CN105227565B - The method and apparatus that anti-reversing for Android system cracks shared object file - Google Patents
The method and apparatus that anti-reversing for Android system cracks shared object file Download PDFInfo
- Publication number
- CN105227565B CN105227565B CN201510671883.3A CN201510671883A CN105227565B CN 105227565 B CN105227565 B CN 105227565B CN 201510671883 A CN201510671883 A CN 201510671883A CN 105227565 B CN105227565 B CN 105227565B
- Authority
- CN
- China
- Prior art keywords
- source code
- plain text
- text source
- protection function
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses the method and apparatus that the anti-reversing for Android system cracks shared object file.The method that anti-reversing for Android system cracks shared object file includes: load installation package file; wherein; installation package file includes shared object file, shared object file include decipherment algorithm in the shell for link in advance shared object file, encrypted by protection function and Encryption Algorithm;Shared object file is loaded into memory;Installation package file call by protection function when, call decipherment algorithm decryption encrypted by protection function, obtain the plain text source code for being protected function;It will be loaded onto plain text source code address by the plain text source code of protection function;It executes by the plain text source code of protection function;It is completed in response to executing by the plain text source code of protection function, Encryption Algorithm is called to delete by the plain text source code of protection function.This method increase the difficulty for cracking shared object file, improve in shared object file by the safety of protection function.
Description
Technical field
This application involves field of computer technology, and in particular to computer security technical field, more particularly, to Android
The method and apparatus that the anti-reversing of system cracks shared object file.
Background technique
The open source of Android system provides more functional interfaces for application developer, these functional interfaces, which improve, is
It also provides convenience while the scalability of system for Malware.
Such as when running Android installation kit APK (AndroidPackage) file, can load it is some need use be total to
Object so (Shared Object) file (dynamic link library file that Android system uses) is enjoyed, these so files are loaded into
After in memory, it is in plaintext state, and programmer is often put into some important codes in so file, as long as malicious persons
Find the load base address of so file, so that it may which completely dump (dump) comes out from memory so file, in favor of analysis
And utilization, this has resulted in more serious security risk.
Summary of the invention
In view of drawbacks described above in the prior art or deficiency, it is desired to be able to provide it is a kind of it is highly-safe, be difficult to the side cracked
Case.In order to realize said one or multiple purposes, this application provides the method and apparatus of anti-reversing shared object file.
In a first aspect, this application provides a kind of method that the anti-reversing for Android system cracks shared object file,
The described method includes: load installation package file, wherein the installation package file includes shared object file, the shared object
File include decipherment algorithm in the shell for link in advance shared object file, encrypted by protection function and Encryption Algorithm;
The shared object file is loaded into memory;When the installation package file is called by protection function, decipherment algorithm solution is called
It is close it is described encrypted by protection function, obtain the plain text source code for being protected function;By the plaintext source by protection function
Code is loaded onto plain text source code address;Execute the plain text source code by protection function;In response to executing described protected
The plain text source code for protecting function is completed, and Encryption Algorithm is called to delete the plain text source code by protection function.
In some embodiments, it is described call decipherment algorithm decryption it is described encrypted by protection function, obtain being protected
The plain text source code of function includes: to call to default in decryption function in static linkage file, and according to defaulting in the shell
The data acquisition system by protection function, decryption function will be sent to by the plain text source code address of protection function, wherein the number
It include described by the plain text source code address of protection function, plain text source code size, ciphertext source generation according to the single data in set
Code address and ciphertext source code size;The decryption function calls the decipherment algorithm, and the plain text source code address is passed
It send to the decipherment algorithm;The decipherment algorithm inquires ciphertext source according to the plain text source code address in the data acquisition system
Code address and ciphertext source code size;The decipherment algorithm urines according to ciphertext source code address and ciphertext source code
It is close described by protection function, obtain the plain text source code for being protected function.
In some embodiments, described to be completed in response to executing the plain text source code by protection function, call encryption
It includes: complete in response to executing the plain text source code by protection function that algorithm, which deletes the plain text source code by protection function,
At calling defaults in the encryption function in the static linkage file, and the plain text source code address is transferred to described add
Close function;The encryption function calls the Encryption Algorithm defaulted in the shell, and the plain text source code address is passed
It is defeated by Encryption Algorithm;The Encryption Algorithm inquires plain text source code in the data acquisition system according to the plain text source code address
Size;The Encryption Algorithm is deleted described by protection letter according to the plain text source code address and the plain text source code size
Several plain text source codes.
In some embodiments, the structure type of the data acquisition system includes following any one: tables of data, chained list, two
Dimension group and Array for structural body.
Second aspect, this application provides the device that a kind of anti-reversing for Android system cracks shared object file,
Described device includes: the first loading module, for loading installation package file, wherein the installation package file includes shared object
File, the shared object file include decipherment algorithm in the shell for link in advance shared object file, being protected of having encrypted
Protect function and Encryption Algorithm;Second loading module, for loading the shared object file into memory;Deciphering module is used for
When the installation package file is called by protection function, call decipherment algorithm decryption it is described encrypted by protection function, obtain
By the plain text source code of protection function;Third loading module, it is bright for the plain text source code by protection function to be loaded onto
In literary source code address;Execution module, for executing the plain text source code by protection function;Removing module, for responding
It is completed in executing the plain text source code by protection function, Encryption Algorithm is called to delete the plaintext source generation by protection function
Code.
In some embodiments, the deciphering module includes: the first calling module, defaults in static linkage text for calling
Decryption function in part, and according to the data acquisition system by protection function defaulted in the shell, it will be by the plaintext of protection function
Source code address is sent to decryption function, wherein the single data in the data acquisition system include described by the bright of protection function
Literary source code address, plain text source code size, ciphertext source code address and ciphertext source code size;Second calling module, is used for
The decipherment algorithm is called by the decryption function, and the plain text source code address is sent to the decipherment algorithm;It looks into
Module is ask, for inquiring ciphertext source generation in the data acquisition system according to the plain text source code address by the decipherment algorithm
Code address and ciphertext source code size;Submodule is decrypted, for according to ciphertext source code address and ciphertext source code size
It decrypts described by protection function, obtains the plain text source code for being protected function.
In some embodiments, the removing module includes: third calling module, in response to executing described protected
The plain text source code of function is completed, and calls the encryption function defaulted in the static linkage file, and by plaintext source generation
Code address is transferred to the encryption function;4th calling module, for calling the Encryption Algorithm by the encryption function, and
The plain text source code address is transferred to Encryption Algorithm;Inquire submodule, for by the Encryption Algorithm according to being stated clearly
Plain text source code size is inquired in literary source code address in the data acquisition system;Submodule is deleted, for calculating by the encryption
Method deletes the plain text source code by protection function according to the plain text source code address and the plain text source code size.
The method and apparatus that anti-reversing provided by the present application for Android system cracks shared object file, due to decryption
Algorithm, being all set in the shell of shared object file by protection function and Encryption Algorithm of having encrypted, the program of shell adding can be straight
Operation is connect, but cannot check source code, and by the plaintext of protection function only in the of short duration period being called by protection function
Inside it is present in the plain text source code address of memory, plain text source code is emptied immediately after calling finishes, and malicious persons are difficult
Dump goes out by the source code of protection function within the of short duration time for being present in memory in plain text, therefore improves in shared object file
By the safety of protection function;If being needed in addition, malicious persons want the plaintext for obtaining being protected function by obtaining decipherment algorithm
It to shell to shared object file, increase the difficulty for cracking shared object file.
Detailed description of the invention
By reading the detailed description referring to made by the following drawings to non-limiting embodiment, other spies of the application
Sign, objects and advantages will become more apparent upon:
Fig. 1 shows the exemplary system architecture that can apply the embodiment of the present application;
Fig. 2 shows crack shared object file according to the anti-reversing for Android system of the application one embodiment
The exemplary process diagram of method;
Fig. 3, which is shown, cracks shared object file according to the anti-reversing for Android system of the application one embodiment
The application scenarios flow chart of method;
Fig. 4 is shown calls decipherment algorithm to decrypt the quilt encrypted according to the application one embodiment by decryption function
Protect the exemplary process diagram of the method for function;
Fig. 5 is shown calls Encryption Algorithm to delete by protection function according to the application one embodiment by encryption function
Plain text source code method exemplary process diagram;
Fig. 6, which is shown, cracks shared object file according to the anti-reversing for Android system of the application one embodiment
The exemplary block diagram of device;
Fig. 7 shows the exemplary block diagram of the deciphering module according to the application one embodiment;
Fig. 8 shows the exemplary block diagram of the encrypting module according to the application one embodiment;
Fig. 9 shows the structure of the computer system of the terminal device or server that are suitable for being used to realize the embodiment of the present application
Schematic diagram.
Specific embodiment
The application is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining related invention, rather than the restriction to the invention.It also should be noted that in order to
Convenient for description, part relevant to related invention is illustrated only in attached drawing.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
Fig. 1 shows the exemplary system architecture 100 that can apply the embodiment of the present application.
As shown in Figure 1, system architecture 100 may include terminal device 101,102,103, network 104 and server 105.
Network 105 between terminal device 101,102,103 and server 105 to provide the medium of communication link.Network 104 can be with
Including various connection types, such as wired, wireless communication link or fiber optic cables etc..
User can be used terminal device 101,102,103 and be interacted by network 104 with server 105, to facilitate terminal
Equipment 101 uploads unguyed installation kit, the installation kit etc. after the downloading reinforcing of terminal device 102,103.
Terminal device 101 can be electronic equipment having data processing function, can be equipped with various client applications,
Such as web browser, social platform software etc., it is reinforced so that unguyed installation kit is uploaded to server 105,
Installation kit can be voluntarily reinforced by cured reinforcing program (such as reinforcing program storage device).
Terminal device 102,103 can be the various electronic equipments for being equipped with Android system, can be equipped with various clients
End application, such as web browser, instant communication software, social platform software etc., to download the installation kit after reinforcing.Such as
It can be smart phone, smartwatch and tablet computer etc..
Server 105 can be to provide the server of various services.Server can be connected to other services by network 104
Device carries out consolidation process (such as reinforcing installation kit etc.) to the installation bag data received, and provides upload to terminal device 101
Installation kit, the downloading service such as installation kit, provide the services such as installation kit after downloading is reinforced to terminal device 102,103, can also be with
Installation kit is reinforced by defaulting in local reinforcing program, can also be added by running to solidify in the reinforcing program stored in equipment
Gu installation kit.
It should be noted that the anti-reversing provided by the embodiment of the present application for Android system cracks shared object file
Method usually executed by terminal device 102,103, the anti-reversing for Android system cracks the device of shared object file
It is generally disposed in terminal device 102,103.
It should be understood that the number of terminal device, network and server in Fig. 1 is only schematical.According to realization need
It wants, can have any number of terminal device, network and server.
First refering to fig. 2, it illustrates the anti-reversing for Android system according to the application one embodiment to crack altogether
Enjoy the exemplary process diagram of the method for obj ect file.
As shown in Fig. 2, in step 201, loading installation package file.
When loading installation package file, the method that the anti-reversing for Android system cracks shared object file runs on it
On terminal device (example as shown in figure 1 101,102,103 etc.), it is necessary first to obtain Android installation package file.Android installation kit
File may include shared object file, and shared object file may include the solution in the shell for link in advance shared object file
Close algorithm, encrypted by protection function and Encryption Algorithm.The acquisition of installation package file can by network from server downloading,
It transmits from the terminal device for establishing connection or is preset in the modes such as terminal device and obtain.
For example, terminal device can be used for Android system from server downloading by the web browser being mounted thereon
Installation package file (APK file), wherein APK file includes shared object file (so file), is linked in advance in the shell of so file
The installation package file downloaded by protection function and Encryption Algorithm, later terminal device load for having decipherment algorithm, having encrypted.
Then, in step 202, load shared object file is into memory.
Then, in step 203, when installation package file is called by protection function, decipherment algorithm decryption is called to encrypt
By protection function, obtain the plain text source code for being protected function.
Herein, encrypted by protection function, to be protected by the plaintext of protection function by what enciphering transformation obtained
The ciphertext of function.
By calling decipherment algorithm, cryptographic transformation can be carried out to the above-mentioned ciphertext by protection function, obtain being protected letter
Several plain text source codes.
During above-mentioned encrypting and decrypting, common Encryption Algorithm be can include but is not limited to: Advanced Encryption Standard AES,
The graceful Diffie-hellman algorithm of RSA Algorithm, ECC algorithm, diffie-hellman, secure hash algorithm SHA-1/SHA-25 etc..
Then, in step 204, will be loaded onto plain text source code address by the plain text source code of protection function.
Herein, plain text source code address, it is contemplated that the needs of secrecy can be pre-set at above-mentioned shared object text
In the shell of part.Later, installation package file call by protection function when, call decipherment algorithm decryption encrypted by protection letter
Number, according to the plain text source code address in above-mentioned shell, is loaded onto plaintext source generation for the obtained plain text source code by protection function
In code address.
Then, in step 205, execute by the plain text source code of protection function.
Then, in step 206, completed in response to executing by the plain text source code of protection function, Encryption Algorithm is called to delete
Except by the plain text source code of protection function.
Herein, Encryption Algorithm is to delete by the algorithm of the plain text source code of protection function, can also be referred to as to delete to calculate
Method.
In an application scenarios of the present embodiment, as shown in figure 3, it illustrates the use according to the application one embodiment
The application scenarios flow chart of the method for shared object file is cracked in the anti-reversing of Android system.User 310 installation in application,
The Android installation package file in load terminal device 320 is clicked, is called in installation package file by protection function (such as function FUN)
When, as depicted at step 301, the ciphertext of decipherment algorithm decryption function FUN is called, the plaintext of function FUN is obtained, later such as step
Shown in 302, the plaintext of function FUN is executed, finally as disclosed at step 303, Encryption Algorithm is called to delete the plaintext of function FUN, it is complete
At installation package file to the calling of function FUN.
It will be appreciated by those skilled in the art that calling in installation kit can be one by protection function, or more
It is a.When being multiple by protection function, each can be carried out the following processing in advance by protection function: each is protected
Function is encrypted, and decipherment algorithm and Encryption Algorithm is respectively set before and after encryption is by protection function, by each quilt
The decipherment algorithm and Encryption Algorithm of protection function and its front and back setting link in the shell of so file, are protected with improving each
The safety of function.Wherein, when being encrypted by protection function, the side of enciphering transformation is carried out by protection function to each
Formula may be the same or different, and the decryption transformation mode that decipherment algorithm carries out should be with above-mentioned enciphering transformation mode phase
It adapts to.
According to the above embodiments of the present application provide method, due to decipherment algorithm, encrypted by protection function and encryption
Algorithm is all set in the shell of shared object file, and the program of shell adding can directly be run, but cannot check source code, malice
If personnel want the plaintext for obtaining being protected function by obtaining decipherment algorithm, need to shell to shared object file, increase
Add the difficulty for cracking shared object file, and by the plaintext of protection function only in the of short duration period being called by protection function
Inside it is present in the plain text source code address of memory, plain text source code is emptied immediately after calling finishes, and malicious persons are difficult
Dump goes out by the source code of protection function within the of short duration time for being present in memory in plain text, therefore improves in shared object file
By the safety of protection function.
With further reference to Fig. 4, it illustrates call decipherment algorithm by decryption function according to the application one embodiment
Decrypt the exemplary process diagram of the method by protection function encrypted.
As shown in figure 4, in above-mentioned Fig. 2 calling decipherment algorithm decryption encrypted by protection function, obtain being protected letter
Several plain text source codes may include:
Firstly, in step 401, the decryption function defaulted in static linkage file is called, and according to defaulting in shell
The data acquisition system by protection function, decryption function will be sent to by the plain text source code address of protection function.
Herein, the single data in data acquisition system include being protected the plain text source code address of function, plain text source code
Size, ciphertext source code address and ciphertext source code size.The structure type of data acquisition system can include but is not limited to following
Meaning one: tables of data, chained list, two-dimensional array and Array for structural body etc..
It, can be by calling decryption function to realize the calling to decipherment algorithm when calling decipherment algorithm, and pass through decryption
Function is received by the plain text source code address of protection function.
Then, in step 402, decryption function calls decipherment algorithm, and plain text source code address is sent to decryption and is calculated
Method.
If the enciphering transformation mode by protection function for obtaining each encryption is not exactly the same, can also be by setting in advance
The multiple decryption functions set call different decipherment algorithms respectively.
Later, in step 403, decipherment algorithm inquires ciphertext source code according to plain text source code address in data acquisition system
Address and ciphertext source code size.
Since the single data in data acquisition system may include being protected the plain text source code address of function, plain text source code
Size, ciphertext source code address and ciphertext source code size, therefore a list can be uniquely determined according to above-mentioned plain text source code
Data, then inquire the ciphertext source code address in the single data and ciphertext source code size.
Then, in step 404, decipherment algorithm is protected according to ciphertext source code address and the decryption of ciphertext source code size
Function obtains the plain text source code for being protected function.
It is provided by the present application to call decipherment algorithm to decrypt the method by protection function encrypted above by decryption function,
By setting decryption function, the program code of decryption function can be reused, so that the size of code of program is saved, it can also nothing
Details in notice road decryption function, is directly called decryption function according to rules in function calling, further increases
The concealment of content in decryption function, to improve the safety for the decipherment algorithm that decryption function is called.
With further reference to Fig. 5, it illustrates call Encryption Algorithm by encryption function according to the application one embodiment
It deletes by the exemplary process diagram of the method for the plain text source code of protection function.
As shown in figure 5, being completed in response to executing by the plain text source code of protection function in above-mentioned Fig. 2, calls encryption to calculate
Method is deleted by the plain text source code of protection function
Firstly, in step 501, being completed in response to executing by the plain text source code of protection function, calling defaults in static state
Encryption function in threaded file, and plain text source code address is transferred to encryption function.
Herein, by the encryption function defaulted in static linkage file, programming personnel is needing to call encryption function
When, it can be directly called according to calling rule, without being concerned about the details for including in encryption function.
Here it is transferred to the plain text source code address of encryption function, it is identical as the plain text source code address in step 401.
Then, in step 502, encryption function, which calls, defaults in Encryption Algorithm in shell, and by plain text source code address
It is transferred to Encryption Algorithm.
Later, in step 503, Encryption Algorithm inquires plain text source code according to plain text source code address in data acquisition system
Size.
Here data acquisition system includes the plaintext for being protected function in single data including one or more data
Source code address, plain text source code size, ciphertext source code address and ciphertext source code size, therefore can be according to plaintext source generation
Code uniquely determines the plain text source code size in same single data.The structure type of data acquisition system may include but not
It is limited to following any one: tables of data, chained list, two-dimensional array and Array for structural body etc..
Later, in step 504, Encryption Algorithm is protected according to plain text source code address and the deletion of plain text source code size
The plain text source code of function.
It is provided by the present application to call Encryption Algorithm to delete by the plain text source code of protection function above by encryption function
Method can reuse the program code of encryption function, to save the size of code of program, also by the way that encryption function is arranged
It can need not know the details in encryption function, directly encryption function is called according to rules in function calling, into one
Step improves the concealment of the content in encryption function, to improve the safety for the Encryption Algorithm that encryption function is called.
It should be noted that although describing the operation of the method for the present invention in the accompanying drawings with particular order, this is not required that
Or hint must execute these operations in this particular order, or have to carry out operation shown in whole and be just able to achieve the phase
The result of prestige.On the contrary, the step of describing in flow chart can change and execute sequence.Additionally or alternatively, it is convenient to omit certain
Multiple steps are merged into a step and executed, and/or a step is decomposed into execution of multiple steps by step.
Referring to FIG. 6, as the realization to method shown in above-mentioned each figure, this application provides a kind of for Android system
Anti-reversing cracks one embodiment of the device of shared object file, the Installation practice and embodiment of the method phase shown in Fig. 2
Corresponding, which specifically can be applied in various electronic equipments.
As shown in fig. 6, the device 600 that the anti-reversing for Android system cracks shared object file may include but unlimited
In: the first loading module 610, the second loading module 620, deciphering module 630, third loading module 640,650 He of execution module
Removing module 660.
First loading module 610 may be configured to load installation package file, wherein installation package file includes shared pair
As file, shared object file includes decipherment algorithm in the shell for link in advance shared object file, being protected of having encrypted
Function and Encryption Algorithm.
Herein, when loading installation package file, the anti-reversing for Android system cracks shared the first loading module 610
Terminal device that the device of obj ect file is disposed therein (example as shown in figure 1 101,102,103 etc.), it is necessary first to obtain Android
Installation package file.Installation package file may include shared object file, shared object file may include link in advance it is shared
Decipherment algorithm in the shell of obj ect file, encrypted by protection function and Encryption Algorithm.The acquisition of installation package file can lead to
Network is crossed to transmit from server downloading, from the terminal device for establishing connection or be preset in the modes such as terminal device and obtain.
Second loading module 620 may be configured to load shared object file into memory.
Deciphering module 630 may be configured to call decipherment algorithm decryption when installation package file is called by protection function
Encrypted by protection function, obtain the plain text source code for being protected function.
Herein, deciphering module 630 will be by the ciphertext of protection function, Ye Jiyi by the plaintext enciphering transformation of protection function
Encryption by protection function.Deciphering module 630 can carry out the above-mentioned ciphertext by protection function close by calling decipherment algorithm
Code conversion obtains the plain text source code for being protected function.
Third loading module 640 may be configured to that plain text source code will be loaded by the plain text source code of protection function
In address.
Execution module 650 may be configured to execute by the plain text source code of protection function.
Removing module 660 may be configured to be completed in response to executing by the plain text source code of protection function, call encryption
Algorithm is deleted by the plain text source code of protection function.
In some optional implementations, as shown in fig. 7, deciphering module 630 can include but is not limited to: first calls
Module 631, the second calling module 632, the first enquiry module 633 and decryption submodule 634.
First calling module 631, may be configured to call and defaults in decryption function in static linkage file, and according to
The data acquisition system by protection function in shell is defaulted in, decryption function will be sent to by the plain text source code address of protection function,
Wherein, the single data in data acquisition system include being protected the plain text source code address of function, plain text source code size, ciphertext source
Code address and ciphertext source code size.
Second calling module 632 may be configured to call decipherment algorithm by decryption function, and by plain text source code
Location is sent to decipherment algorithm.
First enquiry module 633, may be configured to through decipherment algorithm according to plain text source code address in data acquisition system
Middle inquiry ciphertext source code address and ciphertext source code size.
Submodule 634 is decrypted, may be configured to be protected according to ciphertext source code address and the decryption of ciphertext source code size
Function is protected, the plain text source code for being protected function is obtained.
In some optional implementations, as shown in figure 8, removing module 660 can include but is not limited to: third is called
Module 661, the 4th calling module 662, the second enquiry module 663 and deletion submodule 664.
Third calling module 661 may be configured to be completed in response to executing by the plain text source code of protection function, call
The encryption function in static linkage file is defaulted in, and plain text source code address is transferred to encryption function.
4th calling module 662 may be configured to call Encryption Algorithm by encryption function, and by plain text source code
Location is transferred to Encryption Algorithm.
Second enquiry module 663, may be configured to through Encryption Algorithm according to plain text source code address in data acquisition system
Middle inquiry plain text source code size.
Submodule 664 is deleted, may be configured to through Encryption Algorithm according to plain text source code address and plain text source code
Size is deleted by the plain text source code of protection function.
It should be appreciated that all modules recorded in device 600 are corresponding with each step in the method with reference to Fig. 2 description.
The all modules recorded in module 630 are corresponding with each step in the method with reference to Fig. 4 description.That records in module 660 is all
Module is corresponding with each step in the method with reference to Fig. 5 description.It is broken above with respect to the anti-reversing for Android system as a result,
The operation of the method description of solution shared object file and feature are equally applicable to device 600 and module wherein included, needle above
To call decipherment algorithm decryption encrypted by protection function method describe operation and feature be equally applicable to device 700 and
Module wherein included, above with respect to the operation for calling Encryption Algorithm deletion to be described by the method for the plain text source code of protection function
It is equally applicable to device 800 and module wherein included with feature, details are not described herein.It is corresponding in device 600,700 and 800
Module can be cooperated with the module in terminal device and/or server to realize the scheme of the embodiment of the present application.
The anti-reversing for Android system that the above embodiments of the present application provide cracks the device of shared object file, increases
The difficulty for cracking shared object file, improves in shared object file by the safety of protection function.
Below with reference to Fig. 9, it illustrates the calculating of the terminal device or server that are suitable for being used to realize the embodiment of the present application
The structural schematic diagram of machine system 900.
As shown in figure 9, computer system 900 includes central processing unit (CPU) 901, it can be read-only according to being stored in
Program in memory (ROM) 902 or be loaded into the program in random access storage device (RAM) 903 from storage section 908 and
Execute various movements appropriate and processing.In RAM 903, also it is stored with system 900 and operates required various programs and data.
CPU 901, ROM 902 and RAM 903 are connected with each other by bus 904.Input/output (I/O) interface 905 is also connected to always
Line 904.
I/O interface 905 is connected to lower component: the importation 906 including keyboard, mouse etc.;It is penetrated including such as cathode
The output par, c 907 of spool (CRT), liquid crystal display (LCD) etc. and loudspeaker etc.;Storage section 908 including hard disk etc.;
And the communications portion 909 of the network interface card including LAN card, modem etc..Communications portion 909 via such as because
The network of spy's net executes communication process.Driver 910 is also connected to I/O interface 905 as needed.Detachable media 911, such as
Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on as needed on driver 910, in order to read from thereon
Computer program be mounted into storage section 908 as needed.
Particularly, in accordance with an embodiment of the present disclosure, it may be implemented as computer above with reference to the process of flow chart description
Software program.For example, embodiment of the disclosure includes a kind of computer program product comprising be tangibly embodied in machine readable
Computer program on medium, the computer program include the program code for method shown in execution flow chart.At this
In the embodiment of sample, which can be downloaded and installed from network by communications portion 909, and/or from removable
Medium 911 is unloaded to be mounted.
Flow chart and block diagram in attached drawing are illustrated according to the device of the various embodiments of the application, method and computer journey
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
A part of one module, program segment or code of table, a part of the module, program segment or code include one or more
Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box
The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical
On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants
It is noted that the combination of each box in block diagram and or flow chart and the box in block diagram and or flow chart, Ke Yiyong
The dedicated hardware based system of defined functions or operations is executed to realize, or can be referred to specialized hardware and computer
The combination of order is realized.
Being described in module involved in the embodiment of the present application can be realized by way of software, can also be by hard
The mode of part is realized.Described module also can be set in the processor, for example, can be described as: a kind of processor packet
Include the first loading module, the second loading module, deciphering module, third loading module, execution module and removing module.Wherein, this
The title of a little modules does not constitute the restriction to the module itself under certain conditions, for example, the first loading module can also quilt
It is described as " being configured to the module of load installation package file ".
As on the other hand, present invention also provides a kind of nonvolatile computer storage media, the non-volatile calculating
Machine storage medium can be nonvolatile computer storage media included in device described in above-described embodiment;It is also possible to
Individualism, without the nonvolatile computer storage media in supplying terminal.Above-mentioned nonvolatile computer storage media is deposited
One or more program is contained, when one or more of programs are executed by an equipment, so that the equipment: load
Installation package file, wherein installation package file includes shared object file, and shared object file includes linking to shared object in advance
Decipherment algorithm in the shell of file, encrypted by protection function and Encryption Algorithm;Shared object file is loaded into memory;?
Installation package file call by protection function when, call decipherment algorithm decryption encrypted by protection function, obtain being protected function
Plain text source code;It will be loaded onto plain text source code address by the plain text source code of protection function;It executes by protection function
Plain text source code;It is completed in response to executing by the plain text source code of protection function, Encryption Algorithm is called to delete by protection function
Plain text source code.
Above description is only the preferred embodiment of the application and the explanation to institute's application technology principle.Those skilled in the art
Member is it should be appreciated that invention scope involved in the application, however it is not limited to technology made of the specific combination of above-mentioned technical characteristic
Scheme, while should also cover in the case where not departing from the inventive concept, it is carried out by above-mentioned technical characteristic or its equivalent feature
Any combination and the other technical solutions formed.Such as features described above has similar function with (but being not limited to) disclosed herein
Can technical characteristic replaced mutually and the technical solution that is formed.
Claims (7)
1. a kind of method that the anti-reversing for Android system cracks shared object file, which is characterized in that the described method includes:
Load installation package file, wherein the installation package file includes shared object file, and the shared object file includes pre-
The decipherment algorithm that first links in the shell of shared object file, encrypted by protection function and Encryption Algorithm;
The shared object file is loaded into memory;
When the installation package file is called by protection function, call decipherment algorithm decryption it is described encrypted by protection function,
Obtain being protected the plain text source code of function;
The plain text source code by protection function is loaded onto plain text source code address;
Execute the plain text source code by protection function;
It is completed in response to executing the plain text source code by protection function, calls Encryption Algorithm to delete described by protection function
Plain text source code.
2. the method according to claim 1, wherein described call what is encrypted described in decipherment algorithm decryption to be protected
Function is protected, obtains being protected the plain text source code of function include:
The decryption function defaulted in static linkage file is called, and according to the data by protection function defaulted in the shell
Set, will be sent to decryption function by the plain text source code address of protection function, wherein the single data in the data acquisition system
Including described by the plain text source code address of protection function, plain text source code size, ciphertext source code address and ciphertext source code
Size;
The decryption function calls the decipherment algorithm, and the plain text source code address is sent to the decipherment algorithm;
The decipherment algorithm inquires ciphertext source code address and close according to the plain text source code address in the data acquisition system
Literary source code size;
The decipherment algorithm is described by protection function according to ciphertext source code address and the decryption of ciphertext source code size, obtains
By the plain text source code of protection function.
3. according to the method described in claim 2, it is characterized in that, described in response to executing the plaintext source by protection function
Code is completed, and is called Encryption Algorithm to delete the plain text source code by protection function and is included:
It is completed in response to executing the plain text source code by protection function, calls and default in adding in the static linkage file
Close function, and the plain text source code address is transferred to the encryption function;
The encryption function calls the Encryption Algorithm defaulted in the shell, and the plain text source code address is transferred to
Encryption Algorithm;
The Encryption Algorithm inquires plain text source code size according to the plain text source code address in the data acquisition system;
The Encryption Algorithm is deleted described by protection function according to the plain text source code address and the plain text source code size
Plain text source code.
4. according to method described in Claims 2 or 3 any one, which is characterized in that the structure type packet of the data acquisition system
Include following any one: tables of data, chained list, two-dimensional array and Array for structural body.
5. the device that a kind of anti-reversing for Android system cracks shared object file, which is characterized in that described device includes:
First loading module, for loading installation package file, wherein the installation package file includes shared object file, described
Shared object file include decipherment algorithm in the shell for link in advance shared object file, encrypted by protection function and add
Close algorithm;
Second loading module, for loading the shared object file into memory;
Deciphering module, for calling decipherment algorithm decryption is described to encrypt when the installation package file is called by protection function
By protection function, obtain the plain text source code for being protected function;
Third loading module, for the plain text source code by protection function to be loaded onto plain text source code address;
Execution module, for executing the plain text source code by protection function;
Removing module calls Encryption Algorithm to delete institute for completing in response to executing the plain text source code by protection function
It states by the plain text source code of protection function.
6. device according to claim 5, which is characterized in that the deciphering module includes:
First calling module, for calling the decryption function defaulted in static linkage file, and according to defaulting in the shell
The data acquisition system by protection function, decryption function will be sent to by the plain text source code address of protection function, wherein the number
It include described by the plain text source code address of protection function, plain text source code size, ciphertext source generation according to the single data in set
Code address and ciphertext source code size;
Second calling module, for by the decryption function calling decipherment algorithm, and by the plain text source code address
It is sent to the decipherment algorithm;
Enquiry module, it is close for being inquired in the data acquisition system by the decipherment algorithm according to the plain text source code address
Literary source code address and ciphertext source code size;
Submodule is decrypted, for described by protection function according to ciphertext source code address and the decryption of ciphertext source code size,
Obtain being protected the plain text source code of function.
7. device according to claim 6, which is characterized in that the removing module includes:
Third calling module, for completing in response to executing the plain text source code by protection function, calling defaults in described
Encryption function in static linkage file, and the plain text source code address is transferred to the encryption function;
4th calling module, for by the encryption function calling Encryption Algorithm, and by the plain text source code address
It is transferred to Encryption Algorithm;
Submodule is inquired, for inquiring in the data acquisition system by the Encryption Algorithm according to the plain text source code address
Plain text source code size;
Submodule is deleted, for big according to the plain text source code address and the plain text source code by the Encryption Algorithm
It is small, it deletes by the plain text source code of protection function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510671883.3A CN105227565B (en) | 2015-10-13 | 2015-10-13 | The method and apparatus that anti-reversing for Android system cracks shared object file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510671883.3A CN105227565B (en) | 2015-10-13 | 2015-10-13 | The method and apparatus that anti-reversing for Android system cracks shared object file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105227565A CN105227565A (en) | 2016-01-06 |
| CN105227565B true CN105227565B (en) | 2019-02-22 |
Family
ID=54996244
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510671883.3A Active CN105227565B (en) | 2015-10-13 | 2015-10-13 | The method and apparatus that anti-reversing for Android system cracks shared object file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105227565B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107292132B (en) * | 2016-03-30 | 2023-03-14 | 北京娜迦信息科技发展有限公司 | Method and device for loading shared object file for android system |
| CN105743917B (en) * | 2016-04-05 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Message transmission method and terminal |
| CN106709282B (en) * | 2016-06-28 | 2018-10-02 | 腾讯科技(深圳)有限公司 | resource file decryption method and device |
| CN106874715A (en) * | 2016-12-30 | 2017-06-20 | 上海掌门科技有限公司 | Encryption method and system that a kind of anti-reversing is cracked |
| CN107122636A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of APK reinforcement means and device based on SO files |
| CN107122637A (en) * | 2017-04-27 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | A kind of APK reinforcement means and device |
| FR3069935A1 (en) * | 2017-08-01 | 2019-02-08 | Maxim Integrated Products, Inc. | DEVICES AND METHODS FOR INTELLECTUAL PROPERTY PROTECTION OF SOFTWARE FOR INTEGRATED PLATFORMS |
| CN107577925B (en) * | 2017-08-11 | 2019-07-05 | 西北大学 | Based on the virtual Android application program guard method of dual ARM instruction |
| KR102039380B1 (en) * | 2017-11-24 | 2019-11-01 | (주)잉카엔트웍스 | Apparatus and Method of Providing Security, and Apparatus and Method of Executing Security for Protecting Code of Shared Object |
| CN112823336A (en) * | 2018-11-21 | 2021-05-18 | 深圳市欢太科技有限公司 | Data processing method, data processing device, electronic equipment and storage medium |
| CN111562916B (en) * | 2019-02-13 | 2023-04-21 | 百度在线网络技术(北京)有限公司 | Method and device for sharing algorithm |
| CN112329033A (en) * | 2020-10-30 | 2021-02-05 | 上海钐昆网络科技有限公司 | Data encryption method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708322A (en) * | 2012-05-12 | 2012-10-03 | 北京深思洛克软件技术股份有限公司 | Method for protecting JAVA application programs in Android system |
| CN104102860A (en) * | 2014-08-11 | 2014-10-15 | 北京奇虎科技有限公司 | Protecting method and running method and device and system for Android platform application program |
| CN104657635A (en) * | 2013-11-20 | 2015-05-27 | 方正信息产业控股有限公司 | Application processing method, device and server |
-
2015
- 2015-10-13 CN CN201510671883.3A patent/CN105227565B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708322A (en) * | 2012-05-12 | 2012-10-03 | 北京深思洛克软件技术股份有限公司 | Method for protecting JAVA application programs in Android system |
| CN104657635A (en) * | 2013-11-20 | 2015-05-27 | 方正信息产业控股有限公司 | Application processing method, device and server |
| CN104102860A (en) * | 2014-08-11 | 2014-10-15 | 北京奇虎科技有限公司 | Protecting method and running method and device and system for Android platform application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105227565A (en) | 2016-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105227565B (en) | The method and apparatus that anti-reversing for Android system cracks shared object file | |
| EP3387813B1 (en) | Mobile device having trusted execution environment | |
| US9135434B2 (en) | System and method for third party creation of applications for mobile appliances | |
| CN104852925B (en) | Mobile intelligent terminal anti-data-leakage secure storage, backup method | |
| US9461819B2 (en) | Information sharing system, computer, project managing server, and information sharing method used in them | |
| US9100170B2 (en) | File packing and unpacking method, and device thereof | |
| CN107196907B (en) | A kind of guard method of Android SO files and device | |
| CN103259762A (en) | File encryption and decryption method and system based on cloud storage | |
| CN111385084A (en) | Key management method and device for digital assets and computer readable storage medium | |
| CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
| US20210167955A1 (en) | Data transmission | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| CN110855433A (en) | Data encryption method and device based on encryption algorithm and computer equipment | |
| CN100367144C (en) | Architecture for encrypted application progam installation | |
| CN103905557A (en) | Data storage method and device used for cloud environment and downloading method and device | |
| CN109510702A (en) | A method of it key storage based on computer characteristic code and uses | |
| CN111177773A (en) | Full disk encryption and decryption method and system based on network card ROM | |
| KR101473656B1 (en) | Method and apparatus for security of mobile data | |
| CN108933758A (en) | Cloud storage encipher-decipher method, device and system can be shared | |
| CN103379133A (en) | Safe and reliable cloud storage system | |
| CN111181905B (en) | File encryption method and device | |
| CN107967430B (en) | A kind of document protection method, equipment and system | |
| CN103530169A (en) | Method for protecting virtual machine files and user terminal | |
| CN110008654B (en) | Electronic file processing method and device | |
| CN105978849A (en) | Client updating method and system, client and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |