CN104573424A - Application protection system and method - Google Patents
Application protection system and method Download PDFInfo
- Publication number
- CN104573424A CN104573424A CN201310501315.XA CN201310501315A CN104573424A CN 104573424 A CN104573424 A CN 104573424A CN 201310501315 A CN201310501315 A CN 201310501315A CN 104573424 A CN104573424 A CN 104573424A
- Authority
- CN
- China
- Prior art keywords
- application program
- token
- instruction
- instruction set
- permutation matrix
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000006073 displacement reaction Methods 0.000 claims description 47
- 239000011159 matrix material Substances 0.000 claims description 46
- 238000009434 installation Methods 0.000 claims description 5
- 230000003068 static effect Effects 0.000 claims description 3
- 238000002347 injection Methods 0.000 abstract description 4
- 239000007924 injection Substances 0.000 abstract description 4
- 238000006243 chemical reaction Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000000605 extraction Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008672 reprogramming Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention relates to an application protection system and method. The system comprises an obfuscator and a token generator; the obfuscator is used for replacing a set of commands in an application; the token generator is used for generating a token; the token contains an interpreter and system patches; the interpreter is used for interpreting the application subjected to replacement of the set of commands; the system patches are used for installing the application subjected to replacement of the set of command. The application protection system and method has the advantages that attacks from the bottom level of a system, such as dynamic injection and dynamic debugging, can be effectively resisted and the digital copyright of the application can be effectively protected.
Description
Technical field
The present invention relates to computer safety field, particularly to the system and method that Android application program is protected.
Background technology
Along with popularizing of smart mobile phone, mobile phone safe problem is more outstanding, and various Malware continues to bring out, and carries out malicious operation to some security applications, causes application program unavailable or be tampered.
In order to protection application program, at patent documentation 1(CN201110057866.2) propose a kind of application program and save guard method and digital copyright protecting protection system from damage.The application program copy-right protection method that patent documentation 1 proposes and digital copyright protection system are mainly by increasing authentication module in the application, by carrying out authentication to protect with server.
At patent documentation 2(CN200580047317.X) in it is also proposed a kind of method and system for the protection of software application from piracy.The method and system for the protection of software application from piracy that patent documentation 2 proposes mainly is protected by a part for program being put into server execution, protects in the subprogram of server by performing to software application.
The shortcoming of above two schemes is if by carrying out decompiling to program, authentication module being modified or shielding, then cannot protection application program.
The full name of Android application A PK is Android Package, and APK file is zip form in fact, but suffix name is modified to apk, after UnZip decompress(ion), can see executable code Dex part, i.e. Android Dalvik executive routine.Android executable code is the program compilation of being write by Java language and the Dalvik bytecode be transformed.This bytecode is generally very easy to decompiling.Malware and assailant carry out the code analysis of assembly level by decompiling APK file, and revise or insert the code of oneself, and signature is packaged as APK file, to reach the object of the original behavior of reprogramming again.
Existing APK resist technology mainly carrys out protecting code by Code obfuscation.The free instrument obscuring Java bytecode file of ProGuard current main-stream, it can delete useless class, field, method and attribute.Annotation useless can be deleted, optimize byte code files to greatest extent.Class, field, method and attribute that it can also use brief insignificant title to carry out rename to have existed.
Equally, after the mode of ProGuard can not stop assailant's decompiling, Android application program is attacked.
Summary of the invention
In view of the above problems, the present invention aims to provide and a kind ofly can effectively prevent assailant from being undertaken attacking by application programs decompiling and system and the method that can resist that Android application program is attacked in Dynamic injection, dynamic debugging etc.
Protection system of application program of the present invention, is characterized in that, possesses:
Obfuscator, carries out instruction set displacement for the instruction in application programs; And
Token maker, for generating Token, wherein said Token comprises for explaining through the interpreter of the application program of instruction set displacement and the system mend for installing the application program through displacement.
Preferably, described obfuscator uses the instruction in permutation matrix application programs to carry out instruction set displacement, and described interpreter use and described obfuscator one to one permutation matrix make an explanation to the instruction in the application program of replacing through instruction set.
Preferably, described obfuscator uses the instruction in random permutation matrix application programs to carry out instruction set displacement.
Preferably, instruction set displacement is carried out in each instruction in described obfuscator application programs, and described interpreter makes an explanation to each instruction in the application program of replacing through instruction set.
Preferably, in described obfuscator application programs, instruction is carried out instruction set displacement and is converted the operational code of former instruction to make to retain all operations number of former instruction.
Application program guard method of the present invention, is characterized in that, comprise the steps:
Permutation matrix generation step, generates permutation matrix M for device A;
Token generation step, generates the Token of corresponding device A according to described permutation matrix M, wherein, described Token at least comprises the interpreter for explaining the application program through instruction set displacement;
Instruction set displacement step, carries out instruction set displacement according to described matrix M to application program to be protected and generates the application program after protection;
Token issuing steps, is distributed to the holder of device A by Token;
Application program issue step, is distributed to the holder of device A by the application program after protection; And
Application program installation steps, perform installation with the described interpreter in described Token to the application program after protection.
Preferably, in described permutation matrix generation step, the described permutation matrix of random generation.
Preferably, in described Token generation step, the described Token of generation also comprises the system mend for installing the application program through displacement.
Preferably, described instruction set displacement step comprises following sub-step:
According to described permutation matrix M, carry out static code decompiling to application program to be protected and obtain all bytecodes of an application program, wherein said permutation matrix M specifies the displacement relation of i to j, and wherein i, j are natural number;
By application program to be protected joint code from x
idisplacement is to x
j.
Preferably, in described Token issuing steps, by OTA mode to holder Token being distributed to device A.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the protection system of application program representing an embodiment of the present invention.
Fig. 2 represents the schematic diagram utilizing the obfuscator in the present invention to carry out instruction set displacement.
Fig. 3 is the process flow diagram of the application program guard method representing an embodiment of the present invention.
Embodiment
What introduce below is some in multiple embodiment of the present invention, aims to provide basic understanding of the present invention.Be not intended to confirm key of the present invention or conclusive key element or limit claimed scope.
Fig. 1 is the schematic diagram of the protection system of application program representing an embodiment of the present invention.Referring to Fig. 1, the protection system of application program of an embodiment of the present invention is described.
Protection system of application program of the present invention is a kind of protection system of application program being applicable to mobile intelligent terminal; particularly; have employed the obfuscation based on instruction set displacement thought; main purposes assists Android app publisher to carry out digital copyright protecting to the App oneself developed, and this system also can resist the attack from system bottom such as Dynamic injection, dynamic debugging simultaneously.
As shown in Figure 1, protection system of application program of the present invention, possesses and carries out instruction set displacement obfuscator 100 for the instruction in application programs 111; And the Token maker 200 for using matrix to generate Token.
Instruction in the dex file of obfuscator 100 application programs is obscured, namely so-called instruction set displacement.Obfuscator 100 can be resolved according to the dex file of application program, by the level of class → method → instruction, each instruction in whole dex file is traveled through, in the process of traversal, obfuscator 100 can use the permutation matrix of regulation (such as, random choose) each instruction is replaced, instruction after displacement retains all operations number of former instruction, but changes for the operational code of recognition instruction.
Fig. 2 represents the schematic diagram utilizing the obfuscator in the present invention to carry out instruction set displacement.
As shown in Figure 2, the bytecode of former instruction is: " 1,301 300 ", and wherein operational code is " 13 ", and operand is " 01 3000 ".After instruction set displacement, operand " 01 3000 " originally does not change, and operational code is replaced as " 23 " from " 13 " according to permutation matrix, and like this, the bytecode of the instruction after displacement is: " 2,301 300 ".
Due to after displacement, operational code changes, and therefore, when not having permutation matrix, the reverse instrument of common dex cannot reduce any instruction in dex file.
In addition, complete after the obscuring of instruction, obfuscator 100 also can add the information of some necessity at the head of dex file, the app that these information will help execution environment to differentiate common app and obscured in the installation and implementation of APK.
Dex file through obscuring will be beaten again the APK file being bundled into a process and obscuring, what generated by different permutation matrix obscures the series that APK belongs to different, the obscuring APK and can only could be mounted and perform in the execution environment of correspondence of each series, this point further ensures the security of permutation matrix and the APK after obscuring can resist performance analysis.
Token maker 200 uses permutation matrix to generate the instrument of Token.In the present invention, Token must carry and explain that the necessary interpreter of rear app is obscured in execution, the interpreter carried in the Token using different permutation matrix to generate is not identical yet, and the app after obfuscator 100 is obscured could can only perform in the interpreter generated by same permutation matrix.
As shown in Figure 2, in app after obscuring, the operational code of each instruction is different with instruction originally, want correct each instruction of execution just to need to reduce to these operational codes, otherwise the application program obscured normally can not be performed by general android system.So when specific terminal needs to run the application program be confused, need first to load corresponding interpreter.This interpreter with obscure permutation matrix one_to_one corresponding used, namely interpreter needs instruction to reduce.
And reduction can not be explicit, because can cause potential safety hazard like this.According to permutation matrix, the content in the explanation function of each instruction in interpreter is replaced, this ensure that explain perform by same permutation matrix generate obscure app time correctly can reduce the function of instruction.
In this case, conversed analysis for interpreter will become very difficult, assailant directly can not obtain the information about permutation matrix from the code after reverse, is then very loaded down with trivial details for the deciphering explaining function, can time of at substantial and energy.
Token is issued to terminal user by the mode of OTA in the present invention, OTA (Over-The-Air) can carry out telemanagement by the air interface of mobile communication (GSM or CDMA) network to Mobile data and application, and air interface can adopt WAP, GPRS, CDMA1X and widely universal short message (SMS) technology, to support the wireless downloading of each Terminal Type.By adopting OTA mode, can ensure that user only can obtain one's own Token, this guarantees the security of Token..And, carry permutation matrix due to not explicit in Token, and for bottom interpreter extraction and reversely there is very large difficulty, this just further ensures the security of permutation matrix, namely ensure that the security of whole system.
Return Fig. 1, Android protection system of application program of the present invention is described.As shown in Figure 1, utilize permutation matrix to carry out obscuring by each instruction in obfuscator 100 application programs 111 and generate the application program 112 after converting, the application program 112 after conversion is distributed to cell phone system.
On the other hand, Token maker 200 also according to identical permutation matrix for explain through " interpreter that the application program of conversion is corresponding " 113 of the application program of instruction set displacement and for the system mend (not shown) installed through the application program of displacement and utilize OTA mode by interpreter corresponding for the application program of conversion " 113 and be published to cell phone system for the system mend (not shown) installed through the application program of displacement.
" interpreter that the application program of conversion is corresponding " 113 is utilized to make an explanation to the application program after change at cell phone system.On the other hand, " interpreter that the application program of conversion is corresponding " 113 and original general interpreter 115 coexist, other parts of cell phone system also can suffer amendment to a certain degree making can be correctly switched to when performing the application program after obscuring " interpreter that the application program of conversion is corresponding " 113.
Under regard to application program guard method of the present invention and be described.Fig. 3 is the process flow diagram of the application program guard method representing an embodiment of the present invention.
As shown in Figure 3, application program guard method of the present invention comprises the steps:
Permutation matrix generation step S101: a corresponding particular device A, generates a random permutation matrix M;
Token generation step S102: according to described random permutation matrix M, generate the Token of corresponding particular device A, wherein, described Token comprises the system mend for explaining the APK program after the interpreter I and this type of conversion of support installation of the application program of instruction set displacement, wherein, interpreter I can convert based on the displacement relation of matrix M, such as, permutation matrix M specifies the displacement relation (i, j are numeral) of i to j, then by instruction xi and instruction x
jexplain that function carries out displacement and obtains;
Instruction set displacement step S103: interpreter carries out instruction set displacement according to described permutation matrix M to application program to be protected and generates the application program after protection; particularly; according to permutation matrix M; static code decompiling is carried out to specific Android application program to be protected; obtain all bytecodes (Dex Bytecode) of an APK program, then application program bytecode xi to be protected is replaced into bytecode x
j;
Token issuing steps S104: holder Token being distributed to particular device A, the mode upgraded by OTA, replaces original interpreter;
Application program issue step S105: the holder application program after protection being distributed to particular device A, can realize installing by original mounting means; And
Application program installation steps S106: be responsible for making an explanation to the application program after protection and performing installation at the new interpreter I installed, also support the execution of original normal code simultaneously.
Utilize protection system of application program of the present invention and method, can effectively prevent assailant from being attacked by application programs decompiling.Under being applicable to can there be the scene of certain control power to terminal system, than cloudlike POS based on Android custom-built system, can ensure by this invention the safety running on application program on cloud POS, and developer is without the need to any retrofit work.In the present invention; by adopting the obfuscation of instruction set displacement thought, Android app publisher can be effectively assisted to carry out data word copyright protection to the App application program oneself developed and effectively can resist the attack from system bottom such as Dynamic injection, dynamic debugging.
Above example mainly describes protection system of application program of the present invention and method.Although be only described some of them the specific embodiment of the present invention, those of ordinary skill in the art should understand, and the present invention can implement with other forms many not departing from its purport and scope.Therefore, the example shown and embodiment are regarded as illustrative and not restrictive, when do not depart from as appended each claim define the present invention spirit and scope, the present invention may contain various amendments and replacement.
Claims (10)
1. a protection system of application program, is characterized in that, possesses:
Obfuscator, carries out instruction set displacement for the instruction in application programs; And
Token maker, for generating Token, wherein said Token comprises for explaining through the interpreter of the application program of instruction set displacement and the system mend for installing the application program through displacement.
2. protection system of application program as claimed in claim 1, is characterized in that,
Described obfuscator uses the instruction in permutation matrix application programs to carry out instruction set displacement,
Described interpreter use and described obfuscator one to one permutation matrix make an explanation to the instruction in the application program of replacing through instruction set.
3. protection system of application program as claimed in claim 1, is characterized in that,
Described obfuscator uses the instruction in random permutation matrix application programs to carry out instruction set displacement.
4. protection system of application program as claimed in claim 1, is characterized in that,
Instruction set displacement is carried out in each instruction in described obfuscator application programs, and described interpreter makes an explanation to each instruction in the application program of replacing through instruction set.
5. protection system of application program as claimed in claim 1, is characterized in that,
In described obfuscator application programs, instruction is carried out instruction set displacement and is converted the operational code of former instruction to make to retain all operations number of former instruction.
6. an application program guard method, is characterized in that, comprises the steps:
Permutation matrix generation step, generates permutation matrix M for device A;
Token generation step, generates the Token of corresponding device A according to described permutation matrix M, wherein, described Token at least comprises the interpreter for explaining the application program through instruction set displacement;
Instruction set displacement step, carries out instruction set displacement according to described matrix M to application program to be protected and generates the application program after protection;
Token issuing steps, is distributed to the holder of device A by Token;
Application program issue step, is distributed to the holder of device A by the application program after protection; And
Application program installation steps, perform installation with the described interpreter in described Token to the application program after protection.
7. application program guard method as claimed in claim 6, is characterized in that,
In described permutation matrix generation step, the described permutation matrix of random generation.
8. application program guard method as claimed in claim 6, is characterized in that,
In described Token generation step, the described Token of generation also comprises the system mend for installing the application program through displacement.
9. application program guard method as claimed in claim 6, is characterized in that,
Described instruction set displacement step comprises following sub-step:
According to described permutation matrix M, static code decompiling is carried out to application program to be protected
And obtaining all bytecodes of an application program, wherein said permutation matrix M specifies the displacement relation of i to j, and wherein i, j are natural number;
By application program to be protected joint code from x
idisplacement is to x
j.
10. application program guard method as claimed in claim 6, is characterized in that,
In described Token issuing steps, by OTA mode to holder Token being distributed to device A.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501315.XA CN104573424A (en) | 2013-10-23 | 2013-10-23 | Application protection system and method |
| PCT/CN2014/088613 WO2015058639A1 (en) | 2013-10-23 | 2014-10-15 | Application program protecting system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310501315.XA CN104573424A (en) | 2013-10-23 | 2013-10-23 | Application protection system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104573424A true CN104573424A (en) | 2015-04-29 |
Family
ID=52992252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310501315.XA Pending CN104573424A (en) | 2013-10-23 | 2013-10-23 | Application protection system and method |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104573424A (en) |
| WO (1) | WO2015058639A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868589A (en) * | 2016-03-30 | 2016-08-17 | 网易(杭州)网络有限公司 | Script encryption method, and script running method and device |
| CN106843919A (en) * | 2016-12-12 | 2017-06-13 | 北京奇虎科技有限公司 | The storage method and device of a kind of dex files |
| CN109697339A (en) * | 2017-10-20 | 2019-04-30 | 南京理工大学 | A kind of Android application method for security protection based on dynamic virtual instruction map |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9760736B2 (en) | 2015-09-29 | 2017-09-12 | International Business Machines Corporation | CPU obfuscation for cloud applications |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831342A (en) * | 2012-07-28 | 2012-12-19 | 北京深思洛克软件技术股份有限公司 | Method for improving protection strength of application program in Android system |
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN103324872A (en) * | 2013-07-12 | 2013-09-25 | 上海交通大学 | Android application program protective method and system based on order confusion |
-
2013
- 2013-10-23 CN CN201310501315.XA patent/CN104573424A/en active Pending
-
2014
- 2014-10-15 WO PCT/CN2014/088613 patent/WO2015058639A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN102831342A (en) * | 2012-07-28 | 2012-12-19 | 北京深思洛克软件技术股份有限公司 | Method for improving protection strength of application program in Android system |
| CN103324872A (en) * | 2013-07-12 | 2013-09-25 | 上海交通大学 | Android application program protective method and system based on order confusion |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105868589A (en) * | 2016-03-30 | 2016-08-17 | 网易(杭州)网络有限公司 | Script encryption method, and script running method and device |
| CN106843919A (en) * | 2016-12-12 | 2017-06-13 | 北京奇虎科技有限公司 | The storage method and device of a kind of dex files |
| CN106843919B (en) * | 2016-12-12 | 2021-02-23 | 北京奇虎科技有限公司 | Method and device for storing dex file |
| CN109697339A (en) * | 2017-10-20 | 2019-04-30 | 南京理工大学 | A kind of Android application method for security protection based on dynamic virtual instruction map |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2015058639A1 (en) | 2015-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103324872B (en) | Based on the guard method of Android application program and the system of order confusion | |
| CN102663285B (en) | Extracting method and extracting device for APK (android package) virus characteristic code | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| KR101966754B1 (en) | Generating and caching software code | |
| Gawlik et al. | Towards automated integrity protection of C++ virtual function tables in binary programs | |
| KR101518420B1 (en) | Apparatus and method for managing apk file in a android platform | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| CN107729725A (en) | A kind of Android applications hardened system and method based on virtual machine instructions modification | |
| CN103177199A (en) | Webpage application code protective method and system, and executive speed-up method and system | |
| CN104317625A (en) | Dynamic loading method for APK files | |
| CN103914637B (en) | A kind of executable program encryption method of Android platform | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| CN104408337A (en) | Reinforcement method for preventing reverse of APK (Android package) file | |
| CN108733988A (en) | The guard method of executable program on Android platform | |
| CN109598107B (en) | Code conversion method and device based on application installation package file | |
| CN104239757A (en) | Application program reversing-preventing method and device and operation method and terminal | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| CN103067392A (en) | Security access control method based on Android terminal | |
| CN104123481A (en) | Method and device for preventing application program from being tampered | |
| CN105303072A (en) | ART mode based software hardening method and apparatus | |
| CN104573424A (en) | Application protection system and method | |
| CN105631251A (en) | APK reinforcing protection method and system | |
| CN104268468A (en) | Protecting method and system of dynamic link library of Android system | |
| CN105046116A (en) | Method for protecting dex file from being decompiled in Android system | |
| CN101872393A (en) | Tamper-proof response scheme of Java program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150429 |
|
| RJ01 | Rejection of invention patent application after publication |