CN106650339A - Control flow complication-based Java code obfuscation method - Google Patents

Control flow complication-based Java code obfuscation method Download PDF

Info

Publication number
CN106650339A
CN106650339A CN201610891258.4A CN201610891258A CN106650339A CN 106650339 A CN106650339 A CN 106650339A CN 201610891258 A CN201610891258 A CN 201610891258A CN 106650339 A CN106650339 A CN 106650339A
Authority
CN
China
Prior art keywords
code
label
loop structure
loop
predicate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610891258.4A
Other languages
Chinese (zh)
Other versions
CN106650339B (en
Inventor
周超
郭雅娟
黄伟
朱道华
姜海涛
郭静
李斌
王黎明
陈锦铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Electric Power Research Institute of State Grid Jiangsu Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201610891258.4A priority Critical patent/CN106650339B/en
Publication of CN106650339A publication Critical patent/CN106650339A/en
Application granted granted Critical
Publication of CN106650339B publication Critical patent/CN106650339B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The invention discloses a control flow complication-based Java code obfuscation method. The method comprises the steps of 1, constructing a non-transparent predicate set; 2, discovering a loop structure; 3, separating the loop structure; 4, inserting the non-transparent predicate set into the separated loop structure; and 5, complicating the loop structure. According to the method, the shortcoming of insufficient utilization of the loop structure in an existing code obfuscation method is overcome and a control flow complication method utilizing the loop structure is realized.

Description

A kind of Java code complicated based on controlling stream obscures method
Technical field
The present invention relates to a kind of Java code complicated based on controlling stream obscures method, belong to computer safety field.
Background technology
Along with the rise of mobile Internet, mobile terminal application is increasingly popularized, and these applications take full advantage of movement and set Standby computing capability and portability, facilitate the life of people, but have substantial amounts of java applet in the application of mobile terminal.Java journeys Sequence is distributed after compiling in the form of the .class files packed, and these .class files are all Java bytecodes, and original Java bytecode can be restored with original code difference only in the source code of annotation by the method for decompiling.This just gives and attacks The person of hitting or other lawless person's chances.The subject matter that this brings is as follows:
1. software piracy, lawless person can easily be copied and original software by the source code after decompiling The same or like software of function, or crack out the software that need not be activated.
2. distort, change software source code, do not change the use function of software, but with the addition of wherein advertisement or its His malicious code and virus.
In order to solve these problems, it is proposed that the method for Code obfuscation, four classes are broadly divided into:Layout obscures conversion, control Obscure conversion, data obfuscation conversion and preventative obscure conversion.These methods are primarily used to tackle decompiling, to circulation knot Structure is under-utilized.
The content of the invention
In order to solve above-mentioned technical problem, the invention provides a kind of Java code side of obscuring complicated based on controlling stream Method.
In order to achieve the above object, the technical solution adopted in the present invention is:
A kind of Java code complicated based on controlling stream obscures method, comprises the following steps,
Step 1, builds opaque predicate set;
Step 2, finds loop structure;
Step 3, takes loop structure apart;
Step 4, inserts opaque predicate set in the loop structure taken apart;
Step 5, complicates loop structure.
Opaque predicate set includes that construction perseverance is false predicate set F for genuine predicate set T and perseverance.
It was found that the process of loop structure is,
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, looking for Label B is redirected to unconditional jump command N;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B jumping to condition Turn the code segment between command M, check whether also remaining jump instruction, if it did not, so from redirecting label B to redirecting mark It is a loop structure to sign the code segment between E.
The process for taking loop structure apart is,
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, fixed The label B that redirects of the loop body that adopted loop structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i= 0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, in same position insertion code block D, the code block D according to input and Any one in state transition B0 to the Bk of local variable.
The process that opaque predicate set is inserted in the loop structure taken apart is,
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_ A1、…、Cal_A k;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, the predicate knot with script in loop body Close, the predicate after combination is true and false constant;
S35, i=i+1;Go to step S33.
Complicate loop structure process be,
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque Predicate it is true and false;
S45, calls the function of construction directed acyclic graph, obtains DAG structures;
Each node in DAG structures is a position in loop body Ci, and each directed edge is represented from starting point Code segment representated by representative position to terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step S412;
S411, inserts condition or the condition related to input immediately, jumps to and this code is adjacent in DAG structures On code segment after section;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, step S48 is gone to, it is no Then go to step S423;
S423, i+=1, go to step S43.
The beneficial effect that the present invention is reached:Instant invention overcomes existing Code obfuscation method is under-utilized to loop structure Shortcoming, realize using loop structure controlling stream complicate method.
Description of the drawings
Fig. 1 is the flow chart of the present invention.
Fig. 2 is the flow chart for taking loop structure apart.
Fig. 3 is the flow chart for complicating loop structure.
Specific embodiment
Below in conjunction with the accompanying drawings the invention will be further described.Following examples are only used for clearly illustrating the present invention Technical scheme, and can not be limited the scope of the invention with this.
As shown in figure 1, a kind of Java code complicated based on controlling stream obscures method, comprise the following steps:
Step 1, builds opaque predicate set.
Using the reference in Java relatively constructing opaque predicate set, opaque predicate set includes that construction perseverance is Genuine predicate set T and perseverance are false predicate set F.
Step 2, finds loop structure.
Loop structure is found from Java code section, they should be similar to such case:
Code is as follows:
B:Cal_A
If not A go to E;
C
Go to B;
E:
Detailed process is as follows:
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, looking for Label B is redirected to unconditional jump command N;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B jumping to condition Turn the code segment between command M, check whether also remaining jump instruction, if it did not, so from redirecting label B to redirecting mark It is a loop structure to sign the code segment between E.
Step 3, takes loop structure apart.
Detailed process as shown in Fig. 2
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, fixed The label B that redirects of the loop body that adopted loop structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i= 0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, in same position insertion code block D, the code block D according to input and Any one in state transition B0 to the Bk of local variable.
Code after taking apart is as follows:
B0:Cal_A
IfnotAgotoB1:
C
B1:Cal_A
IfnotAgotoB2:
C
Bi:Cal_A
IfnotAgotoE:
C
D
E:
Step 4, inserts opaque predicate set in the loop structure taken apart.
Detailed process is:
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_ A1、…、Cal_A k;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, the predicate knot with script in loop body Close, the predicate after combination is true and false constant;
S35, i=i+1;Go to step S33.
Step 5, complicates loop structure.
As shown in figure 3, detailed process is:
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque Predicate it is true and false;
S45, calls the function create_DAG (empty_dag, 0, empty_map) of construction directed acyclic graph, obtains DAG Structure;
Each node in DAG structures is a position in loop body Ci, and each directed edge is represented from starting point Code segment representated by representative position to terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step S412;
S411, inserts condition or the condition related to input immediately, jumps to and this code is adjacent in DAG structures On code segment after section;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, step S48 is gone to, it is no Then go to step S423;
S423, i+=1, go to step S43.
Said method overcomes the existing Code obfuscation method shortcoming under-utilized to loop structure, realizes using circulation The controlling stream of structure complicates method.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, on the premise of without departing from the technology of the present invention principle, some improvement and deformation can also be made, these improve and deform Also should be regarded as protection scope of the present invention.

Claims (6)

1. a kind of Java code complicated based on controlling stream obscures method, it is characterised in that:Comprise the following steps,
Step 1, builds opaque predicate set;
Step 2, finds loop structure;
Step 3, takes loop structure apart;
Step 4, inserts opaque predicate set in the loop structure taken apart;
Step 5, complicates loop structure.
2. a kind of Java code complicated based on controlling stream according to claim 1 obscures method, it is characterised in that:No Transparent predicate set includes that construction perseverance is false predicate set F for genuine predicate set T and perseverance.
3. a kind of Java code complicated based on controlling stream according to claim 2 obscures method, it is characterised in that:Send out The process of existing loop structure is,
S11, traversal class file finds conditional jump instructions M;
S12, find conditional jump instructions M redirects label E;
S13, checks whether the upper instruction for redirecting label E position is unconditional jump command N, if it is, finding nothing Conditional jump instructions N's redirects label B;
S14, judgement redirects label B whether before conditional jump instructions M, if it is, traversal redirects label B and refers to conditional jump The code segment between M is made, also remaining jump instruction is checked whether, if it did not, so from redirecting label B to redirecting label E Between code segment be a loop structure.
4. a kind of Java code complicated based on controlling stream according to claim 3 obscures method, it is characterised in that:Tear open The process of open cycle structure is,
S21, defines the loop body for loop structure from the code segment redirected before label B to unconditional jump command N, and definition is followed The label B that redirects of the loop body that ring structure originally had is designated as B0, and the number of times for defining replication cycle body is k, enumerator i=0;
S22, i=i+1;
S23, inserted a loop body before unconditional jump command N, and the label that redirects of the loop body of insertion is designated as Bi;
Whether S24, judge i more than or equal to k, if it is not, then step S22 is gone to, if it is, going to step S25;
S25, removes unconditional jump command N, and in same position insertion code block D, the code block D is according to input and local Any one in state transition B0 to the Bk of variable.
5. a kind of Java code complicated based on controlling stream according to claim 4 obscures method, it is characterised in that: The process that opaque predicate set is inserted in the loop structure taken apart is,
S31, definition redirect label for B0, B1 ..., the condition predicate of the loop body of Bk be respectively Cal_A0, Cal_A1 ..., Cal_Ak;
S32, defines i=0;
S33, if i is less than or equal to k, goes to step S34, otherwise terminates;
S34, changes Cal_Ai, and from opaque predicate set some predicates are selected, and is combined with the predicate of script in loop body, ties Predicate after conjunction is true and false constant;
S35, i=i+1;Go to step S33.
6. a kind of Java code complicated based on controlling stream according to claim 5 obscures method, it is characterised in that:It is multiple The process of hydridization loop structure is,
S41, define loop structure loop body be C0, C1 ..., Ck;
S42, defines i=0;
S43, if i is less than or equal to k, goes to step S44, otherwise terminates;
S44, randomly adds the code related to opaque predicate in loop body Ci, and these codes do not change opaque predicate It is true and false;
S45, calls the function of construction directed acyclic graph, obtains DAG structures;
Each node in DAG structures is a position in loop body Ci, and each directed edge was represented from starting point institute's generation Epi-position puts the code segment representated by terminal between position;
S46, calculates a topological order TS of each directed edge in DAG;
S47, by code segment the loop body Ci of script is replaced according to topological order TS;
S48, finds the intersegmental interval of next code;
S49, if before interval close to code segment, without follow-up code segment execution in DAG structures, go to step S410, otherwise goes to step S411;
S410, inserts the end position of the loop body Ci that jump instruction jumps directly to be replaced in S47, goes to step S412;
S411, insertion condition or the condition related to input immediately, jump to be adjacent in DAG structures this code segment it On code segment afterwards;
S412, judges whether that the also intersegmental interval of code is not inserted into jump instruction, if it is, going to step S48, otherwise turns To step S423;
S423, i+=1, go to step S43.
CN201610891258.4A 2016-10-13 2016-10-13 It is a kind of that method is obscured based on the Java code for controlling stream complication Active CN106650339B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610891258.4A CN106650339B (en) 2016-10-13 2016-10-13 It is a kind of that method is obscured based on the Java code for controlling stream complication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610891258.4A CN106650339B (en) 2016-10-13 2016-10-13 It is a kind of that method is obscured based on the Java code for controlling stream complication

Publications (2)

Publication Number Publication Date
CN106650339A true CN106650339A (en) 2017-05-10
CN106650339B CN106650339B (en) 2019-06-11

Family

ID=58856777

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610891258.4A Active CN106650339B (en) 2016-10-13 2016-10-13 It is a kind of that method is obscured based on the Java code for controlling stream complication

Country Status (1)

Country Link
CN (1) CN106650339B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107992724A (en) * 2017-12-14 2018-05-04 四川大学 A kind of software security reinforcement means
CN108446542A (en) * 2018-02-12 2018-08-24 南京梆梆信息科技有限公司 A kind of source code based on semiology analysis obscures method and device
CN109409036A (en) * 2018-09-19 2019-03-01 苏州创旅天下信息技术有限公司 Control stream based on redundant code obscures method and device, storage medium and terminal

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101271397A (en) * 2007-03-23 2008-09-24 北京大学 Recognition method of nested loop structure

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101271397A (en) * 2007-03-23 2008-09-24 北京大学 Recognition method of nested loop structure

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
兑璐: "面向Java的反逆向技术的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
袁征 等: "构造一种新的混淆Java程序的不透明谓词", <北京邮电大学学报> *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107992724A (en) * 2017-12-14 2018-05-04 四川大学 A kind of software security reinforcement means
CN108446542A (en) * 2018-02-12 2018-08-24 南京梆梆信息科技有限公司 A kind of source code based on semiology analysis obscures method and device
CN108446542B (en) * 2018-02-12 2021-09-03 北京梆梆安全科技有限公司 Source code obfuscation method and device based on symbolic execution
CN109409036A (en) * 2018-09-19 2019-03-01 苏州创旅天下信息技术有限公司 Control stream based on redundant code obscures method and device, storage medium and terminal

Also Published As

Publication number Publication date
CN106650339B (en) 2019-06-11

Similar Documents

Publication Publication Date Title
Bird Pearls of functional algorithm design
CN107729725A (en) A kind of Android applications hardened system and method based on virtual machine instructions modification
CN107077337A (en) System and method for performing the application coding compiled according to two instruction set architectures
KR101234591B1 (en) Method for Anti-Encoding Android by Using Java Native Interface
CN105354449A (en) Scrambling and obfuscating method for Lua language and decryption method
CN106650339A (en) Control flow complication-based Java code obfuscation method
CN108363911B (en) Python script obfuscating and watermarking method and device
CN106599628A (en) Python byte code file protection method based on module hook
CN103761476A (en) Characteristic extraction method and device
CN103699820B (en) Obfuscating method for relative jump instruction
CN105787305A (en) Software protection method capable of resisting symbolic execution and taint analysis
CN105653949B (en) A kind of malware detection methods and device
JP2016525760A (en) Identify irrelevant code
CN104517044A (en) Method and device for protecting binary file from being decompiled
CN105718765A (en) Method for achieving code obfuscation through finite automaton
Gilio-Whitaker Idle no more and fourth world social movements in the new millennium
CN105808256A (en) Method and system for constructing legal stack return value by avoiding function call detection
Zhao et al. Compile-time code virtualization for android applications
CN104321774B (en) For the anti-reversing engineering and/or method alterred program, system and equipment
Banham Characters: Cultural Stories Revealed Through Typography. Stephen Banham, Rick Poynor
CN105488399A (en) Script virus detection method and system based on program keyword calling sequence
CN105793864A (en) System and method of detecting malicious multimedia files
Thakker et al. Gate jape grammar tutorial
Tofighi-Shirazi et al. Fine-grained static detection of obfuscation transforms using ensemble-learning and semantic reasoning
CN105912893A (en) Strengthening method based on Android system microinstruction just-in-time compilation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant