CN104463002A - APK reinforcing method and device and APK reinforcing client and server - Google Patents
APK reinforcing method and device and APK reinforcing client and server Download PDFInfo
- Publication number
- CN104463002A CN104463002A CN201410815934.0A CN201410815934A CN104463002A CN 104463002 A CN104463002 A CN 104463002A CN 201410815934 A CN201410815934 A CN 201410815934A CN 104463002 A CN104463002 A CN 104463002A
- Authority
- CN
- China
- Prior art keywords
- code
- apk
- native
- java
- reinforcing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
- G06F9/4484—Executing subprograms
Abstract
The invention discloses an APK reinforcing method and device and an APK reinforcing client and server. The method includes the steps that Java codes corresponding to at least one method in an APK to be reinforced are obtained; the Java codes corresponding to at least one method are converted into corresponding Native C codes capable of being called in a reflection mode. According to the technical scheme, the Java codes in the APK are converted into the Native C codes capable of being called in the reflection mode, java method call is converted into equivalently grammatical Native C method call, when one method is called, the Native C codes are called instead of the original Java codes; compared with the Java codes, the reverse Native C codes are higher in cost, many protection modes of the Native C codes are provided, the possibility that disassembling analysis is conducted on the APK, and the APK is repackaged and distributed again is lowered greatly, and the security level of the APK is increased.
Description
Technical field
The present invention relates to information security field, be specifically related to a kind of method and apparatus and the APK reinforcing client and server of reinforcing APK.
Background technology
The fast development of Android system and the rapid growth of equipment, create a large amount of third party applications, compared with other operating systems, the increasing income property of Android system is that application developer provides more functional interface, these functional interfaces while improve the extensibility of system also for Malware is provided convenience, illegal copies, reverse-engineering, decompiling, debug, crack, safety that secondary packing, the means such as internal memory intercepting constantly threaten Android system, not only compromise user, cause serious infringement also to normal use developer.
The Scheme of Strengthening of existing Android software installation kit is mainly divided into three kinds: the first is that the Java code treating guard method carries out complete encryption; The Java code treating guard method when the second is and runs does bytecode distortion, and prevent direct-reduction from going out complete Java code, existing mode can not be well self-defined, and the program needs the function doing bytecode distortion; The third is by used in combination for first two scheme.But due to such scheme APK run sometime in there is the reflection of complete Java code in internal memory; the Java code of shielded method can be restored by complete by the mode of internal memory Dump; the safety problem causing existing scheme cannot solve Android installation kit all the time completely facing, people are also seeking more effective solution always.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of a kind of method and apparatus and APK reinforcing client and server reinforcing APK overcoming the problems referred to above or solve the problem at least in part.
According to one aspect of the present invention, provide a kind of method of reinforcing APK, the method comprises:
Obtain the Java code that at least one method treated in reinforcing APK is corresponding;
Java code corresponding at least one method described is converted respectively to the Native C code reflecting accordingly and call.
Alternatively, the described Java code obtaining at least one method treated in reinforcing APK corresponding comprises:
Wait that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
Alternatively, Java code corresponding at least one method described is converted to respectively reflect the Native C code called accordingly and comprise:
The Java code corresponding to method carries out semanteme and resolves, and reflects the Native C code called, then compile Native C code according to semantic analysis result structure.
Alternatively, the described Java code corresponding to method carries out semanteme and resolves, and reflects the Native C code called comprise according to semantic analysis result structure:
Java code compilation corresponding for the method is become smali code, smali code is decompiled into a kind of intermediate language, then convert described intermediate language to Native C code.
Alternatively, described intermediate language is a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
Alternatively, the method comprises further:
Native C code after conversion in described APK is encrypted.
Alternatively, the method comprises further:
Obtain and wait to reinforce the ELF file in APK, carry out decompiling;
According to encryption beginning label and encryption end mark, from the ELF file of described decompiling, extract one or more snippets code to be protected, and a Hook Function is arranged to each extracting position; Wherein the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively;
After being encrypted by one or more snippets code extracted, put into specified file;
Added to by described specified file in the APK of described decompiling, compiling generates reinforces APK;
Wherein, described reinforcing APK run process in, by arrange Hook Function learn need run protected one section of code time, from described specified file, decrypt this section of code; and when this section of code runs complete, again this section of code is encrypted.
Alternatively, described being encrypted by one or more snippets code extracted comprises:
VM carries out to the one end extracted or multistage code virtual; Or/and, sectional encryption is carried out to the one end extracted or multistage code; Or/and, Code obfuscation is carried out to the one end extracted or multistage code; Or/and, to the one end extracted or multistage code is counter debugs process.
Alternatively, described one or more snippets code extracted is encrypted after, put into specified file and comprise:
After being encrypted by one or more snippets code extracted, put into the afterbody of SO file.
Alternatively, said method is by the client executing being positioned at end side;
Or, obtain APK to be reinforced by the client being positioned at end side and upload onto the server, perform said method by server.
According to another aspect of the present invention, provide a kind of device reinforcing APK, this device comprises:
Acquiring unit, is suitable for obtaining the Java code that at least one method treated in reinforcing APK is corresponding;
Converting unit, is suitable for Java code corresponding at least one method described being converted respectively to the Native C code reflecting accordingly and call.
Alternatively, described acquiring unit, is suitable for waiting that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
Alternatively, described converting unit, is suitable for the Java code corresponding to method and carries out semanteme and resolve, reflect the Native C code called, then compile Native C code according to semantic analysis result structure.
Alternatively, described converting unit, is suitable for Java code compilation corresponding for the method to become smali code, smali code is decompiled into a kind of intermediate language, then converts described intermediate language to Native C code.
Alternatively, the described intermediate language that described converting unit adopts is a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
Alternatively, this device comprises further:
Ciphering unit, is suitable for the Native C code after to the conversion in described APK and is encrypted.
Alternatively, this device comprises further: add compilation unit;
Described acquiring unit, is further adapted for obtain and waits to reinforce the ELF file in APK, carry out decompiling; And be suitable for, according to encryption beginning label and encryption end mark, from the ELF file of described decompiling, extracting one or more snippets code to be protected, and arranging a Hook Function to each extracting position; Wherein the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively;
Described ciphering unit, is further adapted for after being encrypted by one or more snippets code extracted, puts into specified file;
Described interpolation compilation unit, is suitable for described specified file to add in the APK of described decompiling, and compiling generates reinforces APK;
Wherein, described reinforcing APK run process in, by arrange Hook Function learn need run protected one section of code time, from described specified file, decrypt this section of code; and when this section of code runs complete, again this section of code is encrypted.
Alternatively, described ciphering unit, is suitable for carrying out VM to the one end extracted or multistage code virtual; Or/and, be suitable for carrying out sectional encryption to the one end extracted or multistage code; Or/and, be suitable for carrying out Code obfuscation to the one end extracted or multistage code; Or/and, be suitable for the one end extracted or multistage code is counter debugs process.
Alternatively, described ciphering unit, after being suitable for one or more snippets code extracted to be encrypted, puts into the afterbody of SO file
According to another aspect of the present invention, provide a kind of APK and reinforce client, this client comprises the device of the reinforcing APK as above described in any one.
According to another aspect of the invention, provide a kind of APK and reinforce server, this server comprises the device of the reinforcing APK as above described in any one.
From the above, technical scheme provided by the invention is by converting the Native C code reflecting and call to by the Java code in APK, achieve the method call of the Native C method call of Java being converted into reciprocity grammer, when a method is called, the code realizing calling is Native C code instead of original Java code.Compared with Java code; put the process that there is not self reduction at any time; and the cost of reverse Native C code is very high; and the protected mode of Native C code is a lot; greatly reduce APK and be disassembled analysis; and then beat again the possibility that bag distributes again, improve the safe class of APK.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows a kind of according to an embodiment of the invention process flow diagram reinforcing the method for APK;
Fig. 2 shows a kind of in accordance with another embodiment of the present invention process flow diagram reinforcing the method for APK;
Fig. 3 shows a kind of according to an embodiment of the invention schematic diagram reinforcing the device of APK;
Fig. 4 shows a kind of in accordance with another embodiment of the present invention schematic diagram reinforcing the device of APK;
Fig. 5 shows a kind of schematic diagram reinforcing the device of APK according to another embodiment of the present invention
Fig. 6 shows the schematic diagram that a kind of according to an embodiment of the invention APK reinforces client;
Fig. 7 shows the schematic diagram that a kind of according to an embodiment of the invention APK reinforces server.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
Fig. 1 shows a kind of according to an embodiment of the invention process flow diagram reinforcing the method for APK.As shown in Figure 1, the method comprises:
Step S110, obtains the Java code that at least one method treated in reinforcing APK is corresponding.
Step S120, converts the Native C code reflecting accordingly and call respectively to by Java code corresponding at least one method.
Visible, method shown in Fig. 1 is by converting the Native C code reflecting and call to by the Java code in APK, achieve the method call of the Native C method call of Java being converted into reciprocity grammer, when a method is called, the code realizing calling is Native C code instead of original Java code.Compared with Java code; put the process that there is not self reduction at any time; and the cost of reverse Native C code is very high; and the protected mode of Native C code is a lot; greatly reduce APK and be disassembled analysis; and then beat again the possibility that bag distributes again, improve the safe class of APK.
In one embodiment of the invention, the Java code that the step S110 of method shown in Fig. 1 obtains at least one method treated in reinforcing APK corresponding comprises: treat reinforcing APK and carry out Java code corresponding to decompiling acquisition at least one method wherein.
In one embodiment of the invention, Java code corresponding at least one method converts to and reflects the Native C code called accordingly and comprise by the step S120 of method shown in Fig. 1 respectively: the Java code corresponding to method carries out semanteme and resolve, reflect according to semantic analysis result structure the NativeC code called, then Native C code is compiled.The equity of the method that this process implementation Java calls and the method that NativeC calls transforms, and ensures the validity being reinforced rear APK n-back test.
In a specific embodiment, the Java code corresponding to method carries out semanteme and resolves, reflecting according to semantic analysis result structure the Native C code called can be specifically: Java code compilation corresponding for the method is become smali code, smali code is decompiled into a kind of intermediate language, then converts described intermediate language to Native C code.Wherein, intermediate language can be a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
After the Java code that method is corresponding converts the Native C code reflecting accordingly and call to, in order to improve safe class further, in one embodiment of the invention, the method shown in Fig. 1 comprises further: be encrypted the Native C code after the conversion in APK.Compared to Java code, the cipher mode of Native C code is varied, further increases the difficulty of dis-assembling.
In some embodiments of the invention, said method is by the client executing being positioned at end side; Or, in other embodiments of the present invention, obtain APK to be reinforced by the client being positioned at end side and upload onto the server, perform said method by server.Like this, developer both can reinforce APK in client, also can reinforce APK at server end, had suitable dirigibility.
Fig. 2 shows a kind of in accordance with another embodiment of the present invention process flow diagram reinforcing the method for APK.As shown in Figure 2, the method comprises:
Step S210, obtains and waits to reinforce the ELF file in APK, carry out decompiling.
In this step, ELF file is the executable file format in android system, also comprises .so or .o class file.
Step S220, according to encryption beginning label and encryption end mark, extracts one or more snippets code to be protected, and arranges a Hook Function to each extracting position from the ELF file of decompiling.
In this step; the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively; this mark is used for any information or metadata to associate with program element, and itself can not perform source code and produce any impact.
Step S230, after being encrypted by one or more snippets code extracted, puts into specified file.
Step S240, adds in the APK of described decompiling by specified file, compiling generates reinforces APK.
The operational process of the reinforcing APK obtained through said process is as follows: in the process run; by arrange Hook Function learn need run protected one section of code time; this section of code is decrypted from specified file; and when this section of code runs complete, again this section of code is encrypted.Realize the dynamic encryption and decryption treating protecting code, make any time in internal memory there is not the reflection of complete source code, thus prevent APK by reverse reduction.
In one embodiment of the invention, one or more snippets code extracted is encrypted and comprises by the step S230 of method shown in Fig. 2: carry out VM to the one end extracted or multistage code virtual; Or/and, sectional encryption is carried out to the one end extracted or multistage code; Or/and, Code obfuscation is carried out to the one end extracted or multistage code; Or/and, to the one end extracted or multistage code is counter debugs process.Wherein, VM is virtual to be referred to presumptive instruction virtual, converts the instruction of third-party virtual machine to, APK by reverse time, the reverse result obtained is this virtualization instructions instead of presumptive instruction.
In one embodiment of the invention, the step S230 of method shown in Fig. 2, after being encrypted by one or more snippets code extracted, puts into the afterbody of SO file.
Method described in Fig. 2 makes APK developer that encryption beginning label and encryption end mark can be utilized to mark one or more snippets code needing to carry out.There is provided the server of encryption can be encrypted by the code to correspondent section according to encryption beginning label and encryption end mark.And one or more snippets code extracts and is placed in specified file after encrypting by the method shown in Fig. 2, wait that needing to run this section of code is just be decrypted, and encryption is re-started again after this section of code runs, be engraved in the complete dump that there is not this APK in internal memory when making any, make cracker cannot obtain complete dump.
Fig. 3 shows a kind of according to an embodiment of the invention schematic diagram reinforcing the device of APK.As shown in Figure 3, the device 300 of this reinforcing APK comprises:
Acquiring unit 310, is suitable for obtaining the Java code that at least one method treated in reinforcing APK is corresponding;
Converting unit 320, is suitable for Java code corresponding at least one method being converted respectively to the Native C code reflecting accordingly and call.
Visible, device shown in Fig. 3 is cooperatively interacted by each unit, Java code in APK is converted to the Native C code reflecting and call, achieve the method call of the Native C method call of Java being converted into reciprocity grammer, when a method is called, the code realizing calling is Native C code instead of original Java code.Compared with Java code, the cost of reverse Native C code is very high, and the protected mode of Native C code is a lot, greatly reduces APK and is disassembled analysis, and then beats again the possibility that bag distributes again, improves the safe class of APK.
In one embodiment of the invention, the acquiring unit 310 of Fig. 3 shown device, is suitable for treating reinforcing APK and carries out Java code corresponding to decompiling acquisition at least one method wherein.
In one embodiment of the invention, the converting unit 320 of Fig. 3 shown device, is suitable for the Java code corresponding to method and carries out semanteme and resolve, reflect the Native C code called, then compile Native C code according to semantic analysis result structure.The equity of converting unit 320 method that Java calls at this process implementation and the method that Native C calls transforms, and ensures the validity being reinforced rear APK n-back test.
In a specific embodiment, the Java code corresponding to method carries out semanteme and resolves, the process of the Native C code called is reflected specifically: converting unit 320 according to semantic analysis result structure, Java code compilation corresponding for the method is suitable for become smali code, smali code is decompiled into a kind of intermediate language, converts described intermediate language to Native C code.Wherein, intermediate language is a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
Fig. 4 shows a kind of in accordance with another embodiment of the present invention schematic diagram reinforcing the device of APK.As shown in Figure 4, the device 400 of this reinforcing APK comprises: acquiring unit 410, converting unit 420 and ciphering unit 430.
Wherein, acquiring unit 410, converting unit 420 are corresponding identical with the acquiring unit 310 of Fig. 3 shown device, converting unit 320 respectively, do not repeat them here.
Ciphering unit 430, is suitable for the Native C code after to the conversion in described APK and is encrypted.
Compared to Java code, the cipher mode of Native C code is more various, increases reverse difficulty further, prevents the leakage of APK key message.
Fig. 5 shows a kind of schematic diagram reinforcing the device of APK according to another embodiment of the present invention.As shown in Figure 5, the device 500 of this reinforcing APK comprises: acquiring unit 510, ciphering unit 520 and interpolation compilation unit 530.
Acquiring unit 510, is suitable for obtaining and waits to reinforce the ELF file in APK, carry out decompiling; And be suitable for, according to encryption beginning label and encryption end mark, from the ELF file of decompiling, extracting one or more snippets code to be protected, and arranging a Hook Function to each extracting position.
Wherein the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively.
Ciphering unit 520, after being suitable for one or more snippets code extracted to be encrypted, puts into specified file.
Add compilation unit 530, be suitable for specified file to add in the APK of described decompiling, compiling generates reinforces APK.
The reinforcing APK obtained after the device shown in Fig. 5 is reinforced; run process in, by arrange Hook Function learn need run protected one section of code time, from specified file, decrypt this section of code; and when this section of code runs complete, again this section of code is encrypted.Realize the dynamic encryption and decryption treating protecting code, make any time in internal memory there is not the reflection of complete source code, thus prevent APK by reverse reduction.
In one embodiment of the invention, ciphering unit 520, is suitable for carrying out VM to the one end extracted or multistage code virtual; Or/and, be suitable for carrying out sectional encryption to the one end extracted or multistage code; Or/and, be suitable for carrying out Code obfuscation to the one end extracted or multistage code; Or/and, be suitable for the one end extracted or multistage code is counter debugs process.
In one embodiment of the invention, ciphering unit 520, after being suitable for one or more snippets code extracted to be encrypted, puts into the afterbody of SO file.
In one embodiment of the present of invention, additionally provide a kind of device reinforcing APK comprising Fig. 3 and Fig. 5 shown device, acquiring unit 310 wherein and acquiring unit 510 are same unit.In an alternative embodiment of the invention, additionally provide a kind of device reinforcing APK comprising device described in Fig. 4 and Fig. 5, acquiring unit 410 wherein and acquiring unit 510 are same unit.
Fig. 6 shows the schematic diagram that a kind of according to an embodiment of the invention APK reinforces client.As shown in Figure 6, this APK reinforces the device 610 that client comprises reinforcing APK.The device 610 of this reinforcing APK can be the device as the reinforcing APK above as described in any embodiment.
Fig. 7 shows the schematic diagram that a kind of according to an embodiment of the invention APK reinforces server.As shown in Figure 7, this APK reinforces the device 710 that server comprises reinforcing APK.The device 710 of this reinforcing APK can be the device as the reinforcing APK above as described in any embodiment.
In sum, technical scheme provided by the invention is by converting the Native C code reflecting and call to by the Java code in APK, achieve the method call of the NativeC method call of Java being converted into reciprocity grammer, when a method is called, the code realizing calling is Native C code instead of original Java code.And by being encrypted the Native C code after conversion, realize the further protection to NativeC code.Compared with Java code, the cost of reverse Native C code is very high, and the protected mode of Native C code is a lot, greatly reduces APK and is disassembled analysis, and then beats again the possibility that bag distributes again, improves the safe class of APK.
It should be noted that:
Intrinsic not relevant to any certain computer, virtual bench or miscellaneous equipment with display at this algorithm provided.Various fexible unit also can with use based on together with this teaching.According to description above, the structure constructed required by this kind of device is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize reinforcing according to the device of the reinforcing APK of the embodiment of the present invention and APK the some or all parts in client and server.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The invention discloses A1, a kind of method of reinforcing APK, wherein, the method comprises:
Obtain the Java code that at least one method treated in reinforcing APK is corresponding;
Java code corresponding at least one method described is converted respectively to the Native C code reflecting accordingly and call.
A2, method as described in A1, wherein, the described Java code waiting to reinforce at least one method in APK corresponding that obtains comprises:
Wait that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
A3, method as described in A1, wherein, convert to Java code corresponding at least one method described respectively and reflect the Native C code called accordingly and comprise:
The Java code corresponding to method carries out semanteme and resolves, and reflects the Native C code called, then compile Native C code according to semantic analysis result structure.
A4, method as described in A3, wherein, the described Java code corresponding to method carries out semanteme and resolves, and reflects the Native C code called comprise according to semantic analysis result structure:
Java code compilation corresponding for the method is become smali code, smali code is decompiled into a kind of intermediate language, then convert described intermediate language to Native C code.
A5, method as described in A4, wherein,
Described intermediate language is a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
A6, method as described in A1, wherein, the method comprises further:
Native C code after conversion in described APK is encrypted.
A7, method as described in A1, wherein, the method comprises further:
Obtain and wait to reinforce the ELF file in APK, carry out decompiling;
According to encryption beginning label and encryption end mark, from the ELF file of described decompiling, extract one or more snippets code to be protected, and a Hook Function is arranged to each extracting position; Wherein the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively;
After being encrypted by one or more snippets code extracted, put into specified file;
Added to by described specified file in the APK of described decompiling, compiling generates reinforces APK;
Wherein, described reinforcing APK run process in, by arrange Hook Function learn need run protected one section of code time, from described specified file, decrypt this section of code; and when this section of code runs complete, again this section of code is encrypted.
A8, method as described in A7, wherein, described being encrypted by one or more snippets code extracted comprises:
VM carries out to the one end extracted or multistage code virtual; Or/and, sectional encryption is carried out to the one end extracted or multistage code; Or/and, Code obfuscation is carried out to the one end extracted or multistage code; Or/and, to the one end extracted or multistage code is counter debugs process.
A9, method as described in A7, wherein, described one or more snippets code extracted is encrypted after, put into specified file and comprise:
After being encrypted by one or more snippets code extracted, put into the afterbody of SO file.
A10, method according to any one of A1-A9, wherein,
Said method is by the client executing being positioned at end side;
Or, obtain APK to be reinforced by the client being positioned at end side and upload onto the server, perform said method by server.
The invention discloses B11, a kind of device reinforcing APK, wherein, this device comprises:
Acquiring unit, is suitable for obtaining the Java code that at least one method treated in reinforcing APK is corresponding;
Converting unit, is suitable for Java code corresponding at least one method described being converted respectively to the Native C code reflecting accordingly and call.
B12, device as described in B11, wherein,
Described acquiring unit, is suitable for waiting that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
B13, device as described in B11, wherein,
Described converting unit, is suitable for the Java code corresponding to method and carries out semanteme and resolve, reflect the Native C code called, then compile Native C code according to semantic analysis result structure.
B14, device as described in B13, wherein,
Described converting unit, is suitable for Java code compilation corresponding for the method to become smali code, smali code is decompiled into a kind of intermediate language, then converts described intermediate language to Native C code.
B15, device as described in B14, wherein,
The described intermediate language that described converting unit adopts is a kind of instruction set be made up of tlv triple instruction, and a tlv triple instruction comprises: the destination address of source address, operation and the type of operation.
B16, device as described in B11, wherein, this device comprises further:
Ciphering unit, is suitable for the Native C code after to the conversion in described APK and is encrypted.
B17, device as described in B11, wherein, this device comprises further: add compilation unit and ciphering unit;
Described acquiring unit, is further adapted for obtain and waits to reinforce the ELF file in APK, carry out decompiling; And be suitable for, according to encryption beginning label and encryption end mark, from the ELF file of described decompiling, extracting one or more snippets code to be protected, and arranging a Hook Function to each extracting position; Wherein the reference position of every section of code to be protected and end position have encryption beginning label and encryption end mark respectively;
Described ciphering unit, is further adapted for after being encrypted by one or more snippets code extracted, puts into specified file;
Described interpolation compilation unit, is suitable for described specified file to add in the APK of described decompiling, and compiling generates reinforces APK;
Wherein, described reinforcing APK run process in, by arrange Hook Function learn need run protected one section of code time, from described specified file, decrypt this section of code; and when this section of code runs complete, again this section of code is encrypted.
B18, device as described in B17, wherein,
Described ciphering unit, is suitable for carrying out VM to the one end extracted or multistage code virtual; Or/and, be suitable for carrying out sectional encryption to the one end extracted or multistage code; Or/and, be suitable for carrying out Code obfuscation to the one end extracted or multistage code; Or/and, be suitable for the one end extracted or multistage code is counter debugs process.
B19, device as described in B17, wherein,
Described ciphering unit, after being suitable for one or more snippets code extracted to be encrypted, puts into the afterbody of SO file
The invention discloses C20, a kind of APK and reinforce client, wherein, this client comprises the device of the reinforcing APK according to any one of B11-B19.
The invention also discloses D21, a kind of APK and reinforce server, wherein, this server comprises the device of the reinforcing APK according to any one of B11-B19.
Claims (10)
1. reinforce a method of APK, wherein, the method comprises:
Obtain the Java code that at least one method treated in reinforcing APK is corresponding;
Java code corresponding at least one method described is converted respectively to the Native C code reflecting accordingly and call.
2. the method for claim 1, wherein the described Java code obtaining at least one method treated in reinforcing APK corresponding comprises:
Wait that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
3. the method for claim 1, wherein Java code corresponding at least one method described is converted to respectively and reflects the Native C code called accordingly and comprise:
The Java code corresponding to method carries out semanteme and resolves, and reflects the Native C code called, then compile Native C code according to semantic analysis result structure.
4. method as claimed in claim 3, wherein, the described Java code corresponding to method carries out semanteme and resolves, and comprises according to the Native C code that the reflection of semantic analysis result structure is called:
Java code compilation corresponding for the method is become smali code, smali code is decompiled into a kind of intermediate language, then convert described intermediate language to Native C code.
5. reinforce a device of APK, wherein, this device comprises:
Acquiring unit, is suitable for obtaining the Java code that at least one method treated in reinforcing APK is corresponding;
Converting unit, is suitable for Java code corresponding at least one method described being converted respectively to the Native C code reflecting accordingly and call.
6. device as claimed in claim 5, wherein,
Described acquiring unit, is suitable for waiting that reinforcing APK carries out Java code corresponding to decompiling acquisition at least one method wherein to described.
7. device as claimed in claim 5, wherein,
Described converting unit, is suitable for the Java code corresponding to method and carries out semanteme and resolve, reflect the Native C code called, then compile Native C code according to semantic analysis result structure.
8. device as claimed in claim 7, wherein,
Described converting unit, is suitable for Java code compilation corresponding for the method to become smali code, smali code is decompiled into a kind of intermediate language, then converts described intermediate language to Native C code.
9. APK reinforces a client, and wherein, this client comprises the device of the reinforcing APK according to any one of claim 5-8.
10. APK reinforces a server, and wherein, this server comprises the device of the reinforcing APK according to any one of claim 5-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410815934.0A CN104463002B (en) | 2014-12-24 | 2014-12-24 | A kind of method and apparatus of reinforcing APK and APK reinforce client and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410815934.0A CN104463002B (en) | 2014-12-24 | 2014-12-24 | A kind of method and apparatus of reinforcing APK and APK reinforce client and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104463002A true CN104463002A (en) | 2015-03-25 |
| CN104463002B CN104463002B (en) | 2017-04-05 |
Family
ID=52909024
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410815934.0A Active CN104463002B (en) | 2014-12-24 | 2014-12-24 | A kind of method and apparatus of reinforcing APK and APK reinforce client and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104463002B (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105631251A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | APK reinforcing protection method and system |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN106326691A (en) * | 2015-06-15 | 2017-01-11 | 中兴通讯股份有限公司 | Encryption and decryption function realization method and device, and server |
| CN106933610A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Application program installation package generation method and device and electronic equipment |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
| CN108932406A (en) * | 2017-05-18 | 2018-12-04 | 北京梆梆安全科技有限公司 | Virtualization software guard method and device |
| CN108985017A (en) * | 2018-09-26 | 2018-12-11 | 北京京东金融科技控股有限公司 | The reinforcement means and device of application program |
| CN109543369A (en) * | 2018-11-23 | 2019-03-29 | 杭州哲信信息技术有限公司 | A kind of guard method of DEX |
| CN109598107A (en) * | 2018-11-20 | 2019-04-09 | 江苏通付盾信息安全技术有限公司 | A kind of code conversion method and device based on application installation package file |
| CN109614773A (en) * | 2018-11-20 | 2019-04-12 | 江苏通付盾信息安全技术有限公司 | Code self-modifying method, apparatus and electronic equipment |
| CN109614772A (en) * | 2018-11-20 | 2019-04-12 | 江苏通付盾信息安全技术有限公司 | Code conversion method and device based on application installation package file |
| CN109918872A (en) * | 2019-01-28 | 2019-06-21 | 中国科学院数据与通信保护研究教育中心 | Android application reinforcement means |
| CN110531965A (en) * | 2018-05-23 | 2019-12-03 | 阿里巴巴集团控股有限公司 | A kind of data processing method, program operating method and equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023885A (en) * | 2010-12-17 | 2011-04-20 | 北京握奇数据系统有限公司 | Method and system for storing bytecode of JCRE (Java card run time environment) |
| CN103902858A (en) * | 2013-12-25 | 2014-07-02 | 武汉安天信息技术有限责任公司 | APK application reinforcing method and system |
-
2014
- 2014-12-24 CN CN201410815934.0A patent/CN104463002B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023885A (en) * | 2010-12-17 | 2011-04-20 | 北京握奇数据系统有限公司 | Method and system for storing bytecode of JCRE (Java card run time environment) |
| CN103902858A (en) * | 2013-12-25 | 2014-07-02 | 武汉安天信息技术有限责任公司 | APK application reinforcing method and system |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326691B (en) * | 2015-06-15 | 2021-06-18 | 中兴通讯股份有限公司 | Encryption and decryption function realization method and device and server |
| CN106326691A (en) * | 2015-06-15 | 2017-01-11 | 中兴通讯股份有限公司 | Encryption and decryption function realization method and device, and server |
| CN105631251B (en) * | 2015-12-25 | 2018-07-24 | 北京奇虎科技有限公司 | A kind of APK method for reinforcing and protecting and system |
| CN105631251A (en) * | 2015-12-25 | 2016-06-01 | 北京奇虎科技有限公司 | APK reinforcing protection method and system |
| CN106933610A (en) * | 2015-12-30 | 2017-07-07 | 北京金山安全软件有限公司 | Application program installation package generation method and device and electronic equipment |
| CN106933610B (en) * | 2015-12-30 | 2021-07-30 | 北京金山安全软件有限公司 | Application program installation package generation method and device and electronic equipment |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN107122635A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of reinforcement means of the reinforcement means of SO files, device and APK |
| CN108932406A (en) * | 2017-05-18 | 2018-12-04 | 北京梆梆安全科技有限公司 | Virtualization software guard method and device |
| CN108932406B (en) * | 2017-05-18 | 2021-12-17 | 北京梆梆安全科技有限公司 | Virtualization software protection method and device |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
| CN108681457B (en) * | 2018-05-11 | 2020-09-01 | 西北大学 | Android application program protection method based on code sinking and residual code interpretation |
| CN110531965A (en) * | 2018-05-23 | 2019-12-03 | 阿里巴巴集团控股有限公司 | A kind of data processing method, program operating method and equipment |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
| CN108985017A (en) * | 2018-09-26 | 2018-12-11 | 北京京东金融科技控股有限公司 | The reinforcement means and device of application program |
| CN109614772A (en) * | 2018-11-20 | 2019-04-12 | 江苏通付盾信息安全技术有限公司 | Code conversion method and device based on application installation package file |
| CN109614773A (en) * | 2018-11-20 | 2019-04-12 | 江苏通付盾信息安全技术有限公司 | Code self-modifying method, apparatus and electronic equipment |
| CN109598107A (en) * | 2018-11-20 | 2019-04-09 | 江苏通付盾信息安全技术有限公司 | A kind of code conversion method and device based on application installation package file |
| CN109543369A (en) * | 2018-11-23 | 2019-03-29 | 杭州哲信信息技术有限公司 | A kind of guard method of DEX |
| CN109543369B (en) * | 2018-11-23 | 2022-03-25 | 杭州哲信信息技术有限公司 | DEX protection method |
| CN109918872A (en) * | 2019-01-28 | 2019-06-21 | 中国科学院数据与通信保护研究教育中心 | Android application reinforcement means |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104463002B (en) | 2017-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104463002A (en) | APK reinforcing method and device and APK reinforcing client and server | |
| Chen et al. | Mystique: Uncovering information leakage from browser extensions | |
| CN106462677B (en) | Method and device for protecting software project | |
| CN104462959B (en) | A kind of method for reinforcing and protecting, server and the system of Android application | |
| CN104239757B (en) | Application program reversing-preventing method and device and operation method and terminal | |
| US8090959B2 (en) | Method and apparatus for protecting .net programs | |
| Williams et al. | Security through diversity: Leveraging virtual machine technology | |
| Preda et al. | Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology | |
| Schulz | Code protection in android | |
| EP1376310A2 (en) | Secure and opaque type library providing secure data protection of variables | |
| CN108363911B (en) | Python script obfuscating and watermarking method and device | |
| CN104392181A (en) | SO file protection method and device and android installation package reinforcement method and system | |
| CN104484585A (en) | Application program installation package processing method and device, and mobile apparatus | |
| WO2015150391A1 (en) | Software protection | |
| CN105512521A (en) | Reinforcement and protection method and system for software installation package | |
| KR101861341B1 (en) | Deobfuscation apparatus of application code and method of deobfuscating application code using the same | |
| CN106599627A (en) | Method and apparatus for protecting application security based on virtual machine | |
| McFadden et al. | Security chasms of wasm | |
| CN106708571A (en) | Resource file loading method and device and source file reinforcing method and device | |
| Lan et al. | Lambda obfuscation | |
| CN112052433A (en) | Virtual protection method, terminal and storage medium for Jar file | |
| Pizzolotto et al. | OBLIVE: seamless code obfuscation for Java programs and Android apps | |
| CN113626773B (en) | Code protection method based on intermediate language | |
| Guo et al. | A survey of obfuscation and deobfuscation techniques in android code protection | |
| Protsenko et al. | Protecting android apps against reverse engineering by the use of the native code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Beijing Qizhi Business Consulting Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210622 Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Beijing Hongteng Intelligent Technology Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Beijing Qizhi Business Consulting Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee after: Sanliu0 Digital Security Technology Group Co.,Ltd. Address before: 100016 1773, 15 / F, 17 / F, building 3, No.10, Jiuxianqiao Road, Chaoyang District, Beijing Patentee before: Beijing Hongteng Intelligent Technology Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |