CN107122662A - A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares - Google Patents

A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares Download PDF

Info

Publication number
CN107122662A
CN107122662A CN201710237324.0A CN201710237324A CN107122662A CN 107122662 A CN107122662 A CN 107122662A CN 201710237324 A CN201710237324 A CN 201710237324A CN 107122662 A CN107122662 A CN 107122662A
Authority
CN
China
Prior art keywords
proguard
code
obscuring
class
app
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710237324.0A
Other languages
Chinese (zh)
Inventor
王庆燕
刘旭明
鞠全勇
吴洪兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinling Institute of Technology
Original Assignee
Jinling Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinling Institute of Technology filed Critical Jinling Institute of Technology
Priority to CN201710237324.0A priority Critical patent/CN107122662A/en
Publication of CN107122662A publication Critical patent/CN107122662A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares:In order to prevent malicious host, App is autotelic distorts to mobile, and mobile App source code is carried out obscuring conversion using Code obfuscation software, makes the analysis difficulty increase for obscuring the code after conversion, so as to prevent to distort movement App to a certain extent.It can carry out correlation according to assessment method disclosed by the invention and obscure job analysis, effectively assess the code security protection effect after Proguard software obfuscations.

Description

A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares
Technical field
It is more particularly to a kind of soft based on Proguard the present invention relates to mobile Internet App Code obfuscations test and appraisal field The mobile Internet App Code obfuscation assessment methods of part.
Background technology
With the popularization and fast development of mobile Internet and mobile intelligent terminal, the quantity of mobile applications is in outburst Formula increases, wherein Android platform intelligent terminal and its application occuping market leading position.However, should in face of growing With market, App is added malicious code situation after piracy is increasingly severe, and partial destruction person is collected using these rogue programs Privacy of user, altered data, huge loss of economic benefit and security threat are brought to user.For developer, pirate App Not only influence legal copy App download, destroys its public praise, can also bring certain economic loss.For mobile applications Code protection and intellectual property protection are in urgent need of strengthening.
Issued according to national Internet emergency center (abbreviation CNCERT)《China's Internet security postures in 2015 Summary》Report display, current China's mobile internet environment has deteriorated, the newly-increased mobile Internet malice journey of capture in 2015 Nearly 1,480,000 of sequence sample, increased 55.3%, mainly for Android platform compared with 2014.For threat types, ranking first three The malicious act of position is maliciously deduct fees class, indecent behavior and remote control class respectively, and accounting is respectively 23.6%, 22.2% and 15.1%.Meanwhile, by the regulation of continuous 3 years, safety responsibility, constantly improve safety were actively implemented in domestic mainstream applications shop The systems such as supervision, security audit, social supervision report, rogue program undercarriage, make security situation take a turn for the better, a large amount of mobile malice The communication channel of program is transferred to the websites such as Dropbox or advertising platform.
The development language of Android application programs is Java.Because generation is one kind after Java source code is compiled Between code, it remains the substantial amounts of information of program, and the code obtained after decompiling substantially can be with reconfiguration program so that Android Application program faces great risk in intellectual property protection.Code protection technology can prevent application program pirate, protect Its intellectual property is protected, therefore just seems more urgent for the code protection technical research of Android intelligent terminal application program With it is important.
In general, the analysis of mainly program and malice that mobile intelligent terminal application program is faced are distorted two kinds and stolen and know Know the mode of property right.
Program is analyzed, and is referred to analyze program and is therefrom obtained important information, includes the main algorithm sum of program According to structure etc..This mode obtains the important information in legal program by the program analysis method of malice, and is applied Into corresponding product, to realize identical function.
Malice is distorted and refers to distort the important information of application program, encroach on user or developer economic interests or Reputation, common mode, which has, to the encryption in program or payment module maliciously distort.Essentially, it is this to invade The mode of application program intellectual property be with the mode that program is analyzed it is the same, they be all using the depth analysis to program as Basis.
In order to prevent malicious host is autotelic to Mobile solution from distorting, Code Obfuscation Security Technology is suggested, its Basic practice It is that the code of software is carried out obscuring conversion using Code Obfuscation Security Technology, makes the analysis difficulty increase for obscuring the code after conversion, So as to prevent to distort software to a certain extent.Code Obfuscation Security Technology be actually it is a kind of be used for mobile code protection and The safe practice that Software Intellectual Property Rights are protected.In actual applications, software is provided absolute safeguard protection be it is impossible, It is also what is be not necessarily to, as long as the attack of attacker can be made to pay higher cost, it is possible to think that obfuscation has reached peace The effect of full guard.Therefore, Code Obfuscation Security Technology just turns into the effective protection techniques of protection Android APP easily realized.
The content of the invention
In order to solve above-mentioned problem, the present invention provides a kind of mobile Internet App based on Proguard softwares Code obfuscation assessment method, can preventing malicious host, App is autotelic to be distorted to moving, using Code obfuscation software to movement App source code carries out obscuring conversion, makes the analysis difficulty increase for obscuring the code after conversion, so as to prevent to a certain extent Mobile App is distorted.It can carry out correlation according to assessment method disclosed by the invention and obscure job analysis, effectively assess warp The code security protection effect crossed after Proguard software obfuscations, for up to this purpose, the present invention provides a kind of based on Proguard The mobile Internet App Code obfuscation assessment methods of software, specific assessment method step is as follows:
1) in ProGuard Android translation and compiling environment is integrated with, enable ProGuard allow it follow Ant or Eclipse is run together when compiling,<project_root>Set in/default.properties files ProGuard.config attributes, path can be the relative path of absolute path or engineering root, if handle Proguard.cfg files are placed on the position i.e. root of engineering of acquiescence, can so specify its position: Proguard.config=proguard.cfg;Or this document is moved on to any position, then specify absolute path: Proguard.config=/path/to/proguard.cfg;
2) when the compiler under release patterns, Eclipse export is either still used with ant release Guide, compiling system all can check whether proguard.config attributes are set automatically, if configured, ProGuard will Before .apk files are packaged into, the bytecode of application program is automatically processed;
3) ProGuard start to be compressed the Java code in source code file file, optimize, obscure, preliminary examination;
4) after ProGuard end of runs, entitled proguard file can be generated, wherein there is following file: Dump.txt describes the internal structure between all class files in .apk files;Mapping.txt lists original class, method and Field name and the mapping for obscuring offspring's intersymbol, when receiving a bug report from release versions, can be translated with it The code being confused;Seeds.txt lists the class not being confused and member;Usage.txt is listed to be deleted from apk files Code;
5) wherein suitable method is selected respectively to count every ATTRIBUTE INDEX value, the every ATTRIBUTE INDEX value of analysis and its change Change, the Code obfuscation work to Proguard is evaluated;
6) conclusion of rational evaluation can not be made to obscuring the overall aliasing effect of instrument based on every ATTRIBUTE INDEX Data-Statistics, The work validity of Code obfuscation instrument need to also be evaluated from the function point for obscuring instrument.
Further improved as of the invention, step 5 items ATTRIBUTE INDEX value include instruction implementation rate, controlling stream complexity, Command sequence similarity, controlling stream graph similarity.
Further improved as of the invention, the function that step 6 obscures instrument is encapsulated again including identifier renaming, class, mistake Degree heavy duty.
The invention discloses a kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares:In order to Preventing malicious host, App is autotelic to be distorted to moving, and mobile App source code is carried out obscuring change using Code obfuscation software Change, make the analysis difficulty increase for obscuring the code after conversion, so as to prevent to distort mobile App to a certain extent.According to Assessment method disclosed by the invention can carry out correlation and obscure job analysis, effectively assess after Proguard software obfuscations Code security protection effect, its advantage is as follows:
1) the inventive method, which can carry out, comments the mobile App codes development validity crossed by ProGuard software obfuscations Valency;
2) the inventive method can combine every ATTRIBUTE INDEX Data-Statistics, and obscure the function point of instrument and set out to code The work for obscuring instrument carries out comprehensive assessment.
Brief description of the drawings
Fig. 1 is Hello.apk class formation figures;
Fig. 2 is Hello_ProGuard.apk class formation figures;
Fig. 3 is Hello.apk and Hello_ProGuard.apk class formation comparison diagrams;、
Fig. 4 is the excessively heavily loaded design sketch of ProGuard.
Embodiment
The present invention is described in further detail with embodiment below in conjunction with the accompanying drawings:
The present invention provides a kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares, can be to prevent Only to moving, App is autotelic to be distorted malicious host, and mobile App source code is carried out obscuring change using Code obfuscation software Change, make the analysis difficulty increase for obscuring the code after conversion, so as to prevent to distort mobile App to a certain extent.According to Assessment method disclosed by the invention can carry out correlation and obscure job analysis, effectively assess after Proguard software obfuscations Code security protection effect.
As a kind of specific embodiment of the invention, the present invention provides a kind of mobile Internet based on Proguard softwares App Code obfuscation assessment methods, with source code file Hello.apk and the test file after ProGuard obscures Exemplified by Hello_ProGuard.apk, specific implementation step of the invention is as follows:
1) in ProGuard Android translation and compiling environment is integrated with, enable ProGuard allow it follow Ant or Eclipse is run together when compiling,<project_root>Set in/default.properties files ProGuard.config attributes.Path can be the relative path of absolute path or engineering root.If Proguard.cfg files are placed on the position (root of engineering) of acquiescence, can so specify its position: Proguard.config=proguard.cfg;Or this document is moved on to any position, then specify absolute path: Proguard.config=/path/to/proguard.cfg;
2) when the compiler under release patterns, Eclipse export is either still used with ant release Guide, compiling system all can check whether proguard.config attributes are set automatically.If configured, ProGuard will Before .apk files are packaged into, the bytecode of application program is automatically processed;
3) ProGuard start to be compressed the Java code in Hello.apk files, optimize, obscure, preliminary examination;
4) after ProGuard end of runs, entitled proguard file can be generated, wherein there is following file: Dump.txt describes the internal structure between all class files in .apk files;Mapping.txt lists original class, method and Field name and the mapping for obscuring offspring's intersymbol, when receiving a bug report from release versions, can be translated with it The code being confused;Seeds.txt lists the class not being confused and member;Usage.txt is listed to be deleted from apk files Code.
5) select wherein suitable method respectively to count every ATTRIBUTE INDEX value, such as instruction implementation rate, controlling stream are complicated Degree, command sequence similarity, controlling stream graph similarity etc., the every ATTRIBUTE INDEX value of analysis and its change, to Proguard generation Code is obscured work and evaluated.
6) conclusion of rational evaluation can not be made to obscuring the overall aliasing effect of instrument based on every ATTRIBUTE INDEX Data-Statistics, The work validity of Code obfuscation instrument need to also be evaluated from the function point for obscuring instrument, ProGuard applied to Mainly there are following functions during Android in terms of Code obfuscation:Identifier renaming, class are encapsulated again, excessively heavy duty.
Evaluation metricses experiment of the present invention is as follows:
Table 1 is a kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares disclosed by the invention ATTRIBUTE INDEX value experimental result.
(1) implementation rate is instructed;
I is instructed for program attribute, instruction implementation rate can be introduced and portray its feature.Instruct implementation rate (IE):It is actual to perform Assembly instruction bar number account for the proportion of the assembly instruction bar number generated after all dis-assemblings.IsRepresent that what is produced after dis-assembling owns Instruction, i.e., all instructions obtained by static analysis;IdRepresent the instruction strip number actually performed in dynamic analysis process.Then Have
IE=Id/Is(1);
By to Hello.apk dis-assemblings, onClick (View) method in MainActivity classes being counted, wherein instructing Number totally 55, the instruction number being performed is 44, and from formula (1), instruction number I is performed before obscuringd=44, always instruct number Is=55, then have
IEprior=Id/Is=44/55=0.80;
Therefore the instruction implementation rate for trying to achieve the onClick before obscuring (View) method is 0.80.
After obscuring using ProGuard Hello projects, the mapping.txt files generated in project are checked, are sent out OnClick (View) methods are corresponding with obscuring cl classes onClick (View) in rear project in existing MainActivity classes.It is right again Hello_ProGuard.apk dis-assemblings, count on and instruct number totally 52 in cl classes in onClick (View) method, wherein being held Capable instruction strip number is 42, still from formula (1), and instruction number I is performed after obscuringd=42, total instruction number Is=52, in It is to have;
IElater=Id/Is=44/55=0.81;
Therefore try to achieve it and instruct implementation rate to be 0.81.
(2) controlling stream complexity;
Controlling stream circulation complexity is designated as V (G), and calculation formula is as follows:
V (G)=e-n+2 (2);
Wherein, e represents the quantity on side in controlling stream graph, and n represents the quantity of controlling stream graph interior joint.
Dis-assembling is carried out to Hello.apk and Hello_ProGuard.apk respectively using IDA Pro, obtains obscuring preceding work OnClick (View) methods and obscure in rear engineering onClick (View) method in cl classes in MainActivity classes in journey Controlling stream graph.
By statistics, the number on side is 10 in controlling stream graph before obscuring, and the number of node is 8, is understood to obscure by formula (2) Preceding side number e=10, interstitial content n=8, then has;
V(G)prior=e-n+2=10-8+2=4;
Therefore it is 4 to understand that onClick (View) method obscures preceding controlling stream complexity.The number for obscuring rear controlling stream graph side is 10, the number of node is 8, understands side number e=10, interstitial content n=8 after obscuring by formula (2), then has;
V(G)later=e-n+2=10-8+2=4;
Therefore it is still 4 to understand that onClick (View) method obscures rear controlling stream complexity.
(3) command sequence similarity;
Command sequence is in a program a kind of common structure, compares two unequal sequences of length using editing distance Row, the basic thought of algorithm is to be converted into the minimum operation for needing to carry out of another string to represent phase between the two by a string Like degree.If the editing distance between two sequences p and q is distance (p, q), it is using insertion, deletion and replacement etc. Minimal steps needed for p is converted into q by operation.Similarity between p and q can be defined as:
Sim (p, q)=1-distance (p, q)/max (p |, | q |) (3);
Dis-assembling is carried out to Hello.apk and Hello_ProGuard.apk respectively, wherein MainActivity classes are obtained Middle onClick (View) methods and the command sequence for obscuring onClick (View) method in rear cl classes.Remember MainActivity classes The command sequence of middle onClick (View) method is p, and the command sequence that note obscures onClick (View) method in rear cl classes is Q, by statistics, to will become q become with p it is just the same, it is necessary to q using delete 0 step, increase by 7 steps, replace 10 steps, therefore It is distance (p, q)=17 to understand the editing distance between two sequences p and q, is understood by formula (3) similar between p and q Degree sim (p, q)=1-distance (p, q)/max (| p |, | q |)=1-17/55=0.69.
(4) controlling stream graph similarity;
Controlling stream graph is usually the key object of program conversed analysis, passes through the otherness of comparison program code controlling stream graph The position of Obfuscating Algorithms transform code can be positioned, and obscure front and rear code similarity can using figure similarity-rough set method come Calculate.Make G, G1And G2All it is figure.If G1And G2In be respectively present a subgraph and G isomorphisms, then G is called G1And G2Public son Figure.If in the absence of public subgraphs more more than G interstitial content, G is called maximum public subgraph, is designated as G=mcs (G1, G2)。G1And G2Similarity Measure be:
sim(G1,G2)=| mcs (G1,G2)|/max(|G1|,|G2|) (4);
Tested from controlling stream complexity, obscure the control of onClick (View) method in preceding MainActivity classes Flow graph (is designated as G1) (it is designated as G with obscuring the controlling stream graph of onClick (View) method in rear cl classes2) automorphis, therefore public son Scheme G=mcs (G1, G2)=G1=G2, G is understood by formula (4)1With G2Similarity;
sim(G1,G2)=| mcs (G1,G2)|/max(|G1|,|G2|)=1.
(5) index analysis;
According to above-mentioned several experiments, obtain each evaluation attributes desired value and change is as shown in table 1.
By table it can be seen that the programmed instruction implementation rate obscured by ProGuard is almost unchanged, controlling stream complexity does not have Change, sequence of instructions shows certain change, the reduction of command sequence similarity.
The reduction of command sequence similarity reflect ProGuard can so that the programmed instruction after obscuring changes, one Determine that hiding original program function can be played a part of in degree;And instruct the change of implementation rate very little, thus it is speculated that by ProGuard compresses in itself, the effect of optimization function causes;And obscure with controlling stream does not have about difficult controlling stream complexity At all change, reflection ProGuard does not possess the ability that controlling stream is obscured really.The change of comprehensive several ATTRIBUTE INDEXs, almost Without substantially strong change, wherein changing somewhat obvious command sequence similarity can only also reflect to a certain extent ProGuard disguise abilities, so these ATTRIBUTE INDEXs are difficult to reflect the effective of ProGuard Code obfuscations work exactly Property.
To find out its cause, the Code obfuscation function of being primarily due to ProGuard is obscured for profile, and above-mentioned ATTRIBUTE INDEX Definitely can not effectively reflect the effect that profile is obscured, such as controlling stream complexity be obscure for controlling stream, algorithms of different Completely reverse effect has been possible in instruction implementation rate, therefore above-mentioned ATTRIBUTE INDEX is difficult to reflect ProGuard Code obfuscation works Make validity.In addition, nowadays needing to be investigated to the scientific of Code obfuscation evaluation work, reasonability, every ATTRIBUTE INDEX exists Effect substantially, but is specifically obscured instrument to some and integrally commented when being estimated for the algorithms of different of same type problem The science estimated, which is also lacked, to be convincingly demonstrated.
Function point experiment of the present invention is as follows:
Fig. 1-4 is function point experimental result picture, wherein, Fig. 1 is Hello.apk class formation figures, and Fig. 2 is Hello_ ProGuard.apk class formation figures, Fig. 3 is Hello.apk and Hello_ProGuard.apk class formation comparison diagrams, and Fig. 4 is The excessively heavily loaded design sketch of ProGuard.
Analysis, which is calculated, from above property value finds out that the Code obfuscation efficiency assessment index currently proposed can not be to obscuring work The overall aliasing effect of tool makes the conclusion of rational evaluation, therefore attempts below from the function point of instrument is obscured to Code obfuscation work The work validity of tool is evaluated.ProGuard mainly has following functions when applied to Android in terms of Code obfuscation:Mark Knowledge symbol renaming, class are encapsulated again, excessively heavy duty.Identifier renaming refers to use arbitrary name, such as " a ", " b ", to project In significant class and method carry out renaming work;Class is encapsulated again to be referred to all move the class in project under multistage catalogue Move under single level directory, Reseal the structure of class;Excessive heavy duty refers to reuse same name to name different functions Multiple methods.
(1) identifier renaming;
Still by taking Hello.apk and Hello_ProGuard.apk after ProGuard obscures as an example, it is entered respectively Row decompiling, directly observes its source code, evaluates obscuring work.
Hello.apk obtains class formation figure as shown in figure 1, Hello_ProGuard.apk passes through decompiling by decompiling Obtained class formation figure is as shown in Figure 2.
By contrasting two width figures, ProGuard application effect is analyzed, it is seen that ProGuard is effectively to class name, method name And variable name has carried out renaming, identifier renaming function have effectively achieved.
Picture after obscuring can also find out easily ProGuard identifier renaming is employed Hash rename and Overload Induction.The name of class, domain and method has been modified to the name of wide of the mark, such as class in figure Com.example.hello.Ma inActivity $ 1 name is modified to cl, and this belongs to Hash and renamed method;We may be used also To find the engineering after obscuring, there is method a () in A classes:Boolean、a(FragmentActivity):Void and a (StringAndroid FileDescriptorAndro id PrintWriterAndroid String[]):Void, this three Individual method is of the same name but parameter and return type are not all the same, of the same name but call and do not conflict, and the name in program is used into phase as far as possible With replace this to belong to Overload Induction method.
(2) class is encapsulated again;
The structure chart of front and rear Engineering is obscured in contrast, and contrast effect is as shown in Figure 3.Can substantially it be observed from comparison diagram mixed The Date classes under Person classes and com.jw.model bags before confusing under project com.example.hello bags are by mobile single-stage Under catalogue, upset the structure of former Engineering, it is to avoid attacker is analyzed class formation, understands developer's program thread, And project information is further obtained, realize encapsulating again for class.
(3) excessively heavy duty;
The structure of distinct methods in Hello_ProGuard.apk projects is observed, as shown in Figure 4.Can significantly it find There is the method for entitled a variable and entitled a in Hello_ProGuard.apk source codes in A classes and B classes, i.e., in different classes Middle method and variable are reused identical name renaming.Insignificant name is reused in inhomogeneity to be ordered again Name work, this further increases the difficulty that attacker reads code, realizes excessively heavily loaded function.
The above described is only a preferred embodiment of the present invention, being not the limit for making any other form to the present invention System, and any modification made according to technical spirit of the invention or equivalent variations, still fall within model claimed of the invention Enclose.

Claims (3)

1. a kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares, specific assessment method step is such as Under, it is characterised in that:
1) in ProGuard Android translation and compiling environment is integrated with, enable ProGuard and allow it to follow Ant or Eclipse Run together during compiling,<project_root>ProGuard.config is set to belong to in/default.properties files Property, path can be the relative path of absolute path or engineering root, if proguard.cfg files are placed on acquiescence Position is the root of engineering, can so specify its position: proguard.config=proguard.cfg;Or handle This document moves on to any position, then specifies absolute path:proguard.config=/path/to/proguard.cfg;
2) when the compiler under release patterns, either with ant release still with Eclipse export to Lead, compiling system all can check whether proguard.config attributes are set automatically, if configured, ProGuard will be It is packaged into before .apk files, automatically processes the bytecode of application program;
3) ProGuard start to be compressed the Java code in source code file file, optimize, obscure, preliminary examination;
4) after ProGuard end of runs, entitled proguard file can be generated, wherein there is following file: Dump.txt describes the internal structure between all class files in .apk files;Mapping.txt lists original class, method With field name and the mapping for obscuring offspring's intersymbol, when receiving a bug report from release versions, it can be turned over it Translate the code being confused;Seeds.txt lists the class not being confused and member;Usage.txt is listed to be deleted from apk files The code removed;
5) wherein suitable method is selected respectively to count every ATTRIBUTE INDEX value, the every ATTRIBUTE INDEX value of analysis and its change, Code obfuscation work to Proguard is evaluated;
6) conclusion of rational evaluation can not be made to obscuring the overall aliasing effect of instrument based on every ATTRIBUTE INDEX Data-Statistics, also The work validity of Code obfuscation instrument need to be evaluated from the function point for obscuring instrument.
2. a kind of mobile Internet App Code obfuscations test and appraisal side based on Proguard softwares according to claim 1 Method, it is characterised in that:Step 5 items ATTRIBUTE INDEX value include instruction implementation rate, controlling stream complexity, command sequence similarity, Controlling stream graph similarity.
3. a kind of mobile Internet App Code obfuscations test and appraisal side based on Proguard softwares according to claim 1 Method, it is characterised in that:The function that step 6 obscures instrument is encapsulated again including identifier renaming, class, excessively heavy duty.
CN201710237324.0A 2017-04-12 2017-04-12 A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares Pending CN107122662A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710237324.0A CN107122662A (en) 2017-04-12 2017-04-12 A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710237324.0A CN107122662A (en) 2017-04-12 2017-04-12 A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares

Publications (1)

Publication Number Publication Date
CN107122662A true CN107122662A (en) 2017-09-01

Family

ID=59724706

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710237324.0A Pending CN107122662A (en) 2017-04-12 2017-04-12 A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares

Country Status (1)

Country Link
CN (1) CN107122662A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107992725A (en) * 2017-12-29 2018-05-04 北京星河星云信息技术有限公司 A kind of code encryption, decryption method and device
CN109491695A (en) * 2018-10-19 2019-03-19 华南理工大学 A kind of increment updating method of integrated Android application
CN110135133A (en) * 2019-04-19 2019-08-16 肖银皓 A kind of integrated source code of compression towards microcontroller obscures method and system
CN118444917A (en) * 2024-03-29 2024-08-06 广东工业大学 LGF-Net-based code confusion effectiveness evaluation method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150493A (en) * 2013-02-28 2013-06-12 浙江中控技术股份有限公司 JavaScript code obfuscation method and device
CN104573426A (en) * 2015-01-06 2015-04-29 北京邮电大学 Confusing method and device of executable application

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150493A (en) * 2013-02-28 2013-06-12 浙江中控技术股份有限公司 JavaScript code obfuscation method and device
CN104573426A (en) * 2015-01-06 2015-04-29 北京邮电大学 Confusing method and device of executable application

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
王磊: "基于嵌套复杂度的控制混淆算法研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
赵玉洁等: "代码混淆算法有效性评估", 《软件学报》 *
马走日: "防反编译、混淆文件proguard.cfg与proguard-project.txt详解", 《博客园HTTPS://WWW.CNBLOGS.COM/DONGDONG230/P/4597119.HTML》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107992725A (en) * 2017-12-29 2018-05-04 北京星河星云信息技术有限公司 A kind of code encryption, decryption method and device
CN109491695A (en) * 2018-10-19 2019-03-19 华南理工大学 A kind of increment updating method of integrated Android application
CN109491695B (en) * 2018-10-19 2021-08-06 华南理工大学 Incremental updating method for integrated android application
CN110135133A (en) * 2019-04-19 2019-08-16 肖银皓 A kind of integrated source code of compression towards microcontroller obscures method and system
CN118444917A (en) * 2024-03-29 2024-08-06 广东工业大学 LGF-Net-based code confusion effectiveness evaluation method and system
CN118444917B (en) * 2024-03-29 2024-10-01 广东工业大学 LGF-Net-based code confusion effectiveness evaluation method and system

Similar Documents

Publication Publication Date Title
Luo et al. Semantics-based obfuscation-resilient binary code similarity comparison with applications to software and algorithm plagiarism detection
US8286251B2 (en) Obfuscating computer program code
CN107122662A (en) A kind of mobile Internet App Code obfuscation assessment methods based on Proguard softwares
CN108733379B (en) Android application reinforcement method based on DEX byte code extraction mapping confusion
Meyerovich et al. Object views: Fine-grained sharing in browsers
Balachandran et al. Potent and stealthy control flow obfuscation by stack based self-modifying code
Jain et al. Enriching reverse engineering through visual exploration of Android binaries
CN101986326A (en) Method and device for protecting software security
CN112231702B (en) Application protection method, device, equipment and medium
Sebastian et al. A study & review on code obfuscation
Rawat et al. Safe guard anomalies against SQL injection attacks
Park et al. Effects of Code Obfuscation on Android App Similarity Analysis.
CN113779578A (en) Intelligent confusion method and system for mobile terminal application
Coffman et al. ROP gadget prevalence and survival under compiler-based binary diversification schemes
CN104252594A (en) Virus detection method and device
CN104915594B (en) Application program operation method and device
Ceccato et al. Codebender: Remote software protection using orthogonal replacement
KR101557455B1 (en) Application Code Analysis Apparatus and Method For Code Analysis Using The Same
Masid et al. Application of the SAMA methodology to Ryuk malware
Niu et al. Clone analysis and detection in android applications
Peng et al. Control flow obfuscation based protection method for android applications
Chen Encapsulating antivirus (av) evasion techniques in metasploit framework
Banescu Characterizing the strength of software obfuscation against automated attacks
CN107180170A (en) A kind of Android APP are without shell reinforcement means
Groß et al. Protecting JavaScript apps from code analysis

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170901

RJ01 Rejection of invention patent application after publication