CN104021321A - Reinforcing protection method and device for software installation package - Google Patents
Reinforcing protection method and device for software installation package Download PDFInfo
- Publication number
- CN104021321A CN104021321A CN201410271094.6A CN201410271094A CN104021321A CN 104021321 A CN104021321 A CN 104021321A CN 201410271094 A CN201410271094 A CN 201410271094A CN 104021321 A CN104021321 A CN 104021321A
- Authority
- CN
- China
- Prior art keywords
- code
- installation kit
- file
- reinforcing
- software installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000003014 reinforcing effect Effects 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000009434 installation Methods 0.000 claims abstract description 62
- 230000008569 process Effects 0.000 claims abstract description 28
- 230000002787 reinforcement Effects 0.000 claims description 29
- 239000000284 extract Substances 0.000 claims description 17
- 239000007943 implant Substances 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 abstract description 3
- 230000000694 effects Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000001514 detection method Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 5
- 238000007596 consolidation process Methods 0.000 description 5
- 239000000306 component Substances 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000005457 optimization Methods 0.000 description 4
- 238000012360 testing method Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000000712 assembly Effects 0.000 description 2
- 238000000429 assembly Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012856 packing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000005728 strengthening Methods 0.000 description 2
- 241000283086 Equidae Species 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001846 repelling effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a reinforcing protection method and device for a software installation package. The reinforcing protection method for the software installation package comprises the steps of extracting a global configuration file and an executable file in the software installation package, analyzing the executable file to obtain first codes, inserting protection codes into the first codes to obtain second codes, encrypting the second codes, modifying the global configuration file according to entry points of the protection codes, and repackaging the modified global configuration file and the executable file to generate a reinforced installation package. According to the technical scheme, the protection codes are directly inserted into the codes of the executable file, program entries of the global configuration file are correspondingly modified, then reconfiguration of the executable file is achieved, and therefore in the program running process, the protection codes are executed first so as to carry out corresponding decryption processing; the executable file is processed directly, so that the flexibility of protection of the executable file is improved, and the safety of the software installation package is further improved.
Description
Technical field
The present invention relates to data security field, particularly relate to a kind of method for reinforcing and protecting and device of software installation kit.
Background technology
The development of Android (Android) platform rapidly, become gradually the most universal operating system of mobile terminal, software application number based on is wherein also very huge simultaneously, compare with other mobile terminal operating systems, Android system provides more functional interface for application developer, a lot of system bottom interfaces wherein, improved the extensibility of system, but simultaneously also for Malware is provided convenience, the Malwares such as wooden horse for Android system are also more easily implemented, the existing Malware for Android system can be by the mode of camouflage at present, gain user installation by cheating and authorize certain authority, abuse afterwards these authorities and on backstage, carry out some specific behaviors, comprise that stealing privacy of user gains the behaviors such as rate by cheating.Yet with it and raw safety problem be not but settled properly all the time, security threat is more and more, and threaten degree also progressively deepening, on developer or user has brought bad impact.
And for some normal Android system application, also the safety that exist by illegal copies, reverse-engineering, decompiling, debug, crack, the means such as secondary packing, internal memory intercepting threatens Android system, not only endanger user, caused serious infringement also to normal use developer.
Based on above problem, the safety encryption that has occurred multiple Android application in prior art, by to Android, application is encrypted, anti-decompiling, the reinforcement measures such as anti-Code obfuscation, yet the scheme adopting due to reinforcement means is different, the effect of reinforcing is also different, some can not reach the effect that prevents Brute Force after reinforcing, for example first existing a kind of reinforcement means encrypts the executable file dex of original program bag, then at the dex file that extracts four large module informations generation agencies, when carrying out, program dynamically deciphers original program dex, yet such cipher mode, encrypted packet is separated with former bag, former bag is only encrypt file, can by internal memory unloading, realize cracking of program easily, consolidation effect is limited.
Summary of the invention
In view of the above problems, the present invention has been proposed to provide a kind of reinforcement protection device of the software installation kit that overcomes the problems referred to above or address the above problem at least in part and the method for reinforcing and protecting of corresponding software installation kit.
Further object of the present invention is to improve the consolidation effect of software installation kit, prevents that internal memory from cutting apart.
Another further object of the present invention is to improve compatibility and the reliability of reinforcing rear software installation kit.
According to one aspect of the present invention, provide a kind of method for reinforcing and protecting of software installation kit.The method for reinforcing and protecting of this software installation kit comprises: extract global configuration file and executable file in software installation kit; Resolve executable file, obtain first code; Protecting code is inserted and in first code, obtains second code, and second code is encrypted; According to the entrance of protecting code, revise global configuration file; Amended global configuration file and executable file are repacked to generation reinforcing installation kit.
Alternatively, protecting code comprises the code that executable file is added to shell reconciliation shell.
Alternatively, protecting code also comprise separate shell trigger code and and the collapse code of decompiling instrument; Protecting code is inserted and in first code, obtains second code and comprise: in the code of each class in first code, insert and separate the collapse code that shell triggers code and decompiling instrument; when solution shell triggering code is performed, the code that calls solution shell is decrypted such.
Alternatively, second code is encrypted and is comprised: at least a portion that extracts second code is reconstructed; Implant for deciphering the chained library of the code of reconstruct, chained library is loaded by java local interface in decrypting process.
Alternatively, according to the entrance of protecting code, revising global configuration file comprises: check whether global configuration file disposes application node label; If so, according to the entrance of protecting code, revise application node label; If not, newly-built application node label, and configure newly-built application node label according to the entrance of stating protecting code.
Alternatively, before the global configuration file in extracting software installation kit and executable file, also comprise: the software installation kit that reception is uploaded by user and the reinforcing parameter of setting.
Alternatively, after generating reinforcing installation kit, also comprise: to reinforcing installation kit, sign.
Alternatively, reinforcing installation kit is signed and comprised: issue reinforcing installation kit, by user, use its identify label to sign to reinforcing installation kit; Or utilize the identify label that user uploads to sign to reinforcing installation kit.
Alternatively, software installation kit is Android software installation kit, and global configuration file is manifest file, and executable file is dex file.
A kind of reinforcement protection device of software installation kit is also provided according to another aspect of the present invention.The reinforcement protection device of this software installation kit comprises: file extraction module, is configured to extract global configuration file and executable file in software installation kit; Parsing module, is configured to resolve executable file, obtains first code; Encrypting module, is configured to protecting code to insert and in first code, obtain second code, and second code is encrypted; Configuration module, is configured to revise global configuration file according to the entrance of protecting code; Packetization module, is configured to amended global configuration file and executable file to repack generation reinforcing installation kit.
Alternatively, encrypting module is also configured to: in the code of each class in first code, insert separate shell trigger code and and the collapse code of decompiling instrument; At least a portion that extracts second code is reconstructed; Implant for deciphering the chained library of the code of stating reconstruct, chained library is loaded by java local interface in decrypting process.
Alternatively, configuration module is also configured to: check whether global configuration file disposes application node label; If so, according to the entrance of protecting code, revise application node label; If not, newly-built application node label, and configure newly-built application node label according to the entrance of protecting code.
Alternatively, the reinforcement protection device of above-mentioned software installation kit also comprises: acquisition module, is configured to receive the software installation kit uploaded by user and the reinforcing parameter of setting.
Alternatively, the reinforcement protection device of above-mentioned software installation kit also comprises: signature blocks, is configured to sign to reinforcing installation kit.
Alternatively, the reinforcement protection device of above-mentioned software installation kit is configured to Android software installation kit to carry out reinforcement protection, and wherein, global configuration file is manifest file, and executable file is dex file.
The method for reinforcing and protecting of software installation kit of the present invention and device are owing to protecting code directly being inserted in the code of executable file; the program entry of corresponding modify global configuration file; realized the reconstruct of executable file; thereby when program is moved; first carry out protecting code, to carry out corresponding decryption processing, directly executable file is processed; increased the flexibility ratio of executable file protection, the security that has further improved software installation kit.
Further; the method for reinforcing and protecting of software installation kit of the present invention; in the code of each class, insert separate shell trigger code and and the collapse code of decompiling instrument; when each class operation; separately the class of operation is decrypted, can effectively prevents that crack tool from carrying out internal memory intercepting (dump).
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
According to the detailed description to the specific embodiment of the invention by reference to the accompanying drawings below, those skilled in the art will understand above-mentioned and other objects, advantage and feature of the present invention more.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 is the schematic diagram of the reinforcement protection device of software installation kit according to an embodiment of the invention;
Fig. 2 is the schematic diagram of software installation kit method according to an embodiment of the invention;
Fig. 3 is the process flow diagram of software installation kit reinforcement means according to an embodiment of the invention;
Fig. 4 is the optional process flow diagram that regenerates apk file bag shown in Fig. 3;
Fig. 5 is the schematic diagram that software installation kit reinforcement means Program class loads according to an embodiment of the invention.
Embodiment
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
Fig. 1 is the schematic diagram of the reinforcement protection device 100 of software installation kit according to an embodiment of the invention.The reinforcement protection device 100 of software installation kit can comprise in general manner: file extraction module 110, parsing module 120, encrypting module 130, configuration module 140, packetization module 150, acquisition module 160, signature blocks 170.With upper module, can carry out flexible configuration according to the function of the reinforcement protection device 100 of the software installation kit of the present embodiment, in some optional situations, can be configured to the one or more of upper module, and not require and configure all modules simultaneously.
Global configuration file and executable file that file extraction module 110 extracts in software installation kit; For the software installation kit of Android system, global configuration file is Manifest.xml, and executable file is dex file.
In Android system, the application that can install, move, need to be packaged into the APK file layout of Android system.APK is the abbreviation of Android application package file, is called for short APK file, and Android installation kit, also can be understood as the application software of installing in Android terminal.APK file is ZIP file layout in fact, but suffix name is modified to apk, by instrument decompress(ion)s such as Unzip, can see the file structure that it is inner, as shown in table 1:
Table 1
Android installation kit (APK file) is generally downloaded, is installed on mobile phone by Android application market, also can from PC, install by the mode of the data line interfaces such as usb data line or Wireless Data Transmission.Virus on Android, wooden horse and other Malwares want to enter user's mobile phone, also must be packaged into the form of APK.If not a legal APK file, it just cannot be installed on user mobile phone conversely speaking,, also just can not produce harm to user.Based on this point, antivirus engine just can be the target tightening of killing to in the scanning of APK file, thereby greatly improve the efficiency of scanning.
So, which information in Android installation kit (APK file) can be used as the emphasis of scanning, and for this problem, the application analyzes, specific as follows:
1) bag name
Android operating system manages the APK of each installation by the bag name (package name) of APK." bag name " stems from the concept of the package of Java, and according to the name style of the package of Java, for example the bag name of certain Android installation kit is com.qihoo360.mobilesafe.A unique bag name is stated in each application of Android system requirements.If the bag name of certain existing application has repeated in the bag name of the APK installing and current phone, Android system can be refused to install so.Malware under Android platform also needs to state a bag name, and therefore, bag name just can be used as a key character of identification Malware.
2) digital signature
For the object of security, each APK of Android system requirements will comprise digital signature (digital signature).Android system can check that when APK file is installed whether the digital signature of inner each file of APK is consistent with its predefined digital signature, if inconsistent, or there is no digital signature, think that file is tampered, refuse the installation and operation of this APK.Malware under Android platform is no exception, so the digital signature of APK file also can be used as a key character of identification Malware.
3) the entrance information of each module of listing in AndroidManifest.xml
AndroidManifest.xml is each the necessary global description of APK file file, and the entrance information of each module of applying in Android installation kit has been listed in the inside.In Android system, the module of only having listed in AndroidManifest.xml, can be by system call.Wooden horse under Android platform, tend to disguise oneself as and apply normally or play and inveigle user installation, wherein there are a lot of wooden horses to colonize in exactly in a normal application or game, in the time of user's bootup window, look it is original software or game, but the wooden horse module colonizing in wherein was just activated on suitable opportunity, thus infection user's mobile phone.And because all modules of Android system requirements all will be listed in AndroidManifest.xml, this has just improved important clue for finding parasitic wooden horse.Therefore, the information of each module of listing in AndroidManifest.xml, is also the key character of identification Malware.
4) Dex file and ELF file
Android application is normally developed with Java language, it is with having become binary bytecode (byte code) after the compiling of Android developing instrument, these bytecodes are packaged into classes.dex file, by the Dalvik virtual machine of Android platform, explain execution.In order to call Android systemic-function, Android system provides a set of running environment (Android Framework), and each function of Android application call system is all to realize by calling the storehouse of Android Framework.
On the other hand, Android system also support application program by JNI or native executable, directly move.What now application was carried out is the binary machine code directly moving on CPU, does not need to explain through virtual machine, can directly call Android storehouse and carry out each function of calling system as libc, WebKit, SQLite, OpenGL/ES etc.If Android application will move by JNI or native executable, just need the code compilation that will carry out to become ELF file layout.ELF is the abbreviation of Executable and Linkable Format, is the file layout of executable program, shared library in Android/Linux operating system.
Each Android software installation kit (apk) comprises an inventory (Manifest) file, AndroidManifest.xml namely, and it is stored in the bottom in project level.Inventory can definition application and structure and the metadata of assembly.The node that AndroidManifest.xml has comprised each assembly (activity, service, content provide device and radio receiver) that forms application program, and application target filtrator and authority determines between these assemblies and how mutual these assemblies are with other application programs.It also provides metadata (icon or theme) and extra can be used to that various attributes explain application program to carry out safety setting and unit testing top-level node.
Manifest label has comprised some nodes (node), and they have defined application component, safety setting and have formed the test class of application program.Listed some conventional manifest node labels below:
Application node label (application), generally only comprises an application node in inventory.Application node carrys out the various metadata (comprising title, icon and theme) of specified application with various attributes.Application node can also comprise the container that activity, service, content provide device and radio receiver label as one, is used for specifying application component.
Active node label (activity), each activity (Activity) that application program shows requires to have an activity label.
Service node label (service), service label is the same with activity label, and each service class (Service) of using in application program will create a new service label.
Content provider's label (provider), each content that provider label is used in application program provides device.
Receiver label (receiver), by adding receiver label, can register a radio receiver (Broadcast Receiver), and need not start in advance application program.Radio receiver, just as clobal audiomonitor, by register a radio receiver in statement, can make this process realize full automation.If the data transmission of a coupling (Intent) has been broadcasted, application program will start automatically, and the radio receiver of registration also can bring into operation.
User right label (uses-permission), as a part for security model, uses-permission label has been stated the authority that those are defined by the user, and these authorities are that normally execution is necessary for application program.
License tag (permission), license tag before can certain application component of limiting access, need to define a permission label in inventory.Can create these authority definitions with permission label.
Detection type (instrumentation), instrumentation class provides a framework, is used in movable or service, moving test when application program is moved.They provide certain methods to come monitoring application program and mutual with system resource thereof.
When a preferred embodiment of the present invention is applied in Android system, executable file comprises Dex file, and Dex file is mainly the classes.dex file in APK, i.e. Dalvik Executable (Dalvik virtual machine executable file).Be well known that, Dalvik is the Java Virtual Machine for Android platform.Dalvik virtual machine (Dalvik VM) is one of core component of Android mobility device.It can support to be converted to the operation of the java application of .dex (being Dalvik Executable) form, and .dex form is a kind of compressed format that aims at Dalvik design, is applicable to internal memory and the limited system of processor speed.Dalvik, through optimizing, allows to move the example of a plurality of virtual machines in limited internal memory simultaneously, and each Dalvik application is as an independently Linux process execution.Independently process can prevent that all programs are all closed in virtual machine crashes.The threading mechanism of virtual machine, Memory Allocation and management, etc. all rely on underlying operating system and realize, the dex file being generally included in apk file can be optimised when operation, the file after optimization will be stored in buffer memory.
Executable file can also comprise the file of expansion .jar by name.Jar file in Android installation kit is exactly Dex file in fact, only its expansion .jar by name.
According to the above analysis to Android installation bag, AndroidManifest.xml has described the name, version, authority of application, the information such as library file of quoting, therefore, first Android system needs decompress(ion) apk file when working procedure, then obtain configuration information in the androidmanifest.xml file after compiling, carry out dex program.Apk file is in packing process, all byte code files are changed into dex file (classes.dex) and then use Android strapping tool by dex file, resource file and AndroidManifest.xml file group are synthesized an application package (APK)
File extraction module 110 extracts global configuration file and executable file from software installation kit.
Parsing module 120 is resolved executable file, obtains the first code of executable file, for the follow-up consolidation process of carrying out.
Encrypting module 130 inserts protecting code in first code, to obtain second code, and second code is encrypted.In the code of each class in first code, insert separate shell trigger code and and the collapse code of decompiling instrument; At least a portion that extracts second code is reconstructed; Implant for deciphering the chained library of the code of stating reconstruct, chained library is loaded by java local interface in decrypting process.
The strengthening flow process of existing Android reinforcement means, for encrypting the dex file of original program bag, is resolved original program bag manifest.xml, extraction assembly Information generation agency's dex file; When carrying out the program of above-mentioned reinforcing, need decrypted original program dex, and with using the optimization tool of compiling in reinforcing to be mirrored to internal memory.In prior art, optimization tool is completely separated with original program bag, although original program bag is encrypt file, but need single reduction dex, thus can intercept and carry out program and crack by internal memory, and also optimization tool also can be by revising and shell UPX source code.
At the reinforcement protection application of installation of the software installation kit of the present embodiment during in the software installation kit of Android system; reconstruct to dex file; by dex file, each saves the rear reorientation of data modification restructuring and generates new dex; owing to directly dex being processed; can increase the flexibility ratio of dex protection; as dex is carried out to internal memory, cut apart restructuring, can effectively prevent internal memory dump etc.
Configuration module 140 is revised global configuration file according to the entrance of protecting code, for Android program Android bag, can check whether global configuration file (AndroidManifest.xml) disposes application node label (application); If so, according to the entrance of protecting code, revise application node label; If not, newly-built application node label, and configure newly-built application node label according to the entrance of protecting code.When resolving, according to the application node label of global configuration file, can first carry out protecting code, with the program to such, be decrypted.Due to the code of every class can be implanted to protecting code respectively, therefore, do not need the whole dex of disposable Restore All, only when such is loaded, just need to reduce such run time version, realized internal memory and cut apart.
Packetization module 150 is configured to amended global configuration file and executable file to repack generation reinforcing installation kit, completes whole strengthening flow process.
In addition, acquisition module 160 can also receive the software installation kit uploaded by user and the reinforcing parameter of setting.Because the software installation kit after reinforcing can cannot be scanned by Static and dynamic, likely can be utilized by some malicious codes, therefore need to first to the software installation kit of uploading, carry out security sweep, guarantee rogue program not to be carried out to consolidation process, now need to obtain related development information and reinforce parameter.
The security sweep for Android software installation kit providing in the present embodiment, is not that the All Files in Android system is scanned, but carries out safety detection by scan A ndroid installation kit.Because the virus on Android, wooden horse and other Malwares want to enter user's mobile phone, need to be packaged into the form of Android installation kit.If not a legal Android installation kit, it just cannot be installed on user mobile phone conversely speaking,, also just can not produce harm to user.Concrete scan mode, can to the document structure analysis of Android installation kit, carry out according to above-mentioned, for example entrance information, Dex file and the ELF file of each module of listing in bag name, digital signature, AndroidManifest.xml are carried out to safety detection, confirming to allow again to carry out reinforcement measure after its security.
A kind of optional flow process of scan A ndroid installation kit is:
From Android installation kit, extract the characteristic information of appointment; The characteristic information of appointment refers to above-mentioned every key character of enumerating, as the MD5 value of each file under entrance information, Dex file and the ELF file of each module of listing in bag name, version number, digital signature, AndroidManifest.xml, Android installation kit catalogue etc.
In preset safety identification storehouse, search the feature record that single characteristic information or its combination with appointment match; Wherein, in safety identification storehouse, comprise feature record and feature and record corresponding level of security, the combination that comprises single characteristic information or characteristic information in every feature record;
The feature finding is recorded to corresponding level of security and export, for example, be included in the safety detection result of Android installation kit and show; When the level of security finding out is lower than default level of security, the uploader of installation kit is pointed out safety detection result, and prompting cannot be reinforced.
Signature blocks 170 is for signing to reinforcing installation kit.The information of signature has two kinds, and a kind of is that the installation bag after reinforcing is handed down to user, by user, is signed voluntarily, and another also can obtain user's information, in reinforcing, directly signs afterwards, and the mode of signature can be decided in its sole discretion by user.
The embodiment of the present invention also provides a kind of method for reinforcing and protecting of software installation kit; the reinforcement protection method of this software installation kit can be carried out by the reinforcement protection device of any one software installation kit of above embodiment introduction, to improve the security of software installation kit.Fig. 2 is the schematic diagram of software installation kit method according to an embodiment of the invention, and as shown in the figure, this software installation kit comprises the following steps:
Step S202, extracts global configuration file and executable file in software installation kit;
Step S204, resolves executable file, obtains first code;
Step S206, inserts protecting code in first code, to obtain second code, and second code is encrypted;
Step S208, revises global configuration file according to the entrance of protecting code;
Step S210, repacks generation reinforcing installation kit by amended global configuration file and executable file.
Wherein protecting code can comprise the code that executable file is added to shell reconciliation shell; can for example separate particularly shell trigger code and and the collapse code of decompiling instrument; correspondingly step S206 adds the flow process of code to comprise: in the code of each class in first code, insert and separate the collapse code that shell triggers code and decompiling instrument; when solution shell triggering code is performed, the code that calls solution shell is decrypted such.Wherein second code is encrypted and is comprised: at least a portion that extracts second code is reconstructed; Implant for deciphering the chained library of the code of reconstruct, chained library is loaded by java local interface (Java Native Interface is called for short JNI) in decrypting process.
When the method for reinforcing and protecting of the software installation kit of the present embodiment is applied to the software installation kit of Android system; reconstruct to dex file; by dex file, each saves the rear reorientation of data modification restructuring and generates new dex; owing to directly dex being processed; can increase the flexibility ratio of dex protection; as dex is carried out to internal memory, cut apart restructuring, can effectively prevent internal memory dump etc.
A kind of optional flow process of step S208 is: check whether global configuration file disposes application node label; If so, according to the entrance of protecting code, revise application node label; If not, newly-built application node label, and configure newly-built application node label according to the entrance of stating protecting code.For Android program Android bag, can check whether global configuration file (AndroidManifest.xml) disposes application node label (application); If so, according to the entrance of protecting code, revise application node label; If not, newly-built application node label, and configure newly-built application node label according to the entrance of protecting code.When resolving, according to the application node label of global configuration file, can first carry out protecting code, with the program to such, be decrypted.Due to the code of every class can be implanted to protecting code respectively, therefore, do not need the whole dex of disposable Restore All, only when such is loaded, just need to reduce such run time version, realized internal memory and cut apart.
Before step S202, can also receive the software installation kit uploaded by user and the reinforcing parameter of setting.In addition
Because the software installation kit after reinforcing can cannot be scanned by Static and dynamic, likely can be utilized by some malicious codes, therefore need to first to the software installation kit of uploading, carry out security sweep, guarantee rogue program not to be carried out to consolidation process, now need to obtain related development information and reinforce parameter, for software installation kit is carried out to security sweep, malicious file is processed in time.
A kind of optional flow process of the software installation kit of uploading being carried out to security sweep is:
From Android installation kit, extract the characteristic information of appointment; The characteristic information of appointment refers to above-mentioned every key character of enumerating, as the MD5 value of each file under entrance information, Dex file and the ELF file of each module of listing in bag name, version number, digital signature, AndroidManifest.xml, Android installation kit catalogue etc.
In preset safety identification storehouse, search the feature record that single characteristic information or its combination with appointment match; Wherein, in safety identification storehouse, comprise feature record and feature and record corresponding level of security, the combination that comprises single characteristic information or characteristic information in every feature record;
The feature finding is recorded to corresponding level of security to be exported.
When the level of security finding out is lower than default level of security, the uploader of installation kit is pointed out safety detection result, and prompting cannot be reinforced.
After generating reinforcing installation kit, also need to sign to reinforcing installation kit.The mode of signature can issue reinforcing installation kit, by user, uses its identify label to sign to reinforcing installation kit; Or can utilize the identify label that user uploads to sign to reinforcing installation kit.
Fig. 3 is the process flow diagram of software installation kit reinforcement means according to an embodiment of the invention, is carrying out when Android installation kit is reinforced, carrying out successively following steps:
Step S302, receives user's access by web service, the webpage that user can reinforce by access security carries out dependence test reinforcing;
Step S304, receives the apk file bag of uploading and reinforces parameter;
Step S306, resolves apk file bag and extracts the data messages such as manifest, dex;
Step S308, reconstruct dex, revises manifest, regenerates apk file bag;
Step S310, again the apk file bag after signature reinforcing.
In above step, S308 is the core procedure of reinforcing, and Fig. 4 is the optional process flow diagram that regenerates apk file bag shown in Fig. 3, when carrying out apk reinforcing, carries out successively following steps:
Step S402, obtain the back end information that manifest need to revise, check whether manifest disposes application node label (application), to process accordingly, the entrance of the program of reinforcing is added to application node label, application is started from reinforcing program;
Step S404, revises resource data and makes it consistent with the node data of manifest;
Step S406, processes former bag dex file, particularly, the dex of former bag can be resolved to code, protecting code is inserted in the resolving code of dex, and register in step S402 in manifest the entrance of protecting code;
Step S408, implants protection module, and this protection module is the code of the dynamic link library of the .so of the JNI layer for decoding, implants equally dex bag;
Step S410, completes dex file is encrypted.
Wherein, a little less than security too due to unguyed dex file; core code is implanted to protection module and can realize program and in operational process, realize shelling, protection module is put into JNI, utilizes JNI can construct the class of Java or carries out the operations such as method getattr of Java layer.
Software installation kit reinforcement means due to the present embodiment, is encrypted by insert code in dex, does not change this body structure of apk file, has improved compatibility.
Due to the class in program is processed respectively, can realize in the process loading, decipher only loading classes, prevents whole internal memory intercepting.Fig. 5 is the schematic diagram that software installation kit reinforcement means Program class loads according to an embodiment of the invention, as figure, each class is encrypted respectively, when Android system loads such, such is decrypted, for example in certain installation kit, there are two classes, the first program class and the second program class, when system loads the first program class, hook up key point in such, JNI can be decrypted and be returned to dex to the first program class and load, similarly when system loads the second program class, hook up key point in such, JNI can be decrypted and be returned to dex to the second program class and load, now in internal memory, there is not all dex, therefore cannot carry out internal memory intercepting.
The software installation kit reinforcement means of the present embodiment can be realized secondary or repeatedly add shell, when carrying out, dynamically shells, and for once add shell and obviously have more security advantages, and prior art is more easily cracked than prior art.
In addition, in order to prevent from cracking by load all classes simultaneously, crack, whether can judge in the list of all classes has the class over threshold value to be loaded (for example, while loading more than 70% class) simultaneously, can eliminate the data of deciphering at first class, guarantee that internal memory there will not be whole data, prevents from being intercepted by internal memory.
The technical scheme of the present embodiment; protecting code is directly inserted in the code of executable file; the program entry of corresponding modify global configuration file; realize the reconstruct of executable file, thereby when program is moved, first carried out protecting code; to carry out corresponding decryption processing; directly executable file is processed, increased the flexibility ratio of executable file protection, the security that has further improved software installation kit.
And the present embodiment adopts high in the clouds reinforcing mode, developer can directly for example, enter to reinforce from open platform homepage (dev.360.cn) and protect the page, clicks " uploading application " on webpage.One key is uploaded, and automatically reinforces, and application can complete on backstage safety monitoring and protection; Then click " down load application ", the reinforcing bag of downloading is signed again, safest product can be distributed to each application market.In addition, on the page of the present embodiment, can also provide signature instrument, or allow user to upload the secret key of signature automatically to sign after completing reinforcing.
Further, in the code of each class, insert separate shell trigger code and and the collapse code of decompiling instrument, when each class operation, separately the class of operation is decrypted, can effectively prevent that crack tool from carrying out internal memory intercepting (dump).
In the instructions that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the client modules that moves on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize according to the some or all functions of the some or all parts in the reinforcement protection device of the software installation kit of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
So far, those skilled in the art will recognize that, although detailed, illustrate and described a plurality of exemplary embodiment of the present invention herein, but, without departing from the spirit and scope of the present invention, still can directly determine or derive many other modification or the modification that meets the principle of the invention according to content disclosed by the invention.Therefore, scope of the present invention should be understood and regard as and cover all these other modification or modifications.
The embodiment of the present invention also provides the method for reinforcing and protecting of an A1. software installation kit, comprising:
Extract global configuration file and executable file in software installation kit;
Resolve described executable file, obtain first code;
Protecting code is inserted in described first code and obtains second code, and described second code is encrypted;
According to the entrance of described protecting code, revise described global configuration file;
Amended global configuration file and executable file are repacked to generation reinforcing installation kit.
A2. according to the method described in A1, wherein,
Described protecting code comprises the code that described executable file is added to shell reconciliation shell.
A3. according to the method described in A2, wherein,
Described protecting code also comprise separate shell trigger code and and the collapse code of decompiling instrument;
Protecting code is inserted and in described first code, obtains second code and comprise:
In the code of each class in described first code, insert and separate the collapse code that shell triggers code and decompiling instrument, when described solution shell triggering code is performed, the code that calls described solution shell is decrypted such.
A4. according to the method described in any one in A1 to A3, wherein, described second code is encrypted and is comprised:
At least a portion that extracts described second code is reconstructed;
Implant for deciphering the chained library of the code of described reconstruct, described chained library is loaded by java local interface in decrypting process.
A5. according to the method described in any one in A1 to A4, wherein, according to the entrance of described protecting code, revise described global configuration file and comprise:
Check whether described global configuration file disposes application node label;
If so, according to the entrance of described protecting code, revise described application node label;
If not, newly-built application node label, and configure newly-built application node label according to the entrance of described protecting code.
A6. according to the method described in any one in A1 to A5, wherein, before the global configuration file in extracting software installation kit and executable file, also comprise:
The described software installation kit that reception is uploaded by user and the reinforcing parameter of setting.
A7. according to the method described in any one in A1 to A6, wherein, after generating reinforcing installation kit, also comprise:
Described reinforcing installation kit is signed.
A8. according to the method described in A7, wherein, described reinforcing installation kit is signed and is comprised:
Issue described reinforcing installation kit, by user, use its identify label to sign to described reinforcing installation kit; Or
Utilize the identify label that user uploads to sign to described reinforcing installation kit.
A9. according to the method described in any one in A1 to A8, wherein,
Described software installation kit is Android software installation kit, and described global configuration file is manifest file, and described executable file is dex file.
The embodiment of the present invention also provides the reinforcement protection device of a B10. software installation kit, comprising:
File extraction module, is configured to extract global configuration file and executable file in software installation kit;
Parsing module, is configured to resolve described executable file, obtains first code;
Encrypting module, is configured to protecting code to insert in described first code and obtain second code, and described second code is encrypted;
Configuration module, is configured to revise described global configuration file according to the entrance of described protecting code;
Packetization module, is configured to amended global configuration file and executable file to repack generation reinforcing installation kit.
B11. according to the device described in B10, wherein, described encrypting module is also configured to:
In the code of each class in described first code, insert separate shell trigger code and and the collapse code of decompiling instrument;
At least a portion that extracts described second code is reconstructed;
Implant for deciphering the chained library of the code of stating reconstruct, described chained library is loaded by java local interface in decrypting process.
B12. according to the device described in B10 or B11, wherein, described configuration module is also configured to:
Check whether described global configuration file disposes application node label;
If so, according to the entrance of described protecting code, revise described application node label;
If not, newly-built application node label, and configure newly-built application node label according to the entrance of described protecting code.
B13. according to the device described in any one in B10 to B12, also comprise:
Acquisition module, is configured to receive the described software installation kit uploaded by user and the reinforcing parameter of setting.
B14. according to the device described in any one in B10 to B13, also comprise:
Signature blocks, is configured to described reinforcing installation kit to sign.
B15. according to the device described in any one in B10 to B14, be configured to Android software installation kit to carry out reinforcement protection, wherein, described global configuration file is manifest file, and described executable file is dex file.
Claims (10)
1. a method for reinforcing and protecting for software installation kit, comprising:
Extract global configuration file and executable file in software installation kit;
Resolve described executable file, obtain first code;
Protecting code is inserted in described first code and obtains second code, and described second code is encrypted;
According to the entrance of described protecting code, revise described global configuration file;
Amended global configuration file and executable file are repacked to generation reinforcing installation kit.
2. method according to claim 1, wherein,
Described protecting code comprises the code that described executable file is added to shell reconciliation shell.
3. method according to claim 2, wherein,
Described protecting code also comprise separate shell trigger code and and the collapse code of decompiling instrument;
Protecting code is inserted and in described first code, obtains second code and comprise:
In the code of each class in described first code, insert and separate the collapse code that shell triggers code and decompiling instrument, when described solution shell triggering code is performed, the code that calls described solution shell is decrypted such.
4. according to the method in any one of claims 1 to 3, wherein, described second code is encrypted and is comprised:
At least a portion that extracts described second code is reconstructed;
Implant for deciphering the chained library of the code of described reconstruct, described chained library is loaded by java local interface in decrypting process.
5. according to the method described in any one in claim 1 to 4, wherein, according to the entrance of described protecting code, revise described global configuration file and comprise:
Check whether described global configuration file disposes application node label;
If so, according to the entrance of described protecting code, revise described application node label;
If not, newly-built application node label, and configure newly-built application node label according to the entrance of described protecting code.
6. according to the method described in any one in claim 1 to 5, wherein, before the global configuration file in extracting software installation kit and executable file, also comprise:
The described software installation kit that reception is uploaded by user and the reinforcing parameter of setting.
7. according to the method described in any one in claim 1 to 6, wherein, after generating reinforcing installation kit, also comprise:
Described reinforcing installation kit is signed.
8. method according to claim 7, wherein, described reinforcing installation kit is signed and comprised:
Issue described reinforcing installation kit, by user, use its identify label to sign to described reinforcing installation kit; Or
Utilize the identify label that user uploads to sign to described reinforcing installation kit.
9. according to the method described in any one in claim 1 to 8, wherein,
Described software installation kit is Android software installation kit, and described global configuration file is manifest file, and described executable file is dex file.
10. a reinforcement protection device for software installation kit, comprising:
File extraction module, is configured to extract global configuration file and executable file in software installation kit;
Parsing module, is configured to resolve described executable file, obtains first code;
Encrypting module, is configured to protecting code to insert in described first code and obtain second code, and described second code is encrypted;
Configuration module, is configured to revise described global configuration file according to the entrance of described protecting code;
Packetization module, is configured to amended global configuration file and executable file to repack generation reinforcing installation kit.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410271094.6A CN104021321B (en) | 2014-06-17 | The method for reinforcing and protecting of software installation kit and device | |
| PCT/CN2014/095791 WO2015192637A1 (en) | 2014-06-17 | 2014-12-31 | Method and apparatus for reinforced protection of software installation package |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410271094.6A CN104021321B (en) | 2014-06-17 | The method for reinforcing and protecting of software installation kit and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104021321A true CN104021321A (en) | 2014-09-03 |
| CN104021321B CN104021321B (en) | 2016-11-30 |
Family
ID=
Cited By (58)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104239757A (en) * | 2014-09-30 | 2014-12-24 | 北京奇虎科技有限公司 | Application program reversing-preventing method and device and operation method and terminal |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN104408367A (en) * | 2014-11-28 | 2015-03-11 | 北京奇虎科技有限公司 | Application program configuration method and device |
| CN104462879A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Root-free running control method and device of application program |
| CN104462880A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Application program packing configuration method and device |
| CN104462959A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Reinforcement protection method, sever and system for android app |
| CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
| WO2015058620A1 (en) * | 2013-10-25 | 2015-04-30 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for generating installation package corresponding to an application and executing application |
| CN104615933A (en) * | 2015-01-27 | 2015-05-13 | 北京奇虎科技有限公司 | Method for preventing software decompilation and method and device for preventing decompilation software from starting |
| CN104933366A (en) * | 2015-07-17 | 2015-09-23 | 成都布林特信息技术有限公司 | Mobile terminal application program processing method |
| CN105120460A (en) * | 2015-07-17 | 2015-12-02 | 成都布林特信息技术有限公司 | Mobile application data processing method |
| WO2015192637A1 (en) * | 2014-06-17 | 2015-12-23 | 北京奇虎科技有限公司 | Method and apparatus for reinforced protection of software installation package |
| CN105184118A (en) * | 2015-08-31 | 2015-12-23 | 西北大学 | Code fragmentization based Android application program packing protection method and apparatus |
| CN105320546A (en) * | 2015-11-27 | 2016-02-10 | 北京指掌易科技有限公司 | Method of utilizing efficient virtual machine technology for managing Android application software |
| CN105404827A (en) * | 2015-12-24 | 2016-03-16 | 北京奇虎科技有限公司 | Communication method, device and system between application programs under control |
| WO2016054880A1 (en) * | 2014-10-08 | 2016-04-14 | 中兴通讯股份有限公司 | Apk file application expanding method and device |
| CN105554144A (en) * | 2015-12-25 | 2016-05-04 | 北京奇虎科技有限公司 | Application data processing method, device and system |
| CN105630659A (en) * | 2015-12-23 | 2016-06-01 | 北京奇虎科技有限公司 | Application crash log acquisition method and apparatus |
| CN105653432A (en) * | 2015-12-22 | 2016-06-08 | 北京奇虎科技有限公司 | Processing method and device of crash data |
| CN105740703A (en) * | 2016-01-29 | 2016-07-06 | 北京奇虎科技有限公司 | Application reinforcement method and apparatus |
| CN105844150A (en) * | 2016-03-23 | 2016-08-10 | 青岛海信传媒网络技术有限公司 | Application program data protection method and device |
| CN105913348A (en) * | 2016-04-12 | 2016-08-31 | 北京奇虎科技有限公司 | Copyright registering method and copyright registering system |
| CN105912353A (en) * | 2015-12-23 | 2016-08-31 | 北京奇虎科技有限公司 | Method and device for packaging application program |
| CN105930744A (en) * | 2016-04-22 | 2016-09-07 | 北京奇虎科技有限公司 | File reinforcement method and apparatus |
| CN106020889A (en) * | 2016-05-24 | 2016-10-12 | 乐视控股(北京)有限公司 | Installation package generating method and device, server |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
| CN106126290A (en) * | 2016-06-27 | 2016-11-16 | 微梦创科网络科技(中国)有限公司 | Application program optimization method, Apparatus and system |
| CN106295255A (en) * | 2015-05-27 | 2017-01-04 | 腾讯科技(深圳)有限公司 | The reinforcement means of application program and device |
| CN106295371A (en) * | 2016-08-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Application operation method, file reinforcement means and device |
| CN106326733A (en) * | 2015-06-26 | 2017-01-11 | 中兴通讯股份有限公司 | Method and apparatus for managing applications in mobile terminal |
| CN106407752A (en) * | 2016-09-20 | 2017-02-15 | 天脉聚源(北京)传媒科技有限公司 | An application reinforcing method and device |
| CN106663018A (en) * | 2014-09-24 | 2017-05-10 | 甲骨文国际公司 | Method to modify ANDROID application life cycle to control its execution in a containerized workspace environment |
| CN106778271A (en) * | 2016-12-15 | 2017-05-31 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
| CN107025390A (en) * | 2017-04-26 | 2017-08-08 | 北京洋浦伟业科技发展有限公司 | The reinforcement means and device of software installation bag |
| CN107122632A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The encryption method and device of software installation bag |
| CN107122634A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The method for reinforcing and protecting and device of software installation bag |
| CN107766096A (en) * | 2016-08-19 | 2018-03-06 | 阿里巴巴集团控股有限公司 | The generation method of application program installation kit, the operation method of application program and device |
| CN107871065A (en) * | 2016-09-27 | 2018-04-03 | 武汉安天信息技术有限责任公司 | The guard method of dex files and device under a kind of Dalvik patterns |
| CN108229112A (en) * | 2016-12-22 | 2018-06-29 | 阿里巴巴集团控股有限公司 | A kind of operation method and device for protecting application program, application program |
| CN108536451A (en) * | 2016-12-05 | 2018-09-14 | 腾讯科技(深圳)有限公司 | Application program buries a method for implanting and device |
| CN109033837A (en) * | 2018-07-24 | 2018-12-18 | 北京梆梆安全科技有限公司 | A kind of method and device of installation kit risk supervision |
| CN109255235A (en) * | 2018-09-17 | 2019-01-22 | 西安电子科技大学 | Mobile application third party library partition method based on User space sandbox |
| CN109492353A (en) * | 2018-10-11 | 2019-03-19 | 北京奇虎科技有限公司 | Using reinforcement means, device, electronic equipment and storage medium |
| CN109558743A (en) * | 2018-11-27 | 2019-04-02 | 广州供电局有限公司 | Data guard method, device, computer equipment and the storage medium of mobile terminal |
| CN109814912A (en) * | 2018-12-15 | 2019-05-28 | 中国平安人寿保险股份有限公司 | Application program packaging method and system |
| CN109960509A (en) * | 2019-03-06 | 2019-07-02 | 江苏通付盾信息安全技术有限公司 | Using the method, apparatus of reinforcing, calculate equipment and computer storage medium |
| CN110276174A (en) * | 2019-06-18 | 2019-09-24 | 福州数据技术研究院有限公司 | Dual system termi-nal based on Android prevents bis- packing operation methods of apk |
| WO2019223094A1 (en) * | 2018-05-22 | 2019-11-28 | 深圳壹账通智能科技有限公司 | Block chain-based file protection method, and terminal device |
| CN110806860A (en) * | 2019-09-30 | 2020-02-18 | 奇安信科技集团股份有限公司 | Application packaging method and device and application running method and device in android environment |
| CN110990056A (en) * | 2019-11-01 | 2020-04-10 | 北京三快在线科技有限公司 | Reverse analysis method, device, electronic equipment and storage medium |
| TWI691858B (en) * | 2018-12-26 | 2020-04-21 | 技嘉科技股份有限公司 | Validating method of application, computer device and mainboard thereof |
| CN112257033A (en) * | 2020-10-14 | 2021-01-22 | 郑州阿帕斯数云信息科技有限公司 | Application packaging method, device and equipment |
| CN112347431A (en) * | 2020-10-31 | 2021-02-09 | 山东开创云计算有限公司 | Android application reinforcement protection method |
| CN112642157A (en) * | 2020-12-31 | 2021-04-13 | 广州华多网络科技有限公司 | Agent development control method and corresponding device, equipment and medium |
| CN113238762A (en) * | 2021-05-10 | 2021-08-10 | 深圳前海微众银行股份有限公司 | Java application remote deployment method, device and equipment |
| CN113805882A (en) * | 2021-09-18 | 2021-12-17 | 上海波顿诺华智能科技有限公司 | Method and device for developing application program, electronic equipment and storage medium |
| CN113836499A (en) * | 2021-09-25 | 2021-12-24 | 上海蛮犀科技有限公司 | Reinforcing method for mobile application AAB file |
| CN116720212A (en) * | 2023-08-10 | 2023-09-08 | 上海观安信息技术股份有限公司 | File protection method and device, computer equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN102882878A (en) * | 2012-09-28 | 2013-01-16 | 浙江图讯科技有限公司 | Web-based method and Web-based system for data analysis and personalized display on client-side |
| CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN102882878A (en) * | 2012-09-28 | 2013-01-16 | 浙江图讯科技有限公司 | Web-based method and Web-based system for data analysis and personalized display on client-side |
| CN103530535A (en) * | 2013-10-25 | 2014-01-22 | 苏州通付盾信息技术有限公司 | Shell adding and removing method for Android platform application program protection |
Cited By (83)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015058620A1 (en) * | 2013-10-25 | 2015-04-30 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for generating installation package corresponding to an application and executing application |
| WO2015192637A1 (en) * | 2014-06-17 | 2015-12-23 | 北京奇虎科技有限公司 | Method and apparatus for reinforced protection of software installation package |
| CN106663018A (en) * | 2014-09-24 | 2017-05-10 | 甲骨文国际公司 | Method to modify ANDROID application life cycle to control its execution in a containerized workspace environment |
| CN104239757A (en) * | 2014-09-30 | 2014-12-24 | 北京奇虎科技有限公司 | Application program reversing-preventing method and device and operation method and terminal |
| CN104239757B (en) * | 2014-09-30 | 2017-04-19 | 北京奇虎科技有限公司 | Application program reversing-preventing method and device and operation method and terminal |
| WO2016054880A1 (en) * | 2014-10-08 | 2016-04-14 | 中兴通讯股份有限公司 | Apk file application expanding method and device |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
| CN104462880B (en) * | 2014-11-28 | 2018-01-19 | 北京奇虎科技有限公司 | Application program shell adding collocation method and device |
| CN104462879A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Root-free running control method and device of application program |
| CN104408367B (en) * | 2014-11-28 | 2019-04-05 | 北京奇虎科技有限公司 | Application program configuration method and device |
| CN104408367A (en) * | 2014-11-28 | 2015-03-11 | 北京奇虎科技有限公司 | Application program configuration method and device |
| CN104462879B (en) * | 2014-11-28 | 2018-04-17 | 北京奇虎科技有限公司 | Application program exempts from Root progress control methods and device |
| CN104462880A (en) * | 2014-11-28 | 2015-03-25 | 北京奇虎科技有限公司 | Application program packing configuration method and device |
| CN104462959A (en) * | 2014-12-04 | 2015-03-25 | 北京奇虎科技有限公司 | Reinforcement protection method, sever and system for android app |
| CN104462959B (en) * | 2014-12-04 | 2017-09-01 | 北京奇虎科技有限公司 | A kind of method for reinforcing and protecting, server and the system of Android application |
| CN104615933B (en) * | 2015-01-27 | 2018-08-17 | 北京奇虎科技有限公司 | The method and apparatus that the method for anti-software decompilation, counnter attack composing software start |
| CN104615933A (en) * | 2015-01-27 | 2015-05-13 | 北京奇虎科技有限公司 | Method for preventing software decompilation and method and device for preventing decompilation software from starting |
| WO2016119548A1 (en) * | 2015-01-27 | 2016-08-04 | 北京奇虎科技有限公司 | Method for preventing software decompilation, and method and apparatus for preventing decompilation software from starting |
| CN106295255A (en) * | 2015-05-27 | 2017-01-04 | 腾讯科技(深圳)有限公司 | The reinforcement means of application program and device |
| CN106295255B (en) * | 2015-05-27 | 2020-04-14 | 腾讯科技(深圳)有限公司 | Application program reinforcing method and device |
| CN106326733A (en) * | 2015-06-26 | 2017-01-11 | 中兴通讯股份有限公司 | Method and apparatus for managing applications in mobile terminal |
| CN104933366A (en) * | 2015-07-17 | 2015-09-23 | 成都布林特信息技术有限公司 | Mobile terminal application program processing method |
| CN105120460A (en) * | 2015-07-17 | 2015-12-02 | 成都布林特信息技术有限公司 | Mobile application data processing method |
| CN104933366B (en) * | 2015-07-17 | 2018-02-09 | 成都布林特信息技术有限公司 | A kind of application program for mobile terminal processing method |
| CN105184118A (en) * | 2015-08-31 | 2015-12-23 | 西北大学 | Code fragmentization based Android application program packing protection method and apparatus |
| CN105184118B (en) * | 2015-08-31 | 2018-02-23 | 西北大学 | A kind of Android application program shell adding guard methods and device based on code fragmentation |
| CN105320546A (en) * | 2015-11-27 | 2016-02-10 | 北京指掌易科技有限公司 | Method of utilizing efficient virtual machine technology for managing Android application software |
| CN105320546B (en) * | 2015-11-27 | 2018-09-11 | 北京指掌易科技有限公司 | A method of managing Android application software using efficient virtual machine technique |
| CN105653432A (en) * | 2015-12-22 | 2016-06-08 | 北京奇虎科技有限公司 | Processing method and device of crash data |
| CN105653432B (en) * | 2015-12-22 | 2019-02-15 | 北京奇虎科技有限公司 | A kind for the treatment of method and apparatus of crash data |
| CN105630659A (en) * | 2015-12-23 | 2016-06-01 | 北京奇虎科技有限公司 | Application crash log acquisition method and apparatus |
| CN105630659B (en) * | 2015-12-23 | 2018-03-20 | 北京奇虎科技有限公司 | The acquisition methods and device of application crashes daily record |
| CN105912353A (en) * | 2015-12-23 | 2016-08-31 | 北京奇虎科技有限公司 | Method and device for packaging application program |
| CN105404827A (en) * | 2015-12-24 | 2016-03-16 | 北京奇虎科技有限公司 | Communication method, device and system between application programs under control |
| CN105404827B (en) * | 2015-12-24 | 2018-11-06 | 北京奇虎科技有限公司 | The method, apparatus and system communicated between control application program |
| CN105554144A (en) * | 2015-12-25 | 2016-05-04 | 北京奇虎科技有限公司 | Application data processing method, device and system |
| CN105740703A (en) * | 2016-01-29 | 2016-07-06 | 北京奇虎科技有限公司 | Application reinforcement method and apparatus |
| CN105844150A (en) * | 2016-03-23 | 2016-08-10 | 青岛海信传媒网络技术有限公司 | Application program data protection method and device |
| CN105913348A (en) * | 2016-04-12 | 2016-08-31 | 北京奇虎科技有限公司 | Copyright registering method and copyright registering system |
| CN105930744B (en) * | 2016-04-22 | 2019-03-08 | 北京奇虎科技有限公司 | A kind of file reinforcement means and device |
| CN105930744A (en) * | 2016-04-22 | 2016-09-07 | 北京奇虎科技有限公司 | File reinforcement method and apparatus |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
| CN106020889A (en) * | 2016-05-24 | 2016-10-12 | 乐视控股(北京)有限公司 | Installation package generating method and device, server |
| CN106126290A (en) * | 2016-06-27 | 2016-11-16 | 微梦创科网络科技(中国)有限公司 | Application program optimization method, Apparatus and system |
| CN107766096A (en) * | 2016-08-19 | 2018-03-06 | 阿里巴巴集团控股有限公司 | The generation method of application program installation kit, the operation method of application program and device |
| CN106295371A (en) * | 2016-08-22 | 2017-01-04 | 腾讯科技(深圳)有限公司 | Application operation method, file reinforcement means and device |
| CN106295371B (en) * | 2016-08-22 | 2019-10-25 | 腾讯科技(深圳)有限公司 | Using operation method, file reinforcement means and device |
| CN106407752A (en) * | 2016-09-20 | 2017-02-15 | 天脉聚源(北京)传媒科技有限公司 | An application reinforcing method and device |
| CN107871065A (en) * | 2016-09-27 | 2018-04-03 | 武汉安天信息技术有限责任公司 | The guard method of dex files and device under a kind of Dalvik patterns |
| CN107871065B (en) * | 2016-09-27 | 2019-12-20 | 武汉安天信息技术有限责任公司 | Method and device for protecting dex file in Dalvik mode |
| CN108536451A (en) * | 2016-12-05 | 2018-09-14 | 腾讯科技(深圳)有限公司 | Application program buries a method for implanting and device |
| CN106778271B (en) * | 2016-12-15 | 2019-05-14 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
| CN106778271A (en) * | 2016-12-15 | 2017-05-31 | 华中科技大学 | A kind of Android reinforces the reverse process method of plug-in unit |
| CN108229112A (en) * | 2016-12-22 | 2018-06-29 | 阿里巴巴集团控股有限公司 | A kind of operation method and device for protecting application program, application program |
| CN107122634B (en) * | 2017-04-26 | 2020-03-17 | 北京梆梆安全科技有限公司 | Reinforcement protection method and device for software installation package |
| CN107025390A (en) * | 2017-04-26 | 2017-08-08 | 北京洋浦伟业科技发展有限公司 | The reinforcement means and device of software installation bag |
| CN107122632A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The encryption method and device of software installation bag |
| CN107122634A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The method for reinforcing and protecting and device of software installation bag |
| WO2019223094A1 (en) * | 2018-05-22 | 2019-11-28 | 深圳壹账通智能科技有限公司 | Block chain-based file protection method, and terminal device |
| CN109033837A (en) * | 2018-07-24 | 2018-12-18 | 北京梆梆安全科技有限公司 | A kind of method and device of installation kit risk supervision |
| CN109255235A (en) * | 2018-09-17 | 2019-01-22 | 西安电子科技大学 | Mobile application third party library partition method based on User space sandbox |
| CN109492353B (en) * | 2018-10-11 | 2024-04-16 | 北京奇虎科技有限公司 | Application reinforcement method, device, electronic equipment and storage medium |
| CN109492353A (en) * | 2018-10-11 | 2019-03-19 | 北京奇虎科技有限公司 | Using reinforcement means, device, electronic equipment and storage medium |
| CN109558743A (en) * | 2018-11-27 | 2019-04-02 | 广州供电局有限公司 | Data guard method, device, computer equipment and the storage medium of mobile terminal |
| CN109814912A (en) * | 2018-12-15 | 2019-05-28 | 中国平安人寿保险股份有限公司 | Application program packaging method and system |
| TWI691858B (en) * | 2018-12-26 | 2020-04-21 | 技嘉科技股份有限公司 | Validating method of application, computer device and mainboard thereof |
| CN109960509A (en) * | 2019-03-06 | 2019-07-02 | 江苏通付盾信息安全技术有限公司 | Using the method, apparatus of reinforcing, calculate equipment and computer storage medium |
| WO2020177430A1 (en) * | 2019-03-06 | 2020-09-10 | 江苏通付盾信息安全技术有限公司 | Application hardening method, device, computing apparatus, and computer storage medium |
| CN110276174A (en) * | 2019-06-18 | 2019-09-24 | 福州数据技术研究院有限公司 | Dual system termi-nal based on Android prevents bis- packing operation methods of apk |
| CN110806860A (en) * | 2019-09-30 | 2020-02-18 | 奇安信科技集团股份有限公司 | Application packaging method and device and application running method and device in android environment |
| CN110806860B (en) * | 2019-09-30 | 2023-08-15 | 奇安信科技集团股份有限公司 | Application packaging method and device in android environment and application running method and device |
| CN110990056A (en) * | 2019-11-01 | 2020-04-10 | 北京三快在线科技有限公司 | Reverse analysis method, device, electronic equipment and storage medium |
| CN112257033A (en) * | 2020-10-14 | 2021-01-22 | 郑州阿帕斯数云信息科技有限公司 | Application packaging method, device and equipment |
| CN112347431A (en) * | 2020-10-31 | 2021-02-09 | 山东开创云计算有限公司 | Android application reinforcement protection method |
| CN112642157B (en) * | 2020-12-31 | 2023-04-28 | 广州华多网络科技有限公司 | Agent development control method and corresponding device, equipment and medium thereof |
| CN112642157A (en) * | 2020-12-31 | 2021-04-13 | 广州华多网络科技有限公司 | Agent development control method and corresponding device, equipment and medium |
| CN113238762A (en) * | 2021-05-10 | 2021-08-10 | 深圳前海微众银行股份有限公司 | Java application remote deployment method, device and equipment |
| CN113805882A (en) * | 2021-09-18 | 2021-12-17 | 上海波顿诺华智能科技有限公司 | Method and device for developing application program, electronic equipment and storage medium |
| CN113836499A (en) * | 2021-09-25 | 2021-12-24 | 上海蛮犀科技有限公司 | Reinforcing method for mobile application AAB file |
| CN113836499B (en) * | 2021-09-25 | 2024-10-11 | 上海蛮犀科技有限公司 | Reinforcing method for mobile application AAB file |
| CN116720212A (en) * | 2023-08-10 | 2023-09-08 | 上海观安信息技术股份有限公司 | File protection method and device, computer equipment and computer readable storage medium |
| CN116720212B (en) * | 2023-08-10 | 2023-11-17 | 上海观安信息技术股份有限公司 | File protection method and device, computer equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015192637A1 (en) | 2015-12-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104239757B (en) | Application program reversing-preventing method and device and operation method and terminal | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| CN106778103B (en) | Reinforcement method, system and decryption method for preventing reverse cracking of android application program | |
| CN104462959B (en) | A kind of method for reinforcing and protecting, server and the system of Android application | |
| CN104392181A (en) | SO file protection method and device and android installation package reinforcement method and system | |
| KR101518420B1 (en) | Apparatus and method for managing apk file in a android platform | |
| WO2015192637A1 (en) | Method and apparatus for reinforced protection of software installation package | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| CN106203006A (en) | Android application reinforcement means based on dex Yu so file Dynamic Execution | |
| CN104484585A (en) | Application program installation package processing method and device, and mobile apparatus | |
| Faruki et al. | Android code protection via obfuscation techniques: past, present and future directions | |
| KR20120032477A (en) | Interlocked binary protection using whitebox cryptography | |
| CN104463002A (en) | APK reinforcing method and device and APK reinforcing client and server | |
| CN104408337A (en) | Reinforcement method for preventing reverse of APK (Android package) file | |
| CN107430650B (en) | Securing computer programs against reverse engineering | |
| WO2015149214A1 (en) | Method, apparatus, and computer-readable medium for obfuscating execution of application on virtual machine | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| KR101695639B1 (en) | Method and system for providing application security service based on cloud | |
| CN105740703A (en) | Application reinforcement method and apparatus | |
| CN105608391A (en) | Multi-ELF (Executable and Linkable Format)-file protection method and system | |
| CN105760721B (en) | A kind of software reinforcement method and system | |
| Lim et al. | Structural analysis of packing schemes for extracting hidden codes in mobile malware | |
| Suk et al. | UnThemida: Commercial obfuscation technique analysis with a fully obfuscated program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220722 Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee after: 3600 Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230712 Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing Hongxiang Technical Service Co.,Ltd. Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee before: 3600 Technology Group Co.,Ltd. |
|
| CP03 | Change of name, title or address |
Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing 360 Zhiling Technology Co.,Ltd. Country or region after: China Address before: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee before: Beijing Hongxiang Technical Service Co.,Ltd. Country or region before: China |