CN106650341A - Android application reinforcement method based on the process confusion technology - Google Patents

Android application reinforcement method based on the process confusion technology Download PDF

Info

Publication number
CN106650341A
CN106650341A CN201611026123.8A CN201611026123A CN106650341A CN 106650341 A CN106650341 A CN 106650341A CN 201611026123 A CN201611026123 A CN 201611026123A CN 106650341 A CN106650341 A CN 106650341A
Authority
CN
China
Prior art keywords
write
android
function
program
dex
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611026123.8A
Other languages
Chinese (zh)
Inventor
文伟平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan Dingyuan Bluesword Mdt Infotech Ltd
Original Assignee
Hunan Dingyuan Bluesword Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan Dingyuan Bluesword Mdt Infotech Ltd filed Critical Hunan Dingyuan Bluesword Mdt Infotech Ltd
Priority to CN201611026123.8A priority Critical patent/CN106650341A/en
Publication of CN106650341A publication Critical patent/CN106650341A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Abstract

The invention discloses an android application reinforcement method based on the process confusion technology. The method comprises an application encryption algorithm, a dynamic loading technique, a JNI programming technique, an integrity checking technology and a code mixing technology and so on. By changing the loading process of the source program the consolidated application program is difficult to reverse, the normal execution of the program isn't affected at the same time; the objectives of protecting copyright,preventing others from plagiarizing the intellectual achievements of the software and deliberate manipulation of software are attained. Comprise: a real dex file is encrypted with the AES encryption algorithm; writing a so function library decryApp.so and Function.so; Writing the pseudo-smali file to get the purpose of the loading process of the confused source program, comprise the integrity check of the source program and the dynamic loading of the real dex files. Using the technical scheme provided by this invention can effectively protect the android application copyright from reversing or tampering.

Description

Android application reinforcement means based on smali flow process obfuscations
Technical field
It is the present invention relates to Android application reinforcement means more particularly to a kind of based on smali flow process obfuscations Android application reinforcement means.
Background technology
In Internet era, with mobile intelligent terminal become increasingly popular and wideband high speed development, we Life be filled with the breath of internet almost everywhere.However, have the explorative terminal system with flexibility concurrently, and its in application Potential information security issue but may be impacted to links such as its user, bearer networks, particularly the reverse skill of software Art.Conversed analysis technology can be used to analyze the function flow of application program in the case where application source code is not known Journey, data code of application program etc. is distorted, if conversed analysis technology is used by malice without restriction, user can divide Analysis obtains the core technology of application program, it is also possible to distort the signature and author information of application program, can also be by malicious code It is injected in existing application program and is pretended by secondary packing, these behaviors all greatly compromises application program and open The interests of originator, seriously compromise the personal secrets of users, or even threaten the national security and social stability, hinder its health Development.
In android system, the application program write using Java language is compiled into java class file (.class Form);Android will not directly run these .class files, but the class file of these .class forms is compiled again Into dex forms, Android platform is transferred to run.So dex files are the cores of application program, being can not in installation kit Or scarce part.It is easily Java source code by decompiling, if without Jing but dex files are substantially Java bytecodes Cross and obscure process, readable Java source codes can easily be got by reverse-engineering, and then reach and steal Android application program Core logic code.
Code Obfuscation Security Technology is a kind of new technology for just developing in recent years and rising.For the first time system is carried out to Code obfuscation Research, at the end of the nineties in last century, is that developing rapidly for Java language causes the research boom to obfuscation. This is because it is Java source code that Java object codes-syllabified code (bytecode) is easy to by decompiling, this just compels highly necessary Seek the method for being effectively protected syllabified code.Most of work in this field is by Collberg, Thomborson, Low Make with Chenxi Wang.
Collberg has carried out detailed summary and classification to obscuring conversion for the first time, also proposes first and obscures conversion Some evaluation criterions of validity and performance.He will obscure conversion and be divided into four classes:Profile obscures conversion, control and obscures conversion, number According to obscuring conversion and preventative obscure conversion.
Chenxi Wang realize in the literature the several control on C language source code obscure conversion with data mix Confuse conversion.Wang give obscure conversion cause performance overload and obscure conversion to static analysis tools IBM NPIC The validity of tool and Rutger PAF toolkit.
Hohhl proposes to protect movement with black box (the time-limited black box) method with time restriction Agent.Here black box is just referred to obscures converted Agent programs.Reverse-engineering is carried out to mobile Agent, is made intentionally The discovery or modification of justice needs the regular hour, accordingly, limits the time that mobile Agent runs on destination host.Distributing Before mobile Agent, need that it is carried out to obscure conversion, the cost of reverse-engineering is which increased, so as to extend in purpose master Run time on machine.
Cullen Linn have studied object-code obfuscation technology from another angle, by the analysis to dis-assembling process, Obscuring method using one kind can obstruct reverse-engineering so that the assembly instruction for obtaining program is extremely difficult or can not be correctly obtained The assembly instruction of program.
In sum, although work on hand proposes some and scrambles method of obscuring, but only increases the difficulty of reverse reading Degree, is unable to veritably solve the problems, such as to prevent reverse.
The content of the invention
In order to overcome the above-mentioned deficiencies of the prior art, the present invention provides a kind of based on smali flow process obfuscations Android application reinforcement means, using AES, Dynamic loading technique, JNI (Java Native Interface, Java Local interface) programming technique, integrity checking techniques and Code Obfuscation Security Technology etc., by changing adding for Android application programs Current-carrying journey so that the application program after reinforcing is difficult to inversely, in addition, need to ensure to have no effect on normally holding for program after reinforcing OK;To reach protection copyright, prevent other people from plagiarizing the intellectual achievement in software or the autotelic purpose distorted is carried out to software.
The present invention provide technical scheme be:
A kind of Android applications reinforcement means, based on smali flow process obfuscations, compiles using encryption, dynamic load, JNI Journey, completeness check and Code obfuscation method, by the loading flow process for changing Android application source programs so that after reinforcing Application program is difficult to inversely, while ensureing the normal execution that program is had no effect on after reinforcing;Comprise the steps:
1) it is literary with the real dex of AES encryption algorithm for encryption before dynamic load Android applies real dex files Part, the dex file class.dex.jar after being encrypted;
2) so function libraries are write, following operation is performed;
21) decryption storehouse decrytApp.so is write using JNI, decryption function is write in dynamic link library, for decrypting Dex files after the encryption;
22) bottom core logic storehouse Function.so is write using JNI, the core logic of program is write on into dynamic link In storehouse;
3) pseudo- smali files are write, completeness check for program and to the dex files after encryption Class.dex.jar dynamic loads, thus reach the purpose of the loading flow process for obscuring source program, perform following operation:
31) integrity check of source program is carried out;
32) the real dex file class.dex.jar after dynamic load encryption;
Thus the reinforcing to Android applications is completed, the purpose of protection application program is reached.
For above-mentioned Android applications reinforcement means, further, step 1) the AES encryption algorithm by circulate into Row encryption, including many wheel AES encryption circulations computing is iterated;In addition to last wheel, AES encryption circulation is often taken turns all comprising following Step:
11) InvAddRoundKey, each byte in plaintext block does XOR with the second leg key;
12) byte replaces, the conversion of S boxes, and line replacement is entered to the byte in matrix with the mode of look-up table;
13) row displacement, by the row in matrix cyclic shift is carried out;
14) row are obscured, and to the row in matrix mixing transformation is carried out.
In an embodiment of the present invention, the key length of the AES encryption algorithm is set as 128, including 10 wheel iteration Computing.
For above-mentioned Android applications reinforcement means, further, step 2) specifically used Android NDK write DecrytApp.so and Function.so, comprises the steps:
A) java files are write, the function in local file is stated;
B) newly-built decryptApp.c files, write decryption function;
C) JNI entrance functions are write;
D) Android.mk files are write;
E) compiling generates so storehouses, including decrytApp.so and Function.so.
For above-mentioned Android applications reinforcement means, further, step 21) decryption function is write with C or C++, will solve Close function is write in dynamic link library.
For above-mentioned Android applications reinforcement means, further, step 31) the integrality inspection for carrying out source program Test, specifically include following steps:
311) calculate the verification of Android application programs and sentry's function is added in the application program;
312) before the application program commencement of commercial operation, first start sentry's function, recalculate the verification of application program With, and with verification before and contrasted;
313) when recalculate in 312) verified with 311) in verification with it is identical when, judgement obtains software and does not have It is tampered, continues to run with;When the two is different, judgement obtains software and is tampered, i.e., described Android is applied by secondary packing, Terminate operation.
Compared with prior art, the invention has the beneficial effects as follows:
The present invention provides a kind of Android application reinforcement means based on smali flow process obfuscations, calculates using encryption Method, Dynamic loading technique, JNI programming techniques, integrity checking techniques and Code Obfuscation Security Technology etc., by changing adding for source program Current-carrying journey so that the application program after reinforcing is difficult to inversely, in addition, need to ensure to have no effect on normally holding for program after reinforcing OK;To reach protection copyright, prevent other people from plagiarizing the intellectual achievement in software or the autotelic purpose distorted is carried out to software. Therefore, the technical scheme for being provided using the present invention, effectively can carry out copyright protection to Android application program, prevent it inverse To or distort.
Description of the drawings
Fig. 1 is the FB(flow block) of the Android application reinforcement means that the present invention is provided.
Fig. 2 is the FB(flow block) of integrity check in the embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings, the present invention is further described by embodiment, but limits the model of the present invention never in any form Enclose.
The present invention provides a kind of Android application reinforcement means based on smali flow process obfuscations, calculates using encryption Method, Dynamic loading technique, JNI programming techniques, integrity checking techniques and Code Obfuscation Security Technology etc., by changing adding for source program Current-carrying journey so that the application program after reinforcing is difficult to inversely, in addition, need to ensure to have no effect on normally holding for program after reinforcing OK;To reach protection copyright, prevent other people from plagiarizing the intellectual achievement in software or the autotelic purpose distorted is carried out to software.
As shown in figure 1, class.dex files are real dex files, for realizing the major function of program, it is encrypted to Class.dex.jar files.Function.so core libraries are dynamic link libraries, and for program bottom core logic functions are provided; DecrytApp.so is mainly used in realizing the decryption to class.dex.jar.
The inventive method writes pseudo- smali files, and compiling generates puppet dex files, the completeness check of main responsible program With to class.dex.jar dynamic loads.If program is not tampered with, after decryption is loaded by the way of dynamic load Dex files, can not otherwise load dex files.
The overall flow of the present invention is as shown in figure 1, comprise the steps:
1) before the real dex files of dynamic load, with classical AES AES (Advanced Encryption Standard, Advanced Encryption Standard) algorithm for encryption dex file, the dex files after being encrypted;
AES encryption algorithm is encrypted by circulation, including many wheel AES encryption circulations.In addition to last wheel, AES is often taken turns Encryption cycle all includes following four step:
11) InvAddRoundKey (AddRoundKey), each byte in matrix does XOR with current round key;
12) byte replaces (SubBytes), the method converted by S boxes, with the mode of look-up table to the byte in matrix Enter line replacement;
13) row displacement (ShiftRow), by the row in matrix cyclic shift is carried out;
14) row obscure (MixColumns), and to the row in matrix mixing transformation is carried out.
Therefore, when aes algorithm is realized, four steps above can respectively be corresponded to abstract four functions: AddRoundKey (state), SubBytes (state), ShiftRow (state) and MixColumns (state), wherein State is matrix.
2) so function libraries are write, following operation is performed:
Java applet can generate Java bytecode through compiling.And Java bytecode is easy to by reverse-engineering, although can To increase reverse difficulty using Code Obfuscation Security Technology, but, mixed latent technology can not thoroughly prevent reverse-engineering.Therefore we can With using prior code in C/C++ codings, using its difficulty by it is reverse the characteristics of reaching the mesh of defence program source code 's.In addition, the code write using C/C++ does not need the explanation operation of Dalvik virtual machine, imitates with higher operation Rate, can perform speed of service during complex task with faster procedure.Therefore, the present invention adopts the bottom chain of C/C++ codings Storehouse is connect, and these bottom dynamic link libraries are called in upper layer identification code using JNI technologies.
21. using JNI write decryption storehouse decrytApp.so, for decrypt it is encrypted after dex files;
The function that dass.dex.jar is decrypted is write with C/C++ in the present invention, is finally compiled into decrytApp.so.Why decryption function is write in dynamic link library, be because if directly write on decryption logic In Java files, attacker can obtain decrypted code by decompiling, the method so as to obtain decryption.
22. write bottom core logic storehouse Function.so using JNI;
It is the bottom core code of application program in Function.so storehouses, is the key point of whole application program.By journey The core logic of sequence is write in dynamic link library, and important algorithm, core technology etc. can be protected not to be stolen by reverse-engineering Take.Therefore, in Scheme of Strengthening of the present invention, the logic of core is write in Function.so, defends decompiling.
3) pseudo- smali files are write, pseudo- smali is mainly responsible for the completeness check of program and class.dex.jar is moved State is loaded, and reaches the purpose of the loading flow process for obscuring source program, performs following operation:
31. integrity checks for carrying out source program, concrete steps such as Fig. 2;
Completeness check is a kind of technology for preventing software to be tampered.Main mechanism is exactly the school of calculated in advance application program Test and, then in a program add sentry's function, before program commencement of commercial operation, first start sentry's function, recalculate application The verification of program and, and with verification before and contrasted.If both are the same, it are judged as software and are not tampered with, continues Operation;If different, it be considered as software and be tampered, operation is terminated immediately.
Whether completeness check can well detect Android applications by secondary packing.Any apk files, even only It is to be distorted by a bit, the verification calculated and all can be different.Hence with completeness check, application can be effectively prevented It is inserted into the attack meanses such as malicious code, product placement.
32. dynamic loads class.dex.jar;
The body code of program is all in real dex files, and this dex file is needed when not being program startup The file to be run, it is possible to be encrypted to it, generates class.dex.jar, then dynamically loads again class.dex.jar.File through encrypting has very high security, if attacker does not have key, it is difficult to crack File.So, attacker directly cannot pass through the code encrypted by conversed analysis, so as to reach the purpose of protection application program.
Below by example, the present invention will be further described.
Embodiment:
Aes algorithm:
The key length of aes algorithm is very flexible, can be any one in 128,192 and 256.Different is close The computing wheel number of the different AES of key length correspondence, usual 128 keys need computing 10 to take turns, and 192 need computing 12 to take turns, 256 need computing 14 to take turns.General wheel number is more, and the difficulty being cracked is also bigger, but the time of computing is also longer.Consider The present invention is to be based on Android platform, and its internal memory and disposal ability are all extremely limited, therefore key length should not select long. And at the beginning of aes algorithm is established, 6 wheel interative computations just can resist at that time known all attacks in the world.Therefore in the present invention In, the key length of aes algorithm is set as 128.
Aes algorithm needs to take turns interative computations through 10 altogether, and often takes turns computing and be all made up of four steps, therefore can be with As follows the process of enciphering/deciphering is realized that code is as follows with C language code.
(1) encrypt
(2) decrypt
Android system supports NDK (Native Development Kit, Android primary development kit) programmings, this JNI programming techniques write on decryption function in dynamic link library decryptApp.so used in invention, when program is run Wait, dynamic decryption is carried out to dex files.The efficiency of decryption can be so improved, and the characteristic of C language can be utilized, it is ensured that decryption The safety of process.
So function libraries:
We are as follows using the general procedure that Android NDK develop decrytApp.so and Function.so:
1. write java files, state the function in local file (by taking decrytApp.so storehouses as an example)
System.loadLibrary(“decryApp”);// loading dynamic link library decrytApp.so
native boolean jnicheckApp();// statement primary the function corresponding with decrytApp.c
2. newly-built decryptApp.c files, write decryption function
Such as minor function is stated hereof, and the effect of function is decryption class.dex.jar, according in android system The rule that JNI is called, function name needs corresponding with the function name in Java files:JNIEXPORT jboolean NICALL Java_com_bupt_testjni_decrytAppJnicheckApp (JNIENV*env, jobject this) { };
3. JNI entrance functions are write
JNI-OnLoad () and JNI_OnUnLoad () function are the entrance functions of dynamic link library, when Dalvik it is virtual When machine goes to System.loadLibrary () function, the entrance function in C files can be first carried out, it can tell Which JNI version Dalvik virtual machine uses, if without entrance function in dynamic link library, virtual machine can be given tacit consent to using most Old JNI1.1 versions.And we are also required to carry out some some initialized operations in entrance function.JNI—OnLoad The compiling form of function is as follows:
4. Android.mk files are write
Android.mk files describe the local source of engineering to NDK compiling systems, mainly transmit following several parameters:
LOCAL_PATH:=$ (call my-dir)/project//engineered paths
LOCAL_SRC_FILES:The title of=decrytApp.c//local C files
LOCAL_MODULE:The title of=decrytApp//dynamic link library to be compiled
5. compiling generates so storehouses
Ndk compilation scripts under operation engineering catalogue, compile local C/C++ codes.Compilation script " ndk-build " file Under the root of NDK files, specified path is needed when operation.After the completion of operation, will be under the libs catalogues of engineering Generate decrytApp.so storehouses.
6. compiling packing application
Most after image compiling common applications are the same, with the instrument compiling engineering in SDK.SDK compilation tools will be so Storehouse is packed in the apk files of application program, then just can normally run application program.
By the way of NDK programmings, important code can be stored in C/C++ dynamic link libraries, then in Java generations So storehouses of bottom are called in code using JNI technologies.The function of applying so can be both realized, can prevent to be compiled using Java language again The code write, easily by reverse hidden danger, is a kind of software protection measure of break-in.In addition, important code is write so storehouses In, moreover it is possible to increase the reusability of code, in other application, ready-made so storehouses can be introduced directly into, eliminate secondary Jian next time The trouble sent out.
Completeness check:
The application signature mechanism provided in android system, is substantially exactly a kind of completeness check.And, Android System specifies that all applications being installed in Android device all have to pass through signature.Therefore, we can be signed using application Name mechanism is realizing the function of completeness check.
Digital signature needs a digital certificate, but this digital certificate and need not be authoritative digital certificate signature mechanism Certification, it is used only to allow application package self identity, therefore the signature instrument that can be carried using Android SDK Keytool and signapk is application signature.Digital certificate is used for the author of identification application and is being answered by Android With setting up trusting relationship between program.The private steel of digital certificate is stored in the hand of program Jian originator, and public key is beaten with application Wrap in apk.
In view of digital certificate is developer oneself generate, therefore, the identity of software publishing person can only be held by oneself, be Uniquely.If other people keys without developer, it is impossible to produce the digital certificate as developer.Therefore, develop The method that person can in a program add detection publisher identity, before program is really run, the publisher of proving program, such as Fruit meets, then continue to run with;If do not met, program is out of service.
Using the integrity checking techniques of contrast publisher identity, the step of whether an application is tampered such as Fig. 2 judged It is shown:
1) signature of application program is obtained
Android provides the method for obtaining application signature information, by calling PackageManager's GetPackageInfo (packageName, PackageManager.GET_SIGNATURES) method, it is possible to be applied Signing messages.Core code is as follows:
Packagelnfo pinfo=this.getPackageManager () .getPackageInfo (packageName, PackageManager.GET_SIGNATURES);
Signature [] s=pInfo.signatures;
Signature sign=signs [0];
What is stored in sign is exactly the signing messages of application program.
2) information of the publisher of the signing certificate of application is obtained;
Using author can be application signature when issue is applied, all.Signature certificate used is author locally with Keytool is generated, therefore the publisher of certificate is author.If program is by secondary packing, through recompilating, then k Certificate used by secondary signature is exactly the certificate of attacker, and the publisher of certificate has reformed into attacker.Therefore we can pass through Whether the relatively publisher of certificate is judging using by secondary packing.
So we need the publisher for obtaining certificate, core code is as follows:
CertificateFactory certFactory=CertificateFactory.getInstance (" X.509");
X509Certificate cert=(X509Certificate) certFactory.generateCertificate(new
ByteArrayInputStreain(sign.toByteArray());
String Issuer=cert.getIssuerDN () .toString ();
Issuer is exactly the publisher of digital certificate.
3) information of the publisher of the original certificate of application is obtained, the information of Liang Ge publishers is contrasted, whether application is judged By secondary packing;
We can preserve the issuer information of original certificate hereof in the form of character string.But so exist Potential safety hazard, " may be found " by attacker, so as to be modified to the information of attacker oneself construction.Therefore, we are from clothes Business end obtains in real time the issuer information of original certificate, or the issuer information of original certificate is encrypted, and ciphertext is stored in Locally, when contrast is needed, first it is decrypted.
The information of contrast Liang Ge publishers, publisher and the official of the certificate carried according to current application obtain publisher Whether comparative result, judge using by secondary packing.If both are different, judge that current application is changed, sentry Function can just stop the operation of program.
Dynamic load dex file, obtains class therein:
Dalvik virtual machine is different from the Java Virtual Machine of standard, and standard Java virtual machine operation is Java bytecode, And the Dalvik bytecodes through conversion of Dalvik virtual machine operation, the i.e. file of .dex forms.It is thus impossible to as standard Java Virtual Machine like that, directly realizes the dynamic load of class by the ClassLoader in Java.Dalvik virtual machine passes through Two classes of DexClassLoader and PathClassLoader realize the dynamic load of class.
Dynamic load realize process approximately as:
1) the dex files to be loaded into through encrypting are taken.Dex files can be stored in SD card, it is also possible to from service End is downloaded, can be with the packing in the form of resource file in the application.
2) pseudo-program is run, process is decrypted to dex files.
3) the dex files for program after the decryption of DexClassLoader dynamic loads.
4) by Java reflex mechanisms, the example of class is obtained.
The example code of dynamic loading type is as follows:
(1) dynamic load code
(2) calls tool class is reflected
By above step, program operationally dynamic load dex file is achieved that, and obtains class therein, entered And the body code of configuration processor.
It should be noted that the purpose for publicizing and implementing example is help further understands the present invention, but the skill of this area Art personnel be appreciated that:In without departing from the present invention and spirit and scope of the appended claims, various substitutions and modifications are all It is possible.Therefore, the present invention should not be limited to embodiment disclosure of that, and the scope of protection of present invention is with claim The scope that book is defined is defined.

Claims (6)

1. a kind of Android applications reinforcement means, based on smali flow processs method is obscured, and is compiled using encryption, dynamic load, JNI Journey, completeness check and Code obfuscation method, by the loading flow process for changing Android application source programs so that after reinforcing Application program is difficult to inversely, while ensureing the normal execution that program is had no effect on after reinforcing;Comprise the steps:
1) before dynamic load Android applies real dex files, with the real dex files of AES encryption algorithm for encryption, Dex file class.dex.jar after being encrypted;
2) so function libraries are write, following operation is performed;
21) decryption storehouse decrytApp.so is write using JNI, decryption function is write in dynamic link library, it is described for decrypting Dex files after encryption;
22) bottom core logic storehouse Function.so is write using JNI, the core logic of program is write in dynamic link library;
3) pseudo- smali files are write, completeness check for program and the dex files class.dex.jar after encryption is moved State is loaded, and thus reaches the purpose of the loading flow process for obscuring source program, performs following operation:
31) integrity check of source program is carried out;
32) the real dex file class.dex.jar after dynamic load encryption;
Thus the reinforcing to Android applications is completed, the purpose of protection application program is reached.
2. Android applications reinforcement means as claimed in claim 1, is characterized in that, step 1) the AES encryption algorithm is by following Ring is encrypted, and including many wheel AES encryption circulations computing is iterated;In addition to last wheel, often take turns AES encryption circulation and all include Following steps:
11) InvAddRoundKey:Each byte in plaintext block does XOR with the second leg key;
12) byte replaces:By S box transform methods, line replacement is entered to the byte in matrix with the mode of look-up table;
13) row displacement:Cyclic shift is carried out to the row in matrix;
14) row are obscured:Mixing transformation is carried out to the row in matrix.
3. Android applications reinforcement means as claimed in claim 2, is characterized in that, the key length of the AES encryption algorithm sets It is set to 128, including 10 wheel interative computations.
4. Android applications reinforcement means as claimed in claim 1, is characterized in that, step 2) specifically used Android NDK volumes DecrytApp.so and Function.so is write, is comprised the steps:
A) java files are write, the function in local file is stated;
B) newly-built decryptApp.c files, write decryption function;
C) JNI entrance functions are write;
D) Android.mk files are write;
E) compiling generates so storehouses, including decrytApp.so and Function.so.
5. Android applications reinforcement means as claimed in claim 1, is characterized in that, step 21) write decryption letter with C or C++ Number, decryption function is write in dynamic link library.
6. Android applications reinforcement means as claimed in claim 1, is characterized in that, step 31) described carry out the complete of source program Property inspection, specifically include following steps:
311) calculate the verification of Android application programs and sentry's function is added in the application program;
312) before the application program commencement of commercial operation, first start sentry's function, recalculate application program verification and, and With verification before and contrasted;
313) when recalculate in 312) verified with 311) in verification with it is identical when, judgement obtains software and is not usurped Change, continue to run with;When the two is different, judgement obtains software and is tampered, i.e., described Android is applied by secondary packing, terminates Operation.
CN201611026123.8A 2016-11-18 2016-11-18 Android application reinforcement method based on the process confusion technology Pending CN106650341A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611026123.8A CN106650341A (en) 2016-11-18 2016-11-18 Android application reinforcement method based on the process confusion technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611026123.8A CN106650341A (en) 2016-11-18 2016-11-18 Android application reinforcement method based on the process confusion technology

Publications (1)

Publication Number Publication Date
CN106650341A true CN106650341A (en) 2017-05-10

Family

ID=58807829

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611026123.8A Pending CN106650341A (en) 2016-11-18 2016-11-18 Android application reinforcement method based on the process confusion technology

Country Status (1)

Country Link
CN (1) CN106650341A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107169324A (en) * 2017-05-12 2017-09-15 北京理工大学 A kind of Android application reinforcement means based on dynamic encryption and decryption
CN108733379A (en) * 2018-05-28 2018-11-02 常熟理工学院 The Android application reinforcement means that mapping is obscured is detached based on DEX bytecodes
CN108985012A (en) * 2018-06-15 2018-12-11 中国建设银行股份有限公司 The method and system of authorization protection are carried out to JAVA software
CN109165503A (en) * 2018-06-22 2019-01-08 湖南鼎源蓝剑信息科技有限公司 The method for distinguishing background thread permission and UI thread permission based on RASP
CN109241707A (en) * 2018-08-09 2019-01-18 北京邮电大学 Application program obscures method, apparatus and server
CN109543369A (en) * 2018-11-23 2019-03-29 杭州哲信信息技术有限公司 A kind of guard method of DEX
CN109766717A (en) * 2018-12-26 2019-05-17 北京思源互联科技有限公司 A kind of static resource guard method and its device based on dynamic link library
CN110610097A (en) * 2019-09-09 2019-12-24 杭州天宽科技有限公司 File transmission security system based on android application
CN110866226A (en) * 2019-11-15 2020-03-06 中博信息技术研究院有限公司 JAVA application software copyright protection method based on encryption technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102221990A (en) * 2011-05-26 2011-10-19 山东大学 Instruction optimization method and processor for AES (Advanced Encryption Standard) symmetric encryption algorithm
CN104111832A (en) * 2014-07-03 2014-10-22 北京思特奇信息技术股份有限公司 Android application program installation package packing method and system and unpacking method
CN104408337A (en) * 2014-11-18 2015-03-11 刘鹏 Reinforcement method for preventing reverse of APK (Android package) file
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN104866734A (en) * 2014-02-25 2015-08-26 北京娜迦信息科技发展有限公司 DEX (Dalvik VM executes) file protecting method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102221990A (en) * 2011-05-26 2011-10-19 山东大学 Instruction optimization method and processor for AES (Advanced Encryption Standard) symmetric encryption algorithm
CN104866734A (en) * 2014-02-25 2015-08-26 北京娜迦信息科技发展有限公司 DEX (Dalvik VM executes) file protecting method and device
CN104111832A (en) * 2014-07-03 2014-10-22 北京思特奇信息技术股份有限公司 Android application program installation package packing method and system and unpacking method
CN104408337A (en) * 2014-11-18 2015-03-11 刘鹏 Reinforcement method for preventing reverse of APK (Android package) file
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李萍: "Android应用防篡改机制的研究", 《天津中德职业技术学院学报》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107169324A (en) * 2017-05-12 2017-09-15 北京理工大学 A kind of Android application reinforcement means based on dynamic encryption and decryption
CN108733379A (en) * 2018-05-28 2018-11-02 常熟理工学院 The Android application reinforcement means that mapping is obscured is detached based on DEX bytecodes
CN108985012A (en) * 2018-06-15 2018-12-11 中国建设银行股份有限公司 The method and system of authorization protection are carried out to JAVA software
CN109165503A (en) * 2018-06-22 2019-01-08 湖南鼎源蓝剑信息科技有限公司 The method for distinguishing background thread permission and UI thread permission based on RASP
CN109165503B (en) * 2018-06-22 2021-09-24 湖南鼎源蓝剑信息科技有限公司 Method for distinguishing background thread permission and UI thread permission based on RASP
CN109241707A (en) * 2018-08-09 2019-01-18 北京邮电大学 Application program obscures method, apparatus and server
CN109543369A (en) * 2018-11-23 2019-03-29 杭州哲信信息技术有限公司 A kind of guard method of DEX
CN109766717A (en) * 2018-12-26 2019-05-17 北京思源互联科技有限公司 A kind of static resource guard method and its device based on dynamic link library
CN110610097A (en) * 2019-09-09 2019-12-24 杭州天宽科技有限公司 File transmission security system based on android application
CN110866226A (en) * 2019-11-15 2020-03-06 中博信息技术研究院有限公司 JAVA application software copyright protection method based on encryption technology

Similar Documents

Publication Publication Date Title
CN106650341A (en) Android application reinforcement method based on the process confusion technology
US10176324B2 (en) System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms
Jung et al. Repackaging attack on android banking applications and its countermeasures
Egele et al. An empirical study of cryptographic misuse in android applications
CN102576391B (en) Software license embedded in shell code
US7254586B2 (en) Secure and opaque type library providing secure data protection of variables
JP2019505887A (en) Mobile device with reliable execution environment
WO2015026091A1 (en) Method for providing security for common intermediate language-based program
Backes et al. AppGuard–Fine-grained policy enforcement for untrusted Android applications
Cappaert et al. Towards tamper resistant code encryption: Practice and experience
KR20100066404A (en) Method and apparatus for the secure processing of confidential content within a virtual machine of a processor
US20170116410A1 (en) Software protection
Piao et al. Server‐based code obfuscation scheme for APK tamper detection
Banescu et al. A tutorial on software obfuscation
Falcarin et al. Exploiting code mobility for dynamic binary obfuscation
Bauman et al. Sgxelide: enabling enclave code secrecy via self-modification
Cappaert Code obfuscation techniques for software protection
Averbuch et al. Truly-protect: An efficient VM-based software protection
Demsky Cross-application data provenance and policy enforcement
Wang et al. Running language interpreters inside sgx: A lightweight, legacy-compatible script code hardening approach
Fu et al. A watermark-aware trusted running environment for software clouds
Cappaert et al. Self-encrypting code to protect against analysis and tampering
Xu et al. N-version obfuscation
Monden et al. A framework for obfuscated interpretation
Maskur et al. Implementation of obfuscation technique on PHP source code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170510

RJ01 Rejection of invention patent application after publication