresponding to the obfuscated code segment;
    并查询所述核心代码段对应的第二子代码段标识;及And query the second sub-code segment identifier corresponding to the core code segment; and
    将所述第一子代码段标识与所述第二子代码段标识建立映射关系。Establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
  17. 一个或多个存储有计算机可读指令的非易失性计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行以下步骤:One or more non-volatile computer-readable storage media storing computer-readable instructions, which when executed by one or more processors, cause the one or more processors to perform the following steps:
    获取待保护代码段,所述待保护代码段携带有代码段标识;Acquiring a code segment to be protected, where the code segment to be protected carries a code segment identifier;
    查询所述待保护代码段对应的复杂等级,所述复杂等级为预先设定的,用于表征所述待保护代码段的复杂度的参考指标;Query the complexity level corresponding to the code segment to be protected, where the complexity level is preset and is used to characterize the reference index of the complexity of the code segment to be protected;
    当所述复杂等级超过预设等级时,则从所述代码段标识中选取核心标识,根据所述核心标识从所述待保护代码段中提取核心代码段,其中,所述核心标识是与所述核心代码段对应的代码段标识;When the complexity level exceeds the preset level, the core identifier is selected from the code segment identifiers, and the core code segment is extracted from the code segment to be protected according to the core identifier, wherein the core identifier is related to the The code segment identifier corresponding to the core code segment;
    将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段;及Obfuscate the core code segment according to the obfuscation logic to obtain the obfuscated code segment; and
    根据所述混淆代码段得到所述待保护代码段对应的目标代码段。Obtain the target code segment corresponding to the code segment to be protected according to the obfuscated code segment.
  18. 根据权利要求17所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤,所述将所述核心代码段按照混淆逻辑进行混淆得到混淆代码段,包括:The storage medium according to claim 17, wherein the following steps are further executed when the computer-readable instructions are executed by the processor: the core code segment is obfuscated according to obfuscation logic to obtain an obfuscated code segment, include:
    获取混淆逻辑,根据所述混淆逻辑从所述核心代码段中查询所包含的待混淆信息;Obtain obfuscation logic, and query the information to be obfuscated contained in the core code segment according to the obfuscation logic;
    根据所述混淆逻辑查询与所述待混淆信息对应的替换信息;及Query the replacement information corresponding to the information to be confused according to the confusion logic; and
    采用所述替换信息对所述待混淆信息进行替换得到混淆代码段。Using the replacement information to replace the information to be confused to obtain an obfuscated code segment.
  19. 根据权利要求18所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤,所述采用所述替换信息对所述待混淆信息进行替换得到目标代码段之后,包括;The storage medium according to claim 18, wherein when the computer-readable instructions are executed by the processor, the following steps are further executed, and the target code is obtained by replacing the information to be confused with the replacement information After the paragraph, include;
    将所述混淆代码段存储至加密文件夹,并获取所述加密文件夹对应的第 一存储路径;Store the obfuscated code segment in an encrypted folder, and obtain the first storage path corresponding to the encrypted folder;
    查询所述待保护代码段中的所述核心代码段关联的第二存储路径;及Query the second storage path associated with the core code segment in the code segment to be protected; and
    将所述第二存储路径更改为所述第一存储路径。Change the second storage path to the first storage path.
  20. 根据权利要求17所述的存储介质,其特征在于,所述计算机可读指令被所述处理器执行时还执行以下步骤,所述根据所述混淆代码段得到所述待保护代码段对应的目标代码段之后,包括:The storage medium according to claim 17, wherein when the computer-readable instructions are executed by the processor, the following steps are further executed, and the target corresponding to the code segment to be protected is obtained according to the obfuscated code segment After the code snippet, include:
    查询所述混淆代码段对应的第一子代码段标识;Query the first sub-code segment identifier corresponding to the obfuscated code segment;
    并查询所述核心代码段对应的第二子代码段标识;及And query the second sub-code segment identifier corresponding to the core code segment; and
    将所述第一子代码段标识与所述第二子代码段标识建立映射关系。Establish a mapping relationship between the first sub-code segment identifier and the second sub-code segment identifier.
PCT/CN2019/102568 2019-04-12 2019-08-26 Code segment protection method and apparatus, computer device, and storage medium WO2020206905A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910296112.9A CN110135129B (en) 2019-04-12 2019-04-12 Code segment protection method and device, computer equipment and storage medium
CN201910296112.9 2019-04-12

Publications (1)

Publication Number Publication Date
WO2020206905A1 true WO2020206905A1 (en) 2020-10-15

Family

ID=67569734

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/102568 WO2020206905A1 (en) 2019-04-12 2019-08-26 Code segment protection method and apparatus, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN110135129B (en)
WO (1) WO2020206905A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115473702A (en) * 2022-08-23 2022-12-13 广西电网有限责任公司电力科学研究院 Content confusion method based on online interactive WEB dynamic defense

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110135129B (en) * 2019-04-12 2023-04-07 平安科技(深圳)有限公司 Code segment protection method and device, computer equipment and storage medium
CN110659459B (en) * 2019-09-27 2021-07-20 北京金山云网络技术有限公司 Software code processing method and device, electronic equipment and storage medium
CN113010364B (en) * 2019-12-20 2023-08-01 北京奇艺世纪科技有限公司 Service data acquisition method and device and electronic equipment
CN111274556A (en) * 2020-02-27 2020-06-12 北京小米移动软件有限公司 Code obfuscation method, device and storage medium
CN111538665A (en) * 2020-04-27 2020-08-14 北京奇艺世纪科技有限公司 Program testing method and device, storage medium, and electronic device
CN112328978A (en) * 2020-11-03 2021-02-05 广东三维家信息科技有限公司 Code obfuscation processing and running method and device, terminal equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104102860A (en) * 2014-08-11 2014-10-15 北京奇虎科技有限公司 Protecting method and running method and device and system for Android platform application program
CN106599629A (en) * 2016-12-16 2017-04-26 Tcl集团股份有限公司 Strengthening method and apparatus for Android application program
CN109145533A (en) * 2018-09-30 2019-01-04 武汉斗鱼网络科技有限公司 A kind of method and device using random cipher protection code
CN110135129A (en) * 2019-04-12 2019-08-16 平安科技(深圳)有限公司 Code segment protection method, device, computer equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104751024B (en) * 2013-12-27 2018-10-19 腾讯科技(深圳)有限公司 A kind of method and device that core source code is encrypted
CN106203007B (en) * 2015-05-08 2020-03-03 腾讯科技(深圳)有限公司 Code processing method and device and computing equipment
CN106055934B (en) * 2016-05-19 2019-04-02 福州利倍得网络技术有限公司 A kind of code protection method and device based on VEH
CN106203005A (en) * 2016-07-11 2016-12-07 福建方维信息科技有限公司 A kind of various dimensions authorization encryption method based on WEB platform software and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104102860A (en) * 2014-08-11 2014-10-15 北京奇虎科技有限公司 Protecting method and running method and device and system for Android platform application program
CN106599629A (en) * 2016-12-16 2017-04-26 Tcl集团股份有限公司 Strengthening method and apparatus for Android application program
CN109145533A (en) * 2018-09-30 2019-01-04 武汉斗鱼网络科技有限公司 A kind of method and device using random cipher protection code
CN110135129A (en) * 2019-04-12 2019-08-16 平安科技(深圳)有限公司 Code segment protection method, device, computer equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115473702A (en) * 2022-08-23 2022-12-13 广西电网有限责任公司电力科学研究院 Content confusion method based on online interactive WEB dynamic defense

Also Published As

Publication number Publication date
CN110135129A (en) 2019-08-16
CN110135129B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
WO2020206905A1 (en) Code segment protection method and apparatus, computer device, and storage medium
CN109474578B (en) Message checking method, device, computer equipment and storage medium
WO2020186786A1 (en) File processing method and apparatus, computer device and storage medium
WO2020233219A1 (en) Abnormal problem locating method and device, apparatus and computer readable storage medium
CN110290212B (en) Service call recording method, device, computer equipment and storage medium
WO2020253061A1 (en) Page generating method and apparatus, computer device, and storage medium
CN107688664B (en) Chart generation method and device, computer equipment and storage medium
CN111314306A (en) Interface access method and device, electronic equipment and storage medium
WO2020151333A1 (en) Page loading method, apparatus, computer device and storage medium
WO2020192134A1 (en) Exception handling method and apparatus based on spring mvc, and computer device and storage medium
CN109241484B (en) Method and equipment for sending webpage data based on encryption technology
WO2019134339A1 (en) Desensitization method and procedure, application server and computer readable storage medium
CN106909811B (en) Method and device for processing user identification
WO2019134340A1 (en) Salary calculation method, application server, and computer readable storage medium
WO2020233091A1 (en) Method and apparatus for service data rollback, computer device and storage medium
CN110908778B (en) Task deployment method, system and storage medium
WO2019153589A1 (en) Message data processing method and apparatus, and computer device and storage medium
CN109766483B (en) Regular expression generation method, device, computer equipment and storage medium
WO2021164462A1 (en) Data encryption method, data decryption method, computer device, and medium
WO2020233014A1 (en) Message sending method and apparatus, and computer device and storage medium
WO2020232883A1 (en) Script defect scanning method and apparatus, computer device and storage medium
WO2021120628A1 (en) Blockchain-based sensitive word detection method and apparatus, computer device and computer-readable storage medium
CN109711189A (en) Data desensitization method and device, storage medium, terminal
CN110830500B (en) Network attack tracking method and device, electronic equipment and readable storage medium
CN115982761A (en) Sensitive information processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19924261

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19924261

Country of ref document: EP

Kind code of ref document: A1