CN106650339A - Control flow complication-based Java code obfuscation method - Google Patents
Control flow complication-based Java code obfuscation method Download PDFInfo
- Publication number
- CN106650339A CN106650339A CN201610891258.4A CN201610891258A CN106650339A CN 106650339 A CN106650339 A CN 106650339A CN 201610891258 A CN201610891258 A CN 201610891258A CN 106650339 A CN106650339 A CN 106650339A
- Authority
- CN
- China
- Prior art keywords
- code
- label
- loop structure
- loop
- predicate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 230000008569 process Effects 0.000 claims description 12
- 238000003780 insertion Methods 0.000 claims description 7
- 230000037431 insertion Effects 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 5
- 230000010076 replication Effects 0.000 claims description 3
- 230000007704 transition Effects 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 2
- 230000009191 jumping Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a control flow complication-based Java code obfuscation method. The method comprises the steps of 1, constructing a non-transparent predicate set; 2, discovering a loop structure; 3, separating the loop structure; 4, inserting the non-transparent predicate set into the separated loop structure; and 5, complicating the loop structure. According to the method, the shortcoming of insufficient utilization of the loop structure in an existing code obfuscation method is overcome and a control flow complication method utilizing the loop structure is realized.
Description
Technical field
The present invention relates to a kind of Java code complicated based on controlling stream obscures method, belong to computer safety field.
Background technology
Along with the rise of mobile Internet, mobile terminal application is increasingly popularized, and these applications take full advantage of movement and set
Standby computing capability and portability, facilitate the life of people, but have substantial amounts of java applet in the application of mobile terminal.Java journeys
Sequence is distributed after compiling in the form of the .class files packed, and these .class files are all Java bytecodes, and original
Java bytecode can be restored with original code difference only in the source code of annotation by the method for decompiling.This just gives and attacks
The person of hitting or other lawless person's chances.The subject matter that this brings is as follows:
1. software piracy, lawless person can easily be copied and original software by the source code after decompiling
The same or like software of function, or crack out the software that need not be activated.
2. distort, change software source code, do not change the use function of software, but with the addition of wherein advertisement or its
His malicious code and virus.
In order to solve these problems, it is proposed that the method for Code obfuscation, four classes are broadly divided into:Layout obscures conversion, control
Obscure conversion, data obfuscation conversion and preventative obscure conversion.These methods are primarily used to tackle decompiling, to circulation knot
Structure is under-utilized.
The content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of Java code side of obscuring complicated based on controlling stream
Method.
In order to achieve the above object, the technical solution adopted in the present invention is:
A kind of Java code complicated based on controlling stream obscures method, comprises the following steps,
Step 1, builds opaque predicate set;
Step 2, finds loop structure;
Step 3, takes loop structure apart;
Step 4, inserts opaque predicate set in the loop structure taken apart;
Step 5, complicates loop structure.
Opaque predicate set includes that construction perseverance is false predicate set F for genuine predicate set T and perseverance.
It was found that the process of loop structure is,
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, looking for
Label B is redirected to unconditional jump command N;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B jumping to condition
Turn the code segment between command M, check whether also remaining jump instruction, if it did not, so from redirecting label B to redirecting mark
It is a loop structure to sign the code segment between E.
The process for taking loop structure apart is,
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, fixed
The label B that redirects of the loop body that adopted loop structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i=
0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, in same position insertion code block D, the code block D according to input and
Any one in state transition B0 to the Bk of local variable.
The process that opaque predicate set is inserted in the loop structure taken apart is,
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_
A1、…、Cal_A k;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, the predicate knot with script in loop body
Close, the predicate after combination is true and false constant;
S35, i=i+1;Go to step S33.
Complicate loop structure process be,
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque
Predicate it is true and false;
S45, calls the function of construction directed acyclic graph, obtains DAG structures;
Each node in DAG structures is a position in loop body Ci, and each directed edge is represented from starting point
Code segment representated by representative position to terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step
S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step
S412;
S411, inserts condition or the condition related to input immediately, jumps to and this code is adjacent in DAG structures
On code segment after section;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, step S48 is gone to, it is no
Then go to step S423;
S423, i+=1, go to step S43.
The beneficial effect that the present invention is reached:Instant invention overcomes existing Code obfuscation method is under-utilized to loop structure
Shortcoming, realize using loop structure controlling stream complicate method.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Fig. 2 is the flow chart for taking loop structure apart.
Fig. 3 is the flow chart for complicating loop structure.
Specific embodiment
Below in conjunction with the accompanying drawings the invention will be further described.Following examples are only used for clearly illustrating the present invention
Technical scheme, and can not be limited the scope of the invention with this.
As shown in figure 1, a kind of Java code complicated based on controlling stream obscures method, comprise the following steps:
Step 1, builds opaque predicate set.
Using the reference in Java relatively constructing opaque predicate set, opaque predicate set includes that construction perseverance is
Genuine predicate set T and perseverance are false predicate set F.
Step 2, finds loop structure.
Loop structure is found from Java code section, they should be similar to such case:
Code is as follows:
B:Cal_A
If not A go to E;
C
Go to B;
E:
Detailed process is as follows:
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, looking for
Label B is redirected to unconditional jump command N;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B jumping to condition
Turn the code segment between command M, check whether also remaining jump instruction, if it did not, so from redirecting label B to redirecting mark
It is a loop structure to sign the code segment between E.
Step 3, takes loop structure apart.
Detailed process as shown in Fig. 2
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, fixed
The label B that redirects of the loop body that adopted loop structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i=
0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, in same position insertion code block D, the code block D according to input and
Any one in state transition B0 to the Bk of local variable.
Code after taking apart is as follows:
B0:Cal_A
IfnotAgotoB1:
C
B1:Cal_A
IfnotAgotoB2:
C
…
Bi:Cal_A
IfnotAgotoE:
C
D
E:
Step 4, inserts opaque predicate set in the loop structure taken apart.
Detailed process is:
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_
A1、…、Cal_A k;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, the predicate knot with script in loop body
Close, the predicate after combination is true and false constant;
S35, i=i+1;Go to step S33.
Step 5, complicates loop structure.
As shown in figure 3, detailed process is:
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque
Predicate it is true and false;
S45, calls the function create_DAG (empty_dag, 0, empty_map) of construction directed acyclic graph, obtains DAG
Structure;
Each node in DAG structures is a position in loop body Ci, and each directed edge is represented from starting point
Code segment representated by representative position to terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step
S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step
S412;
S411, inserts condition or the condition related to input immediately, jumps to and this code is adjacent in DAG structures
On code segment after section;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, step S48 is gone to, it is no
Then go to step S423;
S423, i+=1, go to step S43.
Said method overcomes the existing Code obfuscation method shortcoming under-utilized to loop structure, realizes using circulation
The controlling stream of structure complicates method.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, on the premise of without departing from the technology of the present invention principle, some improvement and deformation can also be made, these improve and deform
Also should be regarded as protection scope of the present invention.
Claims (6)
1. a kind of Java code complicated based on controlling stream obscures method, it is characterised in that:Comprise the following steps,
Step 1, builds opaque predicate set;
Step 2, finds loop structure;
Step 3, takes loop structure apart;
Step 4, inserts opaque predicate set in the loop structure taken apart;
Step 5, complicates loop structure.
2. a kind of Java code complicated based on controlling stream according to claim 1 obscures method, it is characterised in that:No
Transparent predicate set includes that construction perseverance is false predicate set F for genuine predicate set T and perseverance.
3. a kind of Java code complicated based on controlling stream according to claim 2 obscures method, it is characterised in that:Send out
The process of existing loop structure is,
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, finding nothing
Conditional jump instructions N's redirects label B;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B and refers to conditional jump
The code segment between M is made, also remaining jump instruction is checked whether, if it did not, so from redirecting label B to redirecting label E
Between code segment be a loop structure.
4. a kind of Java code complicated based on controlling stream according to claim 3 obscures method, it is characterised in that:Tear open
The process of open cycle structure is,
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, and definition is followed
The label B that redirects of the loop body that ring structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i=0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, and in same position insertion code block D, the code block D is according to input and local
Any one in state transition B0 to the Bk of variable.
5. a kind of Java code complicated based on controlling stream according to claim 4 obscures method, it is characterised in that:
The process that opaque predicate set is inserted in the loop structure taken apart is,
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_A1 ...,
Cal_Ak;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, and is combined with the predicate of script in loop body, ties
Predicate after conjunction is true and false constant;
S35, i=i+1;Go to step S33.
6. a kind of Java code complicated based on controlling stream according to claim 5 obscures method, it is characterised in that:It is multiple
The process of hydridization loop structure is,
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque predicate
It is true and false;
S45, calls the function of construction directed acyclic graph, obtains DAG structures;
Each node in DAG structures is a position in loop body Ci, and each directed edge was represented from starting point institute's generation
Epi-position puts the code segment representated by terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step
S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step S412;
S411, insertion condition or the condition related to input immediately, jump to be adjacent in DAG structures this code segment it
On code segment afterwards;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, going to step S48, otherwise turns
To step S423;
S423, i+=1, go to step S43.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610891258.4A CN106650339B (en) | 2016-10-13 | 2016-10-13 | It is a kind of that method is obscured based on the Java code for controlling stream complication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610891258.4A CN106650339B (en) | 2016-10-13 | 2016-10-13 | It is a kind of that method is obscured based on the Java code for controlling stream complication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106650339A true CN106650339A (en) | 2017-05-10 |
CN106650339B CN106650339B (en) | 2019-06-11 |
Family
ID=58856777
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610891258.4A Active CN106650339B (en) | 2016-10-13 | 2016-10-13 | It is a kind of that method is obscured based on the Java code for controlling stream complication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106650339B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107992724A (en) * | 2017-12-14 | 2018-05-04 | 四川大学 | A kind of software security reinforcement means |
CN108446542A (en) * | 2018-02-12 | 2018-08-24 | 南京梆梆信息科技有限公司 | A kind of source code based on semiology analysis obscures method and device |
CN109409036A (en) * | 2018-09-19 | 2019-03-01 | 苏州创旅天下信息技术有限公司 | Control stream based on redundant code obscures method and device, storage medium and terminal |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101271397A (en) * | 2007-03-23 | 2008-09-24 | 北京大学 | Recognition method of nested loop structure |
-
2016
- 2016-10-13 CN CN201610891258.4A patent/CN106650339B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101271397A (en) * | 2007-03-23 | 2008-09-24 | 北京大学 | Recognition method of nested loop structure |
Non-Patent Citations (2)
Title |
---|
兑璐: "面向Java的反逆向技术的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
袁征 等: "构造一种新的混淆Java程序的不透明谓词", <北京邮电大学学报> * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107992724A (en) * | 2017-12-14 | 2018-05-04 | 四川大学 | A kind of software security reinforcement means |
CN108446542A (en) * | 2018-02-12 | 2018-08-24 | 南京梆梆信息科技有限公司 | A kind of source code based on semiology analysis obscures method and device |
CN108446542B (en) * | 2018-02-12 | 2021-09-03 | 北京梆梆安全科技有限公司 | Source code obfuscation method and device based on symbolic execution |
CN109409036A (en) * | 2018-09-19 | 2019-03-01 | 苏州创旅天下信息技术有限公司 | Control stream based on redundant code obscures method and device, storage medium and terminal |
Also Published As
Publication number | Publication date |
---|---|
CN106650339B (en) | 2019-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Bird | Pearls of functional algorithm design | |
CN107729725A (en) | A kind of Android applications hardened system and method based on virtual machine instructions modification | |
CN107077337A (en) | System and method for performing the application coding compiled according to two instruction set architectures | |
KR101234591B1 (en) | Method for Anti-Encoding Android by Using Java Native Interface | |
CN105354449A (en) | Scrambling and obfuscating method for Lua language and decryption method | |
CN106650339A (en) | Control flow complication-based Java code obfuscation method | |
CN108363911B (en) | Python script obfuscating and watermarking method and device | |
CN106599628A (en) | Python byte code file protection method based on module hook | |
CN103761476A (en) | Characteristic extraction method and device | |
CN103699820B (en) | Obfuscating method for relative jump instruction | |
CN105787305A (en) | Software protection method capable of resisting symbolic execution and taint analysis | |
CN105653949B (en) | A kind of malware detection methods and device | |
JP2016525760A (en) | Identify irrelevant code | |
CN104517044A (en) | Method and device for protecting binary file from being decompiled | |
CN105718765A (en) | Method for achieving code obfuscation through finite automaton | |
Gilio-Whitaker | Idle no more and fourth world social movements in the new millennium | |
CN105808256A (en) | Method and system for constructing legal stack return value by avoiding function call detection | |
Zhao et al. | Compile-time code virtualization for android applications | |
CN104321774B (en) | For the anti-reversing engineering and/or method alterred program, system and equipment | |
Banham | Characters: Cultural Stories Revealed Through Typography. Stephen Banham, Rick Poynor | |
CN105488399A (en) | Script virus detection method and system based on program keyword calling sequence | |
CN105793864A (en) | System and method of detecting malicious multimedia files | |
Thakker et al. | Gate jape grammar tutorial | |
Tofighi-Shirazi et al. | Fine-grained static detection of obfuscation transforms using ensemble-learning and semantic reasoning | |
CN105912893A (en) | Strengthening method based on Android system microinstruction just-in-time compilation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |