A kind of method of embedded device version file packing
Technical field
The present invention relates to firmware upgrade field, more particularly to a kind of method of embedded device version file packing.
Background technology
Firmware upgrade refers to, by special ROMPaq, the working procedure in hardware or source code are improved, made
It obtains compatibility, performance or raising functionally.
The security of firmware upgrade file (bin file) is the necessary condition of the security of embedded system, bin file
Integrality determines that embedded device upgrades success again.
Bin file encryption is exactly to being that the bin file of plaintext is handled by certain algorithm originally, is become unreadable
One section of code, commonly referred to as " ciphertext ", it can be just shown original content after corresponding key is inputted, pass through
Such approach reaches the purpose for protecting data not stolen illegally, read.
Bin file verification is to ensure the integrality of data, and initial data is calculated with a kind of algorithm specified
One check value.Recipient calculates a check value with same algorithm, if as the check value provided with data, explanation
Data are complete.
Prior art is general with the following method:Standard Linux kernel file kernel is generated after embedded system compiling
With rootfs root file system mirror images, and the image file that kernel and rootfs merges.Bin file is doing in general manufacturer
During packing, kernel and file system are simply merged into a file simply by cat orders or file read-write program, or
The image file that person is directly merged using the kernel and rootfs of compiling generation.When upgrading to embedded device, also it is
Kernel and file system are made simple copy in storage device and replaced, bin file is not encrypted and integrality
Verification.
Problems be present in prior art:
1. embedded device does not verify when upgrading to upgrade file
During compiling generation firmware, compiler can carry out MD5 verifications, and generation MD5 verifies file, but in above packing scheme
In, pack bin file when do not add MD5 check informations, will not also carry out MD5 check results to bin file during device upgrade
Comparison, so if the used bin file of upgrading damages in transmitting procedure, then in device upgrade, may result in
Upgrading failure, equipment can not normal operation.It is also possible to artificially be distorted, causes to have upgraded the firmware containing wooden horse.
2. kernel file does not remove mark
File used in upgrading does not carry out mark operation in packing to kernel file, i.e., no to remove kernel identification,
Kernel file is easily identified and malice is distorted.
3. upgrading bin file used does not use AES to be encrypted
When firmware used in upgrading is packed, and AES is not used firmware is encrypted, malice be present and crack and usurp
The risk changed.
4. a pair embedded device whole module all carries out updating operation
The respective modules in the original module and bin file of embedded device are not compared during upgrading, but entirely
Portion's module is all upgraded, if a certain module is not changed in redaction, unnecessary module upgrade is produced, when wasting upgrading
Between.
The content of the invention
In view of this, it is an object of the invention to provide a kind of method of embedded device version file packing, solve
Embedded device upgrading bin file, which maliciously cracks bin file when distorting and upgrading, which does not carry out completeness check, causes upgrading to be lost
The risk lost.
To achieve the above object, the present invention adopts the following technical scheme that:
A kind of method of embedded device version file packing, it is characterised in that comprise the following steps:
Step S1:Embedded system is cut, and standard Linux kernel file and rootfs file system mirrors are generated after compiling
Picture;
Step S2:Mark operation is carried out to standard Linux kernel file;
Step S3:Packing bin file simultaneously carries out CRC check calculating, the CRC check that will be obtained to the bin file after packing
Value write-in bin file afterbody.
Further, the specific method of the step S2 is as follows:To standard Linux kernel caused by different cutting demands
File is contrasted, and removes the same section on standard Linux kernel file head.
Further, algorithm for encryption is encrypted during packing bin file in the step S3.
Further, the specific method of the encryption is as follows:When being packed to bin file, AES and life are first determined
Into encryption key, then the modules of bin file are encrypted respectively using the encryption key, and the version of encryption is believed
Breath is stored in the file header of bin file, and encryption key is stored in being locally stored of embedded device.
Further, the modules of the bin file include file header, standard Linux kernel file and rootfs texts
Part system image and default configuration module.
Further, the AES is md5 encryption algorithm.
Further, the specific method that CRC check calculates in the step S3 is as follows:Using 32 Cyclic Redundancy Algorithms,
With binary data t (x) divided by generator polynomial g (x) to be packed, last remainder is as CRC check value, by result of calculation
Write bin file afterbody.
The present invention has the advantages that compared with prior art:
1st, definitive document of the invention eliminates the mark of standard Linux kernel file, prevents file to be cracked;
2nd, the present invention splits the file into multiple modules and is encrypted respectively;
3rd, the present invention can be with achievement unit decilitre level, the result generation MD5 after the module to be upgraded encryption, and is stored in equipment
In, do not upgrade if MD5 digest is identical, only upgrade the different module of MD5 comparison results.
Brief description of the drawings
Fig. 1 is the packing flow chart of the present invention.
Fig. 2 is the unpacking flow chart of the present invention.
Fig. 3 is the structural representation of bin file.
Embodiment
Below in conjunction with the accompanying drawings and embodiment the present invention will be further described.
Fig. 1 is refer to, the present invention provides a kind of method of embedded device version file packing, it is characterised in that including
Following steps:
Step S1:Embedded system is cut, and standard Linux kernel file and rootfs file system mirrors are generated after compiling
Picture;
Step S2:In order to prevent standard Linux kernel file identified and maliciously distort, first to standard Linux kernel
File carries out mark operation;Specific method is as follows:Standard Linux kernel file caused by different cutting demands is carried out pair
Than the content for finding the top of file fixed byte size of all standard Linux kernel files is duplicate, therefore can
To remove the same section on standard Linux kernel file head, reach the purpose of criterion of failure linux kernel file structure, it
Afterwards during device upgrade, the identical portions intercepted out are grouped go back to standard Linux kernel file head, reduce full standard
Linux kernel file, preliminary realize prevent that standard Linux kernel file from being identified easily.
Step S3:Packing bin file, in order to ensure embedded device upgrades integrality of the bin file in transmitting procedure,
CRC check calculating is carried out to the bin file after packing, the CRC check calculates and uses 32 Cyclic Redundancy Algorithms, with to be packed
Result of calculation is write bin texts by binary data t (x) divided by generator polynomial g (x), last remainder as CRC check value
Part afterbody;In device upgrade, the CRC check value of bin file afterbody is taken out, then CRC calculating is carried out to the bin file, is calculated
Method is identical with computational methods during packing, and packing is in order to bin file with unpacking bin file to carry out CRC check
Integrality is compared, if check results during device upgrade are consistent with the crc value that bin file afterbody takes out, the bin file
Do not damage, can normally be upgraded in transmitting procedure.
Distort to prevent the bin file of higher level malice from cracking, carried out in the step S3 when packing bin file
AES is encrypted, and algorithm is md5 encryption algorithm, is encrypted using system bottom MD5 interfaces.Specific method is as follows:Right
When bin file is packed, first determine AES and generate encryption key, then using the encryption key to each of bin file
Module is encrypted respectively, and the version information of encryption is stored in the file header of bin file, and encryption key is stored in insertion
In being locally stored of formula equipment;When embedded device upgrades, CRC check is first carried out, decruption key is then obtained in slave unit,
The modules of bin file are decrypted, can be upgraded after the completion of decryption.
The structure of bin file is illustrated in figure 3, the modules include file header, standard Linux kernel file
Kernel and rootfs file system mirrors and default configuration module, additionally include the check value that CRC check is calculated.Its
The version number of the bin file, the version information of encryption, and standard Linux kernel file, rootfs text are recorded in middle file header
The skew and size of part system image and default configuration module in bin file.
In order to allow those skilled in the art to more fully understand technical scheme, enter traveling one below in conjunction with unpacking process
Step is introduced:
Fig. 2 is refer to, when embedded device is upgraded using bin file, after CRC check is errorless, according to file header
The offset information of middle record isolates modules from bin file.Before being upgraded for the first time using bin file, in equipment not
Can there be the result of calculation that modules carry out MD5 algorithms, upgrading for the first time can all upgrade to modules, and upgrade
During by the MD5 result of calculations of modules be stored in equipment local.When being upgraded for the second time and later using bin file,
After modules are isolated from bin file, MD5 algorithm calculating is carried out to modules, result of calculation and last time are set
The MD5 digest information that equipment local respective modules are stored in during standby upgrading is compared, if unanimously, the module is in new edition
Do not changed in this bin file, it is not necessary to upgrade, if comparison result is inconsistent or embedded device in storage it is corresponding
The MD5 files of module, then the module is decrypted, and upgrades the module, and the MD5 digest information of the module is stored in into insertion
Formula equipment is local, is used for upgrading contrast next time.The program can reduce unnecessary module upgrade, avoid upgrading to lose as far as possible
Losing causes the risk of unit exception, can also save update time.
The foregoing is only presently preferred embodiments of the present invention, all equivalent changes done according to scope of the present invention patent with
Modification, it should all belong to the covering scope of the present invention.