CN103324870B - A kind of guard method of java applet - Google Patents
A kind of guard method of java applet Download PDFInfo
- Publication number
- CN103324870B CN103324870B CN201310270708.4A CN201310270708A CN103324870B CN 103324870 B CN103324870 B CN 103324870B CN 201310270708 A CN201310270708 A CN 201310270708A CN 103324870 B CN103324870 B CN 103324870B
- Authority
- CN
- China
- Prior art keywords
- file
- decrypted result
- length
- call back
- back function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The present invention discloses the guard method of a kind of java applet, relates to information security field.The method includes, W1: call back function receives parameter and therefrom obtains file size and file, it may be judged whether be first time load document, if it is, perform W2;Otherwise, W3 is performed;W2: judge whether encryption lock to be detected, if it is, set up data communication with encryption lock, by initialisation identifications set, obtains decruption key from encryption lock and preserves to buffer area, then performing W3;Otherwise, fault processing is carried out;W3: judge whether file is destroyed, if destroyed, then prompting file is destroyed, and carries out fault processing;Otherwise, from buffer area, obtain decruption key, according to decipherment algorithm and decruption key, described file is decrypted, obtains decrypted result, and obtain decrypted result length, return decrypted result and decrypted result length, return principal function.The beneficial effects of the present invention is, improve the safety of java applet.
Description
Technical field
The present invention relates to information security field, particularly to the guard method of a kind of java applet.
Background technology
Java language is a widest popular programming language, has the biggest user group, its advantage
It is cross-platform and convenient transmission, but the compiling result of java applet is not machine dependent machine
Code, but the byte code files of a kind of Java standard definition, this byte code files saves greatly
The oss message of amount, and this byte code files is easy to be disassembled, and dis-assembling obtains
Source code readability is very strong, which results in the person of harboring evil designs and can arbitrarily distort dis-assembling and obtain
The source code arrived, compiles it into new byte code files the most again and issues, bring to java applet
Potential safety hazard.
Summary of the invention
For solving the defect of prior art, the invention provides the guard method of a kind of java applet.
1, the guard method of a kind of java applet, it is characterised in that include,
When call back function is called, perform step S1 to step S3,
Step S1: described call back function receives parameter and therefrom obtains file size and file, it is judged that institute
Stating file size and whether described file meets pre-conditioned, if met, then performing step S2
, otherwise, return principal function;
Step S2: judge whether described file is destroyed, if destroyed, then prompting file is destroyed
, carry out fault processing, return principal function;Otherwise, step S3 is performed;
Step S3: obtain decipherment algorithm from the loading interpreter at current call back function place, from encryption
Lock obtains decruption key, according to described decipherment algorithm and described decruption key in described file
Ciphertext be decrypted, obtain decrypted result, according to decrypted result obtain decrypted result length,
Return decrypted result and decrypted result length, return principal function;
Or, described step S3 is, obtains ciphertext and send it to set up with it from described file
The encryption lock of data communication, obtains deciphering from the loading interpreter at current call back function place and calculates
Method, and send it to set up the encryption lock of data communication with it, described encryption lock is according to deciphering
Described ciphertext is decrypted by algorithm and decruption key, obtains decrypted result, and described encryption lock will
Described decrypted result returns to described call back function, described call back function receiving and deciphering result, and
Obtaining decrypted result length, described call back function returns decrypted result and decrypted result length, returns
Return principal function.
Also including before described step S1, described call back function judges whether notification event is predeterminable event
, if it is, perform step S1;Otherwise, principal function is returned.
Described file specifically includes, the deception part that pre-sets, reserved byte, encryption identification and
Ciphertext.
Described judge whether described file size and described file meet pre-conditioned, specifically include,
Judge that whether described file size is more than the first preset length, and judge whether described file is
The file of encryption;If it is, described file size and described file meet pre-conditioned, no
Then, described file size and described file do not meet pre-conditioned.
Described first preset length is specifically, the length of length and described reserved byte of described deception part
The result that degree is added;
Described judge whether file is the file encrypted, specifically include, obtain from described file and add
Secret mark is known, if getting encryption identification, and the encryption identification got and predetermined encryption mark
Sensible same, it is determined that file is the file encrypted;Otherwise, it determines be not the file encrypted
。
Described judge whether described file is destroyed, specifically include,
The predeterminated position of the ciphertext from described file obtains the first check value, and ciphertext removes the first school
The part testing value uses specific mode to calculate, and the result of calculation obtained is the second check value,
Judge that described first check value is the most identical with described second check value, if identical, then it represents that
Described file is not destroyed, and otherwise, represents that described file is destroyed.
Also include after obtaining decruption key from encryption lock described in described step S3, initialization is marked
Know set, decruption key is preserved to buffer area;Described initialisation identifications is initially reset state
。
Described step S3 includes,
Judge whether it is first time load document according to initialisation identifications, if it is, perform step S3
;Otherwise, from buffer area, read decruption key, close according to described decipherment algorithm and described deciphering
Ciphertext in described file is decrypted by key, obtains decrypted result, obtains according to decrypted result
Decrypted result length, returns decrypted result and decrypted result length, returns principal function.
Described judge whether it is for the first time load document according to initialisation identifications, specifically include:
Judge whether initialisation identifications is reset state, if it is, determining is first time load document
;Otherwise, it determines be not first time load document.
Technical solution of the present invention have the beneficial effect that this programme is applicable not only to Java desktop programs, also
It is applicable to Java web program.By using Java Virtual Machine to call call back function to bytecode literary composition
Part is decrypted, the byte code files after then virtual machine performs deciphering again, thus improves Ja
The safety of va program.
Accompanying drawing explanation
The method flow diagram of the guard method of a kind of java applet that Fig. 1 provides for embodiment 1;
The method flow diagram of the guard method of a kind of java applet that Fig. 2 provides for embodiment 1.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this
Invention embodiment does and describes in detail further.
In embodiment of the present invention, in loading interpreter, register JVMTI(virtual machine tool interface) return
Letter of transfer number or JVMPI(virtual machine monitor interface) call back function, when performing to load interpreter
, by calling JVMTI or JVMPI call back function, realize the file to having encrypted and be decrypted
。
Embodiment 1
Initialization of virtual machine,
Registration JVMTI_EVENT_CLASS_FILE_LOAD_HOOK event so that virtual machine loading classes
Time call JVMTI call back function;
Or the notification event NotifyEvent of registration JVMPI so that adjust the when of virtual machine loading classes
Use JVMPI call back function.
When JVMTI_EVENT_CLASS_FILE_LOAD_HOOK event registration success, the most not re-registration
The notification event NotifyEvent of JVMPI.
Before JVMTI call back function or JVMPT call back function are called, need to reset initialisation identifications
。
When JVMTI call back function is called, as it is shown in figure 1, perform following operation, specifically include:
Step 101:JVMTI call back function receives parameter, and therefrom obtains file size and file, sentences
It is pre-conditioned whether disconnected file size and file meet first;
It is to perform step 102, no, return principal function.
In the present embodiment, JVMTI call back function is,
JNICALL MyjvmtiEventClassFileLoadHook(jvmtiEnv *jvmti_env,
JNIEnv* jni_env,
jclass class_being_redefined,
jobject loader,
const char* name,
jobject protection_domain,
jint class_data_len,
const unsigned char* class_data,
jint* new_class_data_len,
unsigned char** new_class_data)
Wherein jint class_data_len is file size, const unsigned char*
Class_dataclass is file;
File includes, the deception part that pre-sets, reserved byte, encryption identification, ciphertext;
Judge that file size and file meet the first pre-conditioned needs and meet following condition simultaneously:
1, file size is more than the first preset length, and wherein, the first preset length is the length of deception part
The result that degree is added with the length of reserved byte;
2, file is encrypted, and wherein, the predeterminated position from file obtains encryption identification, it is judged that
File encryption identifies whether to identify, if it is, file is encrypted into predetermined encryption;No
Then, file is encrypted the most.
If meet above-mentioned two condition simultaneously, then file size and file meet first pre-conditioned,
Otherwise, not meet first pre-conditioned for file size and file.
Such as, the file size that JVMTI call back function receives is 2144 bytes, and the file received is
,
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00
0B07002B01……
00000000000000000000……
627452514D653E642F5D007AA36307FF234BE9308E3BC49992DABC1ED36B
3DC4CFE6BDCFC137CFD2414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5
B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549
B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B
BA23B7B750E724FE30A2
65C23048068CAF8E9F33382D891978208014AB73513F9099D58B6A20;
Wherein, deception part totally 859 bytes are
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00
0B07002B01……
Reserved byte totally 256 bytes are 00000000000000000000 ...
Encryption identification totally 10 bytes are 627452514D653E642F5D;
Ciphertext is 925 bytes altogether,
007AA36307FF234BE9308E3BC49992DABC1ED36B3DC4CFE6BDCFC137CFD2
414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5
B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549
B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B
BA23B7B750E724FE30A265C23048068CAF8E9F33382D891978208014AB73
513F9099D58B6A20;
First preset length is 859 bytes of length, 256 words of length with reserved byte of deception part
The result that joint is added, i.e. 1115 bytes, 2144 bytes of file size are preset long more than first
Spend 1115 bytes, meet file size more than the first preset length.
Predeterminated position from file obtains encryption identification, specifically, cheat partial-length and write down characters in advance
The result that the length of joint is added is as initial address, i.e. initial address is 1115, obtains 10 words
The data of joint length are identical with predetermined encryption mark, and meeting file is the file encrypted.
In sum, it is pre-conditioned that the file size received and file meet first.
Step 102: judge whether it is first time load document according to initialisation identifications;
It is to perform step 103;No, perform step 106.
In the present embodiment, concrete, it is judged that whether initialisation identifications resets, if it is represent it is the
Once
Load document;Otherwise, represent it is not first time load document.
Step 103: obtain operation information, it may be judged whether get operation information;
It is to perform step 104;No, prompting does not gets operation information, quits a program.
In the present embodiment, operation information includes, encryption identification, encryption lock type information and fileinfo
;
Obtain operation information, particularly as follows:
JVMTI call back function opens the loading interpreter at current JVMTI call back function place in the way of reading
File, from the acquisition operation information loaded interpreter file opened;
Such as, after opening loading interpreter file in the way of reading, from the end loading interpreter file
Starting to obtain the operation information of 310 byte lengths, the operation information of acquisition is,
627452514D653E642F5D1200BC08040001000000780000004CC4F8C80000
000000000000000000000000000000000000000000000000000000000000
1995EF8B0000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00000000000000007E620D4E305207639A5B8476A052C65B019500000000
000000000000……;
Wherein, encryption identification totally 10 bytes are, 627452514D653E642F5D;
Encryption lock type information and fileinfo be,
1200BC08040001000000780000004CC4F8C8000000000000000000000000
00000000000000000000000000000000000000001995EF8B000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000
000000000000000000007E620D4E305207639A5B8476A052C65B01950000
0000000000000000……;
Step 104: judge whether encryption lock to be detected;
It is to set up data communication with encryption lock, performs step 105;No, report an error, quit a program.
In the present embodiment, it may be judged whether method encryption lock being detected, specifically include A to E:
A: obtain encryption identification, encryption lock type information and fileinfo from operation information;
B: judge the encryption identification got from operation information and the encryption identification got from file
The most identical;
If it is, perform C;Otherwise, expression is not detected by encryption lock.
C: encryption lock type information and fileinfo are write relief area;
D: initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform E;
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if
The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise
, represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
E: judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return D.
Step 105: obtain decruption key from encryption lock, by initialisation identifications set, by decruption key
Preserve to buffer area;
In the present embodiment, after obtaining decruption key, disconnect the data communication with encryption lock.
Such as, the decruption key of acquisition is:
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,
0x0D,0x0E,0x0F,0x11;
Step 106: obtain the first check value from file, uses specific mode calculation document, obtains
Result of calculation is the second check value, it is judged that the first check value and the second check value are the most identical;
It is to perform step 107;No, prompting file is destroyed, and quits a program.
In the present embodiment, from file, obtain the first check value specifically, obtain in file ciphertext
Rear four bytes are the first check value, then to the part removed in ciphertext beyond the first check value
Use CRC32 mode to calculate, obtain the second check value.
Such as, the first check value of acquisition is D58B6A20.
Step 107: distribute the first internal memory;
In the present embodiment, as a example by the call back function in step 101, wherein unsigned char**
New_class_data is the first internal memory.
Step 108: obtain decruption key from buffer area, obtains decipherment algorithm according to operation information, and
According to decipherment algorithm and decruption key, the specified portions in file is deciphered, obtains decrypted result,
And obtain decrypted result length, decrypted result and decrypted result length are preserved to the first internal memory,
Then step 109 is performed;
In the present embodiment, obtain decipherment algorithm according to the encryption identification in operation information, to close in file
Literary composition is decrypted;In step 103 as a example by operation information sample data, obtain and in operation information
The decipherment algorithm that encryption identification 627452514D653E642F5D is corresponding.Wherein, decipherment algorithm bag
Include 3DES, RC4 etc..Decrypted result and decrypted result length are preserved to unsigned char*
* in new_class_data.
Step 109: return the decrypted result in the first internal memory and decrypted result length, prompting deciphering completes
, return principal function;
In the present embodiment, a length of 1015 bytes of decrypted result of return;The decrypted result returned is
,
CAFEBABE0000003100390A0010001B09001C001D07001E0A0003001B0800
1F0A000300200A000F00210800220A000300230A002400250700260A000B
001B0A000B00270A0028002907002A07002B0100063C696E69743E010003
2829560100
04436F646501000F4C696E654E756D6265725461626C650100046D61696E
010016285B4C6A6176612F6C616E672F537472。
When JVMPI call back function is called, as in figure 2 it is shown, perform following operation, specifically include:
Step 201:JVMPI call back function judges whether notification event is predeterminable event;
It is to perform step 202;No, the new-classdata pointer in notification event object is pointed to
Hook-classdata, returns principal function.
In the present embodiment, predeterminable event is JVMPI-EVENT-CLASS-LOAD-HOOK;Such as, JVM
PI call back function is, notifyEvent (JVMPI_Event * event);Pass through event-> e
vent_type == JVMPI_EVENT_CLASS_LOAD_HOOK;Realize judging notification event
Whether it is predeterminable event.
Step 202: receive parameter, and therefrom obtain file size and file, it is judged that file size and literary composition
It is pre-conditioned whether part meets first;
It is to perform step 203;No, return principal function.
In the present embodiment, the file that JVMTI call back function gets includes, deception part, reserved byte
, encryption identification, ciphertext;
Judge that file size and file meet the first pre-conditioned needs and meet following condition simultaneously:
1, file size is more than the first preset length, and wherein, the first preset length is the length of deception part
The result that degree is added with the length of reserved byte, it is preferred that a length of 256 words of reserved byte
Joint;
2, file is the file encrypted, and wherein, the predeterminated position from file obtains encryption identification,
Judge whether file is the file encrypted according to encryption identification, if encryption identification adds for presetting
Secret mark is known, then file is encrypted;Otherwise, file is encrypted the most.
If meeting above-mentioned two condition, then to meet first pre-conditioned, otherwise for file size and file
, it is pre-conditioned that file size and file do not meet first.
Such as, reception parameter is JVMPI-EVENT, according to event-> u.class_load_hook.cl
ass_data_len;Obtaining file size, the file size of acquisition is 2144 bytes;According to
Event-> u.class_load_hook.class_data obtains file, and the file of acquisition is,
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00
0B07002B01……
00000000000000000000……
627452514D653E642F5D007AA36307FF234BE9308E3BC49992DABC1ED36B
3DC4CFE6BDCFC137CFD2414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5
B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549
B7D38AA3A27B068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96B
BA23B7B750E724FE30A265C23048068CAF8E9F33382D891978208014AB73
513F9099D58B6A20;
Wherein, deception part totally 859 bytes are
CAFEBABE0010001B001D07001E0003001B002400250700260A000B001B00
0B07002B01……
Reserved byte totally 256 bytes are 00000000000000000000 ...
Encryption identification totally 10 bytes are 627452514D653E642F5D;
Ciphertext totally 925 bytes are
007AA36307FF234BE9308E3BC49992DABC1ED36B3DC4CFE6BDCFC137CFD2
414……
71A2B76A98064046091D6A425ACD298D70875B2BE5AB81A1A352E0A4D5A5
B69D26577B4963292794D9208EEE511E12A6D87165AA1CF8DDEA4220F549
B7D38AA3A27B
068888BBDCAAEC4C3C10DF32FBF48EEBD6714E0141CFA96BBA23B7B750E7
24FE30A265C23048068CAF8E9F33382D891978208014AB73513F9099D58B
6A20;
First preset length is 859 bytes of length, 256 words of length with reserved byte of deception part
The result that joint is added, i.e. 1115 bytes, 2144 bytes of file size are preset long more than first
Spend 1115 bytes, meet file size more than the first preset length.
Encryption identification is obtained, specifically, cheat the length phase of partial-length and reserved byte from file
The result added is as initial address, i.e. initial address is 1115, obtains the number of 10 byte lengths
According to identical with predetermined encryption mark, meeting file is the file encrypted.
In sum, it is pre-conditioned that the file size received and file meet first.
Step 203: judge whether it is first time load document according to initialisation identifications;
It is to perform step 204;No, perform step 207.
In the present embodiment, concrete, it is judged that whether initialisation identifications resets, if it is represent it is the
Load document;Otherwise, represent it is not first time load document.
Step 204: obtain operation information, it may be judged whether get operation information;
It is to perform step 205;No, prompting does not gets operation information, quits a program.
In the present embodiment, operation information includes, encryption identification, encryption lock type information and fileinfo
;
Obtain operation information, particularly as follows:
JVMPI call back function opens the loading interpreter at current JVMPI call back function place in the way of reading
File, from the acquisition operation information loaded interpreter file opened;
Such as, after opening loading interpreter file in the way of reading, from the end loading interpreter file
Starting to obtain the operation information of 310 byte lengths, the operation information of acquisition is,
627452514D653E642F5D1200BC08040001000000780000004CC4F8C80000
000000000000000000000000000000000000000000000000000000000000
1995EF8B0000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
00007E620D4E305207639A5B8476A052C65B019500000000000000000000
……;
Wherein, encryption identification totally 10 bytes are, 627452514D653E642F5D;
Encryption lock type information and fileinfo be,
1200BC08040001000000780000004CC4F8C8000000000000000000000000
00000000000000000000000000000000000000001995EF8B000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000000000007E62
0D4E305207639A5B8476A052C65B019500000000000000000000……;
Step 205: judge whether encryption lock to be detected;
It is to set up data communication with encryption lock, performs step 206;No, report an error, quit a program.
In the present embodiment, it may be judged whether detect that the concrete grammar of encryption lock is identical with step 104.
Step 206: obtain decruption key from encryption lock, by initialisation identifications set, by decruption key
Preserve to buffer area;
In the present embodiment, after obtaining decruption key, disconnect the data communication with encryption lock.
Such as, the decruption key of acquisition is:
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,
0x0D,0x0E,0x0F,0x11;
Step 207: obtain the first check value from file, uses specific mode calculation document, obtains
Result of calculation is the second check value, it is judged that the first check value and the second check value are the most identical;
It is to perform step 208;No, prompting file is destroyed, and quits a program.
In the present embodiment, from file, obtain the first check value specifically, obtain in file ciphertext
Rear four bytes are the first check value, then to the part removed in ciphertext beyond the first check value
Use CRC32 mode to calculate, obtain the second check value.
Such as, the first check value obtained from file is D58B6A20.
Step 208: distribute the second internal memory;
In the present embodiment, according to event-> u.class_load_hook.malloc_f (event-> u.c
lass_load_hook.class_data_len-14-clsLen);Realize distribution the second internal memory.
Step 209: obtain decruption key from buffer area, obtains decipherment algorithm according to operation information, and
According to decipherment algorithm and decruption key, the specified portions in file is deciphered, obtains decrypted result,
And obtain decrypted result length, decrypted result and decrypted result length are preserved to the second internal memory,
Then step 210 is performed;
In the present embodiment, obtain decipherment algorithm according to the encryption identification in operation information, to close in file
Literary composition is decrypted;Wherein, decipherment algorithm includes 3DES, RC4 etc..According to event-> u.clas
s_load_hook.new_class_data_len =
event->u.class_load_hook.class_data_len-14-clsLen;Obtain deciphering knot
Really length;According to event-> u.class_load_hook.new_class_data=buf;
Decrypted result and decrypted result length are preserved to the second internal memory.
Step 210: return the decrypted result in the second internal memory and decrypted result length, prompting deciphering completes
, return principal function;
In the present embodiment, a length of 1015 bytes of decrypted result of return;The decrypted result returned is
,
CAFEBABE0000003100390A0010001B09001C001D07001E0A0003001B0800
1F0A000300200A000F00210800220A000300230A002400250700260A000B
001B0A000B00270A0028002907002A07002B0100063C696E69743E010003
282956010004436F646501000F4C696E654E756D6265725461626C650100
046D61696E010016285B4C6A6176612F6C616E672F537472。
It should be noted that in embodiment of the present invention, when the first call back function is called, operation
Method is as follows,
Step W1: the first call back function receives parameter and therefrom obtains file size and file, it is judged that literary composition
It is first pre-conditioned whether part length and file meet, if met, then performs step W2;No
Then, principal function is returned;
Step W2: detection encryption lock, if be detected that encryption lock, then sets up data communication with encryption lock
, the ciphertext of acquisition from file, and ciphertext is sent to encryption lock, then perform step W3;
Step W3: encryption lock receives ciphertext, deciphers ciphertext according to decruption key and decipherment algorithm,
To decrypted result, return decrypted result;
Step W4: the first call back function receiving and deciphering result, obtains decrypted result according to decrypted result long
Degree, returns decrypted result length and decrypted result, and decrypted result and decrypted result length is protected
Deposit to the first internal memory, point out successful decryption, return principal function;
When the second call back function is called, operational approach is as follows,
Step V1: the second call back function receives parameter and therefrom obtains file size and file, it is judged that literary composition
It is first pre-conditioned whether part length and file meet, if met, then performs step V2;No
Then, principal function is returned;
Step V2: detection encryption lock, if be detected that encryption lock, then sets up data communication with encryption lock
, from
The ciphertext obtained in file, and ciphertext is sent to encryption lock, then perform step V3;
Step V3: encryption lock receives ciphertext, deciphers ciphertext according to decruption key and decipherment algorithm,
To decrypted result, return decrypted result;
Step V4: the second call back function receiving and deciphering result, obtains decrypted result according to decrypted result long
Degree, returns decrypted result length and decrypted result, and decrypted result and decrypted result length is protected
Deposit to the second internal memory, point out successful decryption, return principal function;Above-mentioned embodiment is equally
Realize the object of the invention.
It should be noted that in embodiment of the present invention, when the first call back function is called, step
Determining it is first time load document in 102, performing step 104 '.
Step 104 ': judge whether encryption lock to be detected, lead to if it is, set up data with encryption lock
Letter, performs step 105 to step 107;Otherwise, fault processing is carried out.
Wherein, it may be judged whether method encryption lock being detected, including A ' to B ',
A ': initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform B ';
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if
The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise
, represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
B ': judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return A '.
Corresponding step 108 replaces with 108 ';
Step 108 ': from buffer area, obtain decruption key, according to default decipherment algorithm and decruption key
Specified portions in file is decrypted, obtains decrypted result, and obtain decrypted result length
, decrypted result and decrypted result length are preserved to the first internal memory;Then step 109 is performed.
When the second call back function is called, step 203 is determining it is load document, execution for the first time
Step
Rapid 205 '.
Step 205 ': judge whether encryption lock to be detected, lead to if it is, set up data with encryption lock
Letter, performs step 206 to step 208;Otherwise, fault processing is carried out.
Wherein, it may be judged whether method encryption lock being detected, including A ' ' to B ' ',
A ' ': initialization encryption is locked, it may be judged whether successful initialization encryption lock;
It is, then it represents that encryption lock detected;No, search encryption lock number of times and add 1, perform B ' ';
Wherein, the value returning data according to encryption lock judges whether successful initialization encryption lock, if
The value of the data that encryption lock returns is preset value, then it represents that successful initialization encryption lock;Otherwise
, represent that unsuccessful initialization encryption is locked;Preferably, preset value is 0.
B ' ': judge whether to search encryption lock number of times more than preset times;
It is, then it represents that be not detected by encryption lock;No, return A ' '.
Corresponding step 209 replaces with 209 ';
Step 209 ': from buffer area, obtain decruption key, according to default decipherment algorithm and decruption key
Specified portions in file is decrypted, obtains decrypted result, and obtain decrypted result length
, decrypted result and decrypted result length are preserved to the first internal memory;Then step 210 is performed.
Above-mentioned embodiment equally realizes the object of the invention.
It should be noted that report an error, quit a program, it is also possible to for, carry out fault processing, then return
Return principal function.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention not office
Being limited to this, any those familiar with the art is in the technical scope that the invention discloses
, change can be readily occurred in or replace, all should contain within protection scope of the present invention.Therefore
, protection scope of the present invention should described be as the criterion with scope of the claims.
Claims (9)
1. the guard method of a java applet, it is characterised in that include,
When call back function is called, perform step S1 to step S3,
Step S1: described call back function receives parameter and therefrom obtains file size and file, it is judged that described literary composition
Whether part length and described file meet pre-conditioned, if met, then perform step S2, otherwise, return
Principal function;
Step S2: judge whether described file is destroyed, if broken
Bad, then prompting file is destroyed, and carries out fault processing, returns principal function;Otherwise, step S3 is performed;
Step S3: obtain decipherment algorithm from the loading interpreter at current call back function place, from encryption lock
Obtain decruption key, according to described decipherment algorithm and described decruption key, the ciphertext in described file is solved
Close, obtain decrypted result, obtain decrypted result length according to decrypted result, return decrypted result and deciphering knot
Really length, returns principal function;
Or, described step S3 is, obtains ciphertext and send it to set up with it data from described file
The encryption lock of communication, obtains decipherment algorithm from the loading interpreter at current call back function place, and by described
Decipherment algorithm is sent to set up the encryption lock of data communication with it, described encryption lock according to described decipherment algorithm and
Described ciphertext is decrypted by decruption key, obtains decrypted result, and described decrypted result is returned by described encryption lock
Back to described call back function, described call back function receiving and deciphering result, and obtain decrypted result length, described
Call back function returns decrypted result and decrypted result length, returns principal function;
Described call back function is specially JVMTI call back function or JVMPI call back function.
2. the method for claim 1, it is characterised in that when described call back function is specially JVMPI
During call back function, also including before described step S1, described call back function judges whether notification event is default
Event, if it is, perform step S1;Otherwise, principal function is returned.
3. the method for claim 1, it is characterised in that
Described file specifically includes, deception part, reserved byte, encryption identification and the ciphertext pre-set.
4. method as claimed in claim 3, it is characterised in that
Described judge whether described file size and described file meet pre-conditioned, specifically include,
Judge that whether described file size is more than the first preset length, and judge whether described file is to encrypt
File;If it is, described file size and described file meet pre-conditioned, otherwise, described file
Length and described file do not meet pre-conditioned.
5. method as claimed in claim 4, it is characterised in that
Described first preset length is specifically, the length phase of length and described reserved byte of described deception part
The result added;
Described judge whether file is the file encrypted, specifically include, obtain from described file and add secret mark
Knowing, if getting encryption identification, and the encryption identification got is identical with predetermined encryption mark, the most really
Determining file is the file encrypted;Otherwise, it determines be not the file encrypted.
6. the method for claim 1, it is characterised in that described judge whether described file is destroyed,
Specifically include,
The predeterminated position of the ciphertext from described file obtains the first check value, and ciphertext removes the first check value
Part use specific mode calculate, the result of calculation obtained is the second check value, it is judged that described first
Check value is the most identical with described second check value, if identical, then it represents that described file would not be destroyed, no
Then, represent that described file is destroyed.
7. the method for claim 1, it is characterised in that from encryption lock described in described step S3
Also include after middle acquisition decruption key, by initialisation identifications set, decruption key is preserved to buffer area;
Described initialisation identifications is initially reset state.
8. method as claimed in claim 7, it is characterised in that described step S3 includes,
Judge whether it is first time load document according to initialisation identifications, if it is, perform step S3;No
Then, from buffer area, decruption key is read, according to described decipherment algorithm and described decruption key to described file
In ciphertext be decrypted, obtain decrypted result, according to decrypted result obtain decrypted result length, return solve
Close result and decrypted result length, return principal function.
9. method as claimed in claim 8, it is characterised in that described judge whether according to initialisation identifications
It is first time load document, specifically includes:
Judge whether initialisation identifications is reset state, if it is, determining is first time load document;No
Then, determine it is not first time load document.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310270708.4A CN103324870B (en) | 2013-07-01 | 2013-07-01 | A kind of guard method of java applet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310270708.4A CN103324870B (en) | 2013-07-01 | 2013-07-01 | A kind of guard method of java applet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103324870A CN103324870A (en) | 2013-09-25 |
CN103324870B true CN103324870B (en) | 2016-08-10 |
Family
ID=49193609
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310270708.4A Active CN103324870B (en) | 2013-07-01 | 2013-07-01 | A kind of guard method of java applet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103324870B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105022936A (en) * | 2014-04-30 | 2015-11-04 | 北京畅游天下网络技术有限公司 | Class file encryption and decryption method and class file encryption and decryption device |
CN106650342B (en) * | 2016-11-29 | 2023-06-23 | 北京握奇智能科技有限公司 | Jar package reinforcement method and system |
CN111273916A (en) * | 2018-12-04 | 2020-06-12 | 北京京东金融科技控股有限公司 | Algorithmic heat deployment method, apparatus, computer system and medium |
CN111654774A (en) * | 2020-06-08 | 2020-09-11 | 歌尔科技有限公司 | Earphone charging box, finding method, system and computer readable storage medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101980160B (en) * | 2010-10-28 | 2013-02-13 | 飞天诚信科技股份有限公司 | Implementing method for encrypted .NET program |
CN102360412B (en) * | 2011-09-26 | 2014-07-02 | 飞天诚信科技股份有限公司 | Method and system for protecting Java source code |
-
2013
- 2013-07-01 CN CN201310270708.4A patent/CN103324870B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN103324870A (en) | 2013-09-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6888011B2 (en) | Mobile device with a reliable execution environment | |
Carvalho et al. | Heartbleed 101 | |
CN103324870B (en) | A kind of guard method of java applet | |
Chatzikonstantinou et al. | Evaluation of cryptography usage in android applications | |
CN106294102B (en) | Application program testing method, client, server and system | |
CN107169324A (en) | A kind of Android application reinforcement means based on dynamic encryption and decryption | |
CN103310150A (en) | Method and device for detecting portable document format (PDF) vulnerability | |
Saltaformaggio et al. | Screen after Previous Screens:{Spatial-Temporal} Recreation of Android App Displays from Memory Images | |
Apostolopoulos et al. | Discovering authentication credentials in volatile memory of android mobile devices | |
US10205739B2 (en) | Security protocol monitoring | |
CN105827574A (en) | File access system, file access method and file access device | |
CN105930728B (en) | A kind of application checking method and device | |
CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
CN105653902B (en) | Software registration method and device register code generating method and device | |
CN107169318A (en) | A kind of method and device of application security protection | |
Zhou et al. | Ui obfuscation and its effects on automated ui analysis for android apps | |
CN106789051B (en) | method, device and computing equipment for protecting files | |
CN109344656A (en) | A kind of data encrypting/de-encrypling method of database, device and equipment | |
Graf et al. | Checking applications using security APIs with JOANA | |
CN113467784A (en) | Application program processing method and device and computer readable storage medium | |
CN108985096A (en) | A kind of enhancing of Android SQLite database security, method for safely carrying out and device | |
CN106874748A (en) | A kind of method and apparatus that user data is provided | |
CN106856497A (en) | The binding method and device of a kind of mobile device and accessory | |
CN103034811A (en) | File processing method and system and device | |
CN102722682B (en) | Protection method for Excel document |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |