CN105701410B - The method, apparatus and system of information in a kind of acquisition source code - Google Patents

Abstract

The embodiment of the present invention provides a kind of method, apparatus and system for obtaining information in source code, is related to field of communication technology, debugging apparatus can be made directly to position the character string to start a leak in the source code before obscuring, improves code debugging efficiency.This method comprises: debugging apparatus obtains the first character string in obfuscated codes；The debugging apparatus extracts the mark of target Obfuscating Algorithms from the obfuscated codes, and the target Obfuscating Algorithms are for obscuring the second character string in source code for first character string；The debugging apparatus determines that the corresponding decipherment algorithm of the mark with the target Obfuscating Algorithms, the algorithms library are used to indicate the corresponding relationship between the mark of Obfuscating Algorithms and decipherment algorithm according to the marks of the target Obfuscating Algorithms in algorithms library；The debugging apparatus uses decipherment algorithm corresponding with the mark of target Obfuscating Algorithms, which is decrypted, to obtain the second character string in the source code.

Description

Method, device and system for obtaining information in source code

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a system for obtaining information in a source code.

Background

Code Obfuscated code, also known as floral instructions, is the act of transforming the code of a computer program into a functionally equivalent, but difficult to read and understand, form. For example, a function named get _ password exists in the pre-compiled code, and the function is used for acquiring a password of an application, so that based on the security consideration of user information, before the program is released, the obfuscated code can be obfuscated by an obfuscating device using an obfuscating algorithm, for example, the obfuscated code is compiled, and finally the compiled program is released to the user, and the compiled program is a binary program corresponding to the obfuscated code.

The user can debug the issued program according to the debugging device, for example, modify the issued program according to the user's requirement, or determine a bug existing in the issued program. However, in the debugging process, the compiled program only carries information of the obfuscated code, and the readability of the obfuscated code is poor, for example, a debugging person cannot directly determine the meaning of gvmde literally, and the efficiency of the existing debugging method is low.

Disclosure of Invention

Embodiments of the present invention provide a method, an apparatus, and a system for obtaining information in a source code, which improve code debugging efficiency and make bug repair of a code more convenient.

In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:

in a first aspect, an embodiment of the present invention provides a method for obtaining information in source code, including: the debugging device acquires a first character string in the obfuscated code; the debugging device extracts the identification of a target obfuscation algorithm from the obfuscated code, wherein the target obfuscation algorithm is used for obfuscating a second character string in source code into the first character string; the debugging device determines the decryption algorithm corresponding to the identifier of the target obfuscated algorithm in an algorithm library according to the identifier of the target obfuscated algorithm, wherein the algorithm library is used for indicating the corresponding relation between the identifier of the obfuscated algorithm and the decryption algorithm; and the debugging device decrypts the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

It can be seen that, by obtaining the inverse algorithm of the obfuscating algorithm used when obfuscating the first character string from the algorithm library, i.e. the decryption algorithm, the debugging device can determine the source code corresponding to the character string in the obfuscating code in the debugging process, so that the technical meaning of the character string in the obfuscating code can be clarified, and the second character string corresponding to the first character string in the source code before obfuscation can be directly obtained.

In one possible design, the algorithm library is established with a correspondence relationship between an identifier of the obfuscated algorithm, a name of the decryption algorithm, and an algorithm path, and the algorithm path is used for indicating a storage location of the decryption algorithm corresponding to the identifier of the obfuscated algorithm.

Thus, the determining, by the debugging apparatus, a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm specifically includes: the debugging device determines an algorithm path corresponding to the identifier of the target obfuscation algorithm according to the identifier of the target obfuscation algorithm; and the debugging device acquires the decryption algorithm corresponding to the identifier of the target obfuscation algorithm through the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

That is, the decryption algorithm corresponding to the identifier of the obfuscated algorithm does not need to be directly stored in the algorithm library, but the algorithm path corresponding to the identifier of the obfuscated algorithm indicates the decryption algorithm, so that the complexity in maintaining the algorithm library is reduced, and the confidentiality of the decryption algorithm in the algorithm library can be improved.

In one possible design, the identification of the obfuscation algorithm comprises an identification of a user-defined obfuscation algorithm, the decryption algorithm comprises an inverse of the user-defined obfuscation algorithm, wherein the algorithm library comprises a correspondence between the identification of the user-defined obfuscation algorithm and the inverse of the user-defined obfuscation algorithm.

Therefore, the user can register the self-defined decryption algorithm in the algorithm library, and only the self-defined identifier of the self-defined decryption algorithm needs to be stored in the algorithm library, so that when the obfuscator calls the self-defined decryption algorithm, the corresponding algorithm path is inquired according to the self-defined identifier of the self-defined decryption algorithm, the self-defined decryption algorithm corresponding to the name of the self-defined decryption algorithm is determined in the storage position indicated by the algorithm path, and the self-defined decryption algorithm does not need to be stored in the algorithm library, so that the security of the obfuscation algorithm is improved, and meanwhile, the obfuscation algorithm in the algorithm library is diversified.

In one possible design, the debugging apparatus extracting the identification of the target obfuscation algorithm from the obfuscated code, including: the debugging means extracts the identity of the target obfuscation algorithm from the specified global variable of the obfuscated code.

In one possible design, the debugging apparatus decrypts the first character string by using a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string, and includes: the debugging device obtains the decryption algorithm through a hook in a preset hook function; the debugging device calls the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

In a second aspect, an embodiment of the present invention provides a method for obfuscating a code, including: the obfuscation device determines a second character string needing to be obfuscated in the source code; the obfuscating device selects a target obfuscating algorithm for obfuscating the second character string from an algorithm library indicating a correspondence between an identification of the obfuscating algorithm, and the decryption algorithm; the obfuscating device obfuscates the second character string using the target obfuscating algorithm to obtain a first character string; the obfuscation device records the identifier of the target obfuscation algorithm into an obfuscated code, so that the debugging device obtains the second character string through the first character string according to the decryption algorithm corresponding to the identifier of the target obfuscation algorithm, wherein the obfuscated code is obtained by obfuscating the source code according to the obfuscation algorithm in the algorithm library, the obfuscated code includes the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscation algorithm is used for decrypting the first character string.

Therefore, in the code obfuscating process, the second character string is obfuscated by using the target obfuscating algorithm of the algorithm library to obtain the first character string, and the identifier of the target obfuscating algorithm is recorded in the obfuscated code, so that the subsequent debugging device can determine the source code corresponding to the character string in the obfuscated code in the debugging process, for example, a decryption algorithm for decrypting the first character string can be determined from the algorithm library according to the identifier of the target obfuscating algorithm, and then the second character string corresponding to the first character string in the source code is directly determined.

In one possible design, a corresponding relationship among an identifier of a obfuscated algorithm, a name of the obfuscated algorithm, a name of a decryption algorithm, and an algorithm path is established in the algorithm library, where the algorithm path is used to indicate a storage location of the obfuscated algorithm corresponding to the identifier of the obfuscated algorithm, and the storage location may be located in a local storage device, or may be located in another storage device or a physical node outside the local storage device; wherein the obfuscating means selects a target obfuscating algorithm from an algorithm library for obfuscating the second string, comprising: the obfuscating device determines an identifier of a target obfuscating algorithm to be used for obfuscating the second character string from the algorithm library; the obfuscation device determines an algorithm path corresponding to the identifier of the target obfuscation algorithm from the algorithm library according to the identifier of the target obfuscation algorithm; the obfuscating device determines a target obfuscation algorithm of the second string by the algorithm path and a name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

In one possible design, the target obfuscation algorithm includes a user-defined obfuscation algorithm, the identification of the target obfuscation algorithm includes an identification of the user-defined obfuscation algorithm, the decryption algorithm includes an inverse of the user-defined obfuscation algorithm, wherein the algorithm library includes a correspondence between the user-defined obfuscation algorithm, the identification of the user-defined obfuscation algorithm, and the inverse of the user-defined obfuscation algorithm.

Therefore, the user can register the user-defined confusion algorithm in the algorithm library, and only the user-defined identifier of the user-defined confusion algorithm needs to be stored in the algorithm library, so that when the confusion device calls the user-defined confusion algorithm, the corresponding algorithm path is inquired according to the user-defined identifier of the user-defined confusion algorithm, the user-defined confusion algorithm corresponding to the name of the user-defined confusion algorithm is determined in the storage position indicated by the algorithm path, and the user-defined confusion algorithm does not need to be stored in the algorithm library, so that the safety of the confusion algorithm is improved, and meanwhile, the confusion algorithm in the algorithm library is diversified.

In one possible design, the obfuscating means obfuscates the second character string using the target obfuscation algorithm to obtain a first character string, including: the confusion device obtains the target confusion algorithm through a hook of a preset hook function; the obfuscating device calls the target obfuscating algorithm through the hook function to obfuscate the second character string to obtain the first character string.

In one possible design, the obfuscating means records an identification of the target obfuscation algorithm into an obfuscation code, including: the obfuscating means saves an identification of the target obfuscation algorithm to a designated global variable of the obfuscated code.

In a third aspect, an embodiment of the present invention provides a debugging apparatus, including: an acquisition unit, configured to acquire a first character string in an obfuscated code; extracting an identification of a target obfuscation algorithm from the obfuscated code, the target obfuscation algorithm to obfuscate a second string in source code to the first string; the determining unit is used for determining the decryption algorithm corresponding to the identifier of the target obfuscated algorithm in an algorithm library according to the identifier of the target obfuscated algorithm, and the algorithm library is used for indicating the corresponding relation between the identifier of the obfuscated algorithm and the decryption algorithm; and the decryption unit is used for decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm so as to obtain a second character string in the source code.

In one possible design, a corresponding relationship among an identifier of a obfuscated algorithm, a name of a decryption algorithm and an algorithm path is established in the algorithm library, and the algorithm path is used for indicating a storage position of the decryption algorithm corresponding to the identifier of the target obfuscated algorithm; the determining unit is specifically configured to determine, according to the identifier of the target obfuscation algorithm, an algorithm path corresponding to the identifier of the target obfuscation algorithm; and acquiring the decryption algorithm corresponding to the identifier of the target obfuscation algorithm through the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

In one possible design, the obtaining unit is specifically configured to extract the identifier of the target obfuscation algorithm from a specified global variable of the obfuscated code.

In a possible design, the decryption unit is specifically configured to obtain the decryption algorithm through a hook in a preset hook function; and calling the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

In a fourth aspect, an embodiment of the present invention provides an obfuscating apparatus, including: the determining unit is used for determining a second character string which needs to be obfuscated in the source code; a selecting unit, configured to select a target obfuscating algorithm for obfuscating the second character string from an algorithm library, where the algorithm library is used to indicate a correspondence between an identifier of the obfuscating algorithm, and the decryption algorithm; a confusion unit, configured to confuse the second character string by using the target confusion algorithm to obtain a first character string; the recording unit is configured to record the identifier of the target obfuscating algorithm into an obfuscated code, so that the debugging device obtains the second character string through the first character string according to a decryption algorithm corresponding to the identifier of the target obfuscating algorithm, where the obfuscated code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library, the obfuscated code includes the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscating algorithm is used to decrypt the first character string.

In one possible design, a corresponding relation among an identifier of a obfuscated algorithm, a name of the obfuscated algorithm, a name of a decryption algorithm and an algorithm path is established in the algorithm library, and the algorithm path is used for indicating a storage position of the obfuscated algorithm corresponding to the identifier of the obfuscated algorithm; the selection unit is specifically configured to determine, from the algorithm library, an identifier of a target obfuscation algorithm to be used for obfuscating the second character string; determining an algorithm path corresponding to the identifier of the target confusion algorithm from the algorithm library according to the identifier of the target confusion algorithm; and determining the target obfuscation algorithm of the second character string through the algorithm path and the name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

In one possible design, the obfuscating unit is configured to obtain the target obfuscating algorithm through hooks of a preset hook function; and calling the target confusion algorithm through the hook function to confuse the second character string to obtain the first character string.

In one possible design, the recording unit is configured to save an identification of the target obfuscation algorithm to a specified global variable of the obfuscated code.

In a fifth aspect, an embodiment of the present invention provides a debugging apparatus, including: a processor, a memory, a bus, and a communication interface; the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and when the debugging device runs, the processor executes the computer execution instructions stored in the memory, so that the debugging device executes the method for obtaining the information in the source code according to any one of the first aspect.

In a sixth aspect, an embodiment of the present invention provides an obfuscating apparatus, including: a processor, a memory, a bus, and a communication interface; the memory is used for storing computer-executable instructions, the processor is connected with the memory through the bus, and when the obfuscation device runs, the processor executes the computer-executable instructions stored in the memory, so that the obfuscation device executes the method for obfuscating the codes according to any one of the second aspects.

In a seventh aspect, an embodiment of the present invention provides a system for obtaining information in source code, including the debugging apparatus in any one of the third aspects, and the obfuscating apparatus in any one of the fourth aspects, where the debugging apparatus and the obfuscating apparatus share an algorithm library, and the algorithm library is used to indicate a correspondence relationship between an identifier of an obfuscating algorithm, the obfuscating algorithm, and a decryption algorithm.

In an eighth aspect, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for the debugging apparatus, which includes instructions for executing the program designed for the debugging apparatus in the above aspect.

In a ninth aspect, embodiments of the present invention provide a computer storage medium for storing computer software instructions for the obfuscation device, which includes a program designed for the obfuscation device to execute the above aspects.

In a tenth aspect, an embodiment of the present invention provides an apparatus for processing code, including: a obfuscation unit, a debugging unit and a storage unit for storing an algorithm library comprising correspondences between identifications of obfuscated algorithms, obfuscated algorithms and decryption algorithms,

wherein the obfuscating unit is configured to: determining a second character string which needs to be obfuscated in the source code; selecting a target obfuscation algorithm from an algorithm library for obfuscating the second string; using the target confusion algorithm to confuse the second character string to obtain a first character string; recording the corresponding relation between the identifier of the target obfuscation algorithm and the first character string into an obfuscated code, wherein the obfuscated code is obtained by obfuscating the source code according to an obfuscation algorithm in the algorithm library by the obfuscation unit, and the obfuscated code comprises the first character string; the debugging unit is used for: acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code, so as to debug the program segment in which the second character string is located.

In an eleventh aspect, an embodiment of the present invention provides an apparatus for processing code, including: a processor, a memory, a bus, and a communication interface; the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and when the device for processing the codes runs, the processor executes the computer execution instructions stored by the memory so as to enable the device for processing the codes to determine a second character string which needs to be obfuscated in source codes; selecting a target obfuscation algorithm from the algorithm library for obfuscating the second string; using the target confusion algorithm to confuse the second character string to obtain a first character string; recording the identifier of the target obfuscating algorithm into an obfuscating code, wherein the obfuscating code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library by the obfuscating unit and includes the first character string; acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

In the present invention, the names of the debugging means and the obfuscating means do not limit the devices themselves, and in practical implementations, the devices may appear by other names. Provided that the respective devices function similarly to the present invention, are within the scope of the claims of the present invention and their equivalents.

In addition, the technical effects brought by any one of the design manners of the third aspect to the eleventh aspect can be referred to the technical effects brought by different design manners of the first aspect or the second aspect, and are not described herein again.

These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

FIG. 1 is an architecture diagram of a system for obtaining information in source code according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating a method for obfuscating codes according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating a method for debugging code according to an embodiment of the present invention;

fig. 4 is a schematic structural diagram of a debugging apparatus according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a hardware structure of a debugging apparatus according to an embodiment of the present invention;

FIG. 6 is a schematic structural diagram of an obfuscator according to an embodiment of the present invention;

fig. 7 is a schematic hardware structure diagram of an obfuscation device according to an embodiment of the present invention;

FIG. 8 is a schematic structural diagram of an apparatus for processing code according to an embodiment of the present invention;

fig. 9 is a schematic diagram of a hardware structure of an apparatus for processing code according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.

In addition, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.

The embodiment of the invention provides a method for obtaining information in source code, which can be applied to a system for obtaining information in source code as shown in fig. 1, wherein the system comprises a debugging device 01 and an obfuscating device 02.

The obfuscating device 02 is configured to perform code obfuscation on source code (i.e., un-obfuscated code) before the program is released, so as to obtain obfuscated code, and then obtain an executable program for releasing by compiling the obfuscated code. When the executable program has a bug (bug), the debugging apparatus 01 may be configured to debug the issued executable program, and finally find a location of the bug in the source code.

It should be noted that the debugging apparatus 01 or the obfuscation apparatus 02 may be a physical device, for example, the debugging apparatus 01 is a physical host; alternatively, the debugging apparatus 01 or the obfuscating apparatus 02 may be a logic function module or a software unit in a physical device. Of course, the debugging apparatus 01 and the obfuscation apparatus 02 may also be integrated into the same physical device, which is not limited in this embodiment of the present invention.

Specifically, the principle of obtaining information in a source code provided by the embodiment of the present invention is as follows: the incidence relation between the debugging device 01 and the obfuscating device 02 is established through the corresponding relation among the mark of the obfuscating algorithm, the obfuscating algorithm and the decryption algorithm indicated in the algorithm library, so that the debugging device 01 can share the algorithm library in the code debugging process and the obfuscating device 02 in the code obfuscating process, the debugging device 01 can determine the source code corresponding to the character string in the obfuscated code in the debugging process by obtaining the inverse algorithm of the obfuscating algorithm used when the first character string is obfuscated, namely the decryption algorithm, from the algorithm library, so that the technical meaning of the character string in the obfuscated code can be clear, the second character string corresponding to the first character string in the source code before obfuscation can be directly obtained, and when the first character string in the obfuscated code has a bug, the second character string is the position of the bug in the source code, therefore, the debugging apparatus 01 can accurately and quickly locate the position of the bug occurring in the source code, so as to facilitate the developer to perform bug fixing (i.e. dbug).

In the following, in order to facilitate the explanation of the method for obtaining information in source code according to the embodiment of the present invention, the above algorithm library is first described.

Specifically, the algorithm library is a database for providing the obfuscation device 02 and the debugging device 01 with a code obfuscation algorithm and a decryption algorithm, and may be called by the obfuscation device 02 and the debugging device 01 in the form of a dynamic link library during use.

The algorithm library may be configured to indicate a correspondence between an identifier of a obfuscating algorithm and a decryption algorithm, where the obfuscating algorithm may have a plurality of identifiers and the decryption algorithm may also have a plurality of decryption algorithms, and in addition, the algorithm library may also be configured to indicate a correspondence between an identifier of a obfuscating algorithm, and a decryption algorithm, and certainly, the obfuscating algorithm may also have a plurality of identifiers.

Specifically, the format of the algorithm library may be as shown in table 1, where the first column is an identifier, i.e., an identifier of the obfuscating algorithm, and each set of obfuscating algorithm has a unique identifier (e.g., an index number) to distinguish other obfuscating algorithms; the second column is the name of the obfuscated algorithm, e.g., the format of the name of any obfuscated algorithm is as follows: the encryption (encryption) pointer function is defined as the input value of the encrypted character string, which is the symbol before the confusion (i.e., the second character string), and the return value of the encrypted character string, which is the symbol after the confusion (i.e., the first character string). In addition, to ensure the security of the obfuscation and decryption processes, an encryption password may also be defined when using obfuscation algorithms, for example, the format of the name of any obfuscation algorithm is as follows: charstryption (charstr, charpass) defines an encryption pointer function whose input values are the second string before obfuscation and the encryption password, and whose return value is the first string after obfuscation.

For example, assuming that the obfuscation algorithm identified as 1 is an operation of adding 1 to the axic (American standard code for Information Interchange) of each character, and the defined encryption parameter is 1234, when the obfuscation device 02 calls the obfuscation algorithm identified as 1 in the algorithm library for obfuscation, a second string is input: abcd, and input of the encryption password: 1234, the obfuscated first string may be returned: bcde.

In contrast to the obfuscation algorithm, the third column in the algorithm library is the name of the decryption algorithm, the input value of the third column is the first character string after obfuscation, and the return value of the third column is the second character string before obfuscation, so that the debugging device 01 can determine the second character string corresponding to the first character string before obfuscation by directly calling the corresponding decryption algorithm in the algorithm library, and can accurately and quickly find the program section with the bug in the source code before obfuscation.

In addition, the fourth column in the algorithm library is further provided with an algorithm path, and the algorithm path is used for indicating a storage location of the obfuscating algorithm and/or the decryption algorithm corresponding to the identifier of the obfuscating algorithm, so that when the obfuscating device 02 calls the corresponding obfuscating algorithm, or when the debugging device 01 calls the corresponding decryption algorithm, the corresponding obfuscating algorithm or the decryption algorithm is taken out according to the storage location indicated by the algorithm path.

It should be noted that the storage location may be located in the local storage device, or may be located in another storage device or a physical node besides the local storage device, which is not limited in this embodiment of the present invention.

TABLE 1

It should be noted that, a user can customize the obfuscation algorithm and the decryption algorithm in the algorithm library (in the embodiment of the present invention, the obfuscation algorithm and the decryption algorithm defined by the user are respectively referred to as a user-defined obfuscation algorithm and a user-defined decryption algorithm, and since the obfuscation algorithm and the decryption algorithm are two functions that are inverse to each other, that is, when the obfuscation algorithm is determined, the corresponding decryption algorithm is also determined, and vice versa, the user-defined obfuscation algorithm is only used as an example for description here). That is, when the second character string in the source code is obfuscated, it may be obfuscated by using a certain obfuscating algorithm provided in the algorithm library, or by using a user-defined obfuscating algorithm defined by the user.

For example, the format of the above registration of the custom obfuscation algorithm in the algorithm library is as follows:

int regiset_mach(char*path，char*encryption，char*decryption)

specifically, a user stores a written custom confusion algorithm to a certain position to obtain a storage position (namely a path) of the custom confusion algorithm, at the moment, the user inputs the path and a function name (encryption) of the custom confusion algorithm to a registration interface appointed by an algorithm library, and then a confusion device for managing the algorithm library (the algorithm library can be managed by a debugging device or an independent function module, which is not limited in the embodiment of the invention) can acquire the custom confusion algorithm according to the path to further search whether the custom confusion algorithm is registered in the algorithm library, and if the custom confusion algorithm is registered in the algorithm library, an identifier which is the same as the confusion algorithm of the custom confusion algorithm is directly returned to the user; if the user-defined confusion algorithm is not registered in the algorithm library, a user-defined identifier of the confusion algorithm can be distributed for the user-defined confusion algorithm, and the path, the name of the user-defined confusion algorithm and the corresponding relation among the user-defined identifiers are inserted into the algorithm library, so that a subsequent confusion device can find the user-defined confusion algorithm corresponding to the user-defined identifier in the algorithm library and use the user-defined confusion algorithm for confusion.

Therefore, the user can register the user-defined confusion algorithm in the algorithm library, and only the user-defined identifier of the user-defined confusion algorithm needs to be stored in the algorithm library, so that when the confusion device 02 calls the user-defined confusion algorithm, the corresponding algorithm path is inquired according to the user-defined identifier of the user-defined confusion algorithm, the user-defined confusion algorithm corresponding to the name of the user-defined confusion algorithm is determined in the storage position indicated by the algorithm path, and the user-defined confusion algorithm does not need to be stored in the algorithm library, so that the safety of the confusion algorithm is improved, and meanwhile, the confusion algorithm in the algorithm library is diversified.

Of course, as another possible design form, the identifier of the obfuscating algorithm and the corresponding relationship between the obfuscating algorithms may also be directly stored in the algorithm library, which is not limited in the embodiment of the present invention.

Based on the system for obtaining information in source code shown in fig. 1, two processes involved in the method for obtaining information in source code provided by the embodiment of the present invention, that is, a process of obfuscating the source code by obfuscating device 02 and a process of debugging the obfuscated code by debugging device 01, will be described separately below.

An embodiment of the present invention provides a method for obfuscating codes, as shown in fig. 2, including:

101. the obfuscating means determines a second string of the source code that needs to be obfuscated.

102. The obfuscating means selects a target obfuscating algorithm for obfuscating the second character string from a library of algorithms indicating a correspondence between an identification of the obfuscating algorithm, the obfuscating algorithm and the decryption algorithm.

103. The obfuscating device obfuscates the second character string using the target obfuscating algorithm to obtain a first character string.

104. The obfuscating device replaces the first character string with the second character string in the source code to obtain an obfuscated code.

105. The obfuscating means records an identification of the target obfuscation algorithm into the obfuscated code.

In step 101, the obfuscating apparatus needs to determine a second character string to be obfuscated in the source code before obfuscation, for example, the source code includes a function with a symbol get _ password, where the function is to obtain a password of an application, and then, based on a security consideration of the user information, the character string, that is, get _ password, may be determined as the second character string to be obfuscated.

In step 102, the obfuscating device selects a target obfuscation algorithm for obfuscating the second character string from the algorithm library shown in table 1, which is understood to be any obfuscation algorithm in the algorithm library shown in table 1.

Specifically, the user may input an identifier of the target obfuscating algorithm to the obfuscating device in the form of a command line, so that the obfuscating device may search, according to the identifier of the target obfuscating algorithm, an algorithm path corresponding to the identifier, and determine, through the algorithm path, the target obfuscating algorithm corresponding to the name of the obfuscating algorithm in the second column in table 1 at the storage location indicated by the algorithm path.

It should be noted that, if the user does not specify the identifier of the target obfuscating algorithm, the obfuscating device may adopt a default obfuscating algorithm as the target obfuscating algorithm and use the target obfuscating algorithm to obfuscate the second character string.

In step 103, the obfuscating device obfuscates the second character string using the target obfuscating algorithm determined in step 102 to obtain a first character string, i.e. an obfuscated symbol of the second character string.

Specifically, the obfuscating device may obtain the target obfuscating algorithm through a hook of a preset hook function; thus, the obfuscating device invokes the target obfuscating algorithm according to the hook function in step 101 to obfuscate the second string to obtain the first string.

The hook function can also be called a pointer function, is a part of a Windows message processing mechanism, and by setting a hook, an application program can filter all messages and events at a system level and access messages which cannot be accessed under normal conditions. The hook is a program for processing system messages and is hung in the system through system call.

For example, assume that the second string determined in step 101 is: abcd, selecting a target obfuscation algorithm with the identifier of 1 in step 102, that is, adding 1 to the aric of each character, then in step 103, the obfuscation device obtains the target obfuscation algorithm with the identifier of 1 through a hook of a hook function; furthermore, the obfuscating device calls a target obfuscating algorithm through the hook function to obfuscate the second character string abcd to obtain an obfuscated first character string: bcde.

Furthermore, in step 104, the obfuscating device replaces the obfuscated first character string with a second character string in the source code to obtain an obfuscated code.

Still as illustrated by the example in step 103 above, the obfuscator may now associate the first string: bcde replaces the second string in the source code before obfuscation: and abcd, wherein the replaced code is the confusion code.

Further, in step 105, the obfuscating device records the identifier of the target obfuscating algorithm into the obfuscated code, so that the debugging device obtains the second character string through the first character string according to the decryption algorithm corresponding to the identifier of the target obfuscating algorithm, thereby determining the second character string of the source code with the bug.

Specifically, a plurality of second character strings that need to be obfuscated may appear in the source code, and in order to avoid excessive overhead generated in the process of code compilation and the like, the same target obfuscating algorithm may be used for obfuscating all the second character strings by the method of step 102 and step 103, and after corresponding first character strings are respectively generated, the obfuscated code is obtained.

Of course, different target obfuscating algorithms may be used to obfuscate a plurality of second character strings that need to be obfuscated in the source code, and in this case, in step 105, the corresponding relationship between the identifier of the different target obfuscating algorithms and the second character strings needs to be recorded in the obfuscated code, so that the debugging apparatus determines, according to the corresponding relationship, the inverse algorithm of the target obfuscating algorithm that is specifically used when obfuscating each second character string.

Further, after step 101-:

201. the debugging device acquires a first character string in the obfuscated code.

202. The debugging means extracts an identification of the target obfuscation algorithm from the obfuscated code.

203. And the debugging device determines a decryption algorithm corresponding to the identifier of the target obfuscating algorithm in an algorithm library according to the identifier of the target obfuscating algorithm, wherein the algorithm library is used for indicating the corresponding relation between the identifier of the obfuscating algorithm and the decryption algorithm.

204. And the debugging device decrypts the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string.

Referring to the system for finding code vulnerabilities shown in fig. 1, the obfuscated code obtained in step 104 is compiled to generate an executable program (e.g., a binary program file), so that in step 201, the debugging apparatus may obtain the obfuscated code through reverse compilation, and at this time, during the process of debugging the obfuscated code by the debugging apparatus, the first character string with a vulnerability may be detected.

Since the first character string is an obfuscated character string, in order to directly determine a second character string corresponding to the first character string in the source code, in step 202, the debugging apparatus extracts an identifier of a target obfuscation algorithm from the obfuscated code, where the target obfuscation algorithm is used to obfuscate the second character string in the source code into the first character string.

For example, the debugging apparatus may first search for a specified global variable encryption in the obfuscated code, and then extract the identifier of the obfuscated algorithm from the encryption.

And, in step 201, when the executable program has a bug, the debugging apparatus may receive a debugging command sent externally, for example, a command to view current function call stack information, at which point, the debugging apparatus may be triggered to extract the identifier of the target obfuscating algorithm from the obfuscated code.

In step 203, the debugging apparatus determines a decryption algorithm corresponding to the identifier of the target obfuscating algorithm in the algorithm library shown in table 1 according to the identifier of the target obfuscating algorithm extracted in step 201.

Specifically, the debugging apparatus may first determine, according to the identifier of the target obfuscating algorithm, an algorithm path corresponding to the identifier in the algorithm library, and further determine, through the algorithm path, a decryption algorithm corresponding to the name of the decryption algorithm in the third column in table 1 at the storage location indicated by the algorithm path, that is, the decryption algorithm used by the second character string.

In step 204, the debugging apparatus decrypts the first character string by using the decryption algorithm determined in step 203 to obtain a second character string before confusion, so as to determine a location of the vulnerability in the source code.

Specifically, similar to step 103, the debugging apparatus may obtain the decryption algorithm through a hook of a preset hook function; therefore, the debugging device calls the decryption algorithm through the hook function to decrypt the first character string to obtain a second character string of the first character string before confusion, namely the debugging device can directly determine the second character string with a bug in the source code before confusion, and therefore, a subsequent developer can directly perform dbug on a function indicated by the second character string in the source code.

To this end, an embodiment of the present invention provides a method for obtaining information in source code, where a debugging apparatus obtains a first character string in obfuscated code, and extracts an identifier of a target obfuscation algorithm from the obfuscated code, where the target obfuscation algorithm is used to obfuscate a second character string in the source code into the first character string; furthermore, since the algorithm library is used for indicating the corresponding relationship between the identifier of the obfuscated algorithm and the decryption algorithm, the debugging device may determine, according to the identifier of the target obfuscated algorithm, the decryption algorithm corresponding to the identifier of the target obfuscated algorithm in the algorithm library; and then, the debugging device decrypts the first character string by adopting the decryption algorithm to obtain a second character string in the source code. It can be seen that, by obtaining the inverse algorithm of the obfuscating algorithm used when obfuscating the first character string from the algorithm library, i.e. the decryption algorithm, the debugging device can determine the source code corresponding to the character string in the obfuscating code in the debugging process, so that the technical meaning of the character string in the obfuscating code can be clarified, and the second character string corresponding to the first character string in the source code before obfuscation can be directly obtained.

Fig. 4 is a schematic structural diagram of a debugging apparatus 01 according to an embodiment of the present invention, where the debugging apparatus 01 according to an embodiment of the present invention can be used to implement the method implemented by the embodiments of the present invention shown in fig. 1 to fig. 3, and for convenience of description, only the part related to the embodiments of the present invention is shown, and details of the specific technology are not disclosed, please refer to the embodiments of the present invention shown in fig. 1 to fig. 3.

Specifically, as shown in fig. 4, the debugging apparatus 01 includes: an acquisition unit 11, a determination unit 12, and a decryption unit 13.

An obtaining unit 11, configured to obtain a first character string in an obfuscated code; extracting an identification of a target obfuscation algorithm from the obfuscated code, the target obfuscation algorithm to obfuscate a second character string in source code to the first character string;

a determining unit 12, configured to determine, according to the identifier of the target obfuscating algorithm, the decryption algorithm corresponding to the identifier of the target obfuscating algorithm in an algorithm library, where the algorithm library is used to indicate a correspondence between the identifier of the obfuscating algorithm and the decryption algorithm;

and the decryption unit 13 is configured to decrypt the first character string by using a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

Further, a corresponding relation among an identifier of a confusion algorithm, a name of a decryption algorithm and an algorithm path is established in the algorithm library, and the algorithm path is used for indicating a storage position of the decryption algorithm corresponding to the identifier of the target confusion algorithm; the determining unit 12 is specifically configured to determine, according to the identifier of the target obfuscation algorithm, an algorithm path corresponding to the identifier of the target obfuscation algorithm; and acquiring the decryption algorithm corresponding to the identifier of the target obfuscation algorithm according to the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

Further, the obtaining unit 11 is specifically configured to extract an identifier of the target obfuscation algorithm from a specified global variable of the obfuscation code.

Further, the decryption unit 13 is specifically configured to obtain the decryption algorithm through a hook in a preset hook function; and calling the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

Based on the debugging apparatus 01 shown in fig. 4, an embodiment of the present invention further provides a hardware structure diagram of the debugging apparatus 01 shown in fig. 5, where the debugging apparatus 01 includes a processor 21, a communication interface 22, and a memory 23, and the processor 21, the communication interface 22, and the memory 23 communicate with each other through a bus 24.

For example, the above-described acquisition unit 11, determination unit 12, and decryption unit 13 may be implemented by the processor 21 shown in fig. 5 calling instructions in the memory 23.

Specifically, the memory 23 is used for storing computer execution instructions, the processor 21 is connected to the memory 23 through the bus 24, and when the debugging apparatus 01 runs, the processor 21 executes the computer execution instructions stored in the memory 23, so that the debugging apparatus 01 executes the method for obtaining the information in the source code as described in fig. 2.

Illustratively, the processor 21 obtains a first character string in the obfuscated code generated by the obfuscating device through the communication interface 22, and further, the processor 21 extracts an identification of a target obfuscation algorithm from the obfuscated code, where the target obfuscation algorithm is used to obfuscate a second character string in the source code into the first character string; then, the processor 21 determines, according to the identifier of the target obfuscating algorithm, a decryption algorithm corresponding to the identifier of the target obfuscating algorithm corresponding to the first character string in an algorithm library, where the algorithm library is used to indicate a corresponding relationship between the identifier of the target obfuscating algorithm and the decryption algorithm, and for example, the algorithm library may be stored in the memory 23; finally, the memory 23 decrypts the first string using a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain the second string in the source code.

The processor 21 may be a Central Processing Unit (CPU). The processor 21 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The processor 21 is a control center of the debugging apparatus 01, and the processor 21 executes various functions of the debugging apparatus 01 by processing data received by the transceiver 22 and calling software or a program in the memory 23.

The communication interface 22, which may be specifically an interface circuit, is used for receiving and sending signals in the process of receiving and sending information or a request, and the communication interface 22 receives the information sent by the terminal and then sends the information to the processor 21 for processing; in addition, communication interface 22 may communicate with networks and other devices via wireless communication.

The memory 23 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory 31 may also include a non-volatile memory (ROM), such as a read-only memory (read-only memory), a flash memory (flash memory), a hard disk (HDD) or a solid-state drive (SSD); the memory 31 may also comprise a combination of memories of the kind described above. The processor 21 may execute various functional applications of the debugging apparatus 01 and data processing by running a software program stored in the memory 23.

And bus 24 may include a data bus, a power bus, a control bus, a signal status bus, and the like. For clarity of illustration in this embodiment, the various buses are illustrated in FIG. 5 as bus 24.

To this end, an embodiment of the present invention provides a debugging apparatus, where the debugging apparatus acquires a first character string in obfuscated code, and extracts an identifier of a target obfuscation algorithm from the obfuscated code, where the target obfuscation algorithm is used to obfuscate a second character string in source code into the first character string; furthermore, since the algorithm library is used for indicating the corresponding relationship between the identifier of the obfuscated algorithm and the decryption algorithm, the debugging device may determine, according to the identifier of the target obfuscated algorithm, the decryption algorithm corresponding to the identifier of the target obfuscated algorithm in the algorithm library; and then, the debugging device decrypts the first character string by adopting the decryption algorithm to obtain a second character string in the source code. It can be seen that, by obtaining the inverse algorithm of the obfuscating algorithm used when obfuscating the first character string from the algorithm library, i.e. the decryption algorithm, the debugging device can determine the source code corresponding to the character string in the obfuscating code in the debugging process, so that the technical meaning of the character string in the obfuscating code can be clarified, and the second character string corresponding to the first character string in the source code before obfuscation can be directly obtained.

Fig. 6 is a schematic structural diagram of an obfuscating apparatus 02 according to an embodiment of the present invention, where the obfuscating apparatus 02 according to the embodiment of the present invention may be used to implement the method implemented by the embodiments of the present invention shown in fig. 1 to fig. 3, and for convenience of description, only the portions related to the embodiments of the present invention are shown, and details of the technology are not disclosed, please refer to the embodiments of the present invention shown in fig. 1 to fig. 3.

Specifically, as shown in fig. 6, the obfuscating device 02 includes: a determination unit 31, a selection unit 32, an obfuscation unit 33, and a recording unit 34.

A determining unit 31, configured to determine a second character string that needs to be obfuscated in the source code;

a selecting unit 32, configured to select a target obfuscating algorithm for obfuscating the second character string from an algorithm library, where the algorithm library is used to indicate a correspondence between an identifier of an obfuscating algorithm, and a decryption algorithm;

an obfuscating unit 33, configured to obfuscate the second character string using the target obfuscating algorithm to obtain a first character string;

a recording unit 34, configured to record an identifier of the target obfuscating algorithm into an obfuscating code, so that a debugging device obtains the second character string through the first character string according to a decryption algorithm corresponding to the identifier of the target obfuscating algorithm, where the obfuscating code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library, the obfuscating code includes the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscating algorithm is used to decrypt the first character string.

Further, a corresponding relation among an identifier of a obfuscated algorithm, a name of the obfuscated algorithm, a name of a decryption algorithm and an algorithm path is established in the algorithm library, and the algorithm path is used for indicating a storage location of the obfuscated algorithm corresponding to the identifier of the obfuscated algorithm; the selecting unit 32 is specifically configured to determine, from the algorithm library, an identifier of a target obfuscating algorithm to be used for obfuscating the second character string; determining an algorithm path corresponding to the identifier of the target confusion algorithm from the algorithm library according to the identifier of the target confusion algorithm; and determining the target obfuscation algorithm of the second character string according to the algorithm path and the name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

Further, the obfuscating unit 33 is configured to obtain the target obfuscating algorithm through a hook of a preset hook function; and calling the target confusion algorithm through the hook function to confuse the second character string to obtain the first character string.

Further, the recording unit 34 is configured to save the identification of the target obfuscation algorithm to a specified global variable of the obfuscated code.

Based on the obfuscation device 02 shown in fig. 6, an embodiment of the present invention further provides a hardware structure diagram of the obfuscation device 02 shown in fig. 7, where the obfuscation device 02 includes a processor 41, a communication interface 42, and a memory 43, and the processor 41, the communication interface 42, and the memory 43 communicate with each other through a bus 44.

For example, the determination unit 31, the selection unit 32, the obfuscation unit 33, and the recording unit 34 may be implemented by the processor 41 shown in fig. 7 calling instructions in the memory 43.

Specifically, the memory 43 is used for storing computer-executable instructions, the processor 41 is connected to the memory 43 through the bus 44, and when the obfuscation device 02 operates, the processor 41 executes the computer-executable instructions stored in the memory 43, so that the obfuscation device 02 executes the method for obfuscating codes as shown in fig. 3.

Illustratively, the processor 41 determines a second string to be obfuscated from the source code of the memory 43; further, the processor 41 selects a target obfuscating algorithm for obfuscating the second character string from an algorithm library indicating a correspondence between an identification of the obfuscating algorithm, and the decryption algorithm; processor 41 uses the target obfuscation algorithm to obfuscate the second string to obtain a first string; and recording the identifier of the target obfuscating algorithm into the obfuscated code so that the debugging device can obtain the second character string according to the decryption algorithm corresponding to the identifier of the target obfuscating algorithm, wherein the obfuscated code is obtained by obfuscating the source code according to the obfuscating algorithm in the algorithm library, the obfuscated code comprises the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscating algorithm is used for decrypting the first character string.

The processor 41 may be a Central Processing Unit (CPU). The processor 41 may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The processor 41 is a control center of the obfuscation device 01, and the processor 41 executes various functions of the obfuscation device 01 by processing data received by the transceiver 42 and calling software or programs in the memory 43.

A communication interface 42, which may be specifically an interface circuit, for receiving and transmitting signals during the process of receiving and transmitting information or requests, wherein the communication interface 42 receives the information transmitted by the terminal and then processes the information to the processor 41; in addition, communication interface 42 may communicate with networks and other devices via wireless communication.

The memory 43 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory 31 may also include a non-volatile memory (ROM), such as a read-only memory (read-only memory), a flash memory (flash memory), a hard disk (HDD) or a solid-state drive (SSD); the memory 31 may also comprise a combination of memories of the kind described above. The processor 41 may execute various functional applications of the obfuscation device 01 and data processing by running software programs stored in the memory 43.

And bus 44 may include a data bus, a power bus, a control bus, a signal status bus, and the like. For clarity of illustration in this embodiment, the various buses are illustrated in FIG. 7 as bus 44.

To this end, an embodiment of the present invention provides an obfuscating apparatus, where the obfuscating apparatus first determines a second character string in a source code that needs to be obfuscated; selecting a target confusion algorithm for confusing the second character string from the algorithm library; at the moment, the obfuscating device obfuscates the second character string by using a target obfuscating algorithm to obtain a first character string; and the obfuscation device records the identifier of the target obfuscation algorithm into the obfuscated code, so that the debugging device can obtain the second character string according to the decryption algorithm corresponding to the identifier of the target obfuscation algorithm, and it can be seen that in the obfuscation process, the target obfuscation algorithm of the algorithm library is used for obfuscating the second character string to obtain the first character string, and the identifier of the target obfuscation algorithm is recorded in the obfuscated code, so that the subsequent debugging device can determine the source code corresponding to the character string in the obfuscated code in the debugging process, for example, the decryption algorithm for decrypting the first character string can be determined from the algorithm library according to the identifier of the target obfuscation algorithm, and then the second character string corresponding to the first character string in the source code can be directly determined, so that when the first character string in the obfuscated code has a bug, the location of the bug in the source code can be accurately and quickly located, to improve code debugging efficiency.

Further, fig. 8 is a schematic structural diagram of an apparatus 03 for processing a code according to an embodiment of the present invention, where the apparatus 03 for processing a code according to an embodiment of the present invention can be used to implement the method implemented by the embodiments of the present invention shown in fig. 1 to fig. 3, for convenience of description, only the part related to the embodiments of the present invention is shown, and details of the technology are not disclosed, please refer to the embodiments of the present invention shown in fig. 1 to fig. 3.

The device 03 for processing codes specifically includes: a debugging unit 51, an obfuscating unit 52 and a storage unit 53, wherein the storage unit 53 is configured to store an algorithm library including an identification of an obfuscating algorithm, a correspondence between the obfuscating algorithm and a decryption algorithm.

Specifically, the obfuscating unit 52 is configured to: determining a second character string which needs to be obfuscated in the source code; selecting a target obfuscation algorithm from an algorithm library for obfuscating the second string; using the target confusion algorithm to confuse the second character string to obtain a first character string; and recording the corresponding relation between the identifier of the target obfuscation algorithm and the first character string into an obfuscated code, wherein the obfuscated code is obtained by obfuscating the source code according to the obfuscation algorithm in the algorithm library by the obfuscation unit, and the obfuscated code comprises the first character string.

The debugging unit 51 is configured to: acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code, so as to debug the program segment in which the second character string is located.

Illustratively, the algorithm library in the storage unit 53 establishes a correspondence relationship among an identifier of the obfuscated algorithm, a name of the decryption algorithm, and an algorithm path indicating a storage location of the obfuscated algorithm corresponding to the identifier of the obfuscated algorithm.

At this time, when the debugging unit 51 determines, according to the identifier of the target obfuscating algorithm, a decryption algorithm corresponding to the identifier of the target obfuscating algorithm in the algorithm library, the method specifically includes: determining an algorithm path corresponding to the identifier of the target obfuscation algorithm according to the identifier of the target obfuscation algorithm; and acquiring the decryption algorithm corresponding to the identifier of the target obfuscation algorithm through the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

Accordingly, when the obfuscating unit 52 selects the target obfuscating algorithm for obfuscating the second character string from the algorithm library, the method specifically includes: determining an identifier of a target obfuscation algorithm to be used for obfuscating the second character string from the algorithm library; determining an algorithm path corresponding to the identifier of the target confusion algorithm from the algorithm library according to the identifier of the target confusion algorithm; and determining the target obfuscation algorithm of the second character string through the algorithm path and the name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

Further, when the debugging unit 51 extracts the identifier of the target obfuscating algorithm from the obfuscated code, the method specifically includes: an identification of the target obfuscation algorithm is extracted from a specified global variable of the obfuscated code.

Accordingly, when the obfuscating unit 52 records the identifier of the target obfuscating algorithm into the obfuscating code, the method specifically includes: the identity of the target obfuscation algorithm is saved to a designated global variable of the obfuscated code.

Further, when the debugging unit 51 decrypts the first character string by using the decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain the second character string, the method specifically includes: obtaining the decryption algorithm through a hook in a preset hook function; and calling the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

Accordingly, when the obfuscating unit 52 obfuscates the second character string using the target obfuscating algorithm to obtain the first character string, the method specifically includes: acquiring the target confusion algorithm through a hook of a preset hook function; and calling the target confusion algorithm through the hook function to confuse the second character string to obtain the first character string.

In addition, the target obfuscation algorithm includes a user-defined obfuscation algorithm, the identification of the target obfuscation algorithm includes an identification of a user-defined obfuscation algorithm, the decryption algorithm includes an inverse of the user-defined obfuscation algorithm, wherein the algorithm library includes a correspondence between the user-defined obfuscation algorithm, the identification of the user-defined obfuscation algorithm, and the inverse of the user-defined obfuscation algorithm.

Based on a device 03 for processing codes shown in fig. 8, an embodiment of the present invention further provides a hardware structure diagram of the device 03 for processing codes shown in fig. 9, where the device 03 for processing codes includes a processor 61, a communication interface 62, and a memory 63, and the processor 61, the communication interface 62, and the memory 63 communicate via a bus 64.

For example, the debugging unit 51 and the obfuscation unit 52 may be implemented by the processor 61 shown in fig. 9 calling instructions in the memory 63, and the storage unit may be embodied as the memory 63 shown in fig. 9.

Specifically, the memory 63 is used for storing computer execution instructions, the processor 61 is connected to the memory 63 through the bus 64, and when the device 03 for processing codes runs, the processor 61 executes the computer execution instructions stored in the memory 63, so that the device for processing codes determines a second character string in the source codes, which needs to be obfuscated; selecting a target obfuscation algorithm from the algorithm library for obfuscating the second string; obfuscating the second character string using the target obfuscation algorithm to obtain a first character string; recording the identifier of the target obfuscating algorithm into an obfuscating code, wherein the obfuscating code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library by the obfuscating unit and includes the first character string; acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

The processor 61 may be a Central Processing Unit (CPU). The processor 61 may also be other general processors, Digital Signal Processors (DSP), Application Specific Integrated Circuits (ASIC), field-programmable gate arrays (FPGA), other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The processor 61 is a control center of the obfuscation device 01, and the processor 61 executes various functions of the obfuscation device 01 by processing data received by the transceiver 42 and calling software or programs in the memory 63.

The communication interface 62, which may be specifically an interface circuit, is used for receiving and sending signals in the process of receiving and sending information or a request, and the communication interface 62 receives the information sent by the terminal and then sends the information to the processor 61 for processing; in addition, the communication interface 62 may communicate with networks and other devices through wireless communication.

The memory 63 may include a volatile memory (RAM), such as a random-access memory (RAM); the memory 31 may also include a non-volatile memory (ROM), such as a read-only memory (read-only memory), a flash memory (flash memory), a hard disk (HDD) or a solid-state drive (SSD); the memory 31 may also comprise a combination of memories of the kind described above. The processor 61 may execute various functional applications of the obfuscation device 01 and data processing by running software programs stored in the memory 63.

And bus 64 may include a data bus, a power bus, a control bus, a signal status bus, and the like. For clarity of illustration in this embodiment, the various buses are illustrated in FIG. 9 as bus 64.

It can be seen that, by obtaining the inverse algorithm of the obfuscating algorithm used when obfuscating the first character string from the algorithm library, that is, the decryption algorithm, the device 03 for processing codes can enable the debugging unit to determine the source code corresponding to the character string in the obfuscating code in the debugging process, so that the technical meaning of the character string in the obfuscating code can be clarified, and can directly obtain the second character string corresponding to the first character string in the source code before obfuscation.

It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (23)

1. A method for obtaining information in source code, comprising:

the debugging device acquires a first character string in the obfuscated code, wherein the obfuscated code is generated by the obfuscating device after a source code is obfuscated by using a target obfuscating algorithm in an algorithm library;

the debugging device extracts an identification of a target obfuscation algorithm from the obfuscated code, wherein the target obfuscation algorithm is used for obfuscating a second character string in source code into the first character string;

the debugging device determines a decryption algorithm corresponding to the identifier of the target obfuscated algorithm in the algorithm library according to the identifier of the target obfuscated algorithm, the algorithm library is used for indicating the corresponding relation between the identifier of the obfuscated algorithm and the decryption algorithm, and the debugging device and the obfuscating device share the algorithm library;

and the debugging device decrypts the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

2. The method according to claim 1, wherein the algorithm library is established with a corresponding relationship among an identifier of a obfuscated algorithm, a name of a decryption algorithm and an algorithm path, and the algorithm path is used for indicating a storage location of the decryption algorithm corresponding to the identifier of the obfuscated algorithm;

the debugging device determines a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in an algorithm library according to the identifier of the target obfuscation algorithm, and the method comprises the following steps:

the debugging device determines an algorithm path corresponding to the identifier of the target obfuscation algorithm according to the identifier of the target obfuscation algorithm;

and the debugging device acquires the decryption algorithm corresponding to the identifier of the target obfuscation algorithm through the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

3. The method of claim 1 or 2, wherein the identification of the obfuscation algorithm comprises an identification of a user-defined obfuscation algorithm and the decryption algorithm comprises an inverse of the user-defined obfuscation algorithm, wherein the algorithm library comprises a correspondence between the identification of the user-defined obfuscation algorithm and the inverse of the user-defined obfuscation algorithm.

4. The method of claim 1 or 2, wherein the debugging device extracting an identification of a target obfuscation algorithm from the obfuscated code, comprises:

the debugging means extracts an identification of the target obfuscation algorithm from a specified global variable of the obfuscated code.

5. The method according to claim 1 or 2, wherein the debugging device decrypts the first character string by using a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string, and the method includes:

the debugging device obtains the decryption algorithm through a hook in a preset hook function;

and the debugging device calls the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

6. A method of obfuscating code, comprising:

the obfuscation device determines a second character string needing to be obfuscated in the source code;

the obfuscating device selects a target obfuscating algorithm for obfuscating the second character string from an algorithm library, the algorithm library indicating a correspondence between an identification of an obfuscating algorithm, and a decryption algorithm, and the obfuscating device and the debugging device share the algorithm library;

the obfuscating device obfuscates the second character string using the target obfuscating algorithm to obtain a first character string;

the obfuscating device records the identifier of the target obfuscating algorithm into obfuscated codes so that a debugging device can obtain the second character string through the first character string according to a decryption algorithm corresponding to the identifier of the target obfuscating algorithm, wherein the obfuscated codes are obtained by obfuscating the source codes according to the obfuscating algorithm in the algorithm library, the obfuscated codes comprise the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscating algorithm is used for decrypting the first character string.

7. The method according to claim 6, wherein the algorithm library is established with a correspondence relationship among an identification of a obfuscated algorithm, a name of the obfuscated algorithm, a name of a decryption algorithm, and an algorithm path, and the algorithm path is used for indicating a storage location of the obfuscated algorithm corresponding to the identification of the obfuscated algorithm;

wherein the obfuscating means selects a target obfuscating algorithm from a library of algorithms for obfuscating the second string, including:

the obfuscating device determines an identifier of a target obfuscating algorithm to be used for obfuscating the second character string from the algorithm library;

the confusion device determines an algorithm path corresponding to the identification of the target confusion algorithm from the algorithm library according to the identification of the target confusion algorithm;

the obfuscating device determines a target obfuscation algorithm of the second string by the algorithm path and a name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

8. The method of claim 6 or 7, wherein the target obfuscation algorithm comprises a user-defined obfuscation algorithm, the identification of the target obfuscation algorithm comprises an identification of the user-defined obfuscation algorithm, the decryption algorithm comprises an inverse of the user-defined obfuscation algorithm, and wherein the algorithm library comprises a correspondence between the user-defined obfuscation algorithm, the identification of the user-defined obfuscation algorithm, and the inverse of the user-defined obfuscation algorithm.

9. The method of claim 6 or 7, wherein the obfuscating means obfuscates the second string using the target obfuscation algorithm to obtain a first string, comprising:

the confusion device obtains the target confusion algorithm through a hook of a preset hook function;

and the confusion device calls the target confusion algorithm through the hook function to confuse the second character string to obtain the first character string.

10. The method of claim 6 or 7, wherein the obfuscating device records an identification of the target obfuscation algorithm into an obfuscation code, comprising:

the obfuscating means saves an identification of the target obfuscation algorithm to a specified global variable of the obfuscated code.

11. A commissioning apparatus, comprising:

the obtaining unit is used for obtaining a first character string in an obfuscated code, wherein the obfuscated code is generated by an obfuscating device after source codes are obfuscated by using a target obfuscating algorithm in an algorithm library; extracting an identification of a target obfuscation algorithm from the obfuscated code, the target obfuscation algorithm to obfuscate a second character string in source code to the first character string;

a determining unit, configured to determine, according to the identifier of the target obfuscating algorithm, a decryption algorithm corresponding to the identifier of the target obfuscating algorithm in the algorithm library, where the algorithm library is used to indicate a correspondence between the identifier of the obfuscating algorithm and the decryption algorithm, and the debugging device and the obfuscating device share the algorithm library;

and the decryption unit is used for decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm so as to obtain a second character string in the source code.

12. The debugging device according to claim 11, wherein a correspondence relationship between an identifier of a obfuscated algorithm, a name of a decryption algorithm, and an algorithm path is established in the algorithm library, and the algorithm path is used to indicate a storage location of the decryption algorithm corresponding to the identifier of the obfuscated algorithm; wherein,

the determining unit is specifically configured to determine, according to the identifier of the target obfuscation algorithm, an algorithm path corresponding to the identifier of the target obfuscation algorithm; and acquiring the decryption algorithm corresponding to the identifier of the target obfuscation algorithm according to the algorithm path and the name of the decryption algorithm corresponding to the identifier of the target obfuscation algorithm.

13. The debugging apparatus according to claim 11 or 12,

the obtaining unit is specifically configured to extract an identifier of the target obfuscation algorithm from a specified global variable of the obfuscated code.

14. The debugging apparatus according to claim 11 or 12,

the decryption unit is specifically configured to obtain the decryption algorithm through a hook in a preset hook function; and calling the decryption algorithm through the hook function to decrypt the first character string to obtain the second character string.

15. A obfuscation device, comprising:

the determining unit is used for determining a second character string which needs to be obfuscated in the source code;

a selecting unit, configured to select a target obfuscating algorithm for obfuscating the second character string from an algorithm library, where the algorithm library is used to indicate a correspondence relationship between an identifier of an obfuscating algorithm, and a decryption algorithm, and the obfuscating apparatus and the debugging apparatus share the algorithm library;

the confusion unit is used for carrying out confusion on the second character string by using the target confusion algorithm to obtain a first character string;

the recording unit is configured to record the identifier of the target obfuscating algorithm into an obfuscated code, so that a debugging device obtains the second character string through the first character string according to a decryption algorithm corresponding to the identifier of the target obfuscating algorithm, where the obfuscated code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library, the obfuscated code includes the first character string, and the decryption algorithm corresponding to the identifier of the target obfuscating algorithm is used to decrypt the first character string.

16. A obfuscation device as in claim 15, wherein the algorithm library has a correspondence between an identity of an obfuscating algorithm, a name of the obfuscating algorithm, a name of a decryption algorithm, and an algorithm path indicating a storage location of the obfuscating algorithm corresponding to the identity of the obfuscating algorithm; wherein,

the selecting unit is specifically configured to determine, from the algorithm library, an identifier of a target obfuscating algorithm that is required to be used to obfuscate the second character string; determining an algorithm path corresponding to the identifier of the target confusion algorithm from the algorithm library according to the identifier of the target confusion algorithm; and determining the target obfuscation algorithm of the second character string according to the algorithm path and the name of the target obfuscation algorithm corresponding to the identification of the target obfuscation algorithm.

17. The obfuscation device of claim 15 or 16,

the confusion unit is used for acquiring the target confusion algorithm through a hook of a preset hook function; and calling the target confusion algorithm through the hook function to confuse the second character string to obtain the first character string.

18. The obfuscation device of claim 15 or 16,

and the recording unit is used for storing the identification of the target obfuscation algorithm into a specified global variable of the obfuscated code.

19. A commissioning apparatus, comprising: a processor, a memory, a bus, and a communication interface;

the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and when the debugging device runs, the processor executes the computer execution instructions stored by the memory so as to enable the debugging device to execute the method for obtaining the information in the source code according to any one of claims 1-5.

20. A obfuscation device, comprising: a processor, a memory, a bus, and a communication interface;

the memory is used for storing computer-executable instructions, the processor is connected with the memory through the bus, and when the obfuscation device runs, the processor executes the computer-executable instructions stored in the memory so as to enable the obfuscation device to execute the method for obfuscating the codes according to any one of claims 6-10.

21. An apparatus for processing code, comprising: a obfuscation unit, a debugging unit, and a storage unit for storing an algorithm library comprising an identification of obfuscating algorithms, corresponding relations between obfuscating algorithms and decryption algorithms, wherein,

the obfuscating unit is used for determining a second character string which needs to be obfuscated in the source code; selecting a target obfuscation algorithm from the algorithm library for obfuscating the second string; obfuscating the second character string using the target obfuscation algorithm to obtain a first character string; recording the identifier of the target obfuscating algorithm into an obfuscating code, wherein the obfuscating code is obtained by obfuscating the source code according to an obfuscating algorithm in the algorithm library by the obfuscating unit and includes the first character string;

the debugging unit is used for: acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

22. An apparatus for processing code, comprising: a processor, a memory, a bus, and a communication interface;

the memory is used for storing computer execution instructions, the processor is connected with the memory through the bus, and the processor executes the computer execution instructions stored by the memory so as to enable the code processing device to determine a second character string needing to be obfuscated in source codes; selecting a target obfuscation algorithm from an algorithm library for obfuscating the second string; obfuscating the second character string using the target obfuscation algorithm to obtain a first character string; recording the identifier of the target obfuscating algorithm into an obfuscating code, wherein the obfuscating code is obtained by the processor obfuscating the source code according to an obfuscating algorithm in the algorithm library, and the obfuscating code includes the first character string; acquiring a first character string in the confusion code; extracting an identification of the target obfuscation algorithm from the obfuscated code; determining a decryption algorithm corresponding to the identifier of the target obfuscation algorithm in the algorithm library according to the identifier of the target obfuscation algorithm; and decrypting the first character string by adopting a decryption algorithm corresponding to the identifier of the target obfuscation algorithm to obtain a second character string in the source code.

23. A system for obtaining information in source code, comprising a debugging means according to any one of claims 11-14 and an obfuscation means according to any one of claims 15-18, wherein the debugging means and the obfuscation means share an algorithm library indicating correspondence between an identity of an obfuscation algorithm, the obfuscation algorithm, and a decryption algorithm.