CA3150187C - Method and apparatus for protecting web script codes - Google Patents

Method and apparatus for protecting web script codes Download PDF

Info

Publication number
CA3150187C
CA3150187C CA3150187A CA3150187A CA3150187C CA 3150187 C CA3150187 C CA 3150187C CA 3150187 A CA3150187 A CA 3150187A CA 3150187 A CA3150187 A CA 3150187A CA 3150187 C CA3150187 C CA 3150187C
Authority
CA
Canada
Prior art keywords
encrypted
virtual machine
code
nodes
bytecodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA3150187A
Other languages
French (fr)
Other versions
CA3150187A1 (en
Inventor
Jie Yan
Jiajin Liu
Lifei YAO
Yang Lu
Guohua YE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
10353744 Canada Ltd
Original Assignee
10353744 Canada Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 10353744 Canada Ltd filed Critical 10353744 Canada Ltd
Publication of CA3150187A1 publication Critical patent/CA3150187A1/en
Application granted granted Critical
Publication of CA3150187C publication Critical patent/CA3150187C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

Disclosed are a webpage script code protection method and apparatus, relating to the technical field of computer security. The method comprises: parsing a webpage script code by means of a code parsing tool to obtain a tree code structure composed of a plurality of nodes; traversing nodes, to be encrypted, in the tree code structure, and sequentially executing, on the basis of offset parameters, encryption conversion on the nodes, to be encrypted, from bottom to top until the conversion of the node, to be encrypted, at the topmost layer is completed and an encrypted byte code is generated; configuring, according to the offset parameters, a virtual machine interpreter for constructing and executing the encrypted byte code; and encapsulating and storing the virtual machine interpreter and the encrypted byte code in a webpage script code file so as to execute calling. The method can strengthen the protection for a webpage script code and effectively prevent a malicious code analysis behavior.

Description

METHOD AND APPARATUS FOR PROTECTING WEB SCRIPT CODES
BACKGROUND OF THE INVENTION
Technical Field [0001] The present invention relates to the technical field of cyber security, and more particularly to a method and an apparatus for protecting web script codes.
Description of Related Art
[0002] Web script codes are a kind of interpreted language. The language can be run without the need of compiling it into binary machine codes in advance. By opening a page in a browser and loading web script source codes, these codes can be run, so the source codes of the web scripts are totally open and noting is confidential. It enables easy breakpoint debugging in browsers, and this endangers critical front-end business logics very much.
In fact, the first step the underground industry takes for attack is usually analyzing script codes of front-end webpages.
[0003] In order to avoid such a danger, common solutions for providing protection are to obfuscate and encrypt web script codes. However, both of them cannot satisfyingly defend against malicious code analysis. First, obfuscation of web script codes is about simplification in nature, including simplifying codes, simplifying variable naming, removing comments, and simplifying sentences, but makes no difference in terms of code logic. This only change is increased reading costs. For example, the UglifyJS
is a commonly used obfuscation tool for web script codes. Codes as a result of its obfuscation processing can still be beautified by some code beautifiers to the extent that they are almost as readable as the source codes. Secondary, the encrypted web script codes are not secure. Since decryption means or private keys can only be provided in the form of web Date Recue/Date Received 2022-02-07 script codes, it is not impossible for skilled people in the art to find the decryption means or private keys. For example, encrypted character strings can be easily decrypted by simply calling the encryption function used for encryption.
[0004] To sum up, normal means for obfuscation and encryption can be defeated by professional malicious code analysis. A well trained code breaker can directly acquire business logics in codes and accordingly forge webpage requests.
SUMMARY OF THE INVENTION
[0005] The objective of the present invention is to provide a method and an apparatus for protecting web script codes, which effectively protect web script codes from malicious code analysis.
[0006] To achieve the foregoing objective, in a first aspect the present invention provides a method for protecting web script codes. The method comprises:
[0007] analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes;
[0008] traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes;
[0009] configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters; and
[0010] packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
[0011] Preferably, before the step of analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes, the method further comprises:
[0012] performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes.

Date Recue/Date Received 2022-02-07
[0013] More preferably, after the step of performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes, the method further comprises:
[0014] based on the web script codes, selecting and marking a part or all of the script codes with protection code blocks, in which the protection code blocks comprise entry mark information.
[0015] Preferably, the tree code structure comprises node information corresponding to each of the nodes, and the node information comprises information about types, names, sub-nodes, and locations of the nodes.
[0016] Preferably, the offset parameters are randomly and dynamically generated based on the current web script codes.
[0017] Preferably, the step of traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes comprises:
[0018] with reference to the marked protection code blocks, screening out the nodes to be encrypted from the tree code structure;
[0019] identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted; and
[0020] based on the offset parameters, encrypting and converting the nodes to be encrypted in every layer from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes.
[0021] More preferably, the step of configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
[0022] according to the type of every node in the tree code structure, pre-generating the virtual machine code corresponding to each said node to be encrypted, respectively;
and
[0023] using the shift parameters to configure and generate a said unique virtual machine interpreter capable of interpreting and executing the said virtual machine code.

Date Recue/Date Received 2022-02-07
[0024] Further, the step of packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
[0025] when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner, packing mutually corresponding said virtual machine interpreter and said encrypted bytecodes together, respectively, and storing the packages in independent web script code documents, respectively; and
[0026] when one said virtual machine interpreter corresponds to plural said encrypted bytecodes, packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, and storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents at the same time, respectively.
[0027] As compared to the prior art, the method for protecting web script codes of the present invention has the following beneficial effects:
[0028] The method for protecting web script codes provided by the present invention first converts web script codes into a tree code structure by means of a code analysis tool, and then based on the shift parameters, encrypts and converts the nodes to be encrypted in every layer from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes.
Correspondingly, with the foregoing configuration of the shift parameter, the method can dynamically generate virtual machine interpreters that interpret and execute the encrypted bytecodes. At last, the virtual machine interpreters and the encrypted bytecodes are packaged and stored in web script code documents, so that terminal software (such as a browser) only needs to run the virtual machine codes. This prevents code breakers from setting breakpoints for business logic codes of web script codes, and significantly reduces the efficiency in dynamic debugging codes. Meanwhile, since the web script codes are converted into encrypted bytecodes, they cannot be dynamically matched and differentiated using normal regular expressions. It is thus clear that the disclosed scheme makes it more difficult to break web script codes, thereby realizing enhanced protection for web script codes.
[0029] In another aspect, the present invention provides an apparatus for protecting web script Date Recue/Date Received 2022-02-07 codes, which is applied to the method for protecting web script codes as recited in the foregoing technical scheme. The apparatus comprises:
[0030] an initially-obfuscating unit, for performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes;
[0031] a code-block-marking unit, for based on the web script codes, selecting and marking a part or all of the script codes with protection code blocks, in which the protection code blocks comprise entry mark information;
[0032] a code-analyzing unit, for analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes;
[0033] an encrypting-and-converting unit, for traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes;
[0034] a virtual-machine-generating unit, for according to the shift parameters, configuring a virtual machine interpreter that is used to generate, interpret and execute the encrypted bytecodes; and
[0035] a packaging unit, for packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
[0036] As compared to the prior art, the disclosed apparatus for protecting web script codes provides beneficial effects that are similar to those provided by the disclosed method for protecting web script codes as enumerated above, and thus no repetitions are made herein.
[0037] In a third aspect the present invention provides a computer readable storage medium, storing thereon a computer program. When the computer program is executed by a processor, it implements the steps of the method for querying multi-dimensional data as described previously.
[0038] As compared to the prior art, the disclosed computer-readable storage medium provides beneficial effects that are similar to those provided by the disclosed method for protecting web script codes as enumerated above, and thus no repetitions are made herein.
Date Recue/Date Received 2022-02-07 BRIEF DESCRIPTION OF THE DRAWINGS
[0039] The accompanying drawing is provided herein for better understanding of the present invention and form a part of this disclosure. The illustrative embodiments and their descriptions are for explaining the present invention and by no means form any improper limitation to the present invention, wherein:
[0040] FIG. 1 is a flowchart of a method for protecting web script codes according to one embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0041] To make the foregoing objectives, features, and advantages of the present invention clearer and more understandable, the following description will be directed to some embodiments as depicted in the accompanying drawings to detail the technical schemes disclosed in these embodiments. It is, however, to be understood that the embodiments referred herein are only a part of all possible embodiments and thus not exhaustive. Based on the embodiments of the present invention, all the other embodiments can be conceived without creative labor by people of ordinary skill in the art, and all these and other embodiments shall be embraced in the scope of the present invention.
Embodiment 1
[0042] Referring to FIG. 1, the present embodiment provides a method for protecting web script codes. The method comprises:
[0043] analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes; traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes;
configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters; and packaging and storing the virtual machine Date Recue/Date Received 2022-02-07 interpreters and the encrypted bytecodes in web script code documents for executing a calling.
[0044] The method for protecting web script codes provided by the present invention, which is suitable for environments running webpage scripting language (JavaScript), such as mainstream browsers, various small programs, and so on, firstly converts web script codes into a tree code structure by means of a code analysis tool, and then based on the shift parameters, encrypts and converts the nodes to be encrypted in every layer from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes.
Correspondingly, with the foregoing configuration of the shift parameter, the method can dynamically generate virtual machine interpreters that interpret and execute the encrypted bytecodes.
At last, the virtual machine interpreters and the encrypted bytecodes are packaged and stored in web script code documents, so that terminal software (such as a browser) only needs to run the virtual machine codes. This prevents code breakers from setting breakpoints for business logic codes of web script codes, and significantly reduces the efficiency in dynamic debugging codes. Meanwhile, since the web script codes are converted into encrypted bytecodes, they cannot be dynamically matched and differentiated using normal regular expressions. It is thus clear that the disclosed scheme makes it more difficult to break web script codes, thereby realizing enhanced protection for web script codes.
[0045] Specifically, in the embodiment described above, before the step of analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes, the method further comprises: performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes.
[0046] In particular implementations, a code obfuscation tool is used to obfuscate the web script source codes, so as to remove comments from source codes and simplify variable names and method names with meaning. This is to make source codes of web scripts less clear, thereby making breaking attempts more time-consuming and more difficult.

Date Recue/Date Received 2022-02-07
[0047] Further, in the embodiment described above after the step of performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes, the method further comprises: based on the web script codes, selecting and marking a part or all of the script codes with protection code blocks, in which the protection code blocks comprise entry mark information.
[0048] In particular implementations, the web script codes may be optionally marked with protection code blocks. The marking means that this part of web script codes is reinforced.
In the protection code blocks, marks indicating to skip protection may be added for web script codes requiring complex computation to exclude the marked codes from protection.
These codes will not be executed in the virtual machine interpreters, but the results will still be saved inside the virtual machine. Since compute-intensive source codes may have their computing performance degraded due to reinforcement, if they are marked as being skipped form protection, computing performance at critical codes can be improved. In addition, if there is not any mark throughout the web script, it is regarded that all the codes in the web script are reinforced by default. It is understandable that the marking made in the terms of code comments or code character instructions is only presented as a kind of marks.
[0049] Specifically, in the embodiment described above, web script codes are analyzed by a code analysis tool, so as to obtain a tree code structure composed of plural nodes.
Therein, the tree code structure includes node information corresponding to each node. The node information includes the type, the name, the contents and the location of the node.
[0050] The tree code structure is generated by describing the contents of code nodes in a one-to-one manner, and this allows convenient collection and analysis of complete information of the codes. The tree code structure includes comprehensive information of the source codes, such as node types, names, contents, and locations, and is interchangeable with the source codes in a one-to-one manner. With the tree code structure, circular traversal of the codes can be achieved easily. It is to be noted that the code analysis tool may be any of various options, such as the commonly used Babel.js, and the present embodiment sets no limitations thereto.

Date Recue/Date Received 2022-02-07
[0051] In order to further ensure security of ciphertext, in the embodiment described above, the shift parameters are randomly and dynamic generated based on the current web script codes. The shift parameters may include core parameter values of the ciphertext, such as character strings, variable names, node lengths, and so on. The shift parameters are used for configuration of the virtual machine interpreters and generation of the encrypted bytecodes, and ensure one-to-one match between the virtual machine interpreters and the encrypted bytecodes in use. Additionally, since the shift parameters are randomly and dynamic generated based on the current web script codes, even for the same web script source codes, different shift parameters will lead to generation of different encrypted bytecodes, which eventually makes the virtual machine codes are different.
Therefore, it is impossible to write a reverse program applicable to all virtual machine interpreters, thereby making code breading even more time-consuming and difficult.
[0052] In the embodiment described above, the step of traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes comprises:
[0053] with reference to the marked protection code blocks, screening out the nodes to be encrypted from the tree code structure; identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted; and based on the offset parameters, encrypting and converting the nodes to be encrypted in every layer from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes.
[0054] In particular implementations, the entry mark is found from the tree code structure, and deep traversal is performed downward from the corresponding node to be encrypted.
During the traversal, information about the types, lengths, and contents of every node to be encrypted is recorded. Upon completion of the traversal, the nodes to be encrypted are Date Recue/Date Received 2022-02-07 encrypted and converted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
Exemplarily, the encrypted node is of the structure of an encrypted character string composed of type (1 character) + length (2 characters) + contents (n characters). Therein, the type (1 character) and the length (2 characters) are the current shift parameters.
When interpreting the encrypted nodes, the virtual machine interpreters restore the contents n character by deducting the type 1 character and the length 2 characters from the actually expressed value of the length successively.
[0055] An example is now described for easy understanding. An assignment expression of a=1 will generate: type (the assignment expression) + length (x characters) +
contents (the left node + the right node), wherein the left node is also of the structure: type (variable name node) + length (1) + contents (variable name a); the right node is of the similar structure:
type (the constant) + length (1) + contents (the number 1).
[0056] In the embodiment described above, the step of configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
[0057] according to the type of every node in the tree code structure, pre-generating the virtual machine code corresponding to each said node to be encrypted, respectively;
and using the shift parameters to configure and generate a said unique virtual machine interpreter capable of interpreting and executing the said virtual machine code. It is understandable that the virtual machine interpreters are actually simulating the operation of every kind of encrypted nodes. The interpreter code describes the behavior of the encrypted node, and the execution code of a non-encrypted node will not be added into the virtual machine interpreter. However, its node instructions or custom virtual instructions can be copied to increase the complexity of the virtual machine. The interpreting process conducted by the virtual machine interpreter is also the reverse process of encrypting the encrypted bytecode. For example, an encrypted node of the type of character strings will be extracted by the virtual machine interpreter and returned as contents of character strings;
Date Recue/Date Received 2022-02-07 an encrypted node of the type of variables will be defined in the corresponding virtual memory space inside the virtual machine interpreter or acquired as corresponding variables; and an encrypted node of the type of function expressions will be defined as a new function in a virtual machine environment.
[0058] In the embodiment described above, the step of packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
[0059] when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner, packing mutually corresponding said virtual machine interpreter and said encrypted bytecodes together, respectively, and storing the packages in independent web script code documents, respectively; and when one said virtual machine interpreter corresponds to plural said encrypted bytecodes, packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, and storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents at the same time, respectively.
[0060] It is to be emphasized that, when separate packaging is used, plural encrypted bytecodes may share the same virtual machine interpreter. In this case, the point is to ensure consistency of the shift parameters. Preferably, the eventually generated web script code document may be further subjected to obfuscation and encryption through some open-source tools, such as a javascript-obfuscator, thereby further enhancing difficulty in reverse resolution.
Embodiment 2
[0061] The present embodiment provides an apparatus for protecting web script codes, which comprises:
[0062] an initially-obfuscating unit, for performing initial obfuscation on source codes of a web script by means of a code obfuscation tool, so as to obtain the web script codes;
[0063] a code-block-marking unit, for based on the web script codes, selecting and marking a part or all of the script codes with protection code blocks, in which the protection code blocks comprise entry mark information;

Date Recue/Date Received 2022-02-07
[0064] a code-analyzing unit, for analyzing the web script codes by means of a code analysis tool, so as to obtain a tree code structure composed of plural nodes;
[0065] an encrypting-and-converting unit, for traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, so as to generate encrypted bytecodes;
[0066] a virtual-machine-generating unit, for according to the shift parameters, configuring a virtual machine interpreter that is used to generate, interpret and execute the encrypted bytecodes; and
[0067] a packaging unit, for packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
[0068] As compared to the prior art, the apparatus for protecting web script codes of the present embodiment provides beneficial effects that are similar to those provided by the method for protecting web script codes as enumerated in the previous embodiment, and thus no repetitions are made herein.
Embodiment 3
[0069] The present embodiment provides a computer-readable storage medium, storing thereon a computer program. When the computer program is executed by a processor, it implements the steps of the method for protecting web script codes as described previously.
[0070] As compared to the prior art, the computer-readable storage medium of the present embodiment provides beneficial effects that are similar to those provided by the disclosed method for protecting web script codes as enumerated in the previous embodiment, and thus no repetitions are made herein.
[0071] As will be appreciated by people of ordinary skill in the art, implementation of all or a part of the steps of the method of the present invention as described previously may be realized by having a program instruct related hardware components. The program may be stored in a computer-readable storage medium, and the program is about performing Date Recue/Date Received 2022-02-07 the individual steps of the methods described in the foregoing embodiments.
The storage medium may be a ROM/RAM, a hard drive, an optical disk, a memory card or the like.
[0072] The present invention has been described with reference to the preferred embodiments and it is understood that the embodiments are not intended to limit the scope of the present invention. Moreover, as the contents disclosed herein should be readily understood and can be implemented by a person skilled in the art, all equivalent changes or modifications which do not depart from the concept of the present invention should be encompassed by the appended claims. Hence, the scope of the present invention shall only be defined by the appended claims.

Date Recue/Date Received 2022-02-07

Claims (135)

Claims:
1. A device for protecting web script code comprising:
a code-analyzing unit configured to analyze the web script codes with a code analysis tool, for obtaining a tree code structure composed of a plurality of nodes;
an encrypting-and-converting unit configured to:
traverse the nodes to be encrypted in the tree code structure, and encrypting; and convert each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, for generating encrypted bytecodes;
a virtual-machine-generating unit configured to further configure a virtual machine interpreter according to at least one shift parameter, wherein the virtual machine interpreter is used to generate, interpret and execute the encrypted bytecodes; and a packaging unit configured to package and store the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
2. The device of claim 1 further comprising an environment running at least one webpage scripting language.
3. The device of claim 2 wherein the webpage scripting language comprises JavaScript.
4. The device of any one of claims 1 to 3 further comprising an initially-obfuscating unit configured to perform an initial obfuscation on source codes of a web script by means of a code obfuscation tool, for obtaining the web script codes.
5. The device of claim 4 wherein the initial obfuscation comprises one or more of removing at least one comment from source codes, simplifying at least one variable name, and simplifying at least one process name.

Date Recue/Date Received 2023-12-01
6. The device of any one of claims 1 to 5 further comprising a code-block-marking unit configured to select and mark, based on the web script codes, a part or all of the script codes with protection code blocks, wherein the protection code blocks comprise entry mark informati on;
7. The device of claim 6 wherein the marking comprises reinforcing at least a part of the web script codes.
8. The device of any one of claims 6 to 7 wherein the protection code blocks comprise at least one mark indicating to skip protection.
9. The device of any one of claims 1 to 8 wherein the tree code structure is generated by describing a contents of the code nodes in a one-to-one manner.
10. The device of any one of claims 1 to 9 wherein the tree code structure comprises comprehensive information of the source codes.
11. The device of claim 10 wherein the comprehensive information comprises one or more of node types, names, contents, and locations.
12. The device of any one of claims 10 to 11 wherein the comprehensive information is interchangeable with the source codes in a one-to-one manner.
13. The device of any one of claims 1 to 12 wherein the code analysis tool is Babel.js.
14. The device of any one of claims 1 to 13 wherein the shift parameters are randomly and dynamically generated based on the current web script codes.
15. The device of any one of claims 1 to 14 wherein the shift parameters include core parameter values of the ciphertext.
16. The device of claim 15 wherein the core parameter values comprise one or more of character stings, variable names, and node lengths.
Date Recue/Date Received 2023-12-01
17. The device of any one of claims 1 to 16 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
screening out the nodes to be encrypted from the tree code structure with reference to any marked protection code blocks;
identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted;
encrypting and converting the nodes to be encrypted in every layer based on the offset parameters from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes
18. The device of any one of claims 16 to 17 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
finding an entry mark from the tree code structure;
performing at least one deep traversal downward from the corresponding node to be encrypted;
encrypting and converting the nodes to be encrypted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
19. The device of any one of claims 1 to 18 wherein information about the types, lengths, and contents of every node to be encrypted is recorded during the traversing.
20. The device of any one of claims 1 to 19 wherein configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:

Date Recue/Date Received 2023-12-01 pre-generating the virtual machine code corresponding to each said node to be encrypted, according to the type of every node in the tree code structure respectively;
and configuring and generating a unique virtual machine interpreter using the shift parameters wherein the virtual machine interpreter is capable of interpreting and executing the virtual machine code.
21. The device of any one of claims 1 to 20 wherein the virtual machine interpreter describes the behavior of the encrypted node, and wherein the execution code of a non-encrypted node are not added into the virtual machine interpreter.
22. The device of any one of claims 1 to 21 wherein one or more of node instrucnons and custom virtual instructions of the virtual machine interpreter are copied.
23. The device of any one of claims 1 to 22 wherein the interpreting process of the virtual machine interpreter is the reverse process of encrypting the encrypted bytecode.
24. The device of any one of claims 1 to 23 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packing corresponding virtual machine interpreter and encrypted bytecodes together respectively when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner; and storing the packages in independent web script code documents, respectively.
25. The device of any one of claims 1 to 24 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, when one virtual machine interpreter corresponds to a plurality of encrypted bytecodes; and Date Recue/Date Received 2023-12-01 storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents, respectively.
26. The device of claim 25 wherein the plurality of encrypted bytecodes share the same virtual machine interpreter.
27. The device of any one of claims 1 to 26 wherein the web script code document is further subjected to obfuscation and encryption.
28. A system for protecting web script code comprising:
a code-analyzing unit configured to analyze the web script codes with a code analysis tool, for obtaining a tree code structure composed of a plurality of nodes;
an encrypting-and-converting unit configured to:
traverse the nodes to be encrypted in the tree code structure, and encrypting; and convert each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, for generating encrypted bytecodes;
a virtual-machine-generating unit configured to further configure a virtual machine interpreter according to at least one shift parameter, wherein the virtual machine interpreter is used to generate, interpret and execute the encrypted bytecodes; and a packaging unit configured to package and store the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
29. The system of claim 28 further comprising an environment running at least one webpage scripting language.
30. The system of claim 29 wherein the webpage scripting language comprises JavaScript.

Date Recue/Date Received 2023-12-01
31. The system of any one of claims 28 to 30 further comprising an initially-obfuscating unit configured to perform an initial obfuscation on source codes of a web script by means of a code obfuscation tool, for obtaining the web script codes.
32. The system of claim 31 wherein the initial obfuscation comprises one or more of removing at least one comment from source codes, simplifying at least one variable name, and simplifying at least one process name.
33. The system of any one of claims 28 to 32 further comprising a code-block-marking unit configured to select and mark, based on the web script codes, a part or all of the script codes with protection code blocks, wherein the protection code blocks comprise entry mark inform ati on;
34. The system of claim 33 wherein the marking comprises reinforcing at least a part of the web script codes.
35. The system of any one of claims 33 to 34 wherein the protection code blocks comprise at least one mark indicating to skip protection.
36. The system of any one of claims 28 to 35 wherein the tree code structure is generated by describing a contents of the code nodes in a one-to-one manner.
37. The system of any one of claims 28 to 36 wherein the tree code structure comprises comprehensive information of the source codes.
38. The system of claim 37 wherein the comprehensive information comprises one or more of node types, names, contents, and locations.
39. The system of any one of claims 37 to 38 wherein the comprehensive information is interchangeable with the source codes in a one-to-one manner.
40. The system of any one of claims 28 to 39 wherein the code analysis tool is Babel.js.

Date Recue/Date Received 2023-12-01
41. The system of any one of claims 28 to 40 wherein the shift parameters are randomly and dynamically generated based on the current web script codes.
42. The system of any one of claims 28 to 41 wherein the shift parameters include core parameter values of the ciphertext.
43. The system of claim 42 wherein the core parameter values comprise one or more of character strings, variable names, and node lengths.
44. The system of any one of claims 28 to 43 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
screening out the nodes to be encrypted from the tree code structure with reference to any marked protection code blocks;
identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted;
encrypting and converting the nodes to be encrypted in every layer based on the offset parameters from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes
45. The system of any one of claims 43 to 44 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
finding an entry mark from the tree code structure;
performing at least one deep traversal downward from the corresponding node to be encrypted;
Date Recue/Date Received 2023-12-01 encrypting and converting the nodes to be encrypted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
46. The system of any one of claims 28 to 45 wherein information about the types, lengths, and contents of every node to be encrypted is recorded during the traversing.
47. The system of any one of claims 28 to 46 wherein configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
pre-generating the virtual machine code corresponding to each said node to be encrypted, according to the type of every node in the tree code structure respectively;
and configuring and generating a unique virtual machine interpreter using the shift parameters wherein the virtual machine interpreter is capable of interpreting and executing the virtual machine code.
48. The system of any one of claims 28 to 47 wherein the virtual machine interpreter describes the behavior of the encrypted node, and wherein the execution code of a non-encrypted node are not added into the virtual machine interpreter.
49. The system of any one of claims 28 to 48 wherein one or more of node instructions and custom virtual instructions of the virtual machine interpreter are copied.
50. The system of any one of claims 28 to 49 wherein the interpreting process of the virtual machine interpreter is the reverse process of encrypting the encrypted bytecode.
51. The system of any one of claims 28 to 50 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:

Date Recue/Date Received 2023-12-01 packing corresponding virtual machine interpreter and encrypted bytecodes together respectively when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner; and storing the packages in independent web script code documents, respectively.
52. The system of any one of claims 28 to 51 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, when one virtual machine interpreter corresponds to a plurality of encrypted bytecodes; and storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents, respectively.
53. The system of claim 52 wherein the plurality of encrypted bytecodes share the same virtual machine interpreter.
54. The system of any one of claims 28 to 53 wherein the web script code document is further subjected to obfuscation and encryption.
55. A method for protecting web script code comprising:
analyzing the web script codes with a code analysis tool, for obtaining a tree code structure composed of a plurality of nodes;
traversing the nodes to be encrypted in the tree code structure, and encrypting; and converting each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, for generating encrypted bytecodes;

Date Recue/Date Received 2023-12-01 configuring a virtual machine interpreter according to at least one shift parameter, wherein the virtual machine interpreter is used to generate, interpret and execute the encrypted bytecodes; and packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
56. The method of claim 55 running at least one webpage scripting language in an environment.
57. The method of claim 56 wherein the webpage scripting language comprises JavaScript.
58. The method of any one of claims 55 to 57 further comprising performing an initial obfuscation on source codes of a web script by means of a code obfuscation tool, for obtaining the web script codes.
59. The method of claim 58 wherein the initial obfuscation comprises one or more of removing at least one comment from source codes, simplifying at least one variable name, and simplifying at least one process name.
60. The method of any one of claims 55 to 59 further comprising selecting and marking, based on the web script codes, a part or all of the script codes with protection code blocks, wherein the protection code blocks comprise entry mark information;
61. The method of claim 60 wherein the marking comprises reinforcing at least a part of the web script codes.
62. The method of any one of claims 60 to 61 wherein the protection code blocks comprise at least one mark indicating to skip protection.
63. The method of any one of claims 55 to 62 wherein the tree code structure is generated by describing a contents of the code nodes in a one-to-one manner.
64. The method of any one of claims 55 to 63 wherein the tree code structure comprises comprehensive information of the source codes.

Date Recue/Date Received 2023-12-01
65. The method of claim 64 wherein the comprehensive information comprises one or more of node types, names, contents, and locations.
66. The method of any one of claims 64 to 65 wherein the comprehensive information is interchangeable with the source codes in a one-to-one manner.
67. The method of any one of claims 55 to 66 wherein the code analysis tool is Babel.js.
68. The method of any one of claims 55 to 67 wherein the shift parameters are randomly and dynamically generated based on the current web script codes.
69. The method of any one of claims 55 to 68 wherein the shift parameters include core parameter values of the ciphertext.
70. The method of claim 69 wherein the core parameter values comprise one or more of character strings, variable names, and node lengths.
71. The method of any one of claims 55 to 70 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
screening out the nodes to be encrypted from the tree code structure with reference to any marked protection code blocks;
identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted;
encrypting and converting the nodes to be encrypted in every layer based on the offset parameters from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes
72. The method of any one of claims 70 to 71 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:

Date Recue/Date Received 2023-12-01 finding an entry mark from the tree code structure;
performing at least one deep traversal downward from the corresponding node to be encrypted;
encrypting and converting the nodes to be encrypted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
73. The method of any one of claims 55 to 72 wherein information about the types, lengths, and contents of every node to be encrypted is recorded during the traversing.
74. The method of any one of claims 55 to 73 wherein configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
pre-generating the virtual machine code corresponding to each said node to be encrypted, according to the type of every node in the tree code structure respectively;
and configuring and generating a unique virtual machine interpreter using the shift parameters wherein the virtual machine interpreter is capable of interpreting and executing the virtual machine code.
75. The method of any one of claims 55 to 74 wherein the virtual machine interpreter describes the behavior of the encrypted node, and wherein the execution code of a non-encrypted node are not added into the virtual machine interpreter.
76. The method of any one of claims 55 to 75 wherein one or more of node instructions and custom virtual instructions of the virtual machine interpreter are copied.
77. The method of any one of claims 55 to 76 wherein the interpreting process of the virtual machine interpreter is the reverse process of encrypting the encrypted bytecode.
Date Recue/Date Received 2023-12-01
78. The method of any one of claims 55 to 77 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packing corresponding virtual machine interpreter and encrypted bytecodes together respectively when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner; and storing the packages in independent web script code documents, respectively.
79. The method of any one of claims 55 to 78 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, when one virtual machine interpreter corresponds to a plurality of encrypted bytecodes; and storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents, respectively.
80. The method of claim 79 wherein a plurality of encrypted bytecodes share the same virtual machine interpreter.
81. The method of any one of claims 55 to 80 wherein the web script code document is further subjected to obfuscation and encryption.
82. A computer equipment for protecting web script code comprising a computer readable physical memory and a processor communicatively connected to the memory wherein the processor is configured to execute a computer program stored on the memory and wherein the processor when executing the computer program is configured to:
analyze the web script codes with a code analysis tool, for obtaining a tree code structure composed of a plurality of nodes;
traverse the nodes to be encrypted in the tree code structure, and encrypting;
and Date Recue/Date Received 2023-12-01 convert each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, for generating encrypted bytecodes;
configure a virtual machine interpreter according to at least one shift parameter, wherein the virtual machine interpreter is used to generate, interpret and execute the encrypted bytecodes; and package and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
83. The computer equipment of claim 82 running at least one webpage scripting language in an environment.
84. The computer equipment of claim 83 wherein the webpage scripting language comprises JavaScript.
85. The computer equipment of any one of claims 82 to 84 wherein the processor is further configured to perform an initial obfuscation on source codes of a web script by means of a code obfuscation tool, for obtaining the web script codes.
86. The computer equipment of claim 85 wherein the initial obfuscation comprises one or more of removing at least one comment from source codes, simplifying at least one variable name, and simplifying at least one process name.
87. The computer equipment of any one of claims 82 to 86 the processor is further configured to select and mark, based on the web script codes, a part or all of the script codes with protection code blocks, wherein the protection code blocks comprise entry mark information;
88. The computer equipment of claim 87 wherein the marking comprises reinforcing at least a part of the web script codes.

Date Recue/Date Received 2023-12-01
89. The computer equipment of any one of claims 87 to 88 wherein the protection code blocks comprise at least one mark indicating to skip protection.
90. The computer equipment of any one of claims 82 to 89 wherein the tree code structure is generated by describing a contents of the code nodes in a one-to-one manner.
91. The computer equipment of any one of claims 82 to 90 wherein the tree code structure comprises comprehensive information of the source codes.
92. The computer equipment of claim 91 wherein the comprehensive information comprises one or more of node types, names, contents, and locations.
93. The computer equipment of any one of claims 91 to 92 wherein the comprehensive information is interchangeable with the source codes in a one-to-one manner.
94. The computer equipment of any one of claims 82 to 93 wherein the code analysis tool is B abel .j s.
95. The computer equipment of any one of claims 82 to 94 wherein the shift parameters are randomly and dynamically generated based on the current web script codes.
96. The computer equipment of any one of claims 82 to 95 wherein the shift parameters include core parameter values of the ciphertext.
97. The computer equipment of claim 96 wherein the core parameter values comprise one or more of character strings, variable names, and node lengths.
98. The computer equipment of any one of claims 82 to 97 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes compri ses:
screening out the nodes to be encrypted from the tree code structure with reference to any marked protection code blocks;

Date Recue/Date Received 2023-12-01 identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted;
encrypting and converting the nodes to be encrypted in every layer based on the offset parameters from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes
99. The computer equipment of any one of claims 97 to 98 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
finding an entry mark from the tree code structure;
performing at least one deep traversal downward from the corresponding node to be encrypted;
encrypting and converting the nodes to be encrypted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
100. The computer equipment of any one of claims 82 to 99 wherein information about the types, lengths, and contents of every node to be encrypted is recorded during the traversing.
101. The computer equipment of any one of claims 82 to 100 wherein configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
pre-generating the virtual machine code corresponding to each said node to be encrypted, according to the type of every node in the tree code structure respectively;
and Date Recue/Date Received 2023-12-01 configuring and generating a unique virtual machine interpreter using the shift parameters wherein the virtual machine interpreter is capable of interpreting and executing the virtual machine code.
102. The computer equipment of any one of claims 82 to 101 wherein the virtual machine interpreter describes the behavior of the encrypted node, and wherein the execution code of a non-encrypted node are not added into the virtual machine interpreter.
103. The computer equipment of any one of claims 82 to 102 wherein one or more of node instructions and custom virtual instructions of the virtual machine interpreter are copied.
104. The computer equipment of any one of claims 82 to 103 wherein the interpreting process of the virtual machine interpreter is the reverse process of encrypting the encrypted bytecode.
105. The computer equipment of any one of claims 82 to 104 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packing corresponding virtual machine interpreter and encrypted bytecodes together respectively when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner; and storing the packages in independent web script code documents, respectively.
106. The computer equipment of any one of claims 82 to 105 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, when one virtual machine interpreter corresponds to a plurality of encrypted bytecodes; and Date Recue/Date Received 2023-12-01 storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents, respectively.
107. The computer equipment of claim 106 wherein a plurality of encrypted bytecodes share the same virtual machine interpreter.
108. The computer equipment of any one of claims 82 to 107 wherein the web script code document is further subjected to obfuscation and encryption.
109. A computer readable physical memory having stored upon it a computer program for protecting a web script code, wherein the computer program when executed by a computer is configured to:
analyze the web script codes with a code analysis tool, for obtaining a tree code structure composed of a plurality of nodes;
traverse the nodes to be encrypted in the tree code structure, and encrypting;
and convert each of the nodes to be encrypted based on offset parameters successively in a bottom-to-top order, until the nodes to be encrypted at a top layer have all been converted, for generating encrypted bytecodes;
configure a virtual machine interpreter according to at least one shift parameter, wherein the virtual machine interpreter is used to generate, interpret and execute the encrypted bytecodes; and package and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents for executing a calling.
110. The memory of claim 109 running at least one webpage scripting language in an environment.
111. The memory of claim 110 wherein the webpage scripting language comprises JavaScript.

Date Recue/Date Received 2023-12-01
112. The memory of any one of claims 109 to 111 wherein the computer is further configured to perform an initial obfuscation on source codes of a web script by means of a code obfuscation tool, for obtaining the web script codes.
113. The memory of claim 112 wherein the initial obfuscation comprises one or more of removing at least one comment from source codes, simplifying at least one variable name, and simplifying at least one process name.
114. The memory of any one of claims 109 to 113 wherein the computer is further configured to select and mark, based on the web script codes, a part or all of the script codes with protection code blocks, wherein the protection code blocks comprise entry mark information;
115. The memory of claim 114 wherein the marking comprises reinforcing at least a part of the web script codes.
116. The memory of any one of claims 114 to 115 wherein the protection code blocks comprise at least one mark indicating to skip protection.
117. The memory of any one of claims 109 to 116 wherein the tree code structure is generated by describing a contents of the code nodes in a one-to-one manner.
118. The memory of any one of claims 109 to 117 wherein the tree code structure comprises comprehensive information of the source codes.
119. The memory of claim 118 wherein the comprehensive information comprises one or more of node types, names, contents, and locations.
120. The memory of any one of claims 118 to 119 wherein the comprehensive information is interchangeable with the source codes in a one-to-one manner.
121. The memory of any one of claims 109 to 120 wherein the code analysis tool is Babel.js.

Date Recue/Date Received 2023-12-01
122. The memory of any one of claims 109 to 121 wherein the shift parameters are randomly and dynamically generated based on the current web script codes.
123. The memory of any one of claims 109 to 122 wherein the shift parameters include core parameter values of the ciphertext.
124. The memory of claim 123 wherein the core parameter values comprise one or more of character strings, variable names, and node lengths.
125. The memory of any one of claims 109 to 124 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
screening out the nodes to be encrypted from the tree code structure with reference to any marked protection code blocks;
identifying the nodes to be encrypted corresponding to the entry marks so as to perform deep traversal downward, and recording information about the type, length, and contents of each said node to be encrypted;
encrypting and converting the nodes to be encrypted in every layer based on the offset parameters from bottom to top by means of a recursion method, until the nodes to be encrypted at the top layer have been converted, so as to generate the encrypted bytecodes
126. The memory of any one of claims 124 to 125 wherein traversing the nodes to be encrypted in the tree code structure, and encrypting and converting each of the nodes comprises:
finding an entry mark from the tree code structure;
performing at least one deep traversal downward from the corresponding node to be encrypted;

Date Recue/Date Received 2023-12-01 encrypting and converting the nodes to be encrypted layer by layer from top to bottom using the shift parameters according to the recursion method, until the nodes to be encrypted at the top layer have been converted, the conversion of the entire tree code structure is completed.
127. The memory of any one of claims 109 to 126 wherein information about the types, lengths, and contents of every node to be encrypted is recorded during the traversing.
128. The memory of any one of claims 109 to 127 wherein configuring virtual machine interpreters used to construct and execute the encrypted bytecodes according to the offset parameters comprises:
pre-generating the virtual machine code corresponding to each said node to be encrypted, according to the type of every node in the tree code structure respectively;
and configuring and generating a unique virtual machine interpreter using the shift parameters wherein the virtual machine interpreter is capable of interpreting and executing the virtual machine code.
129. The memory of any one of claims 109 to 128 wherein the virtual machine interpreter describes the behavior of the encrypted node, and wherein the execution code of a non-encrypted node are not added into the virtual machine interpreter.
130. The memory of any one of claims 109 to 129 wherein one or more of node instructions and custom virtual instructions of the virtual machine interpreter are copied.
131. The memory of any one of claims 109 to 130 wherein the interpreting process of the virtual machine interpreter is the reverse process of encrypting the encrypted bytecode.
132. The memory of any one of claims 109 to 131 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:

Date Recue/Date Received 2023-12-01 packing corresponding virtual machine interpreter and encrypted bytecodes together respectively when the virtual machine interpreters and the encrypted bytecodes correspond to each other in a one-to-one manner; and storing the packages in independent web script code documents, respectively.
133. The memory of any one of claims 109 to 132 wherein packaging and storing the virtual machine interpreters and the encrypted bytecodes in web script code documents comprises:
packaging the virtual machine interpreter and the plural said encrypted bytecodes separately, when one virtual machine interpreter corresponds to a plurality of encrypted bytecodes; and storing the virtual machine interpreter and the encrypted bytecodes in separate said web script code documents, respectively.
134. The memory of claim 133 wherein a plurality of encrypted bytecodes share the same virtual machine interpreter.
135. The memory of any one of claims 109 to 134 wherein the web script code document is further subjected to obfuscation and encryption.
Date Recue/Date Received 2023-12-01
CA3150187A 2019-08-06 2020-06-24 Method and apparatus for protecting web script codes Active CA3150187C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201910721402.3 2019-08-06
CN201910721402.3A CN110555291B (en) 2019-08-06 2019-08-06 Webpage script code protection method and device
PCT/CN2020/097852 WO2021022927A1 (en) 2019-08-06 2020-06-24 Webpage script code protection method and apparatus

Publications (2)

Publication Number Publication Date
CA3150187A1 CA3150187A1 (en) 2021-02-11
CA3150187C true CA3150187C (en) 2024-03-19

Family

ID=68736896

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3150187A Active CA3150187C (en) 2019-08-06 2020-06-24 Method and apparatus for protecting web script codes

Country Status (3)

Country Link
CN (1) CN110555291B (en)
CA (1) CA3150187C (en)
WO (1) WO2021022927A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110555291B (en) * 2019-08-06 2021-08-27 苏宁云计算有限公司 Webpage script code protection method and device
US11741197B1 (en) 2019-10-15 2023-08-29 Shape Security, Inc. Obfuscating programs using different instruction set architectures
CN113254889A (en) * 2020-02-11 2021-08-13 北京沃东天骏信息技术有限公司 Code encryption method and device

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2196934A1 (en) * 2008-12-09 2010-06-16 Gemalto SA Method for securing java bytecode
CN104166822B (en) * 2013-05-20 2017-10-13 阿里巴巴集团控股有限公司 A kind of method and apparatus of data protection
CN103778355B (en) * 2014-01-15 2017-02-15 西北大学 Code morphing-based binary code obfuscation method
CN105447342B (en) * 2014-08-28 2018-08-31 阿里巴巴集团控股有限公司 script encryption method, decryption method and engine
CN105354449B (en) * 2015-11-04 2018-08-21 北京鼎源科技有限公司 Method and decryption method are obscured in a kind of scrambling towards Lua language
CN109033764B (en) * 2017-06-09 2023-04-11 腾讯科技(深圳)有限公司 Anti-confusion processing method, terminal and computer equipment
CN108614960B (en) * 2018-05-11 2020-06-16 西北大学 JavaScript virtualization protection method based on front-end byte code technology
CN109948308A (en) * 2019-03-13 2019-06-28 智者四海(北京)技术有限公司 Code security guard method, device, electronic equipment and computer readable storage medium
CN109992935B (en) * 2019-03-15 2021-05-25 同盾控股有限公司 Source code protection method and device
CN110555291B (en) * 2019-08-06 2021-08-27 苏宁云计算有限公司 Webpage script code protection method and device

Also Published As

Publication number Publication date
WO2021022927A1 (en) 2021-02-11
CA3150187A1 (en) 2021-02-11
CN110555291A (en) 2019-12-10
CN110555291B (en) 2021-08-27

Similar Documents

Publication Publication Date Title
CA3150187C (en) Method and apparatus for protecting web script codes
JP5996810B2 (en) Self-rewriting platform application code obfuscation device and method
TWI598765B (en) Data protection methods and devices
JP5990654B2 (en) Application code obfuscation device and method
CN107908392B (en) Data acquisition kit customization method and device, terminal and storage medium
CN104866734B (en) A kind of guard method of DEX file and device
US20160371473A1 (en) Code Obfuscation Device Using Indistinguishable Identifier Conversion And Method Thereof
CN112115427A (en) Code obfuscation method, device, electronic device and storage medium
CN109241707A (en) Application program obscures method, apparatus and server
CN105335151A (en) Installation file protection method and apparatus
CN110119601A (en) Program reinforcement means and device based on application program installation kit
CN113434148B (en) Decryption-preventing client development compiling method and device, electronic equipment and storage medium
KR20160108427A (en) Method of protecting secret data when used in a cryptographic algorithm
CN110147653A (en) Application security reinforcement means and device
KR101157996B1 (en) Method, system and computer readable recording medium for desultory change to protect source code of javascript
CN112115428B (en) Code file confusion method, device, electronic equipment and storage medium
CN117093964A (en) Encryption method and device of source code, storage medium and electronic equipment
KR20180028666A (en) Method and apparatus for preventing reverse engineering
CN114090965B (en) Java code confusion method, system, computer equipment and storage medium
CN110147655A (en) The security protection system and method for application program
CN114039743A (en) Data encryption method, device, storage medium and terminal
CN111651781B (en) Log content protection method, device, computer equipment and storage medium
CN114357391A (en) Data encryption and decryption method and computer storage medium
CN107292131A (en) Method for protecting software and device
Groß et al. Protecting JavaScript apps from code analysis

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916

EEER Examination request

Effective date: 20220916