CN104298932A - Method and device for calling SO file - Google Patents
Method and device for calling SO file Download PDFInfo
- Publication number
- CN104298932A CN104298932A CN201410582383.8A CN201410582383A CN104298932A CN 104298932 A CN104298932 A CN 104298932A CN 201410582383 A CN201410582383 A CN 201410582383A CN 104298932 A CN104298932 A CN 104298932A
- Authority
- CN
- China
- Prior art keywords
- file
- interface
- clean interface
- start address
- internal memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention provides a method and device for calling an SO file. The SO file is encrypted before an application program is packaged, the encrypted SO file is loaded into a memory to be decrypted when the application program is started, and an initial address of the decrypted SO file in the memory is obtained. When a call instruction of the application program is received, an interface name is extracted, and an agent interface corresponding to the interface name is determined; further, the agent interface is triggered to determine an initial address of an original interface in the memory by utilizing the initial address of the SO file and an offset address of the original interface, the original interface is called in the memory corresponding to the initial address, and a call result is obtained. According to the method and device for calling the SO file, the call instruction is received by utilizing the agent interface, the original interface is called from the memory, when a code of the agent interface is realized, a malicious analysis tool can not directly obtain a plain code of the original interface, and therefore the difficulty to decompile the SO file is increased, and the safety of the original interface is improved.
Description
Technical field
The present invention relates to software technology field, especially a kind of call method of SO file and device.
Background technology
In Android system, shared object (SO, Shared Object) Document encapsulation is generally used to perform the function of critical function.SO file is a dynamic link library, includes multiple function interface in this storehouse, realizes different functions respectively, such as, produces encryption key, performs transaction payment etc.When application program needs to use a certain function in SO file, then the function interface to correspondence sends call instruction.
At present, SO file is binary file expressly, and directly open the original text code can knowing SO file after being obtained by malice analysis tool, then inevitable each interface function also exposes as clear text file, and be easily tampered, security is lower.
Summary of the invention
In view of this, the invention provides a kind of call method and device of SO file, the technical matters that the security in order to solve function interface in SO file in prior art is lower.For realizing described object, technical scheme provided by the invention is as follows:
A call method for shared object SO file, comprising:
When application program launching, the SO files loading encrypted in advance is decrypted in internal memory, and the start address of SO file in internal memory after obtaining deciphering; Wherein, multiple clean interface is comprised in the described SO file encrypted in advance;
When receiving the call instruction of described application program, extracting the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determining the proxy interface that the described clean interface title extracted is corresponding;
Trigger described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory;
According to the start address of described clean interface in internal memory, call described clean interface, obtain and call result.
The call method of above-mentioned SO file, preferably, the cipher mode of the SO file of described encryption, comprising:
Determine the application file with described SO file with default call relation;
Obtain the cryptographic hash of described application file;
According to the cryptographic hash of described application file, described SO file is encrypted, obtains the SO file of encryption.
The call method of above-mentioned SO file, preferably, the cipher mode of the SO file of described encryption, comprising:
Be multiple file section by described SO Divide File;
Obtain each self-corresponding encryption key of each described file section;
Utilize each described encryption key respectively, each self-corresponding file section is encrypted, obtain the SO file of encryption.
The call method of above-mentioned SO file, preferably, described clean interface is the clean interface of encryption;
Wherein, describedly call described clean interface according to the start address of described clean interface in internal memory, obtain and call result, comprising:
According to the start address of described clean interface in internal memory, obtain the clean interface of encryption;
The clean interface of described encryption is decrypted, calls the clean interface after deciphering, obtain and call result.
The call method of above-mentioned SO file, preferably, the described proxy interface of described triggering is according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determine the start address of described clean interface in internal memory, comprising:
Trigger described proxy interface and the start address of SO file in internal memory after described deciphering is added the offset address of described clean interface relative to start address, obtain the start address of described clean interface in internal memory.
Present invention also provides a kind of calling device of shared object SO file, comprising:
Cryptograph files decryption unit, for when application program launching, is decrypted the SO files loading encrypted in advance in internal memory, and the start address of SO file in internal memory after obtaining deciphering;
Proxy interface determining unit, for when receiving the call instruction of described application program, extract the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determine the proxy interface that the described clean interface title extracted is corresponding;
Clean interface determining unit, for triggering described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory;
Clean interface performance element, for according to the start address of described clean interface in internal memory, calls described clean interface, obtains and calls result.
The calling device of above-mentioned SO file, preferably, encrypt the unit of described cryptograph files decryption unit deciphering SO file, comprising:
Calling program determination subelement, for determining the application file with described SO file with default call relation;
Program hash value obtains subelement, for obtaining the cryptographic hash of described application file;
Cryptographic hash encryption sub-unit operable, for the cryptographic hash according to described application file, is encrypted described SO file, obtains the SO file of encryption.
The calling device of above-mentioned SO file, preferably, encrypt the unit of described cryptograph files decryption unit deciphering SO file, comprising:
File section divides subelement, for being multiple file section by described SO Divide File;
File section key obtaining sub-unit, for obtaining each self-corresponding encryption key of each described file section;
File section encryption sub-unit operable, for utilizing each described encryption key respectively, is encrypted each self-corresponding file section, obtains the SO file of encryption.
The calling device of above-mentioned SO file, preferably, described clean interface is the clean interface of encryption; Wherein, described clean interface performance element comprises:
Encryption clean interface obtains subelement, for according to the start address of described clean interface in internal memory, obtains the clean interface of encryption;
Encryption clean interface deciphering subelement, for being decrypted the clean interface of described encryption, calling the clean interface after deciphering, obtaining and calling result.
The calling device of above-mentioned SO file, preferably, described clean interface determining unit comprises:
Clean interface determination subelement, adding the offset address of described clean interface relative to start address for triggering described proxy interface by the start address of SO file in internal memory after described deciphering, obtaining the start address of described clean interface in internal memory.
From above technical scheme, in the present invention, during application program launching, the SO files loading of encryption is decrypted in internal memory, and then the rear start address of SO file in internal memory of deciphering can be got.When receiving the call instruction of application program, extract the interface name in call instruction, and determine the proxy interface that this interface name is corresponding, and then, trigger the offset address that this proxy interface utilizes this start address and clean interface, determine the start address of clean interface in internal memory, in the internal memory that this start address is corresponding, call clean interface, obtain and call result.Visible, the call method of SO file provided by the invention, be not clean interface directly generate instruction call result, but utilize proxy interface to receive call instruction, in internal memory, complete calling clean interface.Therefore, malice analysis tool, when the codes implement of the proxy interface in the present invention, directly can not get the plaintext code of clean interface, improve the security of clean interface.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only embodiments of the invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to the accompanying drawing provided.
Fig. 1 is the code file of the embodiment of the present invention and the corresponding relation schematic diagram of original SO file;
The process flow diagram of the SO file call method that Fig. 2 provides for the embodiment of the present invention;
The codes implement exemplary plot of the source document that Fig. 3 provides for the embodiment of the present invention and shelf document;
A process flow diagram of the encryption SO file that Fig. 4 provides for the embodiment of the present invention;
Another process flow diagram of the encryption SO file that Fig. 5 provides for the embodiment of the present invention;
The structured flowchart of the SO file calling device that Fig. 6 provides for the embodiment of the present invention;
The structured flowchart of the ciphering unit of the encryption SO file that Fig. 7 provides for the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In the present invention, issue the SO file of encryption in advance, and, the code file realizing SO file call method is provided.This code file can think the SO shelf document of SO file, and the multiple function clean interfaces in corresponding SO file, are previously provided with proxy interface one to one in shelf document.As shown in Figure 1, in SO file, include N number of clean interface, accordingly, in SO shelf document, include N number of proxy interface and a data area, the clear text file of SO file that what data area stored is after deciphering.
Need explanation, proxy interface is identical with the interface message (interface name, interface parameters, interface rreturn value) of clean interface, like this, application program does not need to do corresponding improvement, when needs call certain clean interface, only need conventionally the same, send the call instruction comprising clean interface title and clean interface parameter, after the shelf document that this enforcement provides receives this call instruction, according to this call instruction, determine proxy interface, trigger agents interface calls clean interface in internal memory.Particularly:
With reference to Fig. 2, it illustrates the flow process of the call method of the SO file that the embodiment of the present invention provides, specifically comprise:
Step S101: when application program launching, is decrypted the SO files loading encrypted in advance in internal memory, and the start address of SO file in internal memory after obtaining deciphering.
Wherein, application program and the SO file of this step indication have call relation, and namely the realization of this some function of application program needs to call the interface function in SO file.The trigger action of user, after application program launching, is first decrypted the SO files loading after encryption, and then can obtains the start address of SO file in internal memory after deciphering in internal memory.
Step S102: when receiving the call instruction of described application program, extract the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determine the proxy interface that the described clean interface title extracted is corresponding.
When user use in this application program need the function calling SO file time, can trigger this application program and generate call instruction, and this call instruction can be sent to the execution module of this method by application program.Need to illustrate, include multiple original function interface in SO file, each function interface realizes different functions, independently can be employed routine call.The interface name of the original function interface called at SO file needs is included in the call instruction that application program generates.
Multiple proxy interface is provided with in the module that this method is corresponding and SO shelf document module, after SO shelf document receives this call instruction, extract the interface name in this call instruction, this interface name is the title of clean interface, can determine corresponding proxy interface according to this clean interface title.Interface name can use identical title with proxy interface, utilizes title to find proxy interface.
Step S103: trigger described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory.
Wherein, SO shelf document trigger agents interface performs this step method.Particularly, the start address of SO file in internal memory after the deciphering that proxy interface foundation step S101 extracts, and each clean interface preserved in advance is relative to the offset address of start address, directly can obtain the start address of clean interface in internal memory, thus find real clean interface.
Particularly, when deciphering SO file, first obtain the start address of SO file in internal memory after deciphering, this start address is the start address of whole SO file, this start address is kept in the linked list head of chained list., each clean interface in this SO file is kept in the follow-up chained list node of this chained list relative to the offset address of start address meanwhile, needs to illustrate, in chained list node, need the title storing clean interface simultaneously.That is, clean interface and this clean interface offset address relative to start address is stored in each follow-up chained list node.And then, when performing the call method of SO file, first proxy interface finds the start address of the rear SO file of deciphering in the gauge outfit node of chained list, simultaneously, find the chained list node at clean interface place, extract the offset address of this clean interface at this chained list node.
Step S104: according to the start address of described clean interface in internal memory, call described clean interface, obtains and calls result.
The plaintext code of clean interface is stored in the region of memory that this start address starts, and the one section of region of memory started in this internal memory start address reads this code segment.Need to illustrate, clean interface is function, and each function has respective end mark.Therefore, after only start address need being found, namely may be read into complete clean interface.After getting the code segment of clean interface, call the code segment of this clean interface, namely perform this clean interface function performance, thus result is called in acquisition.
Clean interface is different, and its concrete function realized also is not quite similar, and the result of calling of generation is also not quite similar.Further, some clean interface may use interface parameters, when application call uses the clean interface of interface parameters, can comprise corresponding interface parameters in the call instruction sent.And then, this method to the invoked procedure of clean interface can be: when including interface parameters in call instruction, extract the interface parameters in call instruction, import this interface parameters into clean interface, utilize described interface parameters to generate to make clean interface and call result.Certainly, when not including interface parameters in call instruction, directly performing clean interface, generating and calling result.
Need to illustrate, the proxy interface in triggered step S102 can perform step S104, namely proxy interface calls clean interface, obtains and calls result.
In the present embodiment, by the SO files loading after deciphering in internal memory, be not stored on disk, therefore, malice routine analyzer directly can not obtain the SO file after deciphering from disk, improves the security of SO file.
Meanwhile, in the present embodiment, achieve the agency to clean interface, conceal the plaintext code of function interface in SO file.Particularly, the code file of the present embodiment can think the shelf document of SO file, and the SO file that malice analysis tool finds is the SO file after encryption, cannot analyze SO file.Although SO shelf document unencryption, analyzing what get to this SO shelf document is the plaintext code of proxy interface, as can be seen from the implementation of the call method that embodiment provides, the invoked procedure that what the plaintext code of proxy interface realized is to clean interface, the clear text file of clean interface can not be found in proxy interface, the clear text file of clean interface generates in call method implementation, therefore, the code file of the call method that the present embodiment provides conceals the clear text file of clean interface, achieve the code protection to clean interface in SO file.
Below in conjunction with instantiation, original SO file and shell SO file are described.Such as, as shown in Figure 3, include the clean interface that a name is called java_com_helloworld in the SO file of helloworld.so by name, its codes implement as shown in the figure.To should SO file, the code file of the call method that above-described embodiment provides be helloworld.so shelf document, and as shown in the figure, what shelf document realized is the call method that above-described embodiment provides to the specific code of this shelf document.Particularly:
jint?JNI_Onload(JavaVM*vm,void*reserved){
handle=decode(“encode.so”);
}
This section of codes implement, when application program launching, is decrypted the SO files loading after encryption in internal memory; SO document memory start address after deciphering is kept in parameter handle.
This section of codes implement, utilizes the start address of SO file and the java_com_helloworld interface name extracted to obtain the start address of interface.Need to illustrate, the offset address of the clean interface utilizing interface name corresponding has generated when deciphering SO file and has preserved, and utilizes interface name can get the offset address of the corresponding clean interface of this interface name, and then obtains the start address of clean interface.The start address of clean interface is kept in parameter f unc, utilizes interface parameters env and clazz to call this java_com_helloworld interface, return and call result.
Certainly, above-mentioned code segment is an example of shelf document, as long as the shelf document that can realize the call method that above-described embodiment provides is all in protection scope of the present invention.
As can be seen from above-mentioned example, even if malice analysis tool gets shell code file, it also only can be analyzed and obtain above-mentioned implementation procedure, and can not obtain SO file expressly, therefore, shelf document achieves the protection to original SO file.
In said method embodiment, the SO file of issue is the file encrypted in advance.Alternatively, as shown in Figure 4, the specific implementation process of encrypting SO file can be:
Step S201: determine the application file with described SO file with default call relation.
In Android system, in multiple application programs of installation, the functional realiey of some application program calls SO file, therefore, according to the calling logic defined during application development, determines the application file needing to call SO file.
Step S202: the cryptographic hash obtaining described application file.
Calculate the cryptographic hash of the application source code file determined, this cryptographic hash has uniqueness, that is, and the cryptographic hash that an application file is corresponding unique.
Step S203: according to the cryptographic hash of described application file, is encrypted described SO file, obtains the SO file of encryption.
Wherein, the cryptographic hash of application file is as the key in ciphering process, and cryptographic algorithm can be 3DES (triple data encryption) algorithm.3DES algorithm, or be called Triple DES algorithm, be that three DES symmetric encipherment algorithms are carried out to each data block.Certainly, the present invention is not limited to 3DES algorithm, can also be any one cryptographic algorithm in prior art.
Above-mentioned implementation procedure, during to SO file encryption, use the cryptographic hash calling the application program of SO file as encryption key, because the cryptographic hash of application program has uniqueness, therefore, application program associates with SO file by the mode of this encryption SO file, prevents malicious application the calling SO file of forging.
Alternatively, as shown in Figure 5, the specific implementation process of encrypting SO file can also be:
Step S301: be multiple file section by described SO Divide File.
Wherein, SO file is whole codes implement source file, can be multiple file section by this whole Divide File.Alternatively, the mode of division can be according to size of code, can also be according to different function interfaces.One, when utilizing size of code to divide code file section, can be the equal portions being divided into predetermined number, such as, the code file of 1M is divided into 10 equal portions, the size of code in the file section of each equal portions be 1K, can also be random division.Its two, when utilizing function interface to divide, be will realize the function interface of difference in functionality in SO file as different file sections, such as, comprise 5 function interfaces in SO file, using the codes implement of 5 function interfaces as file section, be then divided into 5 file sections.
Step S302: obtain each self-corresponding encryption key of each described file section.
Need to illustrate, the Crypted password that each file section is corresponding respective, preferably, the encryption key of each file section is different.Wherein, encryption key can be the fixed value pre-set, and also can generate according to SO file section.Particularly, the mode of the encryption key utilizing SO file section to generate can be, all code segments is regarded as a closed loop, and the key of previous code segment is the cryptographic hash of a rear code segment.
Step S303: utilize each described encryption key respectively, is encrypted each self-corresponding file section, obtains the SO file of encryption.
Adopt predetermined encryption algorithm, utilize respective encryption key to be encrypted respectively each code segment.Wherein, cryptographic algorithm can be any one cryptographic algorithm in prior art, and the present invention does not limit.
Above-mentioned implementation procedure, SO file is sectional encryption, and each file section uses respective key, improves the security of SO file encryption.
SO file after encryption, utilizes binary mode to preserve.Particularly, the SO file after encryption is kept in binary overall array, and this overall array is in the header file of SO shelf document.When realizing the step S101 of SO file call method provided by the invention, array overall in header file is loaded in internal memory, so decipher this overall array namely encrypt after SO file.SO file after deciphering is kept at the data area of the SO shelf document shown in Fig. 1.
Particularly, step S103 in said method embodiment triggers described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determine that the implementation procedure of the start address of described clean interface in internal memory can be:
Trigger described proxy interface and the start address of SO file in internal memory after described deciphering is added the offset address of described clean interface relative to start address, obtain the start address of described clean interface in internal memory.
Below the calling device of shared object (SO, Shared Object) file is introduced.Need to illustrate, the explanation of the calling device of SO file be can refer to the explanation of the call method of SO file provided above, hereafter do not repeat.
Please refer to Fig. 6, it illustrates the shared object (SO that the embodiment of the present invention provides, Shared Object) structure of calling device of file, the application multiple proxy interface pre-set as shown in Figure 1, each described proxy interface and the clean interface one_to_one corresponding in the SO file encrypted in advance, this device specifically comprises: cryptograph files decryption unit 100, proxy interface determining unit 200, clean interface determining unit 300 and clean interface performance element 400.Wherein:
Cryptograph files decryption unit 100, for when application program launching, is decrypted the SO files loading encrypted in advance in internal memory, and the start address of SO file in internal memory after obtaining deciphering;
Proxy interface determining unit 200, for when receiving the call instruction of described application program, extract the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determine the proxy interface that the described clean interface title extracted is corresponding;
Clean interface determining unit 300, for triggering described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory;
Clean interface performance element 400, for according to the start address of described clean interface in internal memory, calls described clean interface, obtains and calls result.
In the present embodiment, the SO files loading after deciphering in internal memory, is not stored on disk by cryptograph files decryption unit 100, and therefore, malice routine analyzer directly can not obtain the SO file after deciphering from disk, improves the security of SO file.
Meanwhile, in the present embodiment, achieve the agency to clean interface, conceal the plaintext code of function interface in SO file.Particularly, the code file that the present embodiment performs can think the shelf document of SO file, and the SO file that malice analysis tool finds is the SO file after encryption, cannot analyze SO file.Although SO shelf document unencryption; analyzing what get to this SO shelf document is the plaintext code of proxy interface; as can be seen from the implementation of the call method that embodiment provides; the invoked procedure that what the plaintext code of proxy interface realized is to clean interface; the clear text file of clean interface can not be found in proxy interface; the clear text file of clean interface generates in call method implementation; therefore; the code file that the present embodiment performs conceals the clear text file of clean interface, achieves the code protection to clean interface in SO file.
Need to illustrate, what said apparatus performed is the invoked procedure of SO file, and cryptograph files decryption unit 100 needs the SO file to encrypting in advance to be decrypted.Ciphering unit is included, for encrypting the SO file of described cryptograph files decryption unit deciphering in said apparatus.Alternatively, as shown in Figure 7, this ciphering unit comprises:
Calling program determination subelement 001, for determining the application file with described SO file with default call relation;
Program hash value obtains subelement 002, for obtaining the cryptographic hash of described application file;
Cryptographic hash encryption sub-unit operable 003, for the cryptographic hash according to described application file, is encrypted described SO file, obtains the SO file of encryption.
Alternatively, clean interface is the clean interface of encryption, and therefore, this ciphering unit can also comprise:
Encryption clean interface obtains subelement, for according to the start address of described clean interface in internal memory, obtains the clean interface of encryption;
Encryption clean interface deciphering subelement, for being decrypted the clean interface of described encryption, calling the clean interface after deciphering, obtaining and calling result.
Alternatively, described clean interface determining unit 300 comprises:
Clean interface determination subelement, adding the offset address of described clean interface relative to start address for triggering described proxy interface by the start address of SO file in internal memory after described deciphering, obtaining the start address of described clean interface in internal memory.
It should be noted that, each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operational zone, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising above-mentioned key element and also there is other identical element.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the present invention.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a call method for shared object SO file, is characterized in that, comprising:
When application program launching, the SO files loading encrypted in advance is decrypted in internal memory, and the start address of SO file in internal memory after obtaining deciphering; Wherein, multiple clean interface is comprised in the described SO file encrypted in advance;
When receiving the call instruction of described application program, extracting the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determining the proxy interface that the described clean interface title extracted is corresponding;
Trigger described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory;
According to the start address of described clean interface in internal memory, call described clean interface, obtain and call result.
2. the call method of SO file according to claim 1, is characterized in that, the cipher mode of the SO file of described encryption, comprising:
Determine the application file with described SO file with default call relation;
Obtain the cryptographic hash of described application file;
According to the cryptographic hash of described application file, described SO file is encrypted, obtains the SO file of encryption.
3. the call method of SO file according to claim 1, is characterized in that, the cipher mode of the SO file of described encryption, comprising:
Be multiple file section by described SO Divide File;
Obtain each self-corresponding encryption key of each described file section;
Utilize each described encryption key respectively, each self-corresponding file section is encrypted, obtain the SO file of encryption.
4. the call method of SO file according to claim 1, is characterized in that, described clean interface is the clean interface of encryption;
Wherein, describedly call described clean interface according to the start address of described clean interface in internal memory, obtain and call result, comprising:
According to the start address of described clean interface in internal memory, obtain the clean interface of encryption;
The clean interface of described encryption is decrypted, calls the clean interface after deciphering, obtain and call result.
5. the call method of SO file according to claim 1, it is characterized in that, the described proxy interface of described triggering is according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determine the start address of described clean interface in internal memory, comprising:
Trigger described proxy interface and the start address of SO file in internal memory after described deciphering is added the offset address of described clean interface relative to start address, obtain the start address of described clean interface in internal memory.
6. a calling device for shared object SO file, is characterized in that, comprising:
Cryptograph files decryption unit, for when application program launching, is decrypted the SO files loading encrypted in advance in internal memory, and the start address of SO file in internal memory after obtaining deciphering;
Proxy interface determining unit, for when receiving the call instruction of described application program, extract the clean interface title in described call instruction, and according to the default corresponding relation between proxy interface and clean interface, determine the proxy interface that the described clean interface title extracted is corresponding;
Clean interface determining unit, for triggering described proxy interface according to the start address of SO file in internal memory after described deciphering, and clean interface is relative to the offset address of start address, determines the start address of described clean interface in internal memory;
Clean interface performance element, for according to the start address of described clean interface in internal memory, calls described clean interface, obtains and calls result.
7. the calling device of SO file according to claim 6, is characterized in that, encrypts the unit of described cryptograph files decryption unit deciphering SO file, comprising:
Calling program determination subelement, for determining the application file with described SO file with default call relation;
Program hash value obtains subelement, for obtaining the cryptographic hash of described application file;
Cryptographic hash encryption sub-unit operable, for the cryptographic hash according to described application file, is encrypted described SO file, obtains the SO file of encryption.
8. the calling device of SO file according to claim 6, is characterized in that, encrypts the unit of described cryptograph files decryption unit deciphering SO file, comprising:
File section divides subelement, for being multiple file section by described SO Divide File;
File section key obtaining sub-unit, for obtaining each self-corresponding encryption key of each described file section;
File section encryption sub-unit operable, for utilizing each described encryption key respectively, is encrypted each self-corresponding file section, obtains the SO file of encryption.
9. the calling device of SO file according to claim 6, is characterized in that, described clean interface is the clean interface of encryption; Wherein, described clean interface performance element comprises:
Encryption clean interface obtains subelement, for according to the start address of described clean interface in internal memory, obtains the clean interface of encryption;
Encryption clean interface deciphering subelement, for being decrypted the clean interface of described encryption, calling the clean interface after deciphering, obtaining and calling result.
10. the calling device of SO file according to claim 6, is characterized in that, described clean interface determining unit comprises:
Clean interface determination subelement, adding the offset address of described clean interface relative to start address for triggering described proxy interface by the start address of SO file in internal memory after described deciphering, obtaining the start address of described clean interface in internal memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410582383.8A CN104298932B (en) | 2014-10-27 | 2014-10-27 | A kind of call method and device of SO files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410582383.8A CN104298932B (en) | 2014-10-27 | 2014-10-27 | A kind of call method and device of SO files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104298932A true CN104298932A (en) | 2015-01-21 |
| CN104298932B CN104298932B (en) | 2017-12-12 |
Family
ID=52318654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410582383.8A Active CN104298932B (en) | 2014-10-27 | 2014-10-27 | A kind of call method and device of SO files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104298932B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105867973A (en) * | 2016-03-30 | 2016-08-17 | 乐视控股(北京)有限公司 | Loading method and system for so file in application program |
| CN106355049A (en) * | 2016-08-19 | 2017-01-25 | 北京奇虎科技有限公司 | Method and device for reinforcing dynamic linking library SO file of Android installation package |
| CN106650327A (en) * | 2016-11-24 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | so file dynamic recovery-based Android application reinforcement method |
| CN106681782A (en) * | 2016-12-09 | 2017-05-17 | 北京奇虎科技有限公司 | Method and device for compiling dynamic linking library SO file of Android installation package |
| CN106874715A (en) * | 2016-12-30 | 2017-06-20 | 上海掌门科技有限公司 | Encryption method and system that a kind of anti-reversing is cracked |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| CN107292132A (en) * | 2016-03-30 | 2017-10-24 | 北京娜迦信息科技发展有限公司 | Loading method and device for the shared object file of Android system |
| CN107391973A (en) * | 2017-07-17 | 2017-11-24 | 北京深思数盾科技股份有限公司 | A kind of function guard method and device |
| CN108304158A (en) * | 2016-08-24 | 2018-07-20 | 北京花甲科技有限公司 | A kind of Proxy Method and equipment of dynamic base |
| CN108572853A (en) * | 2018-04-24 | 2018-09-25 | 北京奇虎科技有限公司 | Interface provision method, device and the computing device of system hidden method |
| CN109144676A (en) * | 2017-06-15 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of self-starting detection method, device and the server of application program |
| CN110502874A (en) * | 2019-07-19 | 2019-11-26 | 西安理工大学 | A kind of Android App reinforcement means based on file self-modifying |
| CN110795200A (en) * | 2018-08-01 | 2020-02-14 | 北京钛云物联科技有限公司 | Device suitable for Java running environment and implementation method thereof |
| CN113010855A (en) * | 2019-12-18 | 2021-06-22 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| WO2023024035A1 (en) * | 2021-08-26 | 2023-03-02 | 阿波罗智联(北京)科技有限公司 | Request processing method and apparatus, electronic device, and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101382953A (en) * | 2008-09-19 | 2009-03-11 | 中兴通讯股份有限公司 | Interface system for accessing file system in user space and file reading and writing method |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN103077333A (en) * | 2013-01-22 | 2013-05-01 | 北京理工大学 | Software code protection method under Linux system |
-
2014
- 2014-10-27 CN CN201410582383.8A patent/CN104298932B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101382953A (en) * | 2008-09-19 | 2009-03-11 | 中兴通讯股份有限公司 | Interface system for accessing file system in user space and file reading and writing method |
| CN101908119A (en) * | 2010-08-12 | 2010-12-08 | 浙江中控软件技术有限公司 | Method and device for processing dynamic link library (DLL) file |
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN103077333A (en) * | 2013-01-22 | 2013-05-01 | 北京理工大学 | Software code protection method under Linux system |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292132A (en) * | 2016-03-30 | 2017-10-24 | 北京娜迦信息科技发展有限公司 | Loading method and device for the shared object file of Android system |
| CN107292132B (en) * | 2016-03-30 | 2023-03-14 | 北京娜迦信息科技发展有限公司 | Method and device for loading shared object file for android system |
| CN105867973A (en) * | 2016-03-30 | 2016-08-17 | 乐视控股(北京)有限公司 | Loading method and system for so file in application program |
| CN106355049A (en) * | 2016-08-19 | 2017-01-25 | 北京奇虎科技有限公司 | Method and device for reinforcing dynamic linking library SO file of Android installation package |
| CN106355049B (en) * | 2016-08-19 | 2020-02-11 | 北京奇虎科技有限公司 | Method and device for reinforcing SO file of dynamic link library of android installation package |
| CN108304158A (en) * | 2016-08-24 | 2018-07-20 | 北京花甲科技有限公司 | A kind of Proxy Method and equipment of dynamic base |
| CN108304158B (en) * | 2016-08-24 | 2021-12-10 | 北京顶象技术有限公司 | Dynamic library proxy method and device |
| CN106650327A (en) * | 2016-11-24 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | so file dynamic recovery-based Android application reinforcement method |
| CN106681782B (en) * | 2016-12-09 | 2019-12-24 | 北京奇虎科技有限公司 | Method and device for compiling dynamic link library SO file of android installation package |
| CN106681782A (en) * | 2016-12-09 | 2017-05-17 | 北京奇虎科技有限公司 | Method and device for compiling dynamic linking library SO file of Android installation package |
| CN106874715A (en) * | 2016-12-30 | 2017-06-20 | 上海掌门科技有限公司 | Encryption method and system that a kind of anti-reversing is cracked |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| CN109144676A (en) * | 2017-06-15 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of self-starting detection method, device and the server of application program |
| CN107391973A (en) * | 2017-07-17 | 2017-11-24 | 北京深思数盾科技股份有限公司 | A kind of function guard method and device |
| CN108572853A (en) * | 2018-04-24 | 2018-09-25 | 北京奇虎科技有限公司 | Interface provision method, device and the computing device of system hidden method |
| CN110795200A (en) * | 2018-08-01 | 2020-02-14 | 北京钛云物联科技有限公司 | Device suitable for Java running environment and implementation method thereof |
| CN110502874A (en) * | 2019-07-19 | 2019-11-26 | 西安理工大学 | A kind of Android App reinforcement means based on file self-modifying |
| CN110502874B (en) * | 2019-07-19 | 2021-05-25 | 西安理工大学 | Android App reinforcement method based on file self-modification |
| CN113010855A (en) * | 2019-12-18 | 2021-06-22 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| CN113010855B (en) * | 2019-12-18 | 2022-05-10 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device and medium for acquiring data and computer equipment |
| WO2023024035A1 (en) * | 2021-08-26 | 2023-03-02 | 阿波罗智联(北京)科技有限公司 | Request processing method and apparatus, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104298932B (en) | 2017-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104298932A (en) | Method and device for calling SO file | |
| JP5996809B2 (en) | Code obfuscation device and method | |
| US8478980B2 (en) | System and method for defining programmable processing steps applied when protecting the data | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| AU2018200866A1 (en) | POS System with white box encryption key sharing | |
| CN101957903A (en) | Method and device for protecting class files | |
| CN106372497B (en) | Application programming interface API protection method and protection device | |
| Li et al. | CipherXRay: Exposing cryptographic operations and transient secrets from monitored binary execution | |
| CN111656345A (en) | Software module enabling encryption in container files | |
| CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
| CN104200137A (en) | Method for guaranteeing self-security of JAVA program | |
| JP2019096299A (en) | Device and method for providing security for common intermediate language, and device and method for executing security | |
| CN107257282A (en) | A kind of full bag encryption method of code based on RC4 algorithms | |
| KR101749209B1 (en) | Method and apparatus for hiding information of application, and method and apparatus for executing application | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium | |
| CN109784072B (en) | Security file management method and system | |
| US20170134379A1 (en) | Method for securing an application and data | |
| CN106845169B (en) | Jar package reinforcing method and system | |
| KR102177920B1 (en) | Apparatus and method for packing original source code | |
| CN104392153A (en) | Software protection method and system | |
| Kumbhar et al. | Hybrid Encryption for Securing SharedPreferences of Android Applications | |
| CN110780884B (en) | Information processing method, device and equipment | |
| WO2021117524A1 (en) | Executable file generating device, method, and program, and non-transitory storage medium having program recorded thereon | |
| KR102326100B1 (en) | System and method for creating secure Android apps and installing/running apps on the Android platform | |
| Gan et al. | Using virtual machine protections to enhance whitebox cryptography |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |