CN107092831A - Firmware based on firmware layer updates anti-virus method and device - Google Patents
Firmware based on firmware layer updates anti-virus method and device Download PDFInfo
- Publication number
- CN107092831A CN107092831A CN201710238068.7A CN201710238068A CN107092831A CN 107092831 A CN107092831 A CN 107092831A CN 201710238068 A CN201710238068 A CN 201710238068A CN 107092831 A CN107092831 A CN 107092831A
- Authority
- CN
- China
- Prior art keywords
- firmware
- result
- calculation
- bios
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
Anti-virus method is updated the invention discloses a kind of firmware based on firmware layer, including:(1) encipheror is write in Windows consoles, and Encryption Tool will be generated after encipheror compiling link;(2) by firmware source code compiling generation BIOS BIN files;(3) call Encryption Tool that computing is encrypted to BIOS BIN, obtain result of calculation, and result of calculation is stored in BIOS BIN files, complete BIOS/firmware encryption;(4) decryption program is increased in refurbishing procedure, generation refreshes decoding tool;(5) when firmware updates, refresh in environment to use in firmware and refresh decoding tool by the firmware loads after encryption into internal memory, and call decryption program to handle the firmware after encryption, obtain result of calculation;(6) if result of calculation value is 0, it is determined as that firmware does not infect virus, is otherwise determined as firmware infection virus, sends virus infection alarm prompt.Security performance of the present invention is higher.
Description
Technical field
Anti-virus method is updated the present invention relates to virus defense technical field, more particularly to a kind of firmware based on firmware layer
And device.
Background technology
A large amount of with computer use, the popularization of internet, and computer technology is substantially improved, and people are to computer
Using also more and more skillfully, more and more professional, dependence is also more and more stronger.But computer virus is wreaked havoc everywhere, to us
Life, property safety, company property safety, the national defense safety of individual brings great threat.Although having many on the market now
Gas defence tool and method, but this few tool and method is essentially all based on operating system end, and for computer
The antivirus protection of bottom is inoperative.Also there are some companies to add ID inside firmware, disease is prevented by judging ID
Poison, but many viruses are not in the case where changing ID now, virus implantation.The possibility of bottom firmware infection virus is main
Embody in the following areas:Firmware has infected virus before firmware (UEFI BIOS) is brushed to computer for the first time, updates solid
Virus has been infected during part and for the firmware updated.
The content of the invention
Goal of the invention:The problem of present invention exists for prior art updates anti-there is provided a kind of firmware based on firmware layer
Viral methods and device, are to take precautions against virus before bottom firmware (UEFI BIOS) is refreshed based on firmware, it can be ensured that be updated
Firmware (UEFI BIOS) above to computer is not infect virus.
Technical scheme:Firmware of the present invention based on firmware layer, which updates anti-virus method, to be included:
(1) encipheror is write in Windows consoles, and work is encrypted into generation after the encipheror compiling link
Tool, wherein, the encipheror is used to the initial data of file to be encrypted being encrypted after computing to obtain a result of calculation;
(2) by firmware source code compiling generation BIOS BIN files;
(3) call the Encryption Tool that computing is encrypted to the initial data of BIOS BIN files, obtain the first calculating
As a result, and by the first result of calculation it is stored in BIOS BIN files, completes BIOS/firmware encryption;
(4) increase decryption program in refurbishing procedure, generation refreshes decoding tool, wherein, the decryption program with it is described
Encipheror correspondence, a result of calculation is obtained for the initial data for having encrypted file to be decrypted after computing, and the meter
It is 0 when not made any modification in having encrypted file to calculate result;
(5) when BIOS/firmware updates, refresh in firmware and the refreshing decoding tool is used in environment, after encryption
BIOS/firmware is loaded into internal memory, and all initial data that BIOS/firmware after encryption includes the first result of calculation are solved
Close computing, obtains the second result of calculation;
(6) if the second result of calculation value is 0, it is determined as that firmware does not infect virus, performs renewal;
(7) if the second result of calculation value is not 0, it is determined as firmware infection virus, sends virus infection alarm and carry
Show.
Firmware of the present invention based on firmware layer updates anti-virus device, it is characterised in that the device includes:
Encryption Tool generation module, is compiled for writing encipheror in Windows consoles, and by the encipheror
Encryption Tool is generated after translating link, wherein, the encipheror is used to the initial data of file to be encrypted computing is encrypted
After obtain a result of calculation;
Collector, for firmware source code compiling to be generated into BIOS BIN files;
Firmware encrypting module, calls the Encryption Tool that computing is encrypted to the initial data of BIOS BIN files, obtains
It is stored in the first result of calculation, and by the first result of calculation in BIOS BIN files, completes BIOS/firmware encryption;
Refresh decoding tool generation module, for increasing decryption program in refurbishing procedure, generation refreshes decoding tool, its
In, the decryption program is corresponding with the encipheror, is obtained for the initial data for having encrypted file to be decrypted after computing
To a result of calculation, and the result of calculation is 0 when not made any modification in having encrypted file;;
Computing module before firmware updates, for when BIOS/firmware updates, refreshing in firmware in environment using the refreshing
Decoding tool, the BIOS/firmware after encryption is loaded into internal memory, and BIOS/firmware after encryption is included into the first result of calculation
All initial data computing is decrypted, obtain the second result of calculation;
Judge module is infected, for when the second result of calculation value is 0, being determined as that firmware does not infect virus, performing more
Newly;When the second result of calculation value is not 0, it is determined as firmware infection virus, sends virus infection alarm prompt.
Beneficial effect:Compared with prior art, its remarkable advantage is the present invention:1. it is safe, crack difficulty.2. algorithm is simple
It is single.3. it is practical.4. cost is low.
Brief description of the drawings
Fig. 1 is the flow signal that the firmware based on firmware layer that the present invention is provided updates encryption part in anti-virus method
Figure;
Fig. 2 is that the flow of firmware renewal part in the firmware renewal anti-virus method based on firmware layer that the present invention is provided is shown
It is intended to.
Embodiment
Embodiment 1
Present embodiments provide a kind of firmware based on firmware layer and update anti-virus method, as depicted in figs. 1 and 2, including:
Encrypt part:
(1) encipheror is write in Windows consoles using Visual C++6.0, is named as CheckSum, and will
Encryption Tool CheckSum.exe is generated after the encipheror CheckSum compiling links, wherein, the encipheror is used for
The initial data of file to be encrypted is encrypted after computing and obtains a result of calculation.For example, AES can be
CheckSum16 is encrypted, or md5 encryption or other encipherors, etc..
(2) by firmware source code compiling generation BIOS BIN files.
(3) autoexec is edited, calls Encryption Tool CheckSum.exe to enter BIOS BIN initial data
Row cryptographic calculation, obtains the first result of calculation, and the first result of calculation is stored in BIOS BIN files, completes BIOS/firmware and adds
It is close.
Firmware updates part:
(4) increase decryption program in refurbishing procedure, generation refreshes decoding tool, wherein, the decryption program with it is described
Encipheror correspondence, a result of calculation is obtained for the initial data for having encrypted file to be decrypted after computing, and the meter
It is 0 when not made any modification in having encrypted file to calculate result.When AES is CheckSum16, because if verification
The numerical value of sum exceed hexadecimal FF, that is, 255. require its complement code as verification and, then this verification and deposit
Gone inside to encryption file, as long as tiring out so carrying out 16 to 16 binary datas inside whole encryption file inside decryption program
Plus, the data of low 16 of this accumulation result are finally taken again as final result, then do not appointed in file has been encrypted
What is exactly 0 when changing, and decrypted result is not just 0 after being modified.
(5) when BIOS/firmware updates, refresh in firmware and the refreshing decoding tool is used in environment, after encryption
BIOS/firmware is loaded into internal memory, and BIOS/firmware after encryption is included to all initial data (i.e. of the first result of calculation
All data in BIOSBIN files before one result of calculation and encryption) computing is decrypted, obtain the second result of calculation.If not yet
Thoughts are caught an illness poison or destruction, then it is exactly 0 that this value, which should be, if infection virus, or be someone one 0 of the inside
Make 1 into, then this result is just 0.
(6) if the second result of calculation value is 0, it is determined as that firmware does not infect virus, performs renewal.
(7) if not 0, then be determined as firmware infection virus, send virus infection alarm prompt.
Embodiment 2
Present embodiments provide a kind of firmware based on firmware layer and update anti-virus device, specifically include:
Encryption Tool generation module, is compiled for writing encipheror in Windows consoles, and by the encipheror
Encryption Tool is generated after translating link, wherein, the encipheror is used to the initial data of file to be encrypted computing is encrypted
After obtain a result of calculation;
Collector, for firmware source code compiling to be generated into BIOS BIN files;
Firmware encrypting module, calls the Encryption Tool that computing is encrypted to the initial data of BIOS BIN files, obtains
It is stored in the first result of calculation, and by the first result of calculation in BIOS BIN files, completes BIOS/firmware encryption;
Refresh decoding tool generation module, for increasing decryption program in refurbishing procedure, generation refreshes decoding tool, its
In, the decryption program is corresponding with the encipheror, is obtained for the initial data for having encrypted file to be decrypted after computing
To a result of calculation, and the result of calculation is 0 when not made any modification in having encrypted file;;
Computing module before firmware updates, for when BIOS/firmware updates, refreshing in firmware in environment using the refreshing
Decoding tool, the BIOS/firmware after encryption is loaded into internal memory, and BIOS/firmware after encryption is included into the first result of calculation
All initial data computing is decrypted, obtain the second result of calculation;
Judge module is infected, for when the second result of calculation value is 0, being determined as that firmware does not infect virus, performing more
Newly;When the second result of calculation value is not 0, it is determined as firmware infection virus, sends virus infection alarm prompt.
The present embodiment is corresponded with embodiment 1, and other parts are repeated no more.
Above disclosed is only a kind of preferred embodiment of the invention, it is impossible to the right model of the present invention is limited with this
Enclose, therefore the equivalent variations made according to the claims in the present invention, still belong to the scope that the present invention is covered.
Claims (2)
1. a kind of firmware based on firmware layer updates anti-virus method, it is characterised in that this method includes:
(1) encipheror is write in Windows consoles, and Encryption Tool will be generated after the encipheror compiling link,
Wherein, the encipheror is used to the initial data of file to be encrypted being encrypted after computing to obtain a result of calculation;
(2) by firmware source code compiling generation BIOS BIN files;
(3) call the Encryption Tool that computing is encrypted to the initial data of BIOS BIN files, obtain the first result of calculation,
And the first result of calculation is stored in BIOS BIN files, complete BIOS/firmware encryption;
(4) decryption program is increased in refurbishing procedure, generation refreshes decoding tool, wherein, the decryption program and the encryption
Program correspondence, a result of calculation is obtained for the initial data for having encrypted file to be decrypted after computing, and the calculating knot
Fruit is 0 having encrypted when file is not made any modification;
(5) when BIOS/firmware updates, refresh in firmware and the refreshing decoding tool is used in environment, the BIOS after encryption is consolidated
Part is loaded into internal memory, and all initial data that BIOS/firmware after encryption includes the first result of calculation are decrypted into fortune
Calculate, obtain the second result of calculation;
(6) if the second result of calculation value is 0, it is determined as that firmware does not infect virus, performs renewal;
(7) if the second result of calculation value is not 0, it is determined as firmware infection virus, sends virus infection alarm prompt.
2. a kind of firmware based on firmware layer updates anti-virus device, it is characterised in that the device includes:
Encryption Tool generation module, chain is compiled for writing encipheror in Windows consoles, and by the encipheror
Encryption Tool is generated after connecing, wherein, the encipheror, which is used to the initial data of file to be encrypted being encrypted after computing, to be obtained
To a result of calculation;
Collector, for firmware source code compiling to be generated into BIOS BIN files;
Firmware encrypting module, calls the Encryption Tool that computing is encrypted to the initial data of BIOS BIN files, obtains
One result of calculation, and the first result of calculation is stored in BIOS BIN files, complete BIOS/firmware encryption;
Refresh decoding tool generation module, for increasing decryption program in refurbishing procedure, generation refreshes decoding tool, wherein,
The decryption program is corresponding with the encipheror, and one is obtained for the initial data for having encrypted file to be decrypted after computing
Individual result of calculation, and the result of calculation is 0 when not made any modification in having encrypted file;
Computing module before firmware updates, for when BIOS/firmware updates, refreshing in firmware in environment using the refreshing decryption
Instrument, the BIOS/firmware after encryption is loaded into internal memory, and BIOS/firmware after encryption is included to the institute of the first result of calculation
There is initial data that computing is decrypted, obtain the second result of calculation;
Judge module is infected, for when the second result of calculation value is 0, being determined as that firmware does not infect virus, performing renewal;
When second result of calculation value is not 0, it is determined as firmware infection virus, sends virus infection alarm prompt.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710238068.7A CN107092831A (en) | 2017-04-13 | 2017-04-13 | Firmware based on firmware layer updates anti-virus method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710238068.7A CN107092831A (en) | 2017-04-13 | 2017-04-13 | Firmware based on firmware layer updates anti-virus method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107092831A true CN107092831A (en) | 2017-08-25 |
Family
ID=59638597
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710238068.7A Pending CN107092831A (en) | 2017-04-13 | 2017-04-13 | Firmware based on firmware layer updates anti-virus method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107092831A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5964873A (en) * | 1997-03-10 | 1999-10-12 | Samsung Electronics Co., Ltd. | Method for updating a ROM BIOS |
| CN101924607A (en) * | 2010-08-27 | 2010-12-22 | 华为终端有限公司 | Firmware processing method based on firmware air transmission technology, device and system thereof |
| US7971199B1 (en) * | 2004-05-03 | 2011-06-28 | Hewlett-Packard Development Company, L.P. | Mobile device with a self-updating update agent in a wireless network |
| CN105068824A (en) * | 2015-07-16 | 2015-11-18 | 福建联迪商用设备有限公司 | Method and device for dividing terminal development mode and product mode |
| CN106227503A (en) * | 2016-07-29 | 2016-12-14 | 苏州国芯科技有限公司 | Safety chip COS firmware update, service end, terminal and system |
-
2017
- 2017-04-13 CN CN201710238068.7A patent/CN107092831A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5964873A (en) * | 1997-03-10 | 1999-10-12 | Samsung Electronics Co., Ltd. | Method for updating a ROM BIOS |
| US7971199B1 (en) * | 2004-05-03 | 2011-06-28 | Hewlett-Packard Development Company, L.P. | Mobile device with a self-updating update agent in a wireless network |
| CN101924607A (en) * | 2010-08-27 | 2010-12-22 | 华为终端有限公司 | Firmware processing method based on firmware air transmission technology, device and system thereof |
| CN105068824A (en) * | 2015-07-16 | 2015-11-18 | 福建联迪商用设备有限公司 | Method and device for dividing terminal development mode and product mode |
| CN106227503A (en) * | 2016-07-29 | 2016-12-14 | 苏州国芯科技有限公司 | Safety chip COS firmware update, service end, terminal and system |
Non-Patent Citations (2)
| Title |
|---|
| IMMEMBER: "checksum-8位和16位校验和代码示例", 《HTTPS://BLOG.CSDN.NET/IMMEMBER/ARTICLE/DETAILS/41244507》 * |
| 徐飞,张新元编著: "《MS-DOS6.2 中文版 使用详解》", 31 January 1995, 中国科学技术大学出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Namanya et al. | The world of malware: An overview | |
| Li et al. | Mechanisms of polymorphic and metamorphic viruses | |
| Singhal et al. | Malware detection module using machine learning algorithms to assist in centralized security in enterprise networks | |
| EP3270317B1 (en) | Dynamic security module server device and operating method thereof | |
| JP4878447B2 (en) | Worm containment | |
| US10594705B2 (en) | Systems and methods for instructions-based detection of sophisticated obfuscation and packing | |
| Andriesse et al. | Parallax: Implicit code integrity verification using return-oriented programming | |
| Zeng et al. | Resilient user-side android application repackaging and tampering detection using cryptographically obfuscated logic bombs | |
| Kanzaki et al. | Code artificiality: a metric for the code stealth based on an n-gram model | |
| Cicala et al. | Analysis of encryption key generation in modern crypto ransomware | |
| Wang et al. | Shapeshifter: Intelligence-driven data plane randomization resilient to data-oriented programming attacks | |
| Jia et al. | ERMDS: A obfuscation dataset for evaluating robustness of learning-based malware detection system | |
| Greco et al. | Explaining binary obfuscation | |
| CN107092831A (en) | Firmware based on firmware layer updates anti-virus method and device | |
| Kumar et al. | The Recent Trends in Malware Evolution, Detection and Analysis for Android Devices. | |
| Jones et al. | Defeating denial-of-service attacks in a self-managing N-variant system | |
| Mishra et al. | Dynamic model on the transmission of malicious codes in network | |
| Banescu | Characterizing the strength of software obfuscation against automated attacks | |
| Luoma-aho | Analysis of modern malware: obfuscation techniques | |
| Bajpai | Extracting ransomware's keys by utilizing memory forensics | |
| Sardar et al. | Confidential Computing and Related Technologies: A Review | |
| Reinikainen | Computer viruses | |
| Smith | Malware" Ecology" Viewed as Ecological Succession: Historical Trends and Future Prospects | |
| Sharov | Development of Software to Protect Executable Files | |
| Barak | Preventive medicine is the best method for computer hygiene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 210032 Building 501-505, Dongchuang Science and Technology Center, No. 1 Hongfeng Road, Jinqian East Road Enterprise Science and Technology Park, Kunshan City, Suzhou City, Jiangsu Province Applicant after: Kunshan one hundred Ao Electronic Technology Co., Ltd. Address before: 215300 Science and Technology Plaza, Qianjin East Road, Kunshan City, Suzhou City, Jiangsu Province, 1602 Applicant before: Kunshan one hundred Ao Electronic Technology Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170825 |