CN103500312B - A kind of anti-flash method - Google Patents
A kind of anti-flash method Download PDFInfo
- Publication number
- CN103500312B CN103500312B CN201310507201.6A CN201310507201A CN103500312B CN 103500312 B CN103500312 B CN 103500312B CN 201310507201 A CN201310507201 A CN 201310507201A CN 103500312 B CN103500312 B CN 103500312B
- Authority
- CN
- China
- Prior art keywords
- kernel
- condition code
- brush machine
- driven
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 13
- 238000012795 verification Methods 0.000 claims abstract description 5
- 230000005856 abnormality Effects 0.000 claims abstract description 4
- 238000001514 detection method Methods 0.000 claims description 8
- 238000004519 manufacturing process Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 8
- 238000000638 solvent extraction Methods 0.000 abstract description 3
- 238000012986 modification Methods 0.000 abstract 1
- 230000004048 modification Effects 0.000 abstract 1
- 230000002093 peripheral effect Effects 0.000 description 2
- 231100000572 poisoning Toxicity 0.000 description 2
- 230000000607 poisoning effect Effects 0.000 description 2
- 206010068052 Mosaicism Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 210000004027 cell Anatomy 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 210000003765 sex chromosome Anatomy 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
Present invention is disclosed a kind of anti-flash methods, include the following steps:One condition code is extracted to the system partitioning after compiling;It is preserved after described document information is encrypted;Detection program is added in device software;The legitimacy that modification kernel-driven is used to ensure to detect program;Detected after booting program ver-ify system area and and kernel communication, if verification failure or communication abnormality, then it is assumed that by brush machine, prevent normal use.The present invention solves the problems, such as the reliability and security of anti-flash, it is ensured that the validity of anti-flash technology.
Description
Technical field
The invention belongs to field of computer technology, it is related to a kind of anti-flash method more particularly to one kind can be used for Android and sets
Standby anti-flash method.
Background technology
Android (Chinese name Android) equipment includes Android phone, tablet, TV etc., under with " Android intelligent machine " letter
Claim, the anti-flash technology of Android device refers to after detecting equipment by brush machine, by preventing equipment normal work (such as weight
Open or make certain key function failures etc.), achieve the purpose that prevent brush machine.The maximum feature of the present invention is true using kernel-driven
Definitely really find whether Android system software is changed.
Android is the maximum smart machine operating system of existing market share, is dominated simultaneously by Google based on Linux
The platform increased income, it provides the Android intelligent machine solution of complete set.All big enterprises of the country have developed at present
A large amount of Android intelligent machine is gone out, but the common problem encountered is middle channel quotient and terminal after mobile phone is produced
Retailer's brush machine is serious, thus brings many software and hardware problems, safety problem, brand image is influenced for producer, increase is sold
Cost afterwards, loss value-added service income;User experience is destroyed by various advertisements for consumer, and telephone expenses are hidden by illegal hidden discount
Private is invaded.
Brush machine and the principle of the present invention are introduced in order to clearer, introduces the software system of Android intelligent machine first here
The composition of system includes mainly several parts as shown in Table 1.
The composition of 1 Android software of intelligent computer system of table
The thing that brush machine is done exactly distorts system area (system.img), replaces or to delete producer preset
Content increases oneself application or background process.Since ordinary consumer can not modify to system area, illegal brush machine person is just
It is that brush machine is carried out in before sales batch by this technological means, to achieve the purpose that seek private interests for a long time.
The drive part of inner core region contains the peripheral driver of equipment, and the peripheral components used in different equipment are different, drives
It is dynamic also just different, therefore to be brush machine person can not change and substitute this partial content.The present invention exactly utilizes this feature, inside
The mechanism for checking and verifying is added in core driving, so that it may effectively to detect whether cell phone system area is tampered.Once it was found that system
Area is tampered, just prevent user normal use (such as restarting equipment or certain key functions of equipment is made to fail, such as allow mobile phone without
Method is made a phone call), to achieve the purpose that anti-flash.
Since Android system emerges, the time is not long, and there is presently no highly developed and safe anti-flash technologies.At present
On the market rare principle of products approximately as:
1) volume production software package is decompressed, software package includes each section enumerated in table 1;
2) rootfs (root file system) part of system area and inner core region is changed, store encryption information wherein and is added
Enter to detect program;
3) system area software and inner core region software are repacked;
4) the detection program increased newly after being switched on verifies system area, restarts hand if finding that system area is tampered
Machine.
The existing most important problem of anti-flash scheme is safety deficiency, it is easy to be cracked and failed by brush machine person.
Can be with reference table 1, existing scheme stores encrypted information and is placed on system area or rootfs, but this two parts is
It can be changed by brush machine person, or even replace completely.That is brush machine person can be changeed back you to the change of this part
(the detection program for such as deleting your addition), or even replacement system area and rootfs completely, you can achieve the purpose that brush machine.This is all right
The process that robber commits theft is shot than having put a high definition DV video cameras at home, as a result robber directly together takes DV away.
In view of this, nowadays there is an urgent need to design a kind of new anti-flash system, to overcome existing anti-flash scheme
Drawbacks described above.
Invention content
The technical problem to be solved by the present invention is to:A kind of anti-flash method is provided, can solve the reliability of anti-flash with
Safety issue, it is ensured that the validity of anti-flash technology.
In order to solve the above technical problems, the present invention adopts the following technical scheme that:
A kind of anti-flash method, described method includes following steps:
Step S11, a condition code of extraction system subregion;
Step S12, it is preserved after described document information being encrypted;
Step S13, detection program is added in device software and is used for check system area;Kernel-driven is changed simultaneously, is used for
With detection interprogram communication, it is ensured that detect the legitimacy of program;
Step S14, program and kernel-driven communication are detected after booting;Program is detected simultaneously using the feature code check preserved
System area;
Once step S15, communication failure or verification failure, then it is assumed that by brush machine, prevent user's normal use.
The beneficial effects of the present invention are:Anti-flash method proposed by the present invention solves the reliability and peace of anti-flash
Full sex chromosome mosaicism, it is ensured that the validity of anti-flash technology.And anti-flash itself can guarantee that value-added service is taken in for producer, safeguard
Brand image reduces after cost;The possibility for reducing user's poisoning for consumer, reduces user and is maliciously deducted fees
Possibility, reduce unnecessary harassing of advertisement etc..
Description of the drawings
Fig. 1 is the flow chart before anti-flash method embodiment manufacture.
Fig. 2 is the flow chart after anti-flash method embodiment manufacture.
Specific implementation mode
The preferred embodiment that the invention will now be described in detail with reference to the accompanying drawings.
Embodiment one
Mainly there is provided a kind of safe and reliable anti-flash methods by the present invention, solve existing anti-flash Product Safety
Difference, the low problem of reliability.Core of the invention thought be using kernel-driven can not by brush machine person change and substitute the characteristics of,
Testing mechanism is added in kernel-driven, once finding that system area is changed, equipment is made to can not work normally, is prevented to reach
The purpose of brush machine.
Due to brush machine, person can not change and replace kernel-driven, and most intuitive method is exactly that detection is added in kernel-driven
Mechanism, specific implementation step are as follows:
Step S11, the condition code of extraction system subregion, for example use CRC;
Step S12, the CRC code is encrypted, is saved in kernel;
Step S13, proving program is added in kernel, for scanning system subregion after powering and calculates CRC;
Step S14, the condition code preserved in decryption 12 in kernel;
Step S15, the condition code that contrast conting comes out and the condition code decrypted;If the two is equal, then it is assumed that do not have
Have by brush machine;If differed, then it is assumed that by brush machine, prevent user's normal use, for example prompt user and restart.
Above-mentioned implementation method safety is very high, but since encrypted condition code is stored in kernel, detection and calculating process
Also all it is to be completed in kernel-driven, it is achieved that trouble of getting up, and flexibility is not good enough.For example the file of system partitioning occurs
Change, to go to regenerate new kernel, this was unnecessary originally.
Based on this consideration, following optimization is done in flow:
Step S21, it is stored in system partitioning encrypted condition code and to the detection program of system area verification;
Step S22, kernel-driven is changed, is allowed to and detection interprogram communication, it is ensured that the legitimacy of detection program itself;
Step S23, kernel-driven and detection program are communicated after booting, are thought if communication abnormality by brush machine,
Prevent user's normal use;
Step S24, program ver-ify system area is detected, thinks to prevent normal use by brush machine if verifying failure;
It please refers to Fig.1, Fig. 2, the concrete scheme of the present embodiment includes:The step after step and manufacture before manufacture.
As shown in Figure 1, before manufacture, the method specifically includes:
Step S101, the condition code in extraction system area;
Step S102, it is preserved after condition code being encrypted;
Step S103, detection program is added in system area, is used for scanning system area, and compare encrypted condition code;
Step S104, checking routine is added in kernel-driven, the legitimacy for ensuring detection program;
Step S105, volume production software is generated;
Step S106, it is burnt to mobile phone, is dispatched from the factory.
As shown in Fig. 2, after manufacture, the method specifically includes:
Step S201, it is switched on;
Step S202, kernel-driven and detection interprogram communication are thought, by brush machine, to prevent user normal if communication failure
It uses;
Step S203, detection program is thought if verifying failure by brush machine using the condition code check system area preserved,
Prevent user's normal use;
Core of the invention is the characteristics of can not being changed and be substituted by brush machine person using linux kernel driving, in kernel
Verification scheme is added, provides a kind of safety and the reliable method changed using kernel prevention Android system software.Specifically
Embodiment can be that all verifying works are directly completed in kernel-driven;Can also kernel-driven be only intended to ensure to examine
The legitimacy of ranging sequence, detection program itself are not placed on kernel-driven.
In conclusion anti-flash method proposed by the present invention, solves the problems, such as the reliability and security of anti-flash, it is ensured that
The validity of anti-flash technology.And anti-flash itself can guarantee that value-added service is taken in, and safeguards brand image for producer, reduce
After cost;The possibility for reducing user's poisoning for consumer, reduces the possibility that user is maliciously deducted fees, reduces
Unnecessary harassing of advertisement etc..
Description and application of the invention herein are illustrative, is not wishing to limit the scope of the invention to above-described embodiment
In.The deformation and change of embodiments disclosed herein are possible, real for those skilled in the art
The replacement and equivalent various parts for applying example are well known.It should be appreciated by the person skilled in the art that not departing from the present invention
Spirit or essential characteristics in the case of, the present invention can in other forms, structure, arrangement, ratio, and with other components,
Material and component are realized.Without departing from the scope and spirit of the present invention, can to embodiments disclosed herein into
The other deformations of row and change.
Claims (2)
1. a kind of anti-flash method, which is characterized in that described method includes following steps:
Step S11, a condition code of extraction system subregion;
Step S12, it is preserved after described document information being encrypted;
Step S13, detection program is added in device software;Kernel-driven and detection interprogram communication are changed simultaneously, for ensuring
Detect the legitimacy of program itself;
Step S14, kernel-driven and detection program are communicated after booting, once communication abnormality, then it is assumed that by brush machine, prevent
Normal use;Program is detected simultaneously using the condition code check system area preserved, once verification failure, then it is assumed that by brush machine,
Prevent normal use.
2. anti-flash method according to claim 1, it is characterised in that:
Before manufacture, the method specifically includes:
Step S101, the condition code in extraction system area;
Step S102, it is preserved after condition code being encrypted;
Step S103, detection program is added in device software, is used for scanning system area, compares encrypted condition code;
Step S104, checking routine is added in kernel-driven, is used for and the detection interprogram communication in S103, it is ensured that detection program does not have
It is tampered;
Step S105, final volume production software is generated;
Step S106, it is burnt to equipment, is dispatched from the factory;
After manufacture, the method specifically includes:
Step S201, it is switched on;
Step S202, kernel-driven and detection interprogram communication are thought, by brush machine, user to be prevented normally to make if noting abnormalities
With;
Step S203, detection program recalculates system area condition code, and is compared with the condition code preserved, if comparing failure
Then think, by brush machine, to prevent user's normal use.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310507201.6A CN103500312B (en) | 2013-10-24 | 2013-10-24 | A kind of anti-flash method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310507201.6A CN103500312B (en) | 2013-10-24 | 2013-10-24 | A kind of anti-flash method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103500312A CN103500312A (en) | 2014-01-08 |
| CN103500312B true CN103500312B (en) | 2018-09-18 |
Family
ID=49865519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310507201.6A Active CN103500312B (en) | 2013-10-24 | 2013-10-24 | A kind of anti-flash method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103500312B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110162308A (en) * | 2019-05-27 | 2019-08-23 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of method and system of intelligent terminal illegal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270287A (en) * | 2011-07-13 | 2011-12-07 | 中国人民解放军海军计算技术研究所 | Trusted software base providing active security service |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN102722669A (en) * | 2012-05-28 | 2012-10-10 | 清华大学 | Completeness verification method of operating system |
| CN103237118A (en) * | 2013-03-26 | 2013-08-07 | 东莞宇龙通信科技有限公司 | Mobile terminal startup method and system, and mobile terminal |
-
2013
- 2013-10-24 CN CN201310507201.6A patent/CN103500312B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102270287A (en) * | 2011-07-13 | 2011-12-07 | 中国人民解放军海军计算技术研究所 | Trusted software base providing active security service |
| CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
| CN102722669A (en) * | 2012-05-28 | 2012-10-10 | 清华大学 | Completeness verification method of operating system |
| CN103237118A (en) * | 2013-03-26 | 2013-08-07 | 东莞宇龙通信科技有限公司 | Mobile terminal startup method and system, and mobile terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103500312A (en) | 2014-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
| CN107852412B (en) | System and method, computer readable medium for phishing and brand protection | |
| US20200280445A1 (en) | Using biometric features for user authentication | |
| US10878096B2 (en) | BIOS startup method and data processing method | |
| CN105653963B (en) | Information display method and device | |
| CN104573525B (en) | A kind of specific information service software leak repair system based on white list | |
| CN104408370B (en) | Android system security verification method and its checking device | |
| US9202057B2 (en) | Systems and methods for identifying private keys that have been compromised | |
| TWI516972B (en) | Method for applying safety verification, applying server, applying client and system | |
| CN102880828B (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
| US9984250B2 (en) | Rollback protection for login security policy | |
| US20140020096A1 (en) | System to profile application software | |
| US10733594B1 (en) | Data security measures for mobile devices | |
| CN102650944A (en) | Operation system security bootstrap device and bootstrap device | |
| CN103761489A (en) | System and method for detecting completeness of file | |
| US8938805B1 (en) | Detection of tampering with software installed on a processing device | |
| CN110245495B (en) | BIOS checking method, configuration method, device and system | |
| CN105117650A (en) | Method and apparatus for protecting system security of mobile terminal | |
| CN107103243B (en) | Vulnerability detection method and device | |
| CN105812313B (en) | Method and server for recovering session and method and device for generating session certificate | |
| CN106789973B (en) | Page security detection method and terminal equipment | |
| CN103500312B (en) | A kind of anti-flash method | |
| WO2016197827A1 (en) | Method and apparatus for processing malicious bundled software | |
| CN108197475B (en) | Malicious so module detection method and related device | |
| US9081938B1 (en) | Systems and methods for determining whether profiles associated with social-networking websites have been compromised |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200212 Address after: 210000 No.18, Pusi Road, Jiangbei new district, Nanjing City, Jiangsu Province Patentee after: Nanjing Zhuowang Information Technology Co., Ltd Address before: 200233 Shanghai City, Xuhui District Road No. 680 Guiping Caohejing Innovation Center building 33, Room 806 Co-patentee before: Wang Fei Patentee before: Wang Zhihai |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: Wang Zhihai Document name: Notice of conformity |