CN102214281A - Software protecting method and device - Google Patents
Software protecting method and device Download PDFInfo
- Publication number
- CN102214281A CN102214281A CN201110106691XA CN201110106691A CN102214281A CN 102214281 A CN102214281 A CN 102214281A CN 201110106691X A CN201110106691X A CN 201110106691XA CN 201110106691 A CN201110106691 A CN 201110106691A CN 102214281 A CN102214281 A CN 102214281A
- Authority
- CN
- China
- Prior art keywords
- code
- transplanted
- virtual machine
- secure virtual
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000005516 engineering process Methods 0.000 description 19
- 230000008569 process Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 6
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000007430 reference method Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a software protecting method. The method comprises the following steps: a plurality of code segments in N code segments of protected software are taken as first transplanted codes; the first transplanted codes are converted into commands of a secure virtual machine, and transplanted into the secure virtual machine; one or more code segments in the first transplanted codes are taken as second transplanted codes; the second transplanted codes are converted into commands of an encryption lock, and transplanted into the encryption lock; when the protected software executes the codes, if the code segment to be executed is the first transplanted code, the protected software calls the secure virtual machine to execute the first transplanted code; and when the secure virtual machine executes the first transplanted code, if the code segment to be executed is the second transplanted code in the first transplanted codes, the secure virtual machine calls the encryption lock to execute the second transplanted code. Meanwhile, the invention also discloses a software protecting device. By using the method and the device, the software protection strength is improved.
Description
Technical field
The present invention relates to the software copyright protection technical field, particularly a kind of method for protecting software and device.
Background technology
Software is because the feature of its pure digi-talization; suffer pirate puzzlement always; in the prior art; usually adopt two kinds of method for protecting software to prevent piracy, a kind of is hardware based guard method, for example; adopt encryption lock to carry out software protection; another kind is the guard method based on software, for example, adopts virtual machine mechanism to carry out software protection.Below, these two kinds of method for protecting software in the prior art are introduced.
Encryption lock is a kind of hardware device with certain processing power; it links to each other with software platform by application programming (API) interface; the running environment of protected software is described software platform; the partial code of protected software is migrated in the encryption lock; ground replaces; transplanted code section is replaced with call function in the protected software, and call function is used for representing to call the transplanted code of encryption lock.In the process that protected software moves on software platform; when moving to original transplanted code section; adopt call function to call transplanted code in the encryption lock, after transplanted code moves and finishes, again the result is back to the protected software on the software platform again in encryption lock.
For the above-mentioned course of work to encryption lock is elaborated, illustrate below.
Suppose that software platform is the S system on the computing machine; protected software is used for successively execution in step 1 continuously; 2; 3; 4; the corresponding code segment a of step 1; the corresponding code segment section of step 2 b; the corresponding code segment c of step 3; the corresponding code segment d of step 4; encryption lock is with after S system on the computing machine is connected; code segment c in the protected software can be converted into the discernible instruction of encryption lock migrates in the encryption lock; code segment c in the protected software replaces with call function f (x); f (x) is used for representing to call the code segment c of encryption lock; behind protected software S system operation on computers finishing code segment a; operation f (x) calls the code segment b in the encryption lock; after code segment b moves in encryption lock and finishes; the result is back to protected software in the S system on the computing machine, and code segment c reruns in the protected then software S system on computers; d.
By said method as can be known; because the part of protected software is moved in encryption lock hardware; the protected software that breaks away from encryption lock is incomplete; the cracker must restore the code of operation in the encryption lock could realize cracking software; therefore the protection intensity of protected software just depends on the protection intensity of that part of code of operation in the encryption lock hardware; and encryption lock hardware is understood high safe processor of safety in utilization or smart card usually; guarantee that internal code can't follow the tracks of, obvious this protected mode has high protection intensity.
Existing virtual machine resist technology and above-mentioned encryption lock resist technology are closely similar; also be to place security context to move the protection that realizes software by partial code with software; be with the key distinction of encryption lock guard method: described security context is not to be provided by extra hardware, but by with the same hardware of protected software in virtual machine provide.
For the above-mentioned course of work to virtual machine is elaborated, illustrate below.
Suppose that protected software and virtual machine all run in the S system on certain computing machine; protected software is used for continuous execution in step 1; 2; 3; 4; the corresponding code a of step 1 section; the corresponding code b of step 2 section; the corresponding code c of step 3 section; the corresponding code segment d of step 4; code segment c in the protected software can be converted into virtual machine instructions migrates in the virtual machine; code segment c in the protected software replaces with call function f (x); f (x) is used for representing to call the code segment c of virtual machine; behind protected software S system operation on computers finishing code segment a; operation f (x) calls the code segment b of the virtual machine in the S system; after code segment b moves in virtual machine and finishes, the result is back to protected software in the S system, code segment c reruns in the protected then software S system on computers; d.
It is emphasized that, virtual machine of the present invention and VMWare, virtual machine differences such as QEMU, virtual machine of the present invention is meant one group of instruction set and carries out the required running environment of this instruction set, and do not need corresponding certain real machine, be similar to the higher level lanquage virtual machine of custom instruction collection, hereinafter be called secure virtual machine.This secure virtual machine is that the software protection purpose designs; can be embedded in the protected software and move; and ins and outs such as the instruction set of secure virtual machine and operating mechanism are underground fully; thereby the tracking of secure virtual machine instruction and analysis difficulty are obviously improved, and the code that operates in like this in the secure virtual machine has just obtained protection.Because this secure virtual machine and protected running software in identical platform, can not run into similar encryption lock resist technology such performance and resource bottleneck, therefore code range and the operational efficiency that can select from protected software increases greatly.
Yet all there are some defectives in above-mentioned two kinds of method for protecting software, are discussed in detail below:
For method for protecting software based on encryption lock; under the situation of selecting enough complicated code; its protection intensity that can realize obviously is the highest; but in actual applications; owing to reasons such as hardware performance that is subject to encryption lock and available resources; in a lot of protection schemes; the code that finally can be transplanted in the encryption lock in the protected software is limited; that is to say; in this case, the complexity of transplanted code might not reach requirement, and the cracker is by following the tracks of; analyze rule mutual between protected software and the encryption lock; might restore the function of transplanted code, thereby realize cracking.
For method for protecting software based on virtual machine; because virtual machine technique is realized by software himself; and operate in the platform identical with protected software; can not break away from cracker's tracking and analysis; in case the cracker analyzes the instruction set and the operation characteristic of secure virtual machine; still can crack as common software; the instruction that moves in the secure virtual machine is followed the tracks of and analyzed; restore the function of the code that moves in the secure virtual machine; even can directly distort, thereby realize cracking to the code that moves in the secure virtual machine.
To sum up, based on each defectiveness of resist technology of encryption lock and secure virtual machine, all can not expire high-intensity software protection demand fully in the prior art.
Summary of the invention
In view of this, the invention provides a kind of method for protecting software and device, can improve software protection intensity.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method for protecting software; this method is used for protected software is protected; described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively; N is a positive integer; described protected running software is in software platform; in described software platform secure virtual machine is set, described encryption lock also is connected with software platform, and this method comprises:
With a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is converted into the instruction of secure virtual machine and migrates in the secure virtual machine, one or more code segments in the described first transplanted code as the second transplanted code, are converted into the instruction of encryption lock with the second transplanted code and migrate in the encryption lock.
The first transplanted code is converted into the instruction of secure virtual machine and migrates in the secure virtual machine, and with the one or more code segments in the described first transplanted code as the second transplanted code, after the second transplanted code was converted into the instruction of encryption lock and migrates in the encryption lock, this method further comprised:
Protected software is carried out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; protected software transfer secure virtual machine is carried out the first transplanted code; after secure virtual machine is finished execution result is back to protected software; when secure virtual machine is carried out the described first transplanted code; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; secure virtual machine calls encryption lock and carries out the described second transplanted code, after encryption lock is finished execution result is back to secure virtual machine.
This method further comprises: in advance a part of code in the code of secure virtual machine itself is migrated in the encryption lock.
A kind of software protecting equipment, this device is used for protected software is protected, described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively, N is a positive integer, this device comprises: software platform and encryption lock, and described software platform comprises: secure virtual machine unit, performance element, transplanting unit and interface unit; Wherein,
Described performance element is used to store protected software;
Described transplanting unit, with a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is migrated in the secure virtual machine unit by interface unit, the one or more code segments in the described first transplanted code are migrated in the encryption lock by interface unit as the second transplanted code;
Described secure virtual machine unit is used to receive the described first transplanted code, is translated into the instruction of self;
Described encryption lock is used to receive the described second transplanted code, is translated into the instruction of self.
Described performance element; be further used for controlling protected software and carry out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; performance element calls the secure virtual machine unit by interface unit and carries out the first transplanted code; after being finished, the secure virtual machine unit execution result is back to performance element by interface unit; when the described first transplanted code is carried out in the secure virtual machine unit; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; the secure virtual machine unit calls encryption lock by interface unit and carries out the described second transplanted code, by interface unit execution result is back to the secure virtual machine unit after encryption lock is finished.
According to technical scheme provided by the present invention; with a plurality of code segments in N the code segment of protected software as the first transplanted code; the first transplanted code is converted into the discernible instruction of secure virtual machine and migrates in the secure virtual machine; with the one or more code segments in the described first transplanted code as the second transplanted code; the second transplanted code is converted into the discernible instruction of encryption lock and migrates in the encryption lock; in the process of protected software run time version; when if the code segment that desire is carried out is the first transplanted code; protected software transfer secure virtual machine is carried out the first transplanted code; when secure virtual machine is carried out the described first transplanted code; if when the code segment that desire is carried out was the second transplanted code in the first transplanted code, secure virtual machine called encryption lock and carries out the described second transplanted code.Obviously, among the present invention, the transplanting code range that protected software can be selected is identical with the virtual machine resist technology, and protection intensity then is equivalent to increase on the basis of virtual machine resist technology the protection of encryption lock again.
Further; the code that moves in secure virtual machine can be for to the demanding code of operational efficiency; the code that moves in encryption lock can be less demanding for efficient; but the code that logic is enough complicated; the top efficiency that the efficient of code operation can reach near the virtual machine resist technology among the present invention then; and protection intensity can be near the highest protection intensity of the theory sum of virtual machine resist technology and encryption lock resist technology, and operational efficiency and safety can be taken into account.
As seen; the present invention will effectively combine based on the Software Protection Technique of virtual machine with based on the resist technology of encryption lock, fully draw the advantage of two kinds of resist technologies, and the shortcoming separately that remedies mutually; enlarge the scope of code protection, improved the intensity of software protection.
Description of drawings
Fig. 1 is the process flow diagram of the embodiment of a kind of method for protecting software provided by the present invention.
Fig. 2 is the structural drawing of the embodiment of a kind of software protecting equipment provided by the present invention.
Embodiment
For making purpose of the present invention, technical scheme and advantage clearer, below with reference to the accompanying drawing embodiment that develops simultaneously, scheme of the present invention is described in further detail.
Core concept of the present invention is: a part of code in the protected software is migrated in the secure virtual machine; simultaneously; a part that migrates to the code in the secure virtual machine is migrated in the encryption lock; therefore will combine effectively based on the Software Protection Technique and the hardware based resist technology of virtual machine; fully drawn the advantage of two kinds of resist technologies; and the shortcoming separately that remedies mutually, improved the intensity of software protection.
Fig. 1 is the process flow diagram of the embodiment of a kind of method for protecting software provided by the present invention; this method is used for protected software is protected; described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively; N is a positive integer; described protected running software is in software platform; in described software platform secure virtual machine is set, described encryption lock also is connected with software platform.
As shown in Figure 1, this method may further comprise the steps:
Step 101, with a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is converted into the instruction of secure virtual machine and migrates in the secure virtual machine, one or more code segments in the described first transplanted code as the second transplanted code, are converted into the instruction of encryption lock with the second transplanted code and migrate in the encryption lock.
In this step, instruction method for transformation and implantation method are content of the prior art, will not give unnecessary details herein.For example, the first transplanted code is converted into the instruction of secure virtual machine and the process that migrates in the secure virtual machine may manual be carried out, also may carries out automatically.Manual mode is exactly that user oneself writes code again with the instruction of secure virtual machine; automated manner can be handled protected software source code or compiled binary code by existing instrument; be converted into the instruction of secure virtual machine; for example the x86 in compiled file instruction can be converted to one by one virtual machine instruction sequence (x86 instruction ADD EAX for example; 2 can convert virtual machine instruction sequence SET M1, SET M2 and ADD M1 to; M2), can reduce the difficulty of exploitation protection scheme like this.
In like manner, the second transplanted code be converted into the instruction of encryption lock and migrate to migration process in the encryption lock can be manual also can be automatic, for example encryption lock also can provide under the situation of secure virtual machine instruction operation environment, so just can directly select partial code to be put in the encryption lock from secure virtual machine automatically and carry out.
Because the advantage of encryption lock is that security is than higher, shortcoming is to be subject to the limitation of hardware performance, transplanted code can not require too high to operational efficiency and resource, and the advantage of secure virtual machine is that operational efficiency is than higher, shortcoming is that security is lower, therefore, the first transplanted code that moves in secure virtual machine can be for to the demanding code of operational efficiency, the second transplanted code that moves in encryption lock can be less demanding for efficient, but the enough complicated code of logic.For example, the second transplanted code can be higher than the requirement of the first transplanted code to security to the requirement of security, and the first transplanted code can be higher than the requirement of the second transplanted code to operational efficiency to the requirement of operational efficiency.
The selection of the first transplanted code and the second transplanted code also can be dynamic, and for example which code secure virtual machine decides carry out in encryption lock according to travelling speed, storage space, the arithmetic capability of current platform in protected running software.
Certainly, the present invention does not limit the concrete property of the first transplanted code and the second transplanted code, and the characteristic of the above-mentioned first transplanted code and the second transplanted code only is embodiment.
Step 102; protected software is carried out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; protected software transfer secure virtual machine is carried out the first transplanted code; after secure virtual machine is finished execution result is back to protected software; when secure virtual machine is carried out the described first transplanted code; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; secure virtual machine calls encryption lock and carries out the described second transplanted code, after encryption lock is finished execution result is back to secure virtual machine.
Wherein, calling the method that encryption lock, secure virtual machine and result return is the content of prior art, will not give unnecessary details herein.
As seen; the present invention is from the angle of security; the cracker at first must find the secure virtual machine instruction of the first transplanted code correspondence and the mapping relations of protected software instruction to analyze the code in the secure virtual machine; even and analyze mapping relations; the second transplanted code moves in encryption lock again, and based on the security of encryption lock hardware, the cracker can't follow the tracks of this section code; obviously, the level of security of overall plan is secure like this.
So far, this flow process finishes.
The present invention also can further comprise: before step 101; the present invention also can also migrate to a part of code in the code of secure virtual machine itself in the encryption lock; because the code in the encryption lock can't be followed the tracks of; so the work of reduction secure virtual machine framework just has bigger threshold, thereby also can improve the safety of the code that is subjected to the secure virtual machine protection.The length of described a part of code is unqualified, decides as the case may be.
Below, by an embodiment technical scheme of the present invention is elaborated.
Suppose that software platform is the S system on the computing machine; protected software and secure virtual machine all run in the S system in this calculating; encryption lock is connected with S system on the computing machine; protected software is used for continuous execution in step 1,2,3,4,5; the corresponding code segment a of step 1, the corresponding code segment b of step 2, the corresponding code segment c of step 3; the corresponding code segment d of step 4, the corresponding code segment e of step 5.
Can be with code segment a, b, c, d as the first transplanted code, the first transplanted code is converted into the discernible instruction of virtual machine and migrates in the secure virtual machine.Simultaneously, code segment a, the b in the protected software, c, d replace with call function f (x1), and f (x1) is used for representing to call code segment a, b, c, the d of virtual machine.
If code segment a to security requirement than higher, then can be with code segment a as the second transplanted code, the second transplanted code be converted into the discernible instruction of encryption lock and migrate in the encryption lock.Code segment a in the virtual machine replaces with call function f (x2), and f (x2) is used for representing to call the code segment a of encryption lock.When run time version section a, b, c, d, e desire in protected software S system on computers; at first move f (x1) and call the secure virtual machine execution; when secure virtual machine is desired run time version section a; operation f (x2) calls encryption lock and carries out; after encryption lock is finished execution result is back to virtual machine; secure virtual machine is followed run time version section b, c, d then, after secure virtual machine is finished execution result is back to protected software, protected then software run time version section e.
So far, introduction finishes to present embodiment.
Fig. 2 is the structural drawing of the embodiment of a kind of software protecting equipment provided by the present invention; this device is used for protected software is protected; described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively; N is a positive integer; as shown in Figure 2; this device comprises: software platform 201 and encryption lock 202, described software platform 201 comprises: secure virtual machine unit 203, performance element 204, transplanting unit 205 and interface unit 206.
Described performance element 204 is used to store protected software;
Described transplanting unit 205, with a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is moved 206 by interface unit plant to secure virtual machine unit 203, the one or more code segments in the described first transplanted code are migrated in the encryption lock 202 by interface unit 206 as the second transplanted code;
Described secure virtual machine unit 203 is used to receive the described first transplanted code, is translated into the instruction of self;
Described encryption lock 202 is used to receive the described second transplanted code, is translated into the instruction of self.
Described performance element 204; be further used for controlling protected software and carry out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; performance element calls secure virtual machine unit 203 by interface unit 206 and carries out the first transplanted code; after being finished, secure virtual machine unit 203 execution result is back to performance element 204 by interface unit 206; when the described first transplanted code is carried out in secure virtual machine unit 203; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; secure virtual machine unit 203 calls encryption lock 202 by interface unit 206 and carries out the described second transplanted code, and encryption lock is held and by interface unit execution result is back to virtual machine unit 203 after 202 row finish.
But, will not give unnecessary details about the detailed introduction reference method explanation partly of device part herein.
To sum up; in the present invention; first with a plurality of code segments in N the code segment of protected software as the first transplanted code; the first transplanted code is converted into the discernible instruction of secure virtual machine and migrates in the secure virtual machine; with the one or more code segments in the described first transplanted code as the second transplanted code; the second transplanted code is converted into the discernible instruction of encryption lock and migrates in the encryption lock; in the process of protected software run time version; when if the code segment that desire is carried out is the first transplanted code; protected software transfer secure virtual machine is carried out the first transplanted code; when secure virtual machine is carried out the described first transplanted code; if when the code segment that desire is carried out was the second transplanted code in the first transplanted code, secure virtual machine called encryption lock and carries out the described second transplanted code.As seen, the present invention will organically combine based on the Software Protection Technique and the hardware based resist technology of secure virtual machine, has fully drawn the advantage of two kinds of resist technologies, and the shortcoming separately that remedies mutually, has improved the intensity of software protection.
Further; the code that moves in secure virtual machine can be for to the demanding code of operational efficiency; the code that moves in encryption lock can be less demanding for efficient; but the code that logic is enough complicated; the top efficiency that the efficient of code operation can reach near the virtual machine resist technology among the present invention then; and protection intensity can be near the highest protection intensity of the theory sum of virtual machine resist technology and encryption lock resist technology, and operational efficiency and safety can be taken into account.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (5)
1. method for protecting software; this method is used for protected software is protected; described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively; N is a positive integer; described protected running software is characterized in that in software platform, in described software platform secure virtual machine is set; described encryption lock also is connected with software platform, and this method comprises:
With a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is converted into the instruction of secure virtual machine and migrates in the secure virtual machine, one or more code segments in the described first transplanted code as the second transplanted code, are converted into the instruction of encryption lock with the second transplanted code and migrate in the encryption lock.
2. method according to claim 1, it is characterized in that, the first transplanted code is converted into the instruction of secure virtual machine and migrates in the secure virtual machine, and with the one or more code segments in the described first transplanted code as the second transplanted code, after the second transplanted code was converted into the instruction of encryption lock and migrates in the encryption lock, this method further comprised:
Protected software is carried out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; protected software transfer secure virtual machine is carried out the first transplanted code; after secure virtual machine is finished execution result is back to protected software; when secure virtual machine is carried out the described first transplanted code; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; secure virtual machine calls encryption lock and carries out the described second transplanted code, after encryption lock is finished execution result is back to secure virtual machine.
3. method according to claim 1 and 2 is characterized in that, this method further comprises: in advance a part of code in the code of secure virtual machine itself is migrated in the encryption lock.
4. software protecting equipment, this device is used for protected software is protected, described protected software comprises code segment 1, the 2...N that arranges according to execution sequence successively, N is a positive integer, it is characterized in that, this device comprises: software platform and encryption lock, and described software platform comprises: secure virtual machine unit, performance element, transplanting unit and interface unit; Wherein,
Described performance element is used to store protected software;
Described transplanting unit, with a plurality of code segments in N the code segment as the first transplanted code, the first transplanted code is migrated in the secure virtual machine unit by interface unit, the one or more code segments in the described first transplanted code are migrated in the encryption lock by interface unit as the second transplanted code;
Described secure virtual machine unit is used to receive the described first transplanted code, is translated into the instruction of self;
Described encryption lock is used to receive the described second transplanted code, is translated into the instruction of self.
5. device according to claim 4; it is characterized in that; described performance element; be further used for controlling protected software and carry out N code segment successively; wherein; when if the code segment that desire is carried out is the first transplanted code; performance element calls the secure virtual machine unit by interface unit and carries out the first transplanted code; after being finished, the secure virtual machine unit execution result is back to performance element by interface unit; when the described first transplanted code is carried out in the secure virtual machine unit; when if the code segment that desire is carried out is the second transplanted code in the first transplanted code; the secure virtual machine unit calls encryption lock by interface unit and carries out the described second transplanted code, by interface unit execution result is back to the secure virtual machine unit after encryption lock is finished.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110106691XA CN102214281A (en) | 2011-04-27 | 2011-04-27 | Software protecting method and device |
| PCT/CN2012/071528 WO2012146080A1 (en) | 2011-04-27 | 2012-02-23 | Software protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110106691XA CN102214281A (en) | 2011-04-27 | 2011-04-27 | Software protecting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102214281A true CN102214281A (en) | 2011-10-12 |
Family
ID=44745583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110106691XA Pending CN102214281A (en) | 2011-04-27 | 2011-04-27 | Software protecting method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102214281A (en) |
| WO (1) | WO2012146080A1 (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012146080A1 (en) * | 2011-04-27 | 2012-11-01 | 北京深思洛克软件技术股份有限公司 | Software protection method and device |
| CN102831342A (en) * | 2012-07-28 | 2012-12-19 | 北京深思洛克软件技术股份有限公司 | Method for improving protection strength of application program in Android system |
| CN103164641A (en) * | 2011-12-08 | 2013-06-19 | 北京深思洛克软件技术股份有限公司 | Calling method of software protection device external codes |
| CN103218551A (en) * | 2013-05-03 | 2013-07-24 | 飞天诚信科技股份有限公司 | Method for protecting java programs |
| CN107292131A (en) * | 2017-06-21 | 2017-10-24 | 北京深思数盾科技股份有限公司 | Method for protecting software and device |
| CN107368286A (en) * | 2011-12-19 | 2017-11-21 | 英特尔公司 | SIMD multiplication of integers accumulated instructions for multiple precision arithmetic |
| CN107391086A (en) * | 2011-12-23 | 2017-11-24 | 英特尔公司 | The apparatus and method for improving displacement instruction |
| US10719316B2 (en) | 2011-12-23 | 2020-07-21 | Intel Corporation | Apparatus and method of improved packed integer permute instruction |
| US11275583B2 (en) | 2011-12-23 | 2022-03-15 | Intel Corporation | Apparatus and method of improved insert instructions |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101038611A (en) * | 2006-03-14 | 2007-09-19 | 北京深思洛克数据保护中心 | Software protection method |
| CN101201883A (en) * | 2007-09-18 | 2008-06-18 | 北京赛柏科技有限责任公司 | Software protection method based on virtual machine |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100461200C (en) * | 2006-12-22 | 2009-02-11 | 北京飞天诚信科技有限公司 | Method and device for realizing software protection in software protector |
| CN102214281A (en) * | 2011-04-27 | 2011-10-12 | 北京深思洛克软件技术股份有限公司 | Software protecting method and device |
-
2011
- 2011-04-27 CN CN201110106691XA patent/CN102214281A/en active Pending
-
2012
- 2012-02-23 WO PCT/CN2012/071528 patent/WO2012146080A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101038611A (en) * | 2006-03-14 | 2007-09-19 | 北京深思洛克数据保护中心 | Software protection method |
| CN101201883A (en) * | 2007-09-18 | 2008-06-18 | 北京赛柏科技有限责任公司 | Software protection method based on virtual machine |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012146080A1 (en) * | 2011-04-27 | 2012-11-01 | 北京深思洛克软件技术股份有限公司 | Software protection method and device |
| CN103164641A (en) * | 2011-12-08 | 2013-06-19 | 北京深思洛克软件技术股份有限公司 | Calling method of software protection device external codes |
| CN107368286B (en) * | 2011-12-19 | 2020-11-06 | 英特尔公司 | SIMD integer multiply-accumulate instruction for multi-precision arithmetic |
| CN107368286A (en) * | 2011-12-19 | 2017-11-21 | 英特尔公司 | SIMD multiplication of integers accumulated instructions for multiple precision arithmetic |
| US10719316B2 (en) | 2011-12-23 | 2020-07-21 | Intel Corporation | Apparatus and method of improved packed integer permute instruction |
| US11354124B2 (en) | 2011-12-23 | 2022-06-07 | Intel Corporation | Apparatus and method of improved insert instructions |
| US11347502B2 (en) | 2011-12-23 | 2022-05-31 | Intel Corporation | Apparatus and method of improved insert instructions |
| US11275583B2 (en) | 2011-12-23 | 2022-03-15 | Intel Corporation | Apparatus and method of improved insert instructions |
| CN107391086A (en) * | 2011-12-23 | 2017-11-24 | 英特尔公司 | The apparatus and method for improving displacement instruction |
| CN102831342A (en) * | 2012-07-28 | 2012-12-19 | 北京深思洛克软件技术股份有限公司 | Method for improving protection strength of application program in Android system |
| CN102831342B (en) * | 2012-07-28 | 2016-01-06 | 北京深思数盾科技有限公司 | A kind of method improving application program protection intensity in Android system |
| WO2014176950A1 (en) * | 2013-05-03 | 2014-11-06 | 飞天诚信科技股份有限公司 | Method for protecting java programs |
| US9665730B2 (en) | 2013-05-03 | 2017-05-30 | Feitian Technologies Co., Ltd. | Method for protecting java program |
| CN103218551B (en) * | 2013-05-03 | 2016-04-06 | 飞天诚信科技股份有限公司 | A kind of method protecting java program |
| CN103218551A (en) * | 2013-05-03 | 2013-07-24 | 飞天诚信科技股份有限公司 | Method for protecting java programs |
| CN107292131A (en) * | 2017-06-21 | 2017-10-24 | 北京深思数盾科技股份有限公司 | Method for protecting software and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012146080A1 (en) | 2012-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102214281A (en) | Software protecting method and device | |
| CN108614960B (en) | JavaScript virtualization protection method based on front-end byte code technology | |
| CN101359352B (en) | API use action discovering and malice deciding method after confusion of multi-tier synergism | |
| US9495720B2 (en) | Method and apparatus for compiling and executing an application using virtualization in a heterogeneous system | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| KR101861341B1 (en) | Deobfuscation apparatus of application code and method of deobfuscating application code using the same | |
| CN107341374B (en) | Insertion method and device of opaque predicates | |
| CN1755647A (en) | Test automation stack layering | |
| CN101299192B (en) | Non-aligning access and storage processing method | |
| CN103761476A (en) | Characteristic extraction method and device | |
| CN104298534B (en) | Programmed method and device based on Lua language | |
| CN106406945A (en) | Method and electronic equipment for loading so file of android system | |
| CN107632832A (en) | One kind obscures method towards dalvik bytecode controlling streams | |
| CN106020905A (en) | Microcontroller firmware developing and updating method and system | |
| CN103413074A (en) | Method and device for protecting software through API | |
| CN106055404A (en) | Method and device for cleaning up background application programs | |
| CN107577925B (en) | Based on the virtual Android application program guard method of dual ARM instruction | |
| CN109711118A (en) | A kind of iOS safe compiler and safe Compilation Method based on plug-in unit | |
| CN103106356B (en) | A kind of method of generating code raising software protection intensity in security context | |
| CN103677746B (en) | Instruction recombination method and device | |
| CN103246561A (en) | Real-time virtual machine shifting technology based on XEN | |
| CN104751026A (en) | Software protection method and software application method of android system, and related devices | |
| CN115756480A (en) | Android application reinforcement method, system and equipment | |
| CN106301974A (en) | A kind of website back door detection method and device | |
| CN102508694B (en) | Method and system for operating file of virtual machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20111012 |