CN104462959A - Reinforcement protection method, sever and system for android app - Google Patents

Reinforcement protection method, sever and system for android app Download PDF

Info

Publication number
CN104462959A
CN104462959A CN201410734372.7A CN201410734372A CN104462959A CN 104462959 A CN104462959 A CN 104462959A CN 201410734372 A CN201410734372 A CN 201410734372A CN 104462959 A CN104462959 A CN 104462959A
Authority
CN
China
Prior art keywords
apk
encryption
strategy
decryption
protected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410734372.7A
Other languages
Chinese (zh)
Other versions
CN104462959B (en
Inventor
李伟
董清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410734372.7A priority Critical patent/CN104462959B/en
Publication of CN104462959A publication Critical patent/CN104462959A/en
Application granted granted Critical
Publication of CN104462959B publication Critical patent/CN104462959B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种安卓应用的加固保护方法、服务器和系统,该方法包括:获取安卓应用的原始安卓安装包APK;反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK。本发明提供的技术方案实现了对受保护方法的动态加解密,使内存中任意时刻都不存在完整的dex映像,从而防止通过内存Dump的方式获取完整的dex文件,从而大大降低安卓应用被逆向分析,进而重打包再次分发的可能。

The invention discloses a reinforcement protection method, a server and a system for an Android application. The method includes: obtaining the original Android installation package APK of the Android application; decompiling the original APK, extracting the protected method code from it, and extracting The position is filled with nop; the extracted protected method code is encrypted according to the specified encryption and decryption strategy to generate a hardened configuration file; the specified encryption and decryption strategy, the hardened configuration file and the hardened protection program are added to the decompiled In the APK, compile and generate the reinforced APK of the Android application. The technical solution provided by the present invention realizes the dynamic encryption and decryption of the protected method, so that there is no complete dex image in the memory at any time, thereby preventing the complete dex file from being obtained through the memory dump, thereby greatly reducing the reverse engineering of Android applications Analysis, and then the possibility of repackaging and redistribution.

Description

一种安卓应用的加固保护方法、服务器和系统A reinforcement protection method, server and system for Android applications

技术领域technical field

本发明涉及数据安全领域,具体涉及一种安卓应用的加固保护方法、服务器和系统。The invention relates to the field of data security, in particular to a reinforcement protection method, server and system for Android applications.

背景技术Background technique

安卓系统的快速发展以及设备的高速增长,产生了大量的第三方应用程序,与其他操作系统相比,安卓系统的开源性为应用开发者提供了更多的功能接口,这些功能接口在提高了系统的可扩展性的同时也为恶意软件提供了便利,非法拷贝、逆向工程、反编译、调试、破解、二次打包、内存截取等手段不断威胁着安卓系统的安全,不仅危害了使用者,也给正常应用开发者造成严重的损害。The rapid development of the Android system and the rapid growth of devices have produced a large number of third-party applications. Compared with other operating systems, the open source of the Android system provides application developers with more functional interfaces. These functional interfaces are improving The scalability of the system also provides convenience for malicious software. Illegal copying, reverse engineering, decompilation, debugging, cracking, secondary packaging, memory interception and other methods continue to threaten the security of the Android system, not only endangering users, but also It also causes serious damage to normal application developers.

现有的安卓软件安装包的加固方案主要分为三种:第一种是对整个dex文件进行完整的加密;第二种是运行时对dex文件做字节码变形,防止直接Dump完整的dex,现有方式不能很好的自定义,该方案需要做字节码变形的函数;第三种是将前两种方案混合使用。但由于上述方案在APK运行的某一时间内内存中存在完整的dex映像,受保护的dex可以通过内存Dump的方式被完整的还原出来,导致现有方案始终无法完全解决安卓安装包面临的安全问题,人们也一直在寻求更有效的解决方案。The existing reinforcement schemes for the Android software installation package are mainly divided into three types: the first is to completely encrypt the entire dex file; the second is to deform the bytecode of the dex file during runtime to prevent direct Dump of the complete dex , the existing methods cannot be well customized, and this solution needs to perform bytecode transformation functions; the third method is to use the first two solutions in combination. However, because the above solution has a complete dex image in the memory for a certain period of time when the APK is running, the protected dex can be completely restored by means of a memory dump. As a result, the existing solution cannot completely solve the security problems faced by the Android installation package. problems, and people are always looking for more effective solutions.

发明内容Contents of the invention

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的一种安卓应用的加固保护方法、服务器和系统。。In view of the above problems, the present invention is proposed to provide an Android application reinforcement protection method, server and system that overcome the above problems or at least partially solve the above problems. .

依据本发明的一个方面,提供了一种安卓应用的加固保护方法,该方法包括:According to one aspect of the present invention, a method for strengthening and protecting an Android application is provided, the method comprising:

获取安卓应用的原始安卓安装包APK;Obtain the original Android installation package APK of the Android application;

反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop;

根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;Encrypt the extracted protected method code according to the specified encryption and decryption strategy to generate a hardened configuration file;

将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding the specified encryption and decryption strategy, the hardened configuration file and the hardened protection program to the decompiled APK, compiling and generating the hardened APK of the Android application;

其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy.

可选地,所述原始APK中通过注解来标识受保护的方法代码;Optionally, the protected method code is identified by annotation in the original APK;

所述反编译所述原始APK,从中提取出受保护的方法代码包括:反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling the original APK, and extracting the protected method code therefrom includes: decompiling the original APK, and extracting the protected method code therefrom according to the method annotation therein.

可选地,所述指定加解密策略包括如下中的一种或多种:Optionally, the specified encryption and decryption strategy includes one or more of the following:

反调试策略;Anti-debugging strategy;

反Dump策略;Anti-Dump strategy;

反重打包策略;Anti-repackaging strategy;

字符串加解密策略。String encryption and decryption strategy.

可选地,将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中包括:Optionally, adding the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK includes:

将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。Write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK.

可选地,所述受保护的方法代码为所述安卓应用的原始APK中的dex文件中的核心内容。Optionally, the protected method code is the core content in the dex file in the original APK of the Android application.

可选地,所述获取安卓应用的原始安卓安装包APK包括:接收用户通过加固保护客户端上传的安卓应用的原始APK;Optionally, the obtaining the original Android installation package APK of the Android application includes: receiving the original APK of the Android application uploaded by the user through the reinforcement protection client;

该方法进一步包括:提供下载加固APK的接口,使得用户能够利用所述加固保护客户端通过所述接口下载加固APK。The method further includes: providing an interface for downloading the hardened APK, so that the user can use the hardened protection client to download the hardened APK through the interface.

可选地,该方法进一步包括:Optionally, the method further includes:

接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并以此确定所述指定加解密策略。The encryption and decryption strategy selection instruction, encryption password and decryption password uploaded by the user through the reinforcement protection client are received, and the specified encryption and decryption strategy is determined accordingly.

可选地,该方法进一步包括:Optionally, the method further includes:

接收用户通过加固保护客户端上传的身份标识,并利用该身份标识对所述加固APK进行签名。Receive the identity uploaded by the user through hardening and protecting the client, and use the identity to sign the reinforced APK.

可选地,该方法进一步包括:Optionally, the method further includes:

对加固APK进行自动安装测试。Perform automatic installation tests on hardened APKs.

依据本发明的另一个方面,提供了一种安卓应用的加固保护服务器,该服务器包括:According to another aspect of the present invention, a reinforcement protection server for Android applications is provided, the server includes:

获取单元,适于获取安卓应用的原始安卓安装包APK;An acquisition unit, adapted to acquire the original Android installation package APK of the Android application;

反编译提取单元,适于反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;The decompilation extraction unit is adapted to decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop;

加密单元,适于根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;An encryption unit is adapted to encrypt the extracted protected method code according to a specified encryption and decryption strategy to generate a hardened configuration file;

添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding a compilation unit, suitable for adding the specified encryption and decryption strategy, the reinforcement configuration file and the reinforcement protection program to the decompiled APK, compiling and generating the reinforcement APK of the Android application;

其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy.

可选地,所述获取单元获取的所述原始APK中通过注解来标识受保护的方法代码;Optionally, the protected method code is identified through annotations in the original APK obtained by the obtaining unit;

所述反编译提取单元,适于反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling and extracting unit is adapted to decompile the original APK, and extract protected method codes therefrom according to method annotations therein.

可选地,所述加密单元适于根据以下一种或多种策略对提取出的受护保的方法代码进行加密处理:Optionally, the encryption unit is adapted to encrypt the extracted protected method code according to one or more of the following strategies:

反调试策略;Anti-debugging strategy;

反Dump策略;Anti-Dump strategy;

反重打包策略;Anti-repackaging strategy;

字符串加解密策略。String encryption and decryption strategy.

可选地,所述添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。Optionally, the adding and compiling unit is adapted to write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK.

可选地,所述反编译提取单元,适于反编译所述原始APK后提取其中的dex文件中的核心内容。Optionally, the decompiling and extracting unit is adapted to decompile the original APK and then extract the core content in the dex file therein.

可选地,所述获取单元,适于接收用户通过加固保护客户端上传的安卓应用的原始APK。Optionally, the obtaining unit is adapted to receive the original APK of the Android application uploaded by the user through the reinforcement protection client.

所述服务器进一步包括:下载单元,适于提供下载加固APK的接口,使得用户能够利用所述加固保护客户端通过该接口下载加固APK。The server further includes: a download unit adapted to provide an interface for downloading the hardened APK, so that the user can use the hardened protection client to download the hardened APK through the interface.

可选地,所述获取单元,进一步适于接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并发送给加密单元;Optionally, the acquisition unit is further adapted to receive the encryption and decryption policy selection instruction, encryption password and decryption password uploaded by the user through the hardening and protection client, and send them to the encryption unit;

所述加密单元,适于根据所述加解密策略选择指令、加密密码和解密密码,确定所述指定加解密策略。The encryption unit is adapted to determine the designated encryption and decryption strategy according to the encryption and decryption strategy selection instruction, encryption password and decryption password.

可选地,所述获取单元,进一步适于接收用户通过加固保护客户端上传的身份标识;Optionally, the obtaining unit is further adapted to receive the identity uploaded by the user through the reinforcement protection client;

所述服务器进一步包括:签名单元,适于利用所述身份标识对所述加固APK进行签名。The server further includes: a signing unit adapted to use the identity to sign the reinforced APK.

可选地,该服务器进一步包括:Optionally, the server further includes:

测试单元,适于对加固APK进行自动安装测试。A test unit suitable for automatic installation testing of hardened APKs.

依据本发明的有一个方面,提供了一种安卓应用的加固保护系统,包括:加固保护客户端和如上任一项所述的加固保护服务器。According to one aspect of the present invention, a hardening protection system for Android applications is provided, including: a hardening protection client and the hardening protection server described in any one of the above items.

由上述可知,本发明提供的技术方案将加解密策略、加固保护程序以及受保护的方法代码进行加密后得到的加固配置文件添加到反编译后的APK中,生成安卓应用的加固APK,由于加固保护程序动态地在受保护方法被调用时对其进行解码,而在受保护方法调用结束后对其进行加密,实现了对受保护方法的动态加解密,使内存中任意时刻都不存在完整的dex映像,从而防止通过内存Dump的方式获取完整的dex文件,从而大大降低安卓应用被逆向分析,进而重打包再次分发的可能。As can be seen from the above, the technical solution provided by the present invention adds the encryption and decryption strategy, the reinforcement protection program and the protected method code to the encrypted reinforcement configuration file into the decompiled APK to generate the reinforcement APK of the Android application. The protection program dynamically decodes the protected method when it is called, and encrypts it after the protected method is called, realizing the dynamic encryption and decryption of the protected method, so that there is no complete memory at any time dex image, so as to prevent the complete dex file from being obtained through memory dump, thereby greatly reducing the possibility of Android applications being reversed and repackaged and redistributed.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

图1示出了根据本发明一个实施例的一种安卓应用的加固保护方法的流程图;Fig. 1 shows a flow chart of a method for strengthening and protecting an Android application according to an embodiment of the present invention;

图2示出了根据本发明另一个实施例的一种安卓应用的加固保护方法的流程图;FIG. 2 shows a flowchart of a method for strengthening and protecting an Android application according to another embodiment of the present invention;

图3示出了根据本发明一个实施例的一种安卓应用的加固保护服务器的示意图;Fig. 3 shows a schematic diagram of a reinforcement protection server for an Android application according to an embodiment of the present invention;

图4示出了根据本发明另一个实施例的一种安卓应用的加固保护服务器的示意图;Fig. 4 shows a schematic diagram of a reinforcement protection server for an Android application according to another embodiment of the present invention;

图5示出了根据本发明又一个实施例的一种安卓应用的加固保护服务器的示意图;Fig. 5 shows a schematic diagram of a reinforcement protection server for an Android application according to yet another embodiment of the present invention;

图6示出了根据本发明再一个实施例的一种安卓应用的加固保护服务器的示意图;Fig. 6 shows a schematic diagram of a reinforcement protection server for an Android application according to yet another embodiment of the present invention;

图7A示出了根据本发明一个实施例的安卓安装包的开发过程的流程图;Fig. 7A shows the flowchart of the development process of the Android installation package according to one embodiment of the present invention;

图7B示出了根据本发明一个实施例的安卓安装包的加固保护过程的流程图;FIG. 7B shows a flow chart of the reinforcement protection process of the Android installation package according to one embodiment of the present invention;

图7C示出了根据本发明一个实施例的安卓安装包的运行过程的流程图。Fig. 7C shows a flow chart of the running process of the Android installation package according to one embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

图1示出了根据本发明一个实施例的一种安卓应用的加固保护方法的流程图。如图1所示,该方法包括:Fig. 1 shows a flow chart of a method for strengthening and protecting an Android application according to an embodiment of the present invention. As shown in Figure 1, the method includes:

步骤S110,获取安卓应用的原始安卓安装包APK。Step S110, obtaining the original Android installation package APK of the Android application.

在安卓系统上,一个可以安装、运行的应用,需要打包成安卓安装包,即APK(Android application package file)文件格式,本步骤中的原始安卓安装包APK是由开发者开发生成的。On the Android system, an application that can be installed and run needs to be packaged into an Android installation package, namely the APK (Android application package file) file format. The original Android installation package APK in this step is developed and generated by the developer.

步骤S120,反编译原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充。Step S120, decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop.

本步骤中的nop填充是指:将nop指令填充到提取位置处。相当于在反编译后的原始APK中,先将受保护方法代码抠出,然后用nop指令进行填充。The nop filling in this step refers to: filling the nop instruction to the extraction position. It is equivalent to extracting the protected method code in the original APK after decompilation, and then filling it with nop instructions.

步骤S130,根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件。Step S130, encrypting the extracted protected method code according to the specified encryption and decryption strategy to generate a hardening configuration file.

本步骤中的加密处理可以是对称加或非对称加密。这里的加解密策略包括加密策略和相应的解密策略。The encryption processing in this step can be symmetric encryption or asymmetric encryption. The encryption and decryption strategy here includes an encryption strategy and a corresponding decryption strategy.

步骤S140,将指定加解密策略、加固配置文件和加固保护程序添加到反编译后的APK中,编译生成安卓应用的加固APK。Step S140, adding the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK, compiling and generating a hardened APK of the Android application.

本步骤中的加固保护程序用于动态地对加固配置文件进行加解密,加固保护程序在安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;受保护的方法代码被调用运行;当受保护的方法的调用结束后,根据加解密策略对解密获得的受保护的方法代码重新进行加密。The hardened protection program in this step is used to dynamically encrypt and decrypt the hardened configuration file. When the hardened APK of the Android application is installed and running, the hardened protection program performs the following operations: dynamically apply for space according to the call status of the protected method, When the protected method is called, the corresponding method in the hardened configuration file is decrypted according to the encryption and decryption strategy to obtain the protected method code; the protected method code is called to run; when the protected method is called, according to The encryption and decryption strategy re-encrypts the protected method code obtained through decryption.

图1所示的方法将受保护的方法代码进行加密后得到的加固配置文件、加解密策略以及加固保护程序导入到APK中,生成安卓应用的加固APK;由于加固保护程序动态地在受保护的方法被调用时对其进行解码,并且在受保护的方法调用结束后对其进行加密,实现了对受保护方法的动态加解密,使内存中任意时刻都不存在完整的dex映像,从而防止通过内存Dump的方式获取完整的dex文件,从而大大降低安卓应用被逆向分析,进而重打包再次分发的可能。The method shown in Figure 1 imports the reinforced configuration file obtained after the protected method code is encrypted, the encryption and decryption strategy, and the reinforced protection program into the APK to generate the reinforced APK of the Android application; When the method is called, it is decoded, and it is encrypted after the protected method is called, which realizes the dynamic encryption and decryption of the protected method, so that there is no complete dex image in the memory at any time, thus preventing the passing of The memory dump method is used to obtain the complete dex file, which greatly reduces the possibility of the Android application being reversely analyzed, and then repackaged and redistributed.

一般情况下,由于安卓安装包APK的开发者以及为APK提供保护服务的保护者是不同方,因此开发者在开发原始APK的过程中,可以通过注解来标识出开发者希望得到保护的方法,保护者进而根据注解来从原始APK的源代码中提取受保护的方法代码,此处的“注解”是指JAVA从J2SE5开始提供名为annotation(注解)的功能,用于将任何信息或元数据与程序元素(类、方法、成员变量等)进行关联,其本身不会对源代码或class等的执行产生任何影响。In general, since the developer of the Android installation package APK and the protector who provides protection services for the APK are different parties, the developer can use annotations to identify the method the developer wants to be protected during the process of developing the original APK. The protector then extracts the protected method code from the source code of the original APK according to the annotation. The "annotation" here means that JAVA provides a function called annotation (annotation) starting from J2SE5, which is used to put any information or metadata Associated with program elements (classes, methods, member variables, etc.), it will not have any impact on the execution of source code or class, etc.

在本发明的一个实施例中,图1所示的方法中,步骤S110获取到的原始APK中通过注解来标识受保护的方法代码;相对应地,步骤S120中的反编译原始APK,从中提取出受保护的方法代码可以是:反编译原始APK,根据其中的方法注解从中提取出受保护的方法代码。In one embodiment of the present invention, in the method shown in FIG. 1, the protected method code is identified through annotations in the original APK obtained in step S110; correspondingly, the decompiled original APK in step S120 extracts The protected method code can be obtained by: decompiling the original APK, and extracting the protected method code from it according to the method annotations therein.

图7A示出了根据本发明一个实施例的安卓安装包的开发过程的流程图,在本实施例中,对于开发者,安卓安装包的开发过程如图7A所示,步骤S710到步骤S750描述了以下过程:开始开发安卓安装包APK,判断一个方法是否为受保护的方法,是则对受保护的方法代码添加注解,否则不添加注解,生成原始安卓安装包APK。图7B示出了根据本发明一个实施例的安卓安装包的加固保护过程的流程图,对于为APK提供保护服务的保护者,安卓安装包的加固保护过程如7B所示,步骤S810到步骤S870描述了以下过程:获取到原始安卓安装包APK后,反编译该原始APK,选择指定的加解密策略,然后根据开发者提供的注解来对受保护的方法代码进行加密,生成加固配置文件,将加固配置文件、加解密策略以及加固保护程序导入APK中,生成加固APK。图7B的步骤S880对加固APK进一步进行签名,关于该步骤S880将会在下文中详细阐述。Figure 7A shows a flow chart of the development process of the Android installation package according to one embodiment of the present invention. In this embodiment, for developers, the development process of the Android installation package is as shown in Figure 7A, step S710 to step S750 description The following process is carried out: start developing the Android installation package APK, judge whether a method is a protected method, and add annotations to the protected method code if it is, otherwise do not add annotations, and generate the original Android installation package APK. FIG. 7B shows a flow chart of the reinforcement protection process of the Android installation package according to one embodiment of the present invention. For the protector who provides protection services for the APK, the reinforcement protection process of the Android installation package is shown in 7B, step S810 to step S870 The following process is described: after obtaining the original Android installation package APK, decompile the original APK, select the specified encryption and decryption strategy, and then encrypt the protected method code according to the annotation provided by the developer, generate a hardened configuration file, and The hardened configuration file, encryption and decryption policy, and hardened protection program are imported into the APK to generate a hardened APK. Step S880 in FIG. 7B further signs the hardened APK, and this step S880 will be described in detail below.

例如,开发者在开发一款即时通讯应用时,希望对其传输图片功能进行保护,因此,开发者在开发过程中对传输图片功能的方法代码添加对应的注解,标识该方法为受保护的方法,将受保护的方法、未受保护的方法和相关配置信息等文件打包生成原始APK。保护者在加固保护的过程中获取原始APK,并反编译APK后,根据上述注解把传输图片功能的方法代码提取出来,选择指定加解密策略进行加密处理,生成上文中所述的加固配置文件;再将加固配置文件、加解密策略以及加固保护程序放入反编译后的APK中,编译得到该即时通讯应用的加固APK。For example, when a developer is developing an instant messaging application, he wants to protect the image transmission function. Therefore, the developer adds corresponding annotations to the method code of the image transmission function during the development process, marking the method as a protected method. , to package protected methods, unprotected methods, and related configuration information to generate the original APK. The protector obtains the original APK in the process of hardening and protection, and after decompiling the APK, extracts the method code of the image transmission function according to the above annotation, selects the specified encryption and decryption strategy for encryption processing, and generates the hardening configuration file described above; Then put the hardened configuration file, encryption and decryption strategy, and hardened protection program into the decompiled APK, and compile the hardened APK of the instant messaging application.

在本发明的一个实施例中,图1所示的加固保护过程中进行加解密处理用到的指定加解密策略,可以包括如下中的一种或多种:反调试策略;反Dump策略;反重打包策略;字符串加解密策略。其中,反调试策略可以防止动态调试;反Dump策略可以防止动态Dump完整dex;反重打包可以防止APK被二次打包;字符串加解密策略可以实现对dex中字符串的加密,防止被静态分析直接看到明文程序。In one embodiment of the present invention, the designated encryption and decryption strategy used in the encryption and decryption process in the reinforcement protection process shown in Figure 1 may include one or more of the following: anti-debugging strategy; anti-dump strategy; anti-dump strategy; Repackaging strategy; string encryption and decryption strategy. Among them, the anti-debugging strategy can prevent dynamic debugging; the anti-dump strategy can prevent dynamic dump from complete dex; anti-repackaging can prevent APK from being repackaged; the string encryption and decryption strategy can realize the encryption of strings in dex to prevent static analysis See the plaintext program directly.

在本发明的一个实施例中,图1所示方法的步骤S140所述的将指定加解密策略、加固配置文件和加固保护程序添加到反编译后的APK中包括:将指定加解密策略、加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。In one embodiment of the present invention, the step S140 of the method shown in FIG. 1 adds the specified encryption and decryption strategy, hardening configuration file and hardening protection program to the decompiled APK, including: adding the specified encryption and decryption strategy, hardening The configuration file and hardening protection program are written into the SO file under the lib directory of the decompiled APK.

反编译后的APK的内部文件结构如表1所示:The internal file structure of the decompiled APK is shown in Table 1:

表1Table 1

文件名file name 说明illustrate META-INF\META-INF\ 证书文件certificate file res\res\ 资源文件resource assets\assets\ 额外资源文件Additional resource files resources.arscresources.arsc 二进制资源文件binary resource file classes.dexclasses.dex .源码资源文件.Source resource file AndroidManifest.xmlAndroidManifest.xml 全局配置文件global configuration file lib\lib\ 附加组件add-ons

其中,META-INF目录下一般有MANIFEST.MF和以.RSA、.SF结尾的文件,记录了其它目录文件的证书签名,安卓系统在安装APK时会逐个检查APK内部各文件是否与本目录记录的证书签名一致,如果不一致,则认为文件已被篡改,拒绝该APK的安装和运行。Among them, there are generally MANIFEST.MF and files ending with .RSA and .SF in the META-INF directory, which record the certificate signatures of other directory files. When the Android system installs the APK, it will check whether each file in the APK is consistent with the records in this directory. The signatures of the certificates are consistent. If they are inconsistent, the file is considered to have been tampered with, and the installation and operation of the APK is refused.

res目录存放的是图片资源和界面布局等文件。The res directory stores files such as image resources and interface layouts.

assets目录下存放的是额外资源和配置文件,如TXT或HTML说明文档、字体文件和图片资源等。The assets directory stores additional resources and configuration files, such as TXT or HTML documentation, font files, and image resources.

resources.arsc文件是经过编译后的二进制资源文件。The resources.arsc file is a compiled binary resource file.

class.dex文件是Java源码编译后生成的Java字节码文件,.dex是DalvikExecutable(Dalvik虚拟机可执行文件)的缩写。The class.dex file is a Java bytecode file generated after Java source code compilation, and .dex is the abbreviation of DalvikExecutable (Dalvik virtual machine executable file).

AndroidManifest.xml文件是安卓安装包的全局描述文件,该文件记录了应用的包名、版本号、权限、引用的库文件、模块入口、类等信息。The AndroidManifest.xml file is the global description file of the Android installation package, which records information such as the package name, version number, permissions, referenced library files, module entries, and classes of the application.

lib目录是JNI(Java Native Interface)库文件,一般在armeabi子文件夹中存放一些SO文件。SO文件是linux下的库文件,是ELF格式的动态链接库文件,该类文件在程序运行需要的时候才动态加载到程序中,后缀为.so。本实施例中,即是将指定加解密策略、加固配置文件和加固保护程序写入APK的该lib目录下的SO文件中。当运行加固APK调用受保护的方法时,以SO文件的形式进行动态加载。The lib directory is a JNI (Java Native Interface) library file, and generally stores some SO files in the armeabi subfolder. The SO file is a library file under linux, and it is a dynamic link library file in ELF format. This type of file is dynamically loaded into the program when the program needs to run, and the suffix is .so. In this embodiment, the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program are written into the SO file under the lib directory of the APK. When running the hardened APK to call a protected method, it is dynamically loaded in the form of an SO file.

在本发明的一个实施例中,图1所示的方法中的受保护的方法代码为安卓应用的原始APK中的dex文件中的核心内容。In one embodiment of the present invention, the protected method code in the method shown in FIG. 1 is the core content in the dex file in the original APK of the Android application.

图2示出了根据本发明另一个实施例的一种安卓应用的加固保护方法的流程图。如图2所示,该方法包括:Fig. 2 shows a flowchart of a method for strengthening and protecting an Android application according to another embodiment of the present invention. As shown in Figure 2, the method includes:

步骤S210,接收用户通过加固保护客户端上传的安卓应用的原始APK。本步骤中,接收到用户(即开发者)上传的原始APK,该原始APK的开发过程如图7A所示,在此不再赘述。Step S210, receiving the original APK of the Android application uploaded by the user through the reinforcement protection client. In this step, the original APK uploaded by the user (that is, the developer) is received, and the development process of the original APK is shown in FIG. 7A , which will not be repeated here.

步骤S220,反编译原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充。Step S220, decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop.

步骤S230,根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件。Step S230, encrypting the extracted protected method code according to the specified encryption and decryption strategy to generate a hardening configuration file.

步骤S240,将指定加解密策略、加固配置文件和加固保护程序添加到反编译后的APK中,编译生成安卓应用的加固APK。Step S240, adding the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK, compiling and generating the hardened APK of the Android application.

上述步骤S220、步骤S230、步骤S240和图1所示方法的步骤S120、步骤S130、步骤S140对应相同,描述了对原始APK进行加固保护的过程,图7B也从保护者的角度对该过程进行了展示,在此不再赘述。The steps S220, S230, and S240 described above are the same as the steps S120, S130, and S140 of the method shown in Figure 1, and describe the process of hardening and protecting the original APK. Figure 7B also illustrates this process from the perspective of the protector. For demonstration purposes, no further details are given here.

步骤S250,提供下载加固APK的接口,使得用户能够利用加固保护客户端通过接口下载加固APK。Step S250, providing an interface for downloading the hardened APK, so that the user can use the hardened protection client to download the hardened APK through the interface.

由上述可知,图2所示的方案为开发者提供了一个用于对安卓应用进行加固保护的平台,接收到开发者上传的未保护的原始APK,经加固保护处理后,给开发者提供下载加固APK的接口。It can be seen from the above that the solution shown in Figure 2 provides developers with a platform for hardening and protecting Android applications. After receiving the unprotected original APK uploaded by the developer, after hardening and protection processing, it provides the developer with a download Reinforce the interface of APK.

在本发明的一个实施例中,图1和图2所示方法中的指定加解密策略,可以通过用户(即开发者)提供的加解密相关信息来确定,即用户自主制定加解密策略和加解密密码。该方法进一步包括:接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并以此确定指定加解密策略。其中,用户提供的加解密信息也可以标注在受保护的方法的注解中。该方案为开发者提供了极大的便利,使得开发者在应用的开发阶段实现保护函数的方便可配置性。In one embodiment of the present invention, the specified encryption and decryption strategies in the methods shown in Fig. 1 and Fig. 2 can be determined through the encryption and decryption related information provided by the user (that is, the developer), that is, the user independently formulates the encryption and decryption strategy and encryption Decrypt the password. The method further includes: receiving an encryption and decryption strategy selection instruction, an encryption password and a decryption password uploaded by the user through the reinforcement protection client, and determining the designated encryption and decryption strategy accordingly. Wherein, the encryption and decryption information provided by the user can also be marked in the annotation of the protected method. This solution provides great convenience for the developer, enabling the developer to realize the convenient configurability of the protection function in the development stage of the application.

每个发布的APK都有一个唯一ID来标识应用的合法性,这个ID就是APK的签名,使用相同签名的APK可以实现覆盖安装,因此,为了防止黑客对APK的非法篡改和盗用,要对加固APK进行签名,如图7B所示的步骤S880的对加固APK进行签名的过程。在本发明的一个实施例中,图2所示的方法进一步包括:接收用户通过加固保护客户端上传的身份标识,并利用该身份标识对所述加固APK进行签名。Each released APK has a unique ID to identify the legitimacy of the application. This ID is the signature of the APK. The APK with the same signature can be overwritten and installed. Therefore, in order to prevent hackers from illegally tampering and misappropriating the APK, it is necessary to strengthen the The APK is signed, the process of signing the reinforced APK in step S880 as shown in FIG. 7B . In an embodiment of the present invention, the method shown in FIG. 2 further includes: receiving the identity uploaded by the user through the hardening protection client, and using the identity to sign the reinforced APK.

为了保证APK加固的有效性,避免由于失误而造成的APK不可安装、APK加密失败等现象,可以在给用户提供下载加固APK之前,进一步对其进行测试。在本发明的一个实施例中,图2所示的方法进一步包括:对加固APK进行自动安装测试。In order to ensure the effectiveness of APK hardening and avoid the phenomenon that APK cannot be installed or APK encryption fails due to mistakes, it is possible to further test it before providing users with downloaded hardened APK. In an embodiment of the present invention, the method shown in FIG. 2 further includes: performing an automatic installation test on the reinforced APK.

图3示出了根据本发明一个实施例的一种安卓应用的加固保护服务器的示意图。如图3所示,该安卓应用的加固保护服务器300包括:Fig. 3 shows a schematic diagram of a hardening protection server for an Android application according to an embodiment of the present invention. As shown in Figure 3, the reinforced protection server 300 of this Android application includes:

获取单元310,适于获取安卓应用的原始安卓安装包APK。The obtaining unit 310 is adapted to obtain the original Android installation package APK of the Android application.

在安卓系统上,一个可以安装、运行的应用,需要打包成安卓安装包,即APK(Android application package file)文件格式,本单元获取的原始安卓安装包APK是由开发者开发生成的。On the Android system, an application that can be installed and run needs to be packaged into an Android installation package, that is, the APK (Android application package file) file format. The original Android installation package APK obtained by this unit is developed and generated by the developer.

反编译提取单元320,适于反编译原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充。The decompiling and extracting unit 320 is adapted to decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop.

此处的nop填充是指:将nop指令填充到提取位置处,使填充后的代码与源代码对齐。The nop filling here refers to: filling the nop instruction to the extraction position, so that the filled code is aligned with the source code.

加密单元330,适于根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件。The encryption unit 330 is adapted to perform encryption processing on the extracted protected method code according to a specified encryption and decryption strategy to generate a hardening configuration file.

添加编译单元340,适于将指定加解密策略、加固配置文件和加固保护程序添加到反编译后的APK中,编译生成安卓应用的加固APK。The adding compiling unit 340 is adapted to add the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK, and compile and generate the hardened APK of the Android application.

其中,加固保护程序在安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据加解密策略对解密获得的受保护的方法代码重新进行加密。Among them, the hardening protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the call situation of the protected method, and when the protected method is called, the hardened configuration file is encrypted according to the encryption and decryption strategy. The corresponding method in decryption to obtain the protected method code; when the call of the protected method is completed, the protected method code obtained by decryption is re-encrypted according to the encryption and decryption strategy.

可见,图3所示的加固保护服务器300将加解密策略、加固保护程序以及受保护的方法代码进行加密后得到的加固配置文件导入到APK中,生成安卓应用的加固APK;由于加固保护程序动态地在受保护的方法被调用时对其进行解码,并在受保护的方法调用结束后对其进行加密,使内存中任意时刻都不存在完整的dex映像,从而防止通过内存Dump的方式获取完整的dex文件,从而大大降低安卓应用被逆向分析,进而重打包再次分发的可能。It can be seen that the reinforcement protection server 300 shown in FIG. 3 imports the reinforcement configuration file obtained after encrypting the encryption and decryption strategy, the reinforcement protection program and the protected method code into the APK to generate the reinforcement APK of the Android application; Decode the protected method when it is called, and encrypt it after the protected method is called, so that there is no complete dex image in the memory at any time, thus preventing the complete dex image from being obtained through memory dump. dex file, which greatly reduces the possibility of the Android application being reversely analyzed, and then repackaged and redistributed.

依据上文所述的开发者通过注解使得保护者根据该注解提取出开发者希望受保护的方法代码,并对其进行加固保护的例子,在本发明的一个实施例中,图3所示服务器的获取单元310获取到的原始APK中通过注解来标识了受保护的方法代码;反编译提取单元320,适于反编译原始APK,根据其中的方法注解从中提取出受保护的方法代码。According to the above-mentioned example where the developer uses the annotation to make the protector extract the method code that the developer wants to be protected according to the annotation, and strengthen and protect it, in one embodiment of the present invention, the server shown in Figure 3 The protected method codes are identified by annotations in the original APK obtained by the acquisition unit 310; the decompilation extraction unit 320 is adapted to decompile the original APK, and extract the protected method codes therefrom according to the method annotations therein.

在本发明的一个实施例中,图3所示服务器的加密单元330,适于根据以下一种或多种策略对提取出的受保护的方法代码进行加密处理:反调试策略;反Dump策略;反重打包策略;字符串加解密策略。其中,反调试策略可以防止动态调试;反Dump策略可以防止动态Dump完整dex;反重打包可以防止APK被二次打包;字符串加解密策略可以实现对dex中字符串的加密,防止被静态分析直接看到明文程序。In one embodiment of the present invention, the encryption unit 330 of the server shown in FIG. 3 is adapted to encrypt the extracted protected method code according to one or more of the following strategies: anti-debugging strategy; anti-dump strategy; Anti-repackaging strategy; string encryption and decryption strategy. Among them, the anti-debugging strategy can prevent dynamic debugging; the anti-dump strategy can prevent dynamic dump from complete dex; anti-repackaging can prevent APK from being repackaged; the string encryption and decryption strategy can realize the encryption of strings in dex to prevent static analysis See the plaintext program directly.

在本发明的一个实施例中,图3所示服务器的添加编译单元340,适于将指定加解密策略、加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。本实施例中,即是将指定加解密策略、加固配置文件和加固保护程序写入表1所示的APK的lib目录下的SO文件中。In one embodiment of the present invention, the add compilation unit 340 of the server shown in Figure 3 is adapted to write the specified encryption and decryption strategy, reinforcement configuration file and reinforcement protection program into the SO file under the lib directory of the decompiled APK . In this embodiment, the specified encryption and decryption policy, the hardening configuration file and the hardening protection program are written into the SO file under the lib directory of the APK shown in Table 1.

在本发明的一个实施例中,图3所示服务器的反编译提取单元320,适于反编译原始APK后提取其中的dex文件中的核心内容。In one embodiment of the present invention, the decompiling and extracting unit 320 of the server shown in FIG. 3 is adapted to decompile the original APK and then extract the core content in the dex file therein.

图4示出了根据本发明另一个实施例的一种安卓应用的加固保护服务器的示意图。如图4所示,该安卓应用的加固保护服务器400包括:获取单元410、反编译提取单元420、加密单元430、添加编译单元440和下载单元450。Fig. 4 shows a schematic diagram of a hardening protection server for an Android application according to another embodiment of the present invention. As shown in FIG. 4 , the reinforcement protection server 400 for the Android application includes: an obtaining unit 410 , a decompiling and extracting unit 420 , an encryption unit 430 , an adding and compiling unit 440 and a downloading unit 450 .

其中,反编译提取单元420、加密单元430、添加编译单元440分别与图3所示服务器的反编译提取单元320、加密单元330、添加编译单元340对应相同,执行了对原始APK进行加固保护的过程,并且图7B也从保护者的角度对该过程进行了展示,在此不再赘述。Among them, the decompilation and extraction unit 420, the encryption unit 430, and the addition and compilation unit 440 are respectively the same as the decompilation and extraction unit 320, the encryption unit 330, and the addition and compilation unit 340 of the server shown in FIG. The process, and Figure 7B also shows the process from the perspective of the protector, so I won't repeat it here.

获取单元410,适于接收用户通过加固保护客户端上传的安卓应用的原始APK。The obtaining unit 410 is adapted to receive the original APK of the Android application uploaded by the user through the reinforcement protection client.

本单元适于接收用户(即开发者)上传的原始APK,该原始APK的开发过程如图7A所示,在此不再赘述。This unit is suitable for receiving the original APK uploaded by the user (that is, the developer). The development process of the original APK is shown in FIG. 7A , which will not be repeated here.

下载单元450,适于提供下载加固APK的接口,使得用户能够利用加固保护客户端通过该接口下载加固APK。The download unit 450 is adapted to provide an interface for downloading the hardened APK, so that the user can use the hardening protection client to download the hardened APK through this interface.

由上述可知,图4所示的服务器为开发者提供了一个用于对安卓应用进行加固保护的平台,获取单元410接收到开发者上传的未保护的原始APK,经反编译提取单元420、加密单元430和添加编译单元440的加固保护处理后,再由下载单元450给开发者提供下载加固APK的接口。As can be seen from the above, the server shown in Figure 4 provides a platform for developers to strengthen and protect Android applications. The acquisition unit 410 receives the unprotected original APK uploaded by the developer, and decompiles the extraction unit 420. After the hardening and protection processing by the unit 430 and the adding and compiling unit 440 , the download unit 450 provides the developer with an interface for downloading the hardened APK.

在本发明的一个实施例中,图3和图4所示服务器的加密单元中指定加解密策略,可以通过用户(即开发者)提供的加解密相关信息来确定,即用户自主制定加解密策略和加解密密码。图4所示服务器的获取单元410,进一步适于接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并发送给加密单元430;加密单元430,适于根据加解密策略选择指令、加密密码和解密密码,确定指定加解密策略。其中,用户提供的加解密信息也可以标注在受保护的方法的注解中,该方案为开发者提供了极大的便利,使得开发者在应用的开发阶段实现保护函数的方便可配置性。In one embodiment of the present invention, the encryption and decryption strategy specified in the encryption unit of the server shown in Fig. 3 and Fig. 4 can be determined through the encryption and decryption related information provided by the user (that is, the developer), that is, the user independently formulates the encryption and decryption strategy and encryption and decryption passwords. The acquisition unit 410 of the server shown in Figure 4 is further adapted to receive the encryption and decryption policy selection instruction, encryption password and decryption password uploaded by the user through the reinforcement protection client, and send them to the encryption unit 430; the encryption unit 430 is adapted to encrypt and decrypt according to the The strategy selection command, encryption password and decryption password determine the specified encryption and decryption strategy. Among them, the encryption and decryption information provided by the user can also be marked in the annotation of the protected method. This solution provides great convenience for the developer, enabling the developer to realize the convenient configurability of the protection function during the development stage of the application.

图5示出了根据本发明又一个实施例的一种安卓应用的加固保护服务器的示意图。如图5所示,该安卓应用的加固保护服务器500包括:获取单元510、反编译提取单元520、加密单元530、添加编译单元540、下载单元550和签名单元560。Fig. 5 shows a schematic diagram of a hardening protection server for an Android application according to yet another embodiment of the present invention. As shown in FIG. 5 , the reinforcement protection server 500 for the Android application includes: an acquisition unit 510 , a decompilation extraction unit 520 , an encryption unit 530 , an addition and compilation unit 540 , a download unit 550 and a signature unit 560 .

在本实施例中,加固保护服务器500为了防止黑客对APK的非法篡改和盗用,要对加固APK进行签名,因此,与图3、4所示的服务器相比,本服务器增添了签名单元560。其中,获取单元510、反编译提取单元520、加密单元530、添加编译单元540、下载单元550分别与图4所示服务器的获取单元410、反编译提取单元420、加密单元430、添加编译单元440、下载单元450对应相同,在此不再赘述。In this embodiment, the reinforcement protection server 500 needs to sign the reinforcement APK in order to prevent illegal tampering and misappropriation of the APK by hackers. Therefore, compared with the servers shown in FIGS. 3 and 4 , this server adds a signature unit 560 . Wherein, obtaining unit 510, decompiling and extracting unit 520, encrypting unit 530, adding and compiling unit 540, and downloading unit 550 are respectively connected with obtaining unit 410, decompiling and extracting unit 420, encrypting unit 430, and adding and compiling unit 440 of the server shown in FIG. , and the downloading unit 450 are correspondingly the same, and will not be repeated here.

获取单元510,进一步适于接收用户通过加固保护客户端上传的身份标识。The obtaining unit 510 is further adapted to receive the identity uploaded by the user through the reinforcement protection client.

签名单元560,适于利用所述身份标识对加固APK进行签名。The signing unit 560 is adapted to use the identity to sign the reinforced APK.

图6示出了根据本发明再一个实施例的一种安卓应用的加固保护服务器的示意图。如图6所示,该安卓应用的加固保护服务器600包括:获取单元610、反编译提取单元620、加密单元630、添加编译单元640、下载单元650、签名单元660和测试单元670。Fig. 6 shows a schematic diagram of a hardening protection server for an Android application according to yet another embodiment of the present invention. As shown in FIG. 6 , the reinforcement protection server 600 of the Android application includes: an acquisition unit 610 , a decompilation extraction unit 620 , an encryption unit 630 , an addition compilation unit 640 , a download unit 650 , a signature unit 660 and a test unit 670 .

在本实施例中,加固保护服务器600为了保证APK加固的有效性,避免由于失误而造成的APK不可安装、APK加密失败等现象,可以在给用户提供下载加固APK之前,进一步对其进行测试,因此,与上文所述的服务器相比,本服务器增添了测试单元670。其中,获取单元610、反编译提取单元620、加密单元630、添加编译单元640、下载单元650、签名单元660分别与图5所示服务器的获取单元510、反编译提取单元520、加密单元530、添加编译单元540、下载单元550、签名单元560对应相同,在此不再赘述。In this embodiment, in order to ensure the effectiveness of APK reinforcement and avoid the phenomenon that APK cannot be installed and APK encryption fails due to mistakes, the reinforcement protection server 600 can further test it before providing users with downloaded reinforcement APK. Therefore, compared with the server described above, this server adds a testing unit 670 . Among them, the acquisition unit 610, the decompilation extraction unit 620, the encryption unit 630, the addition and compilation unit 640, the download unit 650, and the signature unit 660 are respectively connected with the acquisition unit 510, decompilation extraction unit 520, encryption unit 530, The compiling unit 540, the downloading unit 550, and the signing unit 560 are correspondingly the same, and will not be repeated here.

测试单元670,适于对加固APK进行自动安装测试。The testing unit 670 is suitable for performing an automatic installation test on the reinforced APK.

基于上述各实施例,开发者将加固保护完成的加固APK发布到安卓应用市场后,用户将下载并运行该加固APK。图7C示出了根据本发明一个实施例的安卓安装包的运行过程的流程图,从用户的角度来看,安卓安装包APK的运行过程如图7C所示,步骤S902到步骤S920描述了以下过程:运行该APK,首先通过读取密钥获得运行权限,接着读取APK的配置文件,然后调用APK中的方法,判断当前调用的方法是否为受保护的方法,如果当前调用的方法是受保护的方法,则对该受保护的方法代码进行动态解密,调用解密后的受保护的方法,调用结束后,重新对该受保护的方法代码进行动态解密,继续运行该APK;如果当前调用的方法不是受保护的方法,则直接正常调动,调用结束后继续运行该APK;以此机制运行APK,直至完成整个APK的运行过程。Based on the above-mentioned embodiments, after the developer releases the hardened APK that has been hardened and protected to the Android application market, the user will download and run the hardened APK. Figure 7C shows a flow chart of the running process of the Android installation package according to one embodiment of the present invention. From the user's point of view, the running process of the Android installation package APK is as shown in Figure 7C, and steps S902 to S920 describe the following Process: To run the APK, first obtain the running permission by reading the key, then read the APK configuration file, and then call the method in the APK to determine whether the currently called method is a protected method, if the currently called method is protected protected method, dynamically decrypt the protected method code, call the decrypted protected method, and then dynamically decrypt the protected method code again after the call, and continue to run the APK; if the currently called If the method is not a protected method, it will be directly called normally, and the APK will continue to run after the call is completed; run the APK with this mechanism until the entire APK running process is completed.

本发明的一个实施例中还公开了一种安卓应用的加固保护系统,其包括加固保护客户端和如上述任一实施例中所述的加固保护服务器。An embodiment of the present invention also discloses a reinforcement protection system for Android applications, which includes a reinforcement protection client and a reinforcement protection server as described in any of the above embodiments.

综上所述,本发明提供了一种安卓应用的加固保护方案,将加解密策略、加固保护程序以及受保护的方法代码进行加密后得到的加固配置文件添加到反编译后的APK中,生成安卓应用的加固APK,由于加固保护程序动态地在受保护方法被调用时对其进行解码,而在受保护方法调用结束后对其进行加密,实现了对受保护方法的动态加解密,使内存中任意时刻都不存在完整的dex映像,从而防止通过内存Dump的方式获取完整的dex文件,从而大大降低安卓应用被逆向分析,进而重打包再次分发的可能。To sum up, the present invention provides a reinforcement protection scheme for Android applications. The reinforcement configuration file obtained after encrypting the encryption and decryption strategy, the reinforcement protection program and the protected method code is added to the decompiled APK to generate For the hardened APK of Android applications, because the hardened protection program dynamically decodes the protected method when it is called, and encrypts it after the protected method is called, the dynamic encryption and decryption of the protected method is realized, making the memory There is no complete dex image at any time, so as to prevent the complete dex file from being obtained by means of memory dump, thereby greatly reducing the possibility of reverse analysis of Android applications, and then repackaging and redistribution.

需要说明的是:It should be noted:

在此提供的算法和显示不与任何特定计算机、虚拟装置或者其它设备固有相关。各种通用装置也可以与基于在此的示教一起使用。根据上面的描述,构造这类装置所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual appliance, or other device. Various general purpose devices can also be used with the teachings based on this. The structure required to construct such an apparatus will be apparent from the foregoing description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的一种安卓应用的加固保护服务器和系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all of some or all of the parts in the hardened protection server and system for an Android application according to an embodiment of the present invention. Or full functionality. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本发明公开了一种A1、一种安卓应用的加固保护方法,其中,该方法包括:The invention discloses A1, a reinforcement protection method for an Android application, wherein the method includes:

获取安卓应用的原始安卓安装包APK;Obtain the original Android installation package APK of the Android application;

反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop;

根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;Encrypt the extracted protected method code according to the specified encryption and decryption strategy to generate a hardened configuration file;

将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding the specified encryption and decryption strategy, the hardened configuration file and the hardened protection program to the decompiled APK, compiling and generating the hardened APK of the Android application;

其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy.

A2、如A1所述的方法,其中,A2. The method as described in A1, wherein,

所述原始APK中通过注解来标识受保护的方法代码;The protected method code is identified by annotation in the original APK;

所述反编译所述原始APK,从中提取出受保护的方法代码包括:反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling the original APK, and extracting the protected method code therefrom includes: decompiling the original APK, and extracting the protected method code therefrom according to the method annotation therein.

A3、如A1所述的方法,其中,所述指定加解密策略包括如下中的一种或多种:A3. The method as described in A1, wherein the specified encryption and decryption strategy includes one or more of the following:

反调试策略;Anti-debugging strategy;

反Dump策略;Anti-Dump strategy;

反重打包策略;Anti-repackaging strategy;

字符串加解密策略。String encryption and decryption strategy.

A4、如A1所述的方法,其中,将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中包括:A4. The method as described in A1, wherein adding the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK includes:

将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。Write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK.

A5、如A1所述的方法,其中,A5. The method as described in A1, wherein,

所述受保护的方法代码为所述安卓应用的原始APK中的dex文件中的核心内容。The protected method code is the core content in the dex file in the original APK of the Android application.

A6、如A1-A5中任一项所述的方法,其中,A6. The method of any one of A1-A5, wherein,

所述获取安卓应用的原始安卓安装包APK包括:接收用户通过加固保护客户端上传的安卓应用的原始APK;The obtaining of the original Android installation package APK of the Android application includes: receiving the original APK of the Android application uploaded by the user through the reinforcement protection client;

该方法进一步包括:提供下载加固APK的接口,使得用户能够利用所述加固保护客户端通过所述接口下载加固APK。The method further includes: providing an interface for downloading the hardened APK, so that the user can use the hardened protection client to download the hardened APK through the interface.

A7、如A6所述的方法,其中,该方法进一步包括:A7. The method as described in A6, wherein the method further comprises:

接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并以此确定所述指定加解密策略。The encryption and decryption strategy selection instruction, encryption password and decryption password uploaded by the user through the reinforcement protection client are received, and the specified encryption and decryption strategy is determined accordingly.

A8、如A 6所述的方法,其中,该方法进一步包括:A8, the method as described in A 6, wherein, the method further comprises:

接收用户通过加固保护客户端上传的身份标识,并利用该身份标识对所述加固APK进行签名。Receive the identity uploaded by the user through hardening and protecting the client, and use the identity to sign the reinforced APK.

A 9、如A 6所述的方法,其中,该方法进一步包括:A 9, the method as described in A 6, wherein, the method further comprises:

对加固APK进行自动安装测试。Perform automatic installation tests on hardened APKs.

本发明公开还一种B10、一种安卓应用的加固保护服务器,其中,该服务器包括:The present invention discloses another B10, a reinforcement protection server for Android applications, wherein the server includes:

获取单元,适于获取安卓应用的原始安卓安装包APK;An acquisition unit, adapted to acquire the original Android installation package APK of the Android application;

反编译提取单元,适于反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;The decompilation extraction unit is adapted to decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop;

加密单元,适于根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;An encryption unit is adapted to encrypt the extracted protected method code according to a specified encryption and decryption strategy to generate a hardened configuration file;

添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding a compilation unit, suitable for adding the specified encryption and decryption strategy, the reinforcement configuration file and the reinforcement protection program to the decompiled APK, compiling and generating the reinforcement APK of the Android application;

其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy.

B11、如B10所述的服务器,其中,B11. The server as described in B10, wherein,

所述获取单元获取的所述原始APK中通过注解来标识受保护的方法代码;The protected method code is identified by annotation in the original APK obtained by the obtaining unit;

所述反编译提取单元,适于反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling and extracting unit is adapted to decompile the original APK, and extract protected method codes therefrom according to method annotations therein.

B12、如B10所述的方法,其中,B12, the method as described in B10, wherein,

所述加密单元适于根据以下一种或多种策略对提取出的受护保的方法代码进行加密处理:The encryption unit is adapted to encrypt the extracted protected method code according to one or more of the following strategies:

反调试策略;Anti-debugging strategy;

反Dump策略;Anti-Dump strategy;

反重打包策略;Anti-repackaging strategy;

字符串加解密策略。String encryption and decryption strategy.

B13、如B10所述的服务器,其中,B13. The server as described in B10, wherein,

所述添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。The adding and compiling unit is adapted to write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK.

B14、如B10所述的服务器,其中,B14. The server as described in B10, wherein,

所述反编译提取单元,适于反编译所述原始APK后提取其中的dex文件中的核心内容。The decompiling and extracting unit is suitable for decompiling the original APK and extracting the core content in the dex file therein.

B15、如B10-B14中任一项所述的服务器,其中,B15. The server according to any one of B10-B14, wherein,

所述获取单元,适于接收用户通过加固保护客户端上传的安卓应用的原始APK。The acquisition unit is adapted to receive the original APK of the Android application uploaded by the user through the reinforcement protection client.

所述服务器进一步包括:下载单元,适于提供下载加固APK的接口,使得用户能够利用所述加固保护客户端通过该接口下载加固APK。The server further includes: a download unit adapted to provide an interface for downloading the hardened APK, so that the user can use the hardened protection client to download the hardened APK through the interface.

B16、如B15所述的服务器,其中,B16. The server as described in B15, wherein,

所述获取单元,进一步适于接收用户通过加固保护客户端上传的加解密策略选择指令、加密密码和解密密码,并发送给加密单元;The acquisition unit is further adapted to receive the encryption and decryption strategy selection instruction, encryption password and decryption password uploaded by the user through the reinforcement protection client, and send them to the encryption unit;

所述加密单元,适于根据所述加解密策略选择指令、加密密码和解密密码,确定所述指定加解密策略。The encryption unit is adapted to determine the designated encryption and decryption strategy according to the encryption and decryption strategy selection instruction, encryption password and decryption password.

B17、如B15所述的服务器,其中,B17. The server as described in B15, wherein,

所述获取单元,进一步适于接收用户通过加固保护客户端上传的身份标识;The acquisition unit is further adapted to receive the identity uploaded by the user through the reinforcement protection client;

所述服务器进一步包括:签名单元,适于利用所述身份标识对所述加固APK进行签名。The server further includes: a signing unit adapted to use the identity to sign the reinforced APK.

B18、如B15所述的服务器,其中,该服务器进一步包括:B18. The server as described in B15, wherein the server further includes:

测试单元,适于对加固APK进行自动安装测试。A test unit suitable for automatic installation testing of hardened APKs.

本发明还公开了C19、一种安卓应用的加固保护系统,包括:加固保护客户端和如权利要求B10-B18中任一项所述的加固保护服务器。The present invention also discloses C19, a reinforcement protection system for Android applications, comprising: a reinforcement protection client and a reinforcement protection server according to any one of claims B10-B18.

Claims (10)

1.一种安卓应用的加固保护方法,其中,该方法包括:1. A reinforcement protection method for an Android application, wherein the method comprises: 获取安卓应用的原始安卓安装包APK;Obtain the original Android installation package APK of the Android application; 反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop; 根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;Encrypt the extracted protected method code according to the specified encryption and decryption strategy to generate a hardened configuration file; 将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding the specified encryption and decryption strategy, the hardened configuration file and the hardened protection program to the decompiled APK, compiling and generating the hardened APK of the Android application; 其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy. 2.如权利要求1所述的方法,其中,2. The method of claim 1, wherein, 所述原始APK中通过注解来标识受保护的方法代码;The protected method code is identified by annotation in the original APK; 所述反编译所述原始APK,从中提取出受保护的方法代码包括:反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling the original APK, and extracting the protected method code therefrom includes: decompiling the original APK, and extracting the protected method code therefrom according to the method annotation therein. 3.如权利要求1所述的方法,其中,所述指定加解密策略包括如下中的一种或多种:3. The method according to claim 1, wherein the specified encryption and decryption strategy includes one or more of the following: 反调试策略;Anti-debugging strategy; 反Dump策略;Anti-Dump strategy; 反重打包策略;Anti-repackaging strategy; 字符串加解密策略。String encryption and decryption strategy. 4.如权利要求1所述的方法,其中,将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中包括:4. The method according to claim 1, wherein adding the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program to the decompiled APK comprises: 将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。Write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK. 5.如权利要求1所述的方法,其中,5. The method of claim 1, wherein, 所述受保护的方法代码为所述安卓应用的原始APK中的dex文件中的核心内容。The protected method code is the core content in the dex file in the original APK of the Android application. 6.一种安卓应用的加固保护服务器,其中,该服务器包括:6. A reinforcement protection server for Android applications, wherein the server includes: 获取单元,适于获取安卓应用的原始安卓安装包APK;An acquisition unit, adapted to acquire the original Android installation package APK of the Android application; 反编译提取单元,适于反编译所述原始APK,从中提取出受保护的方法代码,并将提取位置用nop填充;The decompilation extraction unit is adapted to decompile the original APK, extract the protected method code therefrom, and fill the extraction position with nop; 加密单元,适于根据指定加解密策略对提取出的受保护的方法代码进行加密处理,生成加固配置文件;An encryption unit is adapted to encrypt the extracted protected method code according to a specified encryption and decryption strategy to generate a hardened configuration file; 添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序添加到反编译后的APK中,编译生成所述安卓应用的加固APK;Adding a compilation unit, suitable for adding the specified encryption and decryption strategy, the reinforcement configuration file and the reinforcement protection program to the decompiled APK, compiling and generating the reinforcement APK of the Android application; 其中,所述加固保护程序在所述安卓应用的加固APK被安装并运行时执行如下操作:根据受保护的方法的调用情况,动态申请空间,当受保护的方法被调用时,根据所述加解密策略对加固配置文件中的相应方法进行解密获得受保护的方法代码;当受保护的方法的调用结束后,根据所述加解密策略对解密获得的受保护的方法代码重新进行加密。Wherein, the hardened protection program performs the following operations when the hardened APK of the Android application is installed and running: dynamically apply for space according to the invocation of the protected method, and when the protected method is called, according to the added The decryption policy decrypts the corresponding method in the hardening configuration file to obtain the protected method code; when the call of the protected method ends, re-encrypts the decrypted protected method code according to the encryption and decryption strategy. 7.如权利要求6所述的服务器,其中,7. The server of claim 6, wherein: 所述获取单元获取的所述原始APK中通过注解来标识受保护的方法代码;The protected method code is identified by annotation in the original APK obtained by the obtaining unit; 所述反编译提取单元,适于反编译所述原始APK,根据其中的方法注解从中提取出受保护的方法代码。The decompiling and extracting unit is adapted to decompile the original APK, and extract protected method codes therefrom according to method annotations therein. 8.如权利要求6所述的方法,其中,8. The method of claim 6, wherein, 所述加密单元适于根据以下一种或多种策略对提取出的受护保的方法代码进行加密处理:The encryption unit is adapted to encrypt the extracted protected method code according to one or more of the following strategies: 反调试策略;Anti-debugging strategy; 反Dump策略;Anti-Dump strategy; 反重打包策略;Anti-repackaging strategy; 字符串加解密策略。String encryption and decryption strategy. 9.如权利要求6所述的服务器,其中,9. The server of claim 6, wherein: 所述添加编译单元,适于将所述指定加解密策略、所述加固配置文件和加固保护程序写入反编译后的APK的lib目录下的SO文件中。The adding and compiling unit is adapted to write the specified encryption and decryption strategy, the hardening configuration file and the hardening protection program into the SO file under the lib directory of the decompiled APK. 10.一种安卓应用的加固保护系统,包括:加固保护客户端和如权利要求6-9中任一项所述的加固保护服务器。10. A reinforcement protection system for Android applications, comprising: a reinforcement protection client and the reinforcement protection server according to any one of claims 6-9.
CN201410734372.7A 2014-12-04 2014-12-04 A reinforcement protection method, server and system for Android applications Active CN104462959B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410734372.7A CN104462959B (en) 2014-12-04 2014-12-04 A reinforcement protection method, server and system for Android applications

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410734372.7A CN104462959B (en) 2014-12-04 2014-12-04 A reinforcement protection method, server and system for Android applications

Publications (2)

Publication Number Publication Date
CN104462959A true CN104462959A (en) 2015-03-25
CN104462959B CN104462959B (en) 2017-09-01

Family

ID=52908984

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410734372.7A Active CN104462959B (en) 2014-12-04 2014-12-04 A reinforcement protection method, server and system for Android applications

Country Status (1)

Country Link
CN (1) CN104462959B (en)

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104899481A (en) * 2015-06-17 2015-09-09 上海斐讯数据通信技术有限公司 System and method for preventing decompilation of application programs
CN104951707A (en) * 2015-05-13 2015-09-30 上海交通大学 Sensitive resource access control policy system based on Android platform
CN104965712A (en) * 2015-07-17 2015-10-07 北京奇虎科技有限公司 Application reinforcing protection method and apparatus and mobile terminal
CN105046116A (en) * 2015-06-25 2015-11-11 上海斐讯数据通信技术有限公司 Method for protecting dex file from being decompiled in Android system
CN105512521A (en) * 2015-12-25 2016-04-20 北京奇虎科技有限公司 Reinforcement and protection method and system for software installation package
CN105631251A (en) * 2015-12-25 2016-06-01 北京奇虎科技有限公司 APK reinforcing protection method and system
CN105893793A (en) * 2016-04-05 2016-08-24 上海携程商务有限公司 Encrypting method and encrypting system for preventing reverse decrypting of app (application)
CN105930745A (en) * 2016-04-25 2016-09-07 北京珊瑚灵御科技有限公司 Android platform-based character string reinforcement method
CN105930744A (en) * 2016-04-22 2016-09-07 北京奇虎科技有限公司 File reinforcement method and apparatus
WO2016188134A1 (en) * 2015-05-22 2016-12-01 中兴通讯股份有限公司 Application reinforcing implementation method and apparatus
CN106295255A (en) * 2015-05-27 2017-01-04 腾讯科技(深圳)有限公司 The reinforcement means of application program and device
CN106528261A (en) * 2016-12-02 2017-03-22 武汉斗鱼网络科技有限公司 Application page initialization compiling and controlling device and method
CN106599629A (en) * 2016-12-16 2017-04-26 Tcl集团股份有限公司 Strengthening method and apparatus for Android application program
CN106650338A (en) * 2015-10-28 2017-05-10 中国电信股份有限公司 Method and system for preventing software from being anti-debugged
CN106709286A (en) * 2016-11-30 2017-05-24 江苏神州信源系统工程有限公司 Method for performing security reinforcement on apk resource package
CN106843853A (en) * 2016-12-28 2017-06-13 北京五八信息技术有限公司 The method and apparatus for protecting user profile
CN106845167A (en) * 2016-12-12 2017-06-13 北京奇虎科技有限公司 The reinforcement means and device of a kind of APK, and dynamic loading method and device
CN107038371A (en) * 2015-07-29 2017-08-11 腾讯科技(深圳)有限公司 A kind of processing method of executable file, device, device and system
CN107103214A (en) * 2017-04-06 2017-08-29 海信集团有限公司 A kind of application program anti-debug method and device applied to android system
CN107180170A (en) * 2017-05-09 2017-09-19 深圳海云安网络安全技术有限公司 A kind of Android APP are without shell reinforcement means
CN107220529A (en) * 2017-05-19 2017-09-29 湖南鼎源蓝剑信息科技有限公司 A kind of reinforcement means for Android platform SDK bags
CN107748838A (en) * 2017-10-13 2018-03-02 东软集团股份有限公司 The method, apparatus and storage medium and electronic equipment of installation kit generation
CN107784204A (en) * 2016-08-31 2018-03-09 百度在线网络技术(北京)有限公司 Using hulling method and device
CN107871066A (en) * 2016-09-28 2018-04-03 传化物流集团有限公司 Code compiling method and device based on Android system
CN109255235A (en) * 2018-09-17 2019-01-22 西安电子科技大学 Mobile application third party library partition method based on User space sandbox
CN109408073A (en) * 2018-09-21 2019-03-01 北京大学 A kind of Android non-intrusion type application weight packaging method
CN109598107A (en) * 2018-11-20 2019-04-09 江苏通付盾信息安全技术有限公司 A kind of code conversion method and device based on application installation package file
CN109597620A (en) * 2018-08-08 2019-04-09 北京字节跳动网络技术有限公司 A kind of data processing method, device, equipment and storage medium
CN109614772A (en) * 2018-11-20 2019-04-12 江苏通付盾信息安全技术有限公司 Code conversion method and device based on application installation package file
CN109614773A (en) * 2018-11-20 2019-04-12 江苏通付盾信息安全技术有限公司 Code self-modifying method, apparatus and electronic equipment
CN109858203A (en) * 2018-12-21 2019-06-07 厦门市美亚柏科信息股份有限公司 A kind of safety protecting method, device and the storage medium of Android platform application
CN109918917A (en) * 2019-03-19 2019-06-21 北京智游网安科技有限公司 Method, computer equipment and the storage medium for preventing H5 source code from leaking
CN109976769A (en) * 2019-03-05 2019-07-05 北京梆梆安全科技有限公司 Method, device and device for determining server identifier corresponding to application installation package
CN111143869A (en) * 2019-12-30 2020-05-12 Oppo广东移动通信有限公司 Application package processing method, device, electronic device and storage medium
CN111492345A (en) * 2018-10-15 2020-08-04 华为技术有限公司 Method for optimizing and running android application program and related device
CN111544893A (en) * 2020-04-30 2020-08-18 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow from being forged in game
CN111914225A (en) * 2020-07-15 2020-11-10 广东电网有限责任公司 Source code protection system and source code encryption method
CN112257033A (en) * 2020-10-14 2021-01-22 郑州阿帕斯数云信息科技有限公司 Application packaging method, device and equipment
CN113434884A (en) * 2021-06-30 2021-09-24 青岛海尔科技有限公司 Encryption method and decryption method for configuration file and related devices
CN113590098A (en) * 2021-07-30 2021-11-02 中电金信软件有限公司 Software development kit SDK generation method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103413076A (en) * 2013-08-27 2013-11-27 北京理工大学 Block protection method for Android application programs
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
US8892876B1 (en) * 2012-04-20 2014-11-18 Trend Micro Incorporated Secured application package files for mobile computing devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8892876B1 (en) * 2012-04-20 2014-11-18 Trend Micro Incorporated Secured application package files for mobile computing devices
CN103413076A (en) * 2013-08-27 2013-11-27 北京理工大学 Block protection method for Android application programs
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package

Cited By (56)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951707A (en) * 2015-05-13 2015-09-30 上海交通大学 Sensitive resource access control policy system based on Android platform
WO2016188134A1 (en) * 2015-05-22 2016-12-01 中兴通讯股份有限公司 Application reinforcing implementation method and apparatus
CN106295263A (en) * 2015-05-22 2017-01-04 中兴通讯股份有限公司 A kind of method and device realizing application reinforcing
CN106295255B (en) * 2015-05-27 2020-04-14 腾讯科技(深圳)有限公司 Application program reinforcing method and device
CN106295255A (en) * 2015-05-27 2017-01-04 腾讯科技(深圳)有限公司 The reinforcement means of application program and device
CN104899481A (en) * 2015-06-17 2015-09-09 上海斐讯数据通信技术有限公司 System and method for preventing decompilation of application programs
CN105046116B (en) * 2015-06-25 2018-07-31 上海斐讯数据通信技术有限公司 Protect dex files not by the method for decompiling in android system
CN105046116A (en) * 2015-06-25 2015-11-11 上海斐讯数据通信技术有限公司 Method for protecting dex file from being decompiled in Android system
WO2016206297A1 (en) * 2015-06-25 2016-12-29 上海斐讯数据通信技术有限公司 Method for protecting dex file from being decompiled in android system
CN104965712B (en) * 2015-07-17 2018-04-20 北京奇虎科技有限公司 Application program method for reinforcing and protecting, device and mobile terminal
CN104965712A (en) * 2015-07-17 2015-10-07 北京奇虎科技有限公司 Application reinforcing protection method and apparatus and mobile terminal
CN107038371A (en) * 2015-07-29 2017-08-11 腾讯科技(深圳)有限公司 A kind of processing method of executable file, device, device and system
CN107038371B (en) * 2015-07-29 2020-01-31 腾讯科技(深圳)有限公司 executable file processing method, device and system
CN106650338A (en) * 2015-10-28 2017-05-10 中国电信股份有限公司 Method and system for preventing software from being anti-debugged
CN105512521A (en) * 2015-12-25 2016-04-20 北京奇虎科技有限公司 Reinforcement and protection method and system for software installation package
CN105631251A (en) * 2015-12-25 2016-06-01 北京奇虎科技有限公司 APK reinforcing protection method and system
CN105631251B (en) * 2015-12-25 2018-07-24 北京奇虎科技有限公司 A kind of APK method for reinforcing and protecting and system
CN105893793A (en) * 2016-04-05 2016-08-24 上海携程商务有限公司 Encrypting method and encrypting system for preventing reverse decrypting of app (application)
CN105930744A (en) * 2016-04-22 2016-09-07 北京奇虎科技有限公司 File reinforcement method and apparatus
CN105930745A (en) * 2016-04-25 2016-09-07 北京珊瑚灵御科技有限公司 Android platform-based character string reinforcement method
CN107784204B (en) * 2016-08-31 2021-10-22 百度在线网络技术(北京)有限公司 Application shelling method and device
CN107784204A (en) * 2016-08-31 2018-03-09 百度在线网络技术(北京)有限公司 Using hulling method and device
CN107871066A (en) * 2016-09-28 2018-04-03 传化物流集团有限公司 Code compiling method and device based on Android system
CN107871066B (en) * 2016-09-28 2020-10-09 传化物流集团有限公司 Code compilation method and device based on Android system
CN106709286A (en) * 2016-11-30 2017-05-24 江苏神州信源系统工程有限公司 Method for performing security reinforcement on apk resource package
CN106528261A (en) * 2016-12-02 2017-03-22 武汉斗鱼网络科技有限公司 Application page initialization compiling and controlling device and method
CN106845167A (en) * 2016-12-12 2017-06-13 北京奇虎科技有限公司 The reinforcement means and device of a kind of APK, and dynamic loading method and device
CN106599629B (en) * 2016-12-16 2021-08-06 Tcl科技集团股份有限公司 Android application program reinforcing method and device
CN106599629A (en) * 2016-12-16 2017-04-26 Tcl集团股份有限公司 Strengthening method and apparatus for Android application program
CN106843853A (en) * 2016-12-28 2017-06-13 北京五八信息技术有限公司 The method and apparatus for protecting user profile
CN107103214A (en) * 2017-04-06 2017-08-29 海信集团有限公司 A kind of application program anti-debug method and device applied to android system
CN107103214B (en) * 2017-04-06 2019-12-10 海信集团有限公司 Application program anti-debugging method and device applied to Android system
CN107180170A (en) * 2017-05-09 2017-09-19 深圳海云安网络安全技术有限公司 A kind of Android APP are without shell reinforcement means
CN107220529A (en) * 2017-05-19 2017-09-29 湖南鼎源蓝剑信息科技有限公司 A kind of reinforcement means for Android platform SDK bags
CN107748838A (en) * 2017-10-13 2018-03-02 东软集团股份有限公司 The method, apparatus and storage medium and electronic equipment of installation kit generation
CN109597620B (en) * 2018-08-08 2022-04-01 北京字节跳动网络技术有限公司 Data processing method, device, equipment and storage medium
CN109597620A (en) * 2018-08-08 2019-04-09 北京字节跳动网络技术有限公司 A kind of data processing method, device, equipment and storage medium
CN109255235A (en) * 2018-09-17 2019-01-22 西安电子科技大学 Mobile application third party library partition method based on User space sandbox
CN109408073B (en) * 2018-09-21 2021-10-08 北京大学 A non-intrusive application repackaging method for Android
CN109408073A (en) * 2018-09-21 2019-03-01 北京大学 A kind of Android non-intrusion type application weight packaging method
CN111492345A (en) * 2018-10-15 2020-08-04 华为技术有限公司 Method for optimizing and running android application program and related device
CN109614773A (en) * 2018-11-20 2019-04-12 江苏通付盾信息安全技术有限公司 Code self-modifying method, apparatus and electronic equipment
CN109614772A (en) * 2018-11-20 2019-04-12 江苏通付盾信息安全技术有限公司 Code conversion method and device based on application installation package file
CN109598107A (en) * 2018-11-20 2019-04-09 江苏通付盾信息安全技术有限公司 A kind of code conversion method and device based on application installation package file
CN109858203A (en) * 2018-12-21 2019-06-07 厦门市美亚柏科信息股份有限公司 A kind of safety protecting method, device and the storage medium of Android platform application
CN109976769A (en) * 2019-03-05 2019-07-05 北京梆梆安全科技有限公司 Method, device and device for determining server identifier corresponding to application installation package
CN109976769B (en) * 2019-03-05 2022-02-11 北京梆梆安全科技有限公司 Method, device and device for determining server identifier corresponding to application installation package
CN109918917A (en) * 2019-03-19 2019-06-21 北京智游网安科技有限公司 Method, computer equipment and the storage medium for preventing H5 source code from leaking
CN111143869A (en) * 2019-12-30 2020-05-12 Oppo广东移动通信有限公司 Application package processing method, device, electronic device and storage medium
CN111544893A (en) * 2020-04-30 2020-08-18 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow from being forged in game
CN111544893B (en) * 2020-04-30 2023-09-01 福建天晴在线互动科技有限公司 Reinforcing method and system for preventing code flow forging based on game
CN111914225A (en) * 2020-07-15 2020-11-10 广东电网有限责任公司 Source code protection system and source code encryption method
CN111914225B (en) * 2020-07-15 2024-03-19 广东电网有限责任公司 Source code protection system and source code encryption method
CN112257033A (en) * 2020-10-14 2021-01-22 郑州阿帕斯数云信息科技有限公司 Application packaging method, device and equipment
CN113434884A (en) * 2021-06-30 2021-09-24 青岛海尔科技有限公司 Encryption method and decryption method for configuration file and related devices
CN113590098A (en) * 2021-07-30 2021-11-02 中电金信软件有限公司 Software development kit SDK generation method and device and electronic equipment

Also Published As

Publication number Publication date
CN104462959B (en) 2017-09-01

Similar Documents

Publication Publication Date Title
CN104462959B (en) A reinforcement protection method, server and system for Android applications
CN101908119B (en) Method and device for processing dynamic link library (DLL) file
US10740443B2 (en) System and method for code obfuscation of application
KR101471589B1 (en) Method for Providing Security for Common Intermediate Language Program
CN104239757B (en) Application program reversing-preventing method and device and operation method and terminal
CN102760219B (en) A kind of Android platform software protection system, method and apparatus
US8205096B2 (en) Software license embedded in shell code
US20180260199A1 (en) Method and apparatus for intermediate representation of applications
CN103460217B (en) For the protection of method and the device thereof of application program
CN104392181A (en) SO file protection method and device and android installation package reinforcement method and system
WO2016078130A1 (en) Dynamic loading method for preventing reverse of apk file
US20170116410A1 (en) Software protection
CN106295255B (en) Application program reinforcing method and device
WO2015192637A1 (en) Method and apparatus for reinforced protection of software installation package
CN105512521A (en) Reinforcement and protection method and system for software installation package
CN104484585A (en) Application program installation package processing method and device, and mobile apparatus
CN104463002A (en) APK reinforcing method and device and APK reinforcing client and server
CN107430650B (en) Securing computer programs against reverse engineering
CN105740703A (en) Application reinforcement method and apparatus
CN110502874B (en) Android App reinforcement method based on file self-modification
KR101863325B1 (en) Method and apparatus for preventing reverse engineering
CN112115430A (en) Apk reinforcement method, electronic equipment and storage medium
Lim et al. Structural analysis of packing schemes for extracting hidden codes in mobile malware
CN105760721B (en) A software reinforcement method and system
CN104021321B (en) The method for reinforcing and protecting of software installation kit and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220725

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.