CN106909672B - Method for generating and loading specific project file based on WPF technology - Google Patents
Method for generating and loading specific project file based on WPF technology Download PDFInfo
- Publication number
- CN106909672B CN106909672B CN201710115426.5A CN201710115426A CN106909672B CN 106909672 B CN106909672 B CN 106909672B CN 201710115426 A CN201710115426 A CN 201710115426A CN 106909672 B CN106909672 B CN 106909672B
- Authority
- CN
- China
- Prior art keywords
- file
- byte
- data
- project
- array
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/172—Caching, prefetching or hoarding of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/168—Details of user interfaces specifically adapted to file systems, e.g. browsing and visualisation, 2d or 3d GUIs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A method for generating and loading a specific project file based on WPF technology comprises the following steps: backup and storage of source data; compressing source data in a zip mode; acquiring the value of the file MD 5; all the hexadecimal bytes are reversely processed; setting a suffix name and performing core encryption processing; loading a case item file; reversely decrypting the project file; extracting valid data in the source data; the WPF display technology is combined with the map and the time line to accurately display the data, and the method has the beneficial effects that: the project file is a single file, so that the project data can be conveniently loaded and displayed; case items that are better than folder-wise when copying mobile data; a unique multiple encryption mode is adopted, so that the project file is prevented from being tampered while the integrity of the project file is ensured; the universality is strong, and the transplantation is convenient; the WPF interface is simpler and more visual, and is convenient for research and judgment.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method for generating and loading a specific project file based on a WPF technology.
Background
The most adopted project preservation mode among friends in the field of mobile phone forensics is as follows: the data table in the program is directly serialized into files in xml format or json format, then the files are stored in a unified folder (namely a case folder), a case-loaded project file is set in the folder, the file is directly loaded when the case is loaded, and then other data files in the current folder are retrieved, so that the purpose of loading the previous case is achieved. The generation and loading of such project files have the following risks:
1. for case items in the evidence obtaining industry, files with extracted data in a plaintext mode are directly stored, the content is easy to tamper, and the case authenticity cannot be guaranteed;
2. cases exist in a folder form, and files in the folder are easy to lose, so that case items cannot be loaded or the contents of the case items are incomplete;
3. most of the loading project data is automatically executed in a program, project files saved by other computers cannot be manually selected and loaded, and the project flexibility is low;
4. only the data set displayed on the program interface is saved, and the original file backed up from the equipment is not saved and cannot be used as the key evidence of the evidence collection.
The technical terms used in the present invention are:
ZIP: is an algorithm for compression of computer files, known as Deflate (vacuum), the inventor Phil Katz (Phil Katz), who published the data in this format in 1 month 1989. ZIP usually uses the suffix ". ZIP". Currently, the ZIP format belongs to one of several mainstream compression formats, and compared with the ZIP format, the RAR format has a higher compression ratio, but the compression time is far higher than that of the ZIP format. Since the device backups and extracts a large amount of file data and requires compression time as fast as possible, a ZIP compression mode rather than an RAR compression mode is selected in the method.
Wpf (windows Presentation foundation): is a Windows Vista-based user interface Framework launched by Microsoft and belongs to a part of NET Framework 3.0. The method provides a uniform programming model, language and framework, and really does the work of separating interface designers and developers; at the same time, it provides a new multimedia interactive user graphical interface.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for generating and loading a specific project file based on a WPF technology, which can effectively solve the problems in the prior art.
A method for generating and loading a specific project file based on WPF technology comprises the following steps:
s1: backup and storage of source data; the method adopts two different extraction modes of USB and WIFI, increases the links of the creation time and the final modification time of data on the identification equipment, and modifies the real creation time, namely the final modification time, of the backup file backed up to the local on the equipment after the backup file is backed up to the local to obtain a file consistent with the original data of the equipment;
s2: compressing source data in a zip mode, and using a recursive algorithm of a compressed folder;
after a folder path needing to be compressed is input by using a third-party zip compression library, searching folders and files under the current path, calling the algorithm again for recursive search if the folder path is the current path, opening the files in a file flow mode if the folder path is the current path, refreshing the names and sizes of the files which interact with an interface and are currently compressed in a ZipEntry object written in the compression library, and most importantly, calling the following method to save the final modification time of the original files when the files are completely compressed;
FileInfo fileINFO=new FileInfo(file);
entry.DateTime=fileINFO.LastWriteTime.ToUniversalTime();
s3: acquiring a file MD5 value, wherein S3 calculates MD5 by asynchronous blocks, and firstly, a data buffer block int buffer size is set to 1048576; opening data of the size of the file asynchronous read buffer block to calculate the value of MD5, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file, and circularly setting a data buffer block int buffer size 1048576; opening the data of the size of the asynchronous reading buffer block of the file again to calculate the MD5 value, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file until the MD5 value of the whole file is calculated, and finally returning the MD5 value of a 32-bit string;
twenty threads are designed to simultaneously execute MD5 value calculation, a global identifier of a file calculation position and a thread mutual exclusion lock are designed, and the MD5 value of the large file is calculated in the shortest time by utilizing the CPU calculation capacity to the maximum extent;
s4: and (3) performing reverse processing on all the hexadecimal bytes, and performing reverse operation on the byte stream:
first, a byte buffer is set: byte [ ] inSertData ═ new byte [2048], while setting the encrypted initial size value: int completedLength is 0, and the total size of the encrypted file is long inFileSize is src stream.
And finally, starting to execute a core algorithm of reverse processing: each time 2KB of data in the file is read, it is converted into a byte [ ] array, and then each byte in the array performs: inSertData [ i ] ═ byte (byte) (byte. maxvalue-inSertData [ i ]) operation; the completedLength plus byte [ ] array size is used for comparing with the total size of the inFileSize file, if the size is smaller than the inFileSize file, the next 2KB data of the read file is recycled to carry out the same operation, if the size is equal, the end byte of the file is read, and the reverse operation is finished;
s5: setting a suffix name and performing core encryption processing, namely encrypting the byte stream again according to a suffix name of the item file defined in the program and writing an MD value of the file;
s51: acquiring byte calculation and encryption codes of the suffix names of the project files:
acquiring a character string of a suffix name of the project file, acquiring a byte array 1 from the character string, accumulating numbers in the array, and dividing by 10 to obtain a remainder, wherein the remainder is a suffix encryption code of the project file; then carrying out XOR processing on the new byte stream array obtained in the S4 and the remainder to obtain an array 2;
s52: adding an item suffix identification into the new byte stream, and adding a suffix array into the forefront of the file array by using the encrypted byte array 2 and the suffix byte array 1 obtained in S1 to obtain an array 3;
s53: writing an MD5 value in the byte stream, obtaining an MD5 value which is a 32-bit character string in S3, and converting the character string into a byte array with a 128-bit byte array; according to the suffix encryption code in S51 and the new byte stream array 3 in S52, the 128-bit MD5 byte array is inserted into the reciprocal of the new byte stream to obtain a final byte stream, triple encryption is completed, and the final byte stream is written into the exported project file, namely the whole project file is manufactured;
s6: loading the case project file, and judging whether the file is a project file; opening the selected project file, opening the acquired byte array in a file stream mode, starting to read a 0-3-bit byte array Newarray, comparing whether the Newarray is equal to the suffix name byte array 2, if so, removing the suffix name byte array from the project file, and continuing to perform the next step, and if not, prompting that the file is not the readable project file;
s7: reversely decrypting the project file;
s71: obtaining MD5 value of project file
Obtaining a suffix encryption code by referring to the step S51 based on the suffix name byte array 2 of the item file obtained in the step S6; opening the project file in a file flow mode, finding the last 3 rd byte of the file, reading 128 byte arrays forwards and removing the arrays from the file, converting the MD5 value arrays of the 128 byte arrays into a character string type to obtain 32-bit MD5 character strings, and keeping the MD5 value for subsequent file proofreading after decryption;
s72: exclusive or reverse decryption processing of a file byte stream
The suffix encryption code and the XOR encryption algorithm in the S51 are referred to decrypt all the project files;
the reverse operation of the byte array in the S4 is referred to, and then the project file is decrypted;
s8: extracting valid data from the data source, wherein the detailed step of S8 is as follows:
s81: decompressing project files
According to the decrypted project file in the step S72, the suffix name of the file is modified to be zip, then a zip decompression algorithm is called to decrypt the file, and in the decryption process, the last modification time for modifying the original file needs to be saved, so that the accuracy of the behavior time for extracting data later is ensured;
s82: extracting behavior and location information in project files
Important data of the application in which the data possibly exists are retrieved and extracted through a C + + algorithm, a Json data table is returned from a background at the bottom layer, and the data are sequenced and displayed through background data bound through a WPF interface;
s9: accurately displaying data by combining a WPF display technology with a map and a time line;
s91: embedding a WPF interface into a map plug-in, firstly packaging off-line pictures of a map off-line server, completely writing the maps into a db database, and loading map display of the interface by using the retrieved positioning points when the WPF software interface is started;
s92: and displaying the data, and displaying all the extracted data on the interface according to the analysis data in the step of S82.
Preferably, the USB in S1 is extracted as: the Android equipment starts a USB debugging mode, calls an adb.exe program to copy equipment files to the local, and then copies the equipment files after modifying executable authority under the condition that the authority of the files is insufficient; the iOS device calls an iTunes device service to backup to a local computer, and the iTunes backup file data is analyzed;
the WIFI extraction is as follows: the PC program starts socket monitoring to serve as a server, and the mobile equipment end is connected to the PC server in a code scanning mode in a client mode of installing an App. After monitoring the connection of the client, the PC side starts a data transmission command to execute the operation of the backup file;
local storage and equipment information fixation are as follows: the local file is stored in a user-specified position or a program default storage position, data backup extraction can be simultaneously carried out on a plurality of devices, unified identification can be carried out after backup is finished, and various information of the devices can be stored, so that identification of the backup files of the devices can be conveniently carried out when project files are loaded.
Preferably, in S4, the block division and segmentation process is performed on the large item file, and a multithreading mode is adopted, where Byte is Byte: the value is 0 to 255.
Preferably, the suffix name encryption in the encryption processing method in S5 is suitable for multi-software migration project file processing, and the suffix names of different project files are set and project export of different software can be completed.
Preferably, in S91, if the map is found in the db database of the offline map, the map is loaded locally, if not, the offline map is downloaded through the internet, and the offline map is saved for the next map retrieval.
Compared with the prior art, the invention has the advantages that:
1. the project file is a single file, so that the project data can be loaded and displayed in different computers provided with the same evidence obtaining software conveniently;
2. case items in a single file manner are significantly better than case items in a folder manner when copying mobile data;
3. the project file is encrypted and analyzed by adopting a unique multiple encryption mode, so that the integrity of the project file is ensured, and the project file is prevented from being tampered to influence the authenticity of the extracted data;
4. after the project file suffix name is modified by the project file encryption algorithm (the encryption algorithm encrypts the whole data set according to the file suffix name), the universality is strong, and the method is convenient to transplant to other software for use.
5. The project files contain original file data recovered during extraction, the original data can be re-analyzed during loading, along with the version upgrade of the evidence obtaining software, more and more data extracted from high versions can be obtained, and the method is distinguished from a traditional project folder mode in the core algorithm of generation and loading of case projects.
6. The WPF interface display technology is used for loading and displaying the project file, and the analyzed behavior track data is more concise and visual to display and is convenient to study and judge;
drawings
FIG. 1 is an interface display diagram according to an embodiment of the present invention.
Detailed Description
For the purposes of the present invention: technical solutions and advantages of the present invention will be more clearly understood from the following detailed description of the present invention.
A method for generating and loading a specific project file based on WPF technology comprises the following steps:
s1: backup and storage of source data; two different extraction modes of USB and WIFI are adopted, and the requirement for collecting and extracting data under different hardware environments is met. The links of identifying the creation time and the last modification time of the data on the device are increased, because when the backup device file is sent to a local computer, the last modification time of the backup file can be automatically set as the current copy time. And when the backup files are backed up to the local, the real creation time of the backup files backed up to the local on the equipment, namely the final modification time, is modified to obtain files consistent with the original data of the equipment, thereby laying a foundation for the authenticity of the evidence obtaining information and creating possibility for making the source data into a project capable of repeatedly extracting data.
USB extraction: the Android equipment starts a USB debugging mode, calls an adb.exe program to copy equipment files to the local, and then copies the equipment files after modifying executable authority under the condition that the authority of the files is insufficient;
the iOS device calls the iTunes device service to backup to the local computer first, and then analyzes the file data backed up by the iTunes.
And (3) WIFI extraction: the PC program starts socket monitoring to serve as a server, and the mobile equipment end is connected to the PC server in a code scanning mode in a client mode of installing an App. And the PC side monitors the connection of the client side and then starts a data transmission command to execute the backup file operation.
Local saving and equipment information fixing: the local file is stored in a user-specified position or a program default storage position, data backup extraction can be simultaneously carried out on a plurality of devices, unified identification can be carried out after backup is finished, and various information of the devices can be stored, so that identification of the backup files of the devices can be conveniently carried out when project files are loaded.
S2: compressing source data in a zip mode, and using a recursive algorithm of a compressed folder;
using a third party zip compression library ICSharpCode SharpZipLib.dll, after inputting a folder path needing to be compressed, starting to retrieve a folder and a file under the current path, if the folder is the folder, calling the algorithm again for recursive retrieval, if the folder is the file, starting to open the file in a file flow mode, and in a ZipEntry object written in the compression library, refreshing the name and the size of the file which is currently compressed and interacted with an interface, most importantly, when the file is compressed, calling the following method to save the final modification time of the original file.
FileInfo fileINFO=new FileInfo(file);
entry.DateTime=fileINFO.LastWriteTime.ToUniversalTime();
S3: obtaining file MD5 value
The algorithm for acquiring the MD5 value of the large file is as follows:
since it takes a long time to calculate the MD5 value of a large file, a method of calculating MD5 by asynchronous blocks is adopted, and a data buffer block int buffer size is set 1048576; i.e., 1024 × 1024 bytes ═ 1MB of buffer space. Opening data of the size of the file asynchronous read buffer block to calculate the value of MD5, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file, and circularly setting a data buffer block int buffer size 1048576; and opening the data of the size of the asynchronous read buffer block of the file again to calculate the MD5 value, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file again until the MD5 value of the whole file is calculated, and finally returning the MD5 value of a 32-bit string.
Asynchronous multithreaded computation MD5 is as follows:
the execution time of one thread executing MD5 is longer when the file is larger, in order to solve the performance problem, twenty threads are designed to simultaneously execute MD5 value calculation, a global identifier and a thread mutual exclusion lock of a file calculation position are designed, and the MD5 value of the large file is calculated in the shortest time by utilizing the CPU calculation capacity to the maximum extent.
S4: full reverse processing of hexadecimal bytes
This is the first re-encryption process of the project file, and the reverse direction of bytes, and when the project file is large, the block and segment process is also needed, and the multithreading mode is also adopted, Byte is Byte: the value is 0 to 255.
Performing a reverse operation of the byte stream:
first, a byte buffer is set: byte [ ] inSertData ═ new byte [2048], i.e., 2KB of byte array space, while setting the encrypted initial size value: int completedLength is 0, and encrypted file total size longinFileSize is src stream length.
And finally, starting to execute a core algorithm of reverse processing: each time 2KB of data in the file is read, it is converted into a byte [ ] array, and then each byte in the array performs: inSertData [ i ] (byte) (byte. maxvalue-inSertData [ i ]) operation is reversed to get inSertData [ i ] (255 ═ 135) if inSertData [ i ] (120). The completedLength plus byte [ ] array size is used to compare with the total size of the inFileSize file, if less than inFileSize is recycled back to read the next 2KB of data of the file to do the same operation, if equal, all the reverse operations of the file are completed.
Byte data encryption demonstration:
the original file byte stream, e.g., [218, 52,70,88,76,168,255] is reversed to obtain a new byte stream array of [37,203,185,88,179,87,0 ].
S5: suffix name setting and core encryption processing
The step is the most core encryption processing algorithm in the method, and the byte stream is encrypted again according to the suffix name of the project file defined in the program and the MD value of the file is written. The suffix name encryption of the encryption processing method is suitable for multi-software transplanting project file processing, only the suffix names of different project files are required to be set and the project export of different software can be completed, although the same encryption algorithm is used, the projects with different suffix names cannot be imported mutually, so that the universality of the algorithm is greatly enhanced.
S51: the byte calculation and encryption code acquisition of the suffix name of the project file are as follows:
if a string with the item file suffix name of "vts" is used, a byte array [86,84,83] is obtained from the string, the number accumulation in the array is divided by 10 to obtain a remainder of 3, and 3 is the suffix encryption code of the item file. The new byte stream array obtained in S4 is then xored with 3 to obtain [38,200,186,91,176,83,3], and in order to successfully obtain the original byte stream during decoding, the xor processing is used here.
S52: adding item suffix identification to a new byte stream
Using the encrypted byte array [38,200,186,91,176,83,3] and the suffix byte array [86,84,83] derived above, the suffix array is added to the forefront of the file array to yield [86,84,83,38,200,186,91,176,83,3 ].
S53: writing MD5 values in a byte stream
The MD5 value obtained in S3 is a 32-bit character string, and the character string is converted into a byte array whose byte array is 128 bits. According to the suffix encryption code 3 in S51 and the new byte stream [86,84,83,38,200,186,91,176,83,3] in S52, the 128-bit MD5 byte array is inserted into the reciprocal (suffix encryption code) of the new byte stream, i.e. the 3 rd bit, and the new byte stream after insertion is [86,84,83,38,200,186,91 ], [ 128-bit MD5 byte array ], 176,83,3], so that the triple encryption of the project file is completed completely, i.e. the final byte stream is written into the exported project file, thereby completing the production of the whole project file.
S6: loading the case project file, and judging whether the file is a project file;
opening the selected project file, opening the acquired byte array in a file stream mode, starting to read a 0-3-bit byte array Newarray, if the byte array of vts suffix is [86,84,83], comparing the Newarray with [86,84,83] to see whether the byte arrays are equal, if the byte arrays are equal, removing the byte array of the suffix name from the project file, and continuing to the next step, if the byte arrays are not equal, prompting that the file is not the readable project file.
S7: reversely decrypting the project file;
s71: obtaining MD5 value of project file
A suffix encryption code of 3 is obtained with reference to the step S51 based on the suffix name byte array [86,84,83] of the item file obtained in the step S6. Opening the project file in a file flow mode, finding the last 3 rd byte of the file, reading 128 byte arrays forwards and removing the arrays from the file, converting the MD5 value arrays of the 128 byte arrays into a character string type to obtain 32-bit MD5 character strings, and keeping the MD5 value for subsequent file proofreading after decryption.
S72: exclusive or reverse decryption processing of a file byte stream
The suffix encryption code and the XOR encryption algorithm in the S51 are referred to decrypt all the project files;
the project file is decrypted by referring to the byte array reverse operation in S4.
S8: extracting valid data in the source data;
s81: decompressing project files
And according to the project file decrypted in the step S72, modifying the suffix name of the file to be zip, and then calling a zip decompression algorithm to decrypt the file, wherein in the decryption process, the last modification time for modifying the original file needs to be saved, so that the accuracy of the behavior time for extracting data later is ensured.
S82: extracting behavior and location information in project files
Important data such as short messages, call records, contacts, QQ, WeChat and the like which possibly exist in the application of data are retrieved and extracted through a C + + algorithm. And the Json data table is returned from the bottom background, and the data are sequenced and displayed through the background data bound by the WPF interface.
S9: accurately displaying data by combining a WPF display technology with a map and a time line;
s91: WPF interface embedded map plug-in
Firstly packaging off-line pictures of a map off-line server, completely writing the maps into a db database (a 0-10 level off-line map is manufactured by default), loading the maps of an interface by using a retrieved positioning point when a WPF software interface is opened, and if the maps can be found in the db database of the off-line map, firstly locally loading the maps, if the maps cannot be found, downloading the off-line maps by networking, and storing the off-line maps for next map retrieval.
S92: displaying data
And displaying all the extracted data on an interface according to the analysis data in the step S82, wherein under the support of a WPF display technology, the action track of the equipment holder is vividly depicted, and behavior information on a time line is added, so that a case handling staff of the official examination system can quickly study and analyze the case. The interface display is shown in fig. 1.
It will be appreciated by those of ordinary skill in the art that the examples described herein are intended to assist the reader in understanding the manner in which the invention is practiced, and it is to be understood that the scope of the invention is not limited to such specifically recited statements and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.
Claims (5)
1. A method for generating and loading a specific project file based on WPF technology is characterized by comprising the following steps:
s1: backup and storage of source data; the method adopts two different extraction modes of USB and WIFI, increases the links of the creation time and the final modification time of data on the identification equipment, and modifies the real creation time, namely the final modification time, of the backup file backed up to the local on the equipment after the backup file is backed up to the local to obtain a file consistent with the original data of the equipment;
s2: compressing source data in a zip mode, and using a recursive algorithm of a compressed folder;
after a folder path needing to be compressed is input by using a third-party zip compression library, searching folders and files under the current path, calling the algorithm again for recursive search if the folder path is the current path, opening the files in a file flow mode if the folder path is the current path, refreshing the names and sizes of the files which interact with an interface and are currently compressed in a ZipEntry object written in the compression library, and most importantly, calling the following method to save the final modification time of the original files when the files are completely compressed;
FileInfo fileINFO=new FileInfo(file);
entry.DateTime=fileINFO.LastWriteTime.ToUniversalTime();
s3: acquiring a file MD5 value, wherein in S3, an MD5 is calculated by asynchronous blocks, and a data buffer block, i.e. 1048576, is set; opening data of the size of the file asynchronous read buffer block to calculate the value of MD5, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file, and circularly setting a data buffer block int buffer size 1048576; opening the data of the size of the asynchronous reading buffer block of the file again to calculate the MD5 value, recording the MD5 of the current block after the calculation is finished, reading the next data block of the file until the MD5 value of the whole file is calculated, and finally returning the MD5 value of a 32-bit string;
twenty threads are designed to simultaneously execute MD5 value calculation, a global identifier of a file calculation position and a thread mutual exclusion lock are designed, and the MD5 value of the large file is calculated in the shortest time by utilizing the CPU calculation capacity to the maximum extent;
s4: and (3) performing reverse processing on all the hexadecimal bytes, and performing reverse operation on the byte stream:
first, a byte buffer is set: byte [ ] inSertData ═ new byte [2048], while setting the encrypted initial size value: int completedLength is 0, and the total size of the encrypted file is long inFileSize is src stream.
And finally, starting to execute a core algorithm of reverse processing: each time 2KB of data in the file is read, it is converted into a byte [ ] array, and then each byte in the array performs: inSertData [ i ] ═ byte (byte) (byte. maxvalue-inSertData [ i ]) operation; the completedLength plus byte [ ] array size is used for comparing with the total size of the inFileSize file, if the size is smaller than the inFileSize file, the next 2KB data of the read file is recycled to carry out the same operation, if the size is equal, the end byte of the file is read, and the reverse operation is finished;
s5: setting a suffix name and performing core encryption processing, namely encrypting the byte stream again according to a suffix name of the item file defined in the program and writing an MD value of the file;
s51: acquiring byte calculation and encryption codes of the suffix names of the project files:
acquiring a character string of a suffix name of the project file, acquiring a byte array 1 from the character string, accumulating numbers in the array, and dividing by 10 to obtain a remainder, wherein the remainder is a suffix encryption code of the project file; then carrying out XOR processing on the new byte stream array obtained in the S4 and the remainder to obtain an array 2;
s52: adding an item suffix identification into the new byte stream, and adding a suffix array into the forefront of the file array by using the encrypted byte array 2 and the suffix byte array 1 obtained in S1 to obtain an array 3;
s53: writing an MD5 value in the byte stream, obtaining an MD5 value which is a 32-bit character string in S3, and converting the character string into a byte array with a 128-bit byte array; according to the suffix encryption code in S51 and the new byte stream array 3 in S52, the 128-bit MD5 byte array is inserted into the reciprocal of the new byte stream to obtain a final byte stream, triple encryption is completed, and the final byte stream is written into the exported project file, namely the whole project file is manufactured;
s6: loading the case project file, and judging whether the file is a project file; opening the selected project file, opening the acquired byte array in a file stream mode, starting to read a 0-3-bit byte array Newarray, comparing whether the Newarray is equal to the suffix name byte array 2, if so, removing the suffix name byte array from the project file, and continuing to perform the next step, and if not, prompting that the file is not the readable project file;
s7: reversely decrypting the project file;
s71: obtaining MD5 value of project file
Obtaining a suffix encryption code by referring to the step S51 based on the suffix name byte array 2 of the item file obtained in the step S6; opening the project file in a file flow mode, finding the last 3 rd byte of the file, reading 128 byte arrays forwards and removing the arrays from the file, converting the MD5 value arrays of the 128 byte arrays into a character string type to obtain 32-bit MD5 character strings, and keeping the MD5 value for subsequent file proofreading after decryption;
s72: exclusive or reverse decryption processing of a file byte stream
The suffix encryption code and the XOR encryption algorithm in the S51 are referred to decrypt all the project files;
the reverse operation of the byte array in the S4 is referred to, and then the project file is decrypted;
s8: extracting valid data from the data source, wherein the detailed step of S8 is as follows:
s81: decompressing project files
According to the decrypted project file in the step S72, the suffix name of the file is modified to be zip, then a zip decompression algorithm is called to decrypt the file, and in the decryption process, the last modification time for modifying the original file needs to be saved, so that the accuracy of the behavior time for extracting data later is ensured;
s82: extracting behavior and location information in project files
Important data of the application in which the data possibly exists are retrieved and extracted through a C + + algorithm, a Json data table is returned from a background at the bottom layer, and the data are sequenced and displayed through background data bound through a WPF interface;
s9: accurately displaying data by combining a WPF display technology with a map and a time line;
s91: embedding a WPF interface into a map plug-in, firstly packaging off-line pictures of a map off-line server, completely writing the maps into a db database, and loading map display of the interface by using the retrieved positioning points when the WPF software interface is started;
s92: and displaying the data, and displaying all the extracted data on the interface according to the analysis data in the step of S82.
2. The WPF technology-based method for generating and loading a specific project file according to claim 1, wherein: the USB extraction in the S1 is as follows: the Android equipment starts a USB debugging mode, calls an adb.exe program to copy equipment files to the local, and then copies the equipment files after modifying executable authority under the condition that the authority of the files is insufficient; the iOS device calls an iTunes device service to backup to a local computer, and the iTunes backup file data is analyzed;
the WIFI extraction is as follows: the PC program starts socket monitoring to serve as a server, and the mobile equipment end is connected to the PC server in a code scanning mode in a client mode of installing an App; after monitoring the connection of the client, the PC side starts a data transmission command to execute the operation of the backup file;
local storage and equipment information fixation are as follows: the local file is stored in a user-specified position or a program default storage position, data backup extraction can be simultaneously carried out on a plurality of devices, unified identification can be carried out after backup is finished, and various information of the devices can be stored, so that identification of the backup files of the devices can be conveniently carried out when project files are loaded.
3. The WPF technology-based method for generating and loading a specific project file according to claim 2, wherein: in S4, the large item file is processed in a time-division block-segmentation manner, and a multithreading mode is adopted, where Byte is Byte: the value is 0 to 255.
4. The WPF technology-based method for generating and loading a specific project file according to claim 3, wherein: the suffix name encryption in the encryption processing method in the step S5 is suitable for multi-software migration project file processing, and the suffix names of different project files are set and project export of different software can be completed.
5. The WPF technology-based method for generating and loading a specific project file according to claim 4, wherein: if the map is found in the db database of the offline maps in S91, the map is loaded locally, if not, the offline maps are downloaded through the internet, and the offline maps are saved for the next map retrieval.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710115426.5A CN106909672B (en) | 2017-03-01 | 2017-03-01 | Method for generating and loading specific project file based on WPF technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710115426.5A CN106909672B (en) | 2017-03-01 | 2017-03-01 | Method for generating and loading specific project file based on WPF technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106909672A CN106909672A (en) | 2017-06-30 |
| CN106909672B true CN106909672B (en) | 2020-04-24 |
Family
ID=59208712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710115426.5A Active CN106909672B (en) | 2017-03-01 | 2017-03-01 | Method for generating and loading specific project file based on WPF technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106909672B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111951130B (en) * | 2020-08-19 | 2024-01-30 | 重庆市合川区公安局 | Data evidence obtaining analysis method and system of electronic equipment |
| CN113986444A (en) * | 2021-11-19 | 2022-01-28 | 深圳前海移联科技有限公司 | General management method for software system prompt words, computer equipment and storage medium |
| CN115794245B (en) * | 2022-10-26 | 2023-11-14 | 珠海芯聚科技有限公司 | Data loading method and device, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647636A (en) * | 2013-12-31 | 2014-03-19 | 厦门市美亚柏科信息股份有限公司 | Method and device for safe access to data |
| CN103701829A (en) * | 2014-01-03 | 2014-04-02 | 厦门市美亚柏科信息股份有限公司 | Method of off-line analyzing DPAPI (Data Protection Application Programming Interface) enciphered data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8549320B2 (en) * | 2006-11-02 | 2013-10-01 | Red Hat, Inc. | Verifying loaded module during debugging |
-
2017
- 2017-03-01 CN CN201710115426.5A patent/CN106909672B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647636A (en) * | 2013-12-31 | 2014-03-19 | 厦门市美亚柏科信息股份有限公司 | Method and device for safe access to data |
| CN103701829A (en) * | 2014-01-03 | 2014-04-02 | 厦门市美亚柏科信息股份有限公司 | Method of off-line analyzing DPAPI (Data Protection Application Programming Interface) enciphered data |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于PKI的保密报表文件加密解决方案;袁艺芳 等;《计算机工程与应用》;20030401(第10期);第151-153页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106909672A (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101646995B (en) | Data stream filters and plug-ins for storage managers | |
| CN106909672B (en) | Method for generating and loading specific project file based on WPF technology | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| US9607160B2 (en) | Method and apparatus for providing string encryption and decryption in program files | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| US20080222215A1 (en) | Method for Deleting Virus Program and Method to Get Back the Data Destroyed by the Virus | |
| CN104951515A (en) | Method for extracting and analyzing Android mobile phone track | |
| CN107291485B (en) | Dynamic link library reinforcing method, operation method, reinforcing device and safety system | |
| Al-Sabaawi et al. | A comparison study of android mobile forensics for retrieving files system | |
| CN112632007B (en) | Log storage and extraction method, device, equipment and storage medium | |
| CN105224358A (en) | Under a kind of cloud computing software automatically pack dispose system and method | |
| CN108064382B (en) | Ukey-based software decryption method and terminal | |
| Park et al. | A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system | |
| Park et al. | New flash memory acquisition methods based on firmware update protocols for LG Android smartphones | |
| US20180234245A1 (en) | Method and system for nfc-based mobile terminal password storage and recovery | |
| CN102982288B (en) | The encryption of data and the equipment of deciphering and method is performed in portable terminal | |
| CN112052461A (en) | Code processing method based on instruction injection, terminal and storage medium | |
| US20190317756A1 (en) | Software artifact management systems and methods | |
| CN114661623B (en) | UI automatic test method for testing React Native application | |
| CN108255496B (en) | Method, system and related device for obtaining android application native layer code | |
| Agrawal et al. | Comparative study of mobile forensic tools | |
| CN106327560B (en) | A kind of recognition methods and identification client of FileVersion | |
| CN110889017B (en) | Retrieval method and terminal for information encrypted through base64 | |
| CN109241180B (en) | Data synchronization method and device based on log | |
| CN113076548A (en) | Robot automation process account information processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210316 Address after: 641100 No.1 Hanyu Avenue, Shizhong District, Neijiang City, Sichuan Province Patentee after: XLY SALVATIONDATA TECHNOLOGY Inc. Address before: 641000 704, floor 7, unit 1, building 3, No. 1700, North Tianfu Avenue, high tech Zone, Chengdu, Sichuan Patentee before: SICHUAN AITE YINGTAI INTELLIGENT TECHNOLOGY Co.,Ltd. |