CN107341403A - A kind of document conversion method and device - Google Patents
A kind of document conversion method and device Download PDFInfo
- Publication number
- CN107341403A CN107341403A CN201710607870.9A CN201710607870A CN107341403A CN 107341403 A CN107341403 A CN 107341403A CN 201710607870 A CN201710607870 A CN 201710607870A CN 107341403 A CN107341403 A CN 107341403A
- Authority
- CN
- China
- Prior art keywords
- file
- angr
- android
- analysis
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/151—Transformation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The invention discloses a kind of document conversion method and device, applied in binary file analytical framework angr, including:Obtain the dex files of Android applications to be detected;The dex files are converted to the first file of the binary format that the angr frameworks are supported;First file is loaded into the angr frameworks and semiology analysis analysis is carried out to first file, is applied according to the semiology analysis analysis result auxiliary judgment Android to be detected and whether there is leak.The technical scheme of the embodiment of the present invention carries out conversion process by the executable file applied to Android, angr frameworks can be loaded successfully into, the Hole Detection based on semiology analysis is carried out to Android applications using angr, so as to provide new solution for Android application Hole Detections, ensure the security of Android applications.
Description
Technical field
The present invention relates to field of information security technology, and in particular to a kind of document conversion method and device.
Background technology
With the development of Internet technology and mobile terminal technology, mobile terminal safety problem and potential safety hazard are also cured therewith
Come more serious.The mobile terminal of android system is especially mounted with, based on the opening of android system source code, it is opened
Risk existing for the application program of hair is even more to receive much concern.Although android system also has well-designed security system,
Attacker still can bypass some preventing mechanisms using leak.
Due to this characteristic, a large amount of malicious codes and security incident often deploy around security breaches, it can be seen that safety
Leak is the key factor for influenceing Android securities, and how effectively to excavate the security breaches of android system, is technology
The technical problem for the urgent need to resolve that personnel face.
The content of the invention
The invention provides a kind of document conversion method and device, is excavated with the security breaches to android system,
Enhancing is mounted with the security of the mobile terminal of android system, and protection privacy of user data exempt from attacker and stolen.
According to an aspect of the invention, there is provided a kind of document conversion method, applied to binary file analytical framework
In angr, including:
Obtain the dex files of Android applications to be detected;
The dex files are converted to the first file of the binary format that the angr frameworks are supported;
First file is loaded into the angr frameworks and semiology analysis analysis is carried out to first file, according to
Android described in the semiology analysis analysis result auxiliary judgment, which is applied, whether there is leak.
According to another aspect of the present invention, there is provided a kind of file conversion device, applied to binary file analysis block
In frame angr, including:
File acquisition module, for obtaining the dex files of Android applications to be detected;
File modular converter, for the dex files to be converted into the of binary format that the angr frameworks support
One file;
Determining module is detected, for loading first file into the angr frameworks and first file being carried out
Semiology analysis is analyzed, and is applied according to Android described in the semiology analysis analysis result auxiliary judgment and be whether there is leak.
The beneficial effects of the invention are as follows:The document conversion method and device of the embodiment of the present invention, applied to binary file
In analytical framework angr, by obtaining the dex files of Android applications to be detected, dex files are converted into angr frameworks and supported
Binary format the first file, then load the first file and semiology analysis point carried out to the first file into angr frameworks
Analysis, applied according to semiology analysis analysis result auxiliary judgment Android to be detected and whether there is leak.In this way, solve due to
Existing angr frameworks do not support the byte code files of Android applications and then angr frameworks can not be utilized to enter Android applications
The problem of row semiology analysis is analyzed.Moreover, the Hole Detection for Android applications provides new solution, peace is enhanced
The security of the mobile terminal of android system is filled, protection privacy of user data, which exempt from, to be stolen and reveal, and improves mobile terminal
Consumer's Experience.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of document conversion method of one embodiment of the invention;
Fig. 2 is the file acquisition schematic flow sheet of one embodiment of the invention;
Fig. 3 is the schematic flow sheet of APK file conversion;
Fig. 4 is the flow path switch schematic diagram of dex files;
Fig. 5 is a kind of structured flowchart of file conversion device of one embodiment of the invention.
Embodiment
The design concept of the present invention is:Angr frameworks can carry out semiology analysis point to different types of binary file
Analysis, its loader can load polytype binary file, and can be known automatically according to the type of binary file
The other and suitable rear end loader of matching.But due to the particularity of Android bytecodes, (that is, Android bytecodes operate in
Different from Java in Dalvik virtual machine, Java bytecode is operated in JVM virtual machines), the loader of angr frameworks can not be known
The executable file of other Android applications, i.e. the executable file dex files of Android applications can not successfully be added by angr
Carry.Presence for these reasons, cause angr frameworks can not carry out semiology analysis analysis to Android applications and then can not examine
Survey Android and apply and whether there is leak.
The embodiment of the present invention by handling the executable file that Android is applied, can mainly succeed
Angr frameworks are loaded into, so that angr can be applied to the android system of mobile terminal, it are carried out to be based on semiology analysis
Hole Detection, help to lift the security of android system.
For ease of understanding, several technical terms in the embodiment of the present invention are briefly described here.
Angr frameworks:Angr is binary system automated analysis framework, wherein being integrated with many Binary analysis technologies, is possessed
To the dynamic symbol executive capability and static analysis ability of binary program.Angr is initially the back door being used in finder,
It can apply to leak analysis field now.Angr is based on Python frameworks, its compatibility preferably, while support it is cross-platform, across
Framework, a variety of binary files can be analyzed at present.
Semiology analysis:Semiology analysis is that a kind of code performs space traversal technology, software security, malicious code analysis,
There is important application in the fields such as program debugging.Semiology analysis is to replace program variable with abstract symbol, according to the semanteme of program,
Semantic operation is done to abstract symbol etc. by sign computation engine on per paths, simulation program performs.Semiology analysis was divided into
Analysis and interprocedural analysis in journey, performed based on whether actual execution can also be divided into static symbol execution with dynamic symbol.
Angr frameworks semiology analysis includes four parts:The loading tool of substantially any binary file can be loaded;Will
Binary file is converted to the crossover tool of intermediate language;The semiology analysis instrument and about of semiology analysis is carried out to intermediate language
Beam solves instrument.
Android is applied:Android is a kind of freedom based on Linux and the operating system of open source code, is mainly made
For mobile device, such as smart mobile phone and tablet personal computer.Android applications refer to the application for running on Android operation system
Program, including system application and common application.
Fig. 1 is a kind of schematic flow sheet of document conversion method of one embodiment of the invention, referring to Fig. 1, the present embodiment
Document conversion method, applied in binary file analytical framework angr, including:
Step S101, obtain the dex files of Android applications to be detected;
Dex is Dalvik VM executes abbreviation, and dex is that (Dalvik virtual machine) is held in Android platform
Style of writing part, equivalent to the exe files in windows platform, there is dex literary in each APK (Android Package) installation kit
Part, the inside contain all source codes of the application, and corresponding Java source codes can be got by decompiling instrument.
Step S102, the dex files are converted to the first file of the binary format that the angr frameworks are supported;
Step S103, first file is loaded into the angr frameworks and semiology analysis is carried out to first file
Analysis, applied according to Android described in the semiology analysis analysis result auxiliary judgment and whether there is leak.
Understand as shown in Figure 1, the document conversion method of the present embodiment, obtain the dex files of Android applications, by dex texts
Part is converted to the first file of the binary format of angr frameworks support, and is loaded into angr frameworks, and the first file is carried out
Semiology analysis is analyzed, and is applied according to semiology analysis analysis result auxiliary judgment Android to be detected and be whether there is leak.Solve
Angr frameworks can not identify the executable file of Android applications at present, can not carry out semiology analysis analysis to Android applications
The problem of, the Hole Detection for Android applications provides new solution, helps to lift the security of Android applications,
Avoid the privacy of user data of Android mobile terminal from being stolen by attacker, improve the Consumer's Experience of Android mobile terminal.
The document conversion method of the embodiment of the present invention is specifically described with reference to Fig. 2 to Fig. 4.
For existing angr frameworks can not load Android application executable file deficiency, the present embodiment according to
The characteristics of Android codes, propose a kind of conversion method of the executable file for Android applications, i.e. to Android
The executable file of application enters row format conversion.
Specifically, referring to Fig. 2, first, an Android application to be detected is obtained;
Then, file conversion generation exe executable files are carried out to Android applications.
Because exe executable files are the binary file formats that angr frameworks are supported, so as to which Android is applied
Corresponding exe executable files are loaded into angr frameworks.
Finally, semiology analysis analysis is carried out to exe executable files based on angr frameworks, and then auxiliary judgment is to be detected
Android, which is applied, whether there is leak.
File conversion is the emphasis of the present embodiment, followed by illustrating.
Referring to Fig. 3, first, the APK file of Android applications is obtained;APK file is Android peaces in android system
Dress bag.
Secondly, after APK file is obtained, decompression is carried out to it by APK instruments, obtains one completely
Android projects.It should be noted that it is exemplified by carrying out decompression to APK file by APK instruments in the present embodiment
What is carried out is schematically illustrated, but not limited to this, and decompression can be carried out to APK file using any in practical application
Instrument.
Referring to Fig. 3, decompressing the Android projects obtained afterwards mainly includes META-INF files, res files, XML texts
Part, dex files and arsc files.
Wherein, META-INF files are APK signature files, for ensureing the security of the integrality of APK bags and system.
Res files are used for depositing the various resource files of Android projects, and different resource files is stored in difference
Catalogue in.There is next stage catalogue again under res catalogues, for example, the mainly layout catalogues of storage topology file, mainly deposit dish
The menu catalogues of monofile, the values catalogues of the main resource file for depositing application program acquiescence.
XML file is primarily referred to as AndroidManifest.xml, and AndroidManifest.xml is Android applications
Global configuration file.
Arsc files are used for depositing the Binary Resources file after compiling, and record the mapping of resource file and resource ID
Relation.
Dex files are the Dalvik byte code files of compiling generation, and it can only run on Dalvik virtual machine, and
Dalvik virtual machine and Java Virtual Machine are simultaneously incompatible.
Finally, dex files are extracted from obtained Android projects.
That is, being that executable file dex files are extracted from Android projects in the present embodiment subsequently to enter
Row conversion process.
After dex files are obtained, referring to Fig. 4, dex files are illustrated in Fig. 4 to the executable file of Windows systems
The flow path switch of exe files.That is, be converted to by jar file that dex files are decompiled into Java and then by jar file
The executable file exe files of Windows systems.
File conversion shown in Fig. 4 can segment decompiling and recompilate two parts again.
Decompiling is that Android executable file dex file reverses are compiled as to initial Java file bags, i.e. will
Classes.dex changes into jar file.
Instrument used in this part is dex2jar, and dex2jar is a for the anti-of Android platform dex files
Compilation tool., can be under although not being the Java code file of standard by the jar file obtained after decompiling
The recompility of one step compiles it as exe files.
Recompility is that the jar file compiling obtained by previous step is converted to the executable file in Windows systems
Exe files.
Instrument used in this part is jar2exe, and the operation principle of jar2exe instruments is started using JNI interfaces
Java Virtual Machine, and other Premium Features are provided on this basis, jar2exe can generate Console program, Windows windows
The executable file of program and Windows NT service routine three types.By using control during recompility
Platform program can realize the conversion from jar file to exe executable files.
Executable file exe files in Windows systems can be loaded directly into angr frameworks, afterwards in angr frameworks
It is upper to carry out follow-up semiology analysis analysis.
Next the semiology analysis analysis process on angr frameworks is briefly described.
Angr frameworks are integrated with some existing leak analysis technologies, while different work(is realized using different modules
Can, therefore, it can be easy to be compared existing analytical technology, and the advantage of different analytical technologies can be utilized.
Its brief processing procedure is:First, binary program (for example, the exe shown in Fig. 4 performs file) is loaded into
In angr frameworks;The code of binary file is converted into intermediate language (Intermediate Representation, letter again
Claim IR);Then further analysis program, analysis is performed including the static analysis to program or dynamic symbol.
Angr mainly includes following module:
Binary program load-on module (CLE), a binary program is loaded into analysis platform by it, including
Exe executable files;
Intermediate representation module (IR), binary code is translated into intermediate language, in-between language VEX allows angr to exist
Binary program is analyzed on different frameworks;
Program state represents module (SimuVEX), the state of representation program, and the SimState in SimuVEX is realized
The set of one group of state plug-in unit, such as register, abstract internal memory and symbol internal memory, the state of these plug-in units can be by user
Specify;
Data model module (Claripy), it provides for the value that is stored in SimState register or memory and taken out
As representing;
Whole program analysis module, get up to allow angr to carry out complicated and complete program all block combiners
Analysis.
Wherein, binary program load-on module (CLE) is the entrance of angr frameworks, by CLE modules, can be implemented this
The exe executable files that the byte code files dex files of the Android applications of example are converted into are loaded into angr frameworks and carried out subsequently
Semiology analysis analysis.
Semiology analysis can find essential restriction relation between variable in the data dependence relation of complexity, be passed than stain
The methods of broadcasting analysis and fuzz testing precision is high, and this accurate variable algebraic relation can help the inherence of prehension program to patrol
Volume;During simulation program is run, semiology analysis can also accurately record constraints all on execution route, Ke Yiti
The accuracy that path Reachability question judges in high control flow analysis.
It should be noted that the semiology analysis analysis based on angr frameworks is prior art, thus will answered by Android
The exe executable files that byte code files dex files are converted into are loaded into the analysis of the semiology analysis after angr frameworks can be with
Referring to prior art, repeat no more here.
Fig. 5 is a kind of structured flowchart of file conversion device of one embodiment of the invention, referring to Fig. 5, the present embodiment
File conversion device 500, applied in binary file analytical framework angr, including:
File acquisition module 501, for obtaining the dex files of Android applications to be detected;
File modular converter 502, for the dex files to be converted into binary format that the angr frameworks support
First file;
Determining module 503 is detected, for loading first file into the angr frameworks and to first file
Semiology analysis analysis is carried out, is applied according to Android described in the semiology analysis analysis result auxiliary judgment and whether there is leak.
In one embodiment, file acquisition module 501, the installation kit applied specifically for obtaining Android to be detected
APK file, decompress the APK file and extract dex files therein.
In one embodiment, file modular converter 502, Java archive text is obtained specifically for dex files described in decompiling
Part jar file;Recompilate the jar file and obtain the exe files of binary format.
It should be noted that the file conversion device of the present embodiment is relative with the document conversion method in previous embodiment
Answer, therefore, the course of work of file conversion device may refer to the explanation in preceding method embodiment in the present embodiment, herein
Repeat no more.
In summary, the document conversion method of the embodiment of the present invention and device realize enters style of writing for Android applications
Part is changed, and the executable file exe Android byte code files dex applied being converted under windows platform, is loaded into
The beneficial effect of follow-up semiology analysis analysis is carried out in angr frameworks.Angr frameworks are solved because can not be to android system
Installation kit APK file and executable file dex import and read and the application program of android system can not be accorded with
The problem of number performing analysis, and then aiding in carrying out Hole Detection, help to improve the reliability and security of android system.
The foregoing is only a specific embodiment of the invention, under the above-mentioned teaching of the present invention, those skilled in the art
Other improvement or deformation can be carried out on the basis of above-described embodiment.It will be understood by those skilled in the art that above-mentioned tool
The purpose of the present invention is simply preferably explained in body description, and protection scope of the present invention is defined by scope of the claims.
Claims (6)
- A kind of 1. document conversion method, it is characterised in that applied in binary file analytical framework angr, including:Obtain the dex files of Android applications to be detected;The dex files are converted to the first file of the binary format that the angr frameworks are supported;First file is loaded into the angr frameworks and semiology analysis analysis is carried out to first file, according to described Android described in semiology analysis analysis result auxiliary judgment, which is applied, whether there is leak.
- 2. document conversion method according to claim 1, it is characterised in that described to obtain Android applications to be detected Dex files include:The installation kit APK file of Android applications to be detected is obtained, the APK file is decompressed and extracts dex texts therein Part.
- 3. document conversion method according to claim 2, it is characterised in that the dex files are converted into the angr First file of the binary format that framework is supported includes:Dex files described in decompiling obtain Java archive file jar file;Recompilate the jar file and obtain the executable file exe files of binary format.
- A kind of 4. file conversion device, it is characterised in that applied in binary file analytical framework angr, including:File acquisition module, for obtaining the dex files of Android applications to be detected;File modular converter, for the dex files to be converted to the first text of the binary format that the angr frameworks are supported Part;Determining module is detected, for loading first file into the angr frameworks and carrying out symbol to first file Analysis is performed, is applied according to Android described in the semiology analysis analysis result auxiliary judgment and whether there is leak.
- 5. file conversion device according to claim 4, it is characterised in thatThe file acquisition module is specifically used for, and obtains the installation kit APK file of Android applications to be detected, described in decompression APK file simultaneously extracts dex files therein.
- 6. file conversion device according to claim 5, it is characterised in thatThe file modular converter, Java archive file jar file is obtained specifically for dex files described in decompiling;Again compile Translate the jar file and obtain the executable file exe files of binary format.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710607870.9A CN107341403B (en) | 2017-07-24 | 2017-07-24 | File conversion method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710607870.9A CN107341403B (en) | 2017-07-24 | 2017-07-24 | File conversion method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107341403A true CN107341403A (en) | 2017-11-10 |
| CN107341403B CN107341403B (en) | 2020-11-27 |
Family
ID=60216589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710607870.9A Active CN107341403B (en) | 2017-07-24 | 2017-07-24 | File conversion method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107341403B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115454575A (en) * | 2022-09-28 | 2022-12-09 | 广州市保伦电子有限公司 | Method, device, equipment and storage medium for conversion and automatic loading of jar package |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN105279078A (en) * | 2014-06-24 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Method and device for detecting security hole |
| CN106709356A (en) * | 2016-12-07 | 2017-05-24 | 西安电子科技大学 | Static taint analysis and symbolic execution-based Android application vulnerability discovery method |
-
2017
- 2017-07-24 CN CN201710607870.9A patent/CN107341403B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105279078A (en) * | 2014-06-24 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Method and device for detecting security hole |
| CN104484607A (en) * | 2014-12-16 | 2015-04-01 | 上海交通大学 | Universal method and universal system for performing safety testing on Android application programs |
| CN106709356A (en) * | 2016-12-07 | 2017-05-24 | 西安电子科技大学 | Static taint analysis and symbolic execution-based Android application vulnerability discovery method |
Non-Patent Citations (1)
| Title |
|---|
| 颜慧颖等: "基于符号执行的Android原生代码控制流图提取方法", 《网络与信息安全学报》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115454575A (en) * | 2022-09-28 | 2022-12-09 | 广州市保伦电子有限公司 | Method, device, equipment and storage medium for conversion and automatic loading of jar package |
| CN115454575B (en) * | 2022-09-28 | 2023-08-15 | 广东保伦电子股份有限公司 | jar packet conversion and automatic loading method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107341403B (en) | 2020-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10579498B2 (en) | Debugging tool for a JIT compiler | |
| Arnatovich et al. | A comparison of android reverse engineering tools via program behaviors validation based on intermediate languages transformation | |
| US10614227B2 (en) | Method and system for identifying functional attributes that change the intended operation of a compiled binary extracted from a target system | |
| Yadavalli et al. | Raising binaries to LLVM IR with MCTOLL (WIP paper) | |
| US9207920B2 (en) | Systems and methods for remote analysis of software applications | |
| CN103413075A (en) | Method and device for protecting JAVA executable program through virtual machine | |
| CN103778373A (en) | Virus detection method and device | |
| CN113961919B (en) | Malicious software detection method and device | |
| CN110333872B (en) | Application processing method, device, equipment and medium | |
| Wallentowitz et al. | Potential of webassembly for embedded systems | |
| Casset | Development of an embedded verifier for java card byte code using formal methods | |
| CN108228312A (en) | The system and method that code is performed by interpreter | |
| Hamadouche et al. | Virus in a smart card: Myth or reality? | |
| US10606569B2 (en) | Declarative configuration elements | |
| CN107341403A (en) | A kind of document conversion method and device | |
| EP4089527B1 (en) | Deterministic memory allocation for real-time applications | |
| CN115374017A (en) | Method for capturing site during simulation running of executable file and computing equipment | |
| Kothari et al. | Human-machine resolution of invisible control flow? | |
| Deitel et al. | Java SE 8 for programmers | |
| CN114090964A (en) | Code processing method and device, electronic equipment and readable medium | |
| Crincoli et al. | Code reordering obfuscation technique detection by means of weak bisimulation | |
| Troost | A testing tool visualizing and ensuring data-flow coverage | |
| CN114253526A (en) | Online pricing method, device, equipment and storage medium | |
| Jang et al. | Fuzzability Testing Framework for Incomplete Firmware Binary | |
| Dill | Automating Mobile Device File Format Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |