CN108509772B - Source code reinforcement method and device based on execution sequence and single-point logic - Google Patents
Source code reinforcement method and device based on execution sequence and single-point logic Download PDFInfo
- Publication number
- CN108509772B CN108509772B CN201810146606.4A CN201810146606A CN108509772B CN 108509772 B CN108509772 B CN 108509772B CN 201810146606 A CN201810146606 A CN 201810146606A CN 108509772 B CN108509772 B CN 108509772B
- Authority
- CN
- China
- Prior art keywords
- code
- code block
- source code
- preset
- jump
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000002787 reinforcement Effects 0.000 title claims description 12
- 230000006870 function Effects 0.000 claims abstract description 28
- 238000003860 storage Methods 0.000 claims description 14
- 238000003780 insertion Methods 0.000 claims description 5
- 230000037431 insertion Effects 0.000 claims description 5
- 239000003550 marker Substances 0.000 claims description 4
- 230000003014 reinforcing effect Effects 0.000 abstract description 23
- 238000004458 analytical method Methods 0.000 abstract description 22
- 238000004590 computer program Methods 0.000 description 13
- 238000005336 cracking Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 12
- 230000003068 static effect Effects 0.000 description 11
- 230000002265 prevention Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000005728 strengthening Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The application discloses a source code reinforcing method and device based on execution sequence and single-point logic, which can divide an original source code into a plurality of code blocks based on the skip logic of the original source code of an application program during compiling or running; establishing a jump table representing the execution sequence of the code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is the address of the reinforced second source code in the internal memory during compiling or running, and the code block mark is used for accessing the address of the corresponding code block; realizing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code; and carrying out fuzzy processing on the condition variable in the function of the first source code by using the opaque predicate to obtain the reinforced second source code. The method and the device can improve the anti-reverse analysis capability.
Description
Technical Field
The present application relates to the field of software security technologies, and in particular, to a method and an apparatus for source code reinforcement based on execution order and single-point logic.
Background
At present, technologies such as mobile internet, internet of things and internet of vehicles are developed at a high speed, the number of terminals is more and more, and application programs installed in the terminals are more and more, so that great convenience is brought to work and life of people. Some important information is generated in the running process of the application program, which causes great interest to attackers, so that the important information is at risk of being leaked.
At present, attackers often use static analysis tools such as disassembling and decompiling to reversely analyze and crack source codes of application programs to obtain execution logic of the application programs, so that important information generated in the running process of the application programs is illegally stolen and tampered.
For the risks, in the prior art, the source code of the application program is often confused, so that the anti-reverse analysis capability of the source code is improved, and the risk that important information generated in the running process of the application program is leaked is reduced. However, the existing source code obfuscation methods such as control flow flattening still have the risk of being cracked, and the anti-reverse analysis capability of the source code still needs to be improved.
Disclosure of Invention
The embodiment of the application provides a source code reinforcing method and device based on an execution sequence and single-point logic, so that the anti-reverse analysis capability of a source code is improved.
In a first aspect, a method for source code hardening based on execution order and single-point logic is provided, the method comprising:
splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
establishing a jump table representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
implementing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code;
and carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain the reinforced second source code.
In a second aspect, an apparatus for source code reinforcement based on execution order and single point logic is provided, including:
the code block splitting module is used for splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
a jump table establishing module, configured to establish a jump table representing an execution sequence of the multiple code blocks based on a jump logic of the original source code during compiling or running, where a correspondence between a code block flag and an address of a code block is stored in the jump table; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
a first reinforcement module, configured to implement a skip logic between code blocks of the original source code by using code block flags in the skip list, so as to generate a reinforced first source code;
and the second reinforcing module is used for carrying out fuzzy processing on the condition variable in the function of the first source code by using the opaque predicate to obtain the reinforced second source code.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect.
In a fourth aspect, the present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method according to the first aspect.
According to the at least one technical scheme adopted by the embodiment of the application, the original source code of the application program can be split into a plurality of code blocks based on the jump logic of the original source code during compiling or running; establishing a jump table representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block; implementing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code; and carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain the reinforced second source code. On one hand, the jump logic between the code blocks of the original source code is realized through the code block marks in the jump table, so that the execution sequence of the original source code can be hidden; on the other hand, the condition variables in the source code are subjected to fuzzy processing by using the opaque predicate, so that the difficulty in breaking the reinforced source code can be increased, and the anti-reverse analysis capability of the source code can be further improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a flowchart illustrating a specific implementation manner of a source code strengthening method based on execution order and single-point logic according to an embodiment of the present application;
FIG. 2 is a detailed flow chart of step 103 in the embodiment shown in FIG. 1;
fig. 3 is a schematic structural diagram of a specific implementation manner of a source code reinforcing apparatus based on an execution sequence and single-point logic according to an embodiment of the present application;
FIG. 4 is a detailed structural diagram of the module 303 in the embodiment shown in FIG. 3;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In order to improve the capability of preventing the source code from being analyzed reversely, embodiments of the present application provide a method and an apparatus for reinforcing the source code based on an execution sequence and single-point logic, which are described below separately.
It should be noted that, an execution subject implementing the method and apparatus for reinforcing source code based on execution order and single-point logic provided in the embodiments of the present application may be a client or a server, and the embodiments of the present application do not limit the specific implementation subject implementing the method and apparatus.
The following first describes a source code strengthening method based on execution order and single-point logic according to an embodiment of the present application.
As shown in fig. 1, a method for reinforcing source code based on execution order and single-point logic provided in an embodiment of the present application may include the following steps:
The application program may be a target application program that needs to be protected.
A code block, as may be understood, is a piece of code in source code that can be executed sequentially, starting with the jump logic and ending with the jump logic, typically bracketed by a curly brace "{ }".
For example:
of course, in some cases, the code blocks may not be enclosed by curly brackets.
More specifically, the code block may be a code segment corresponding to a jump statement in the original source code, for example, the code block 1 and the code block 2 corresponding to the if statement and the else statement in the above example respectively.
Wherein, the jump statement may include: any one of a loop statement, a conditional statement, a return statement, and an end statement. The loop statement may include, for example: while, do-while, for/in, etc. The conditional statement may include, for example: if/else, switch/case, etc. The return statement may be, for example, a return statement. The end statement may be, for example, a break statement. Furthermore, the jump sentence may also include goto, continue, etc. sentences.
It should be understood that the above statements such as the loop statement, the conditional statement, the return statement, and the end statement are only examples of the jump statement, and do not constitute a limitation to the embodiments of the present application.
102, establishing a jump table for representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running.
The jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced source code is compiled or run, and the code block mark is used for accessing the address of the corresponding code block.
In the case of following the example given in step 101, for example, the array address _ array [3] { address of code block 1, address of code block 2, address of code block 3 } may be stored as a skip table, that is, the correspondence between the array element "address _ array [0 ]" and "address of code block 1", the correspondence between the array element "address _ array [1 ]" and "address of code block 2", and the correspondence between the array element "address _ array [2 ]" and "address of code block 3" may be stored in the skip table. Accordingly, the array element "address _ array [0 ]" may serve as a first code block flag for accessing an address of the "code block 1" in the memory, the array element "address _ array [1 ]" may serve as a first code block flag for accessing an address of the "code block 2" in the memory, and so on, and the description will not be described in detail herein.
And 103, implementing the jump logic between the code blocks of the original source code through the code block marks in the jump table to generate the reinforced source code.
In one embodiment, as shown in fig. 2, the step 103 may include:
The first code block, may be a target code block that needs to hide or obfuscate its execution order in the original source code.
It is to be understood that, in the embodiment of the present application, the number of first code blocks that need to be hidden or obfuscated in the execution order may be one or more, and the embodiment of the present application does not limit this.
The first position is a position different from the initial position, that is, the first code block may be inserted at any position different from the initial position.
Assume the original source code is:
when both the "code block 1" and the "code block 2" in the original source code are used as the first code blocks, the initial positions are positions of the "code block 1" and the "code block 2" in the original source code.
Then, the source code after inserting the first code block at the second position different from the initial position may be:
substep 203, replacing the first code block located at the initial position with a first preset code.
The first preset code may include: a first preset jump statement and a first code block flag; the first preset jump statement is used for accessing the first code block mark, and the first preset jump statement includes but is not limited to a goto statement. The first code block flag is used to access an address corresponding to the first code block to execute the first code block.
As can be seen from the example given in sub-step 202, the first code block flags corresponding to code block 1 and code block 2 are: address _ array [0], address _ array [1], and the first preset jump statement is a goto statement, and after the execution of the substep 203, the obtained source code may be:
the substep 204 determines a second code block, which is a next code block that needs to be executed after the original source code is compiled or run-time and the first code block is executed.
For example, when the original source code is the source code described in sub-step 101, assuming that the first code blocks are code block 1 and code block 2, then the next code block that needs to be executed after the first code block is executed is code block 3, that is, the second code block is code block 3.
The second preset code may include: a second preset jump statement and a second code block marker; wherein the second preset jump statement is used for accessing the second code block mark, and the second preset statement includes but is not limited to a goto statement, for example, a jump function which can be defined in advance by the second preset statement, and so on. The second code block tag is used to access an address corresponding to the second code block to execute the second code block.
For example, following the example given in sub-step 203, a second preset code, goto address _ array [2], may be inserted at the end of "code block 1" and "code block 2" inserted into the original source code, respectively, so as to execute code block 3 after executing code block 1 or code block 2, thereby ensuring the correct execution order of the reinforced source code in actual operation. The inserted source code is:
it should be noted that the embodiment shown in fig. 2 only lists one specific implementation of the step 103, and in practical implementation, a person skilled in the art may also implement the step in other specific implementations based on the inventive concept of the present application, and the embodiment of the present application is not limited to this.
And 104, carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain the reinforced second source code.
In one embodiment, the step 104 may include: determining a first condition variable in a function of the first source code; adding at least one opaque predicate in the first condition variable to obtain a second condition variable, wherein the value of the opaque predicate is constant; replacing the first conditional variable with the second conditional variable.
Wherein, the first conditional variable can be understood as a variable corresponding to a conditional statement in a function of the first source code. Conditional statements include, but are not limited to, if statements, do-while statements, and switch-case statements, among others.
More specifically, the first condition variable may be a condition variable in the first source code located at a branch jump node of the function. The branch jump node may be a node where branch statements such as if, if else and switch are located, and correspondingly, the first condition variable is a variable in the branch statement.
For example, for the reinforced first source code obtained after the execution of the above step 103, it may be determined that the condition variable in the function of the first source code is "condition".
Opaque predicates can be said to be opaque if and only if the output of a predicate that determines a point on a program is determined before obfuscation.
In particular, in embodiments of the present application, an opaque predicate may be a constant-value functional expression. When the opaque predicate is a function expression which is always true, the value of the first condition variable is not affected after the opaque predicate is added to the first condition variable.
More specifically, the opaque predicate may be a mathematical formula that is either true or false, such as: x (x + 1)% 2 ═ 0. In this case, "-" indicates a constant, and "%" indicates a remainder. In this expression, x and x +1 must be an odd number and the other an even number, so x (x +1) must be an even number and x (x + 1)% 2 must also be 0. Thus, the expression "x (x + 1)% 2 ═ 0" is always true.
Accordingly, the second source code after fuzzy replacement of the condition variable "condition" of the first source code in the above example by using the opaque predicate may be:
optionally, in the step 104, the adding at least one opaque predicate to the first condition variable may include: adding the at least one opaque predicate before or after the first condition variable, and separating the first condition variable and the opaque predicate with a preset sign.
Following the above example, the opaque predicate is the expression "x (x + 1)% 2 ═ 0", the preset symbol is "+", and the first conditional variable is "x". Then, adding an opaque predicate after the first conditional variable, the following source code can be obtained:
if(condition+x(x+1)%2==0){
…
}
more specifically, in the step 104, the adding at least one opaque predicate to the first condition variable may include: dividing the first conditional variable into a plurality of character segments by using a preset rule; adding the at least one opaque predicate between the plurality of character segments.
In this embodiment, since the opaque predicate is added, the complexity of the second conditional variable "condition + x (x + 1)% 2 ═ 0" is higher than that of the original first conditional variable "condition", so that the decompilation difficulty of the source code is increased to a great extent, and the source code is reinforced.
Of course, a plurality of opaque predicates can be added to the first condition variable to further improve the complexity of the first condition variable. For example, an opaque predicate "x (x + 1)% 2 ═ 0" is added before the first conditional variable and after the second conditional variable, respectively, and the first conditional variable and the opaque predicate are separated by a preset symbol "+" to obtain the second conditional variable: x (x + 1)% 2+ condition + x (x + 1)% 2 ═ 0.
In one embodiment, the first conditional variable may be partitioned into a plurality of character segments using a preset rule, thereby adding at least one opaque predicate between the plurality of character segments.
For example, the first conditional variable is "xy", and the preset rule is: every two variables are partitioned. Then, the first conditional variable "xy" can be divided into character segments "x" and "y" using the preset rule. Assuming that the opaque predicate is expressed as "x (x + 1)% 2 ═ 0", the result of adding the opaque predicate between the character segments obtained after segmentation is x (x + 1)% 2 ═ 0 ═ y, where "×" is a preset symbol used for separating the variable and the opaque predicate.
In this embodiment, when the first conditional variable is divided into three or more character segments, the opaque predicates added between every two character segments may be the same or different.
As can be seen from this embodiment, since the opaque predicate is added to the first conditional variable after the segmentation, so that the second conditional variable "x × x (x + 1)% 2 ═ 0 × y" has higher complexity than the original first conditional variable "xy", the decompilation difficulty of the source code is increased to a great extent, and the source code is reinforced.
In step 104, one or more condition variables to be subjected to the fuzzy processing may be used, which is not limited in the embodiment of the present application.
According to the source code reinforcing method based on the execution sequence and the single-point logic, on one hand, the skip logic between the code blocks of the original source code is realized through the code block marks in the skip list, so that the execution sequence of the original source code can be hidden; on the other hand, the condition variables in the source code are subjected to fuzzy processing by using the opaque predicate, so that the difficulty in breaking the reinforced source code can be increased, and the anti-reverse analysis capability of the source code can be further improved.
Optionally, in another embodiment, the method for reinforcing source code based on code execution order provided by this embodiment of the present application may further include: and encrypting the first preset code and/or the second preset code.
For example, the first preset code and/or the second preset code may be replaced with a garbled code to implement encryption of the first preset code and/or the second preset code. Of course, the first preset code and/or the second preset code may also be encrypted in other manners, which is not limited in this embodiment of the application.
It can be understood that, in the embodiment of the present application, the first preset code and/or the second preset code are/is encrypted, so that a correct execution sequence of code blocks in the source code can be better hidden, the difficulty of cracking the reinforced source code is improved, and the reverse analysis prevention capability of the reinforced source code is further improved.
Optionally, in another embodiment, the method for reinforcing source code based on code execution order provided by this embodiment of the present application may further include: and encrypting the jump table.
The skip list may be encrypted by using an existing encryption algorithm, which is not limited in the embodiment of the present application.
It can also be understood that, in the embodiment of the present application, the jump table reflecting the correct execution order of the code block is encrypted, so that the correct execution order of the code block in the source code can be better hidden, and even if a static analysis attacker takes the source code, the static analysis attacker cannot obtain the correct execution order stored in the jump table, and cannot acquire the real service logic of the source code, thereby further improving the reverse analysis prevention capability of the source code.
Optionally, on the basis of any of the foregoing embodiments, the method for reinforcing source code based on a code execution order provided in the embodiment of the present application may further include: storing the reinforced source code into a first file; and storing the encrypted jump table into a second file.
Wherein the first file and the second file are different files.
In the embodiment of the application, because the reinforced source code and the encrypted jump table are respectively stored in different files, the jump table can be more concealed and cannot be acquired by a static analysis attacker, so that the attacker cannot acquire the correct execution sequence stored in the jump table, and the reverse cracking prevention capability of the source code can be further improved.
On this basis, the source code reinforcing method based on the code execution order provided by the embodiment of the present application may further include: and encrypting the second file.
The specific encryption algorithm may be an existing encryption algorithm, which is not limited in this application.
It can be understood that the difficulty of a static analysis attacker in obtaining the correct execution sequence hidden in the jump table can be further increased by encrypting the second file, so that the capability of preventing reverse cracking of the source code is further improved.
Preferably, the encryption algorithm for the jump table may be different from the encryption algorithm for the second file. Therefore, the correct execution sequence hidden in the jump table can be obtained only by cracking two different encryption algorithms, so that the difficulty of a static analysis attacker in obtaining the correct execution sequence hidden in the jump table can be further increased, and the reverse cracking prevention capability of the source code is further improved.
Optionally, before obtaining the reinforced source code, the method for reinforcing the source code based on the code execution order provided in the embodiment of the present application may further include: inserting redundant code in the original source code. This can also further improve the anti-reverse cracking capability of the source code.
Corresponding to the above method embodiment, the present application further provides a source code strengthening apparatus based on execution order and single-point logic, which is described below.
As shown in fig. 3, an embodiment of the present application provides an execution order and single point logic based source code strengthening apparatus 300, where the apparatus 300 may include: a code block splitting module 301, a jump table establishing module 302 and a first reinforcing module 303.
The code block splitting module 301 is configured to split an original source code of an application into a plurality of code blocks based on a jump logic of the original source code during compilation or runtime.
The application program may be a target application program that needs to be protected.
A code block, as may be understood, is a piece of code in source code that can be executed sequentially, starting with the jump logic and ending with the jump logic, and is typically bracketed by a curly brace "{ }", although it may not be bracketed.
More specifically, the code block may be a code segment corresponding to a jump statement in the original source code.
A jump table establishing module 302, configured to establish a jump table that characterizes an execution order of the plurality of code blocks based on a jump logic of the original source code during compilation or runtime.
The jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced source code is compiled or run, and the code block mark is used for accessing the address of the corresponding code block.
A first reinforcing module 303, configured to implement a skip logic between code blocks of the original source code by using code block flags in the skip table, so as to generate the reinforced source code.
In one embodiment, as shown in fig. 4, the first reinforcement module 303 may include: a first determination submodule 401, a first insertion submodule 402, a replacement submodule 403, a second determination submodule 404 and a second insertion submodule 405.
A first determining submodule 401 for determining an initial position of the first code block in said original source code.
The first code block may be a target code block that needs to obfuscate its execution order in the original source code.
It is to be understood that, in the embodiment of the present application, the number of first code blocks that need to be hidden or obfuscated in the execution order may be one or more, and the embodiment of the present application does not limit this.
A first inserting sub-module 402 for inserting the first code block at a first location of the original source code.
The first position is a position different from the initial position, that is, the first code block may be inserted at any position different from the initial position.
A replacing submodule 403, configured to replace the first code block located at the initial position with a first preset code.
The first preset code may include: a first preset jump statement and a first code block flag; the first preset jump statement is used for accessing the first code block mark, and the first preset jump statement includes but is not limited to a goto statement. The first code block flag is used to access an address corresponding to the first code block to execute the first code block.
A second determining sub-module 404, configured to determine a second code block, where the second code block is a next code block that needs to be executed after the original source code is compiled or run-time and the first code block is executed.
A second insertion submodule 405 for inserting a second preset code at the end of the first code block inserted at the first position.
The second preset code may include: a second preset jump statement and a second code block marker; wherein the second preset jump statement is used for accessing the second code block mark, and the second preset statement includes but is not limited to a goto statement, for example, a jump function which can be defined in advance by the second preset statement, and so on. The second code block tag is used to access an address corresponding to the second code block to execute the second code block.
It should be noted that the embodiment shown in fig. 4 only lists one specific implementation of the module 303, and in practical implementation, a person skilled in the art may also implement the module according to other specific implementations based on the inventive concept of the present application, and the embodiment of the present application is not limited to this.
And a second reinforcing module 304, configured to perform fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate, so as to obtain a reinforced second source code.
In an embodiment, the second reinforcement module 304 may specifically include:
a determining submodule for determining a first condition variable in a function of the first source code;
the adding submodule is used for adding at least one opaque predicate in the first conditional variable to obtain a second conditional variable, and the value of the opaque predicate is constant;
a replacement submodule for replacing the first conditional variable with the second conditional variable.
In one embodiment, the opaque predicate includes a function expression that is constant true.
In one embodiment, the adding sub-module may include:
and the adding and separating unit is used for adding at least one opaque predicate before or after the first condition variable and separating the first condition variable and the opaque predicate by using a preset symbol.
In one embodiment, the adding sub-module may include:
a dividing unit for dividing the first conditional variable into a plurality of character segments by using a preset rule;
an adding unit to add at least one opaque predicate between the plurality of character segments.
It should be noted that, in the second reinforcement module 304, one or more condition variables to be obfuscated may be used, which is not limited in the embodiment of the present application.
According to the source code reinforcing device based on the execution sequence and the single-point logic, on one hand, the skip logic between the code blocks of the original source code is realized through the code block marks in the skip list, so that the execution sequence of the original source code can be hidden; on the other hand, the condition variables in the source code are subjected to fuzzy processing by using the opaque predicate, so that the difficulty in breaking the reinforced source code can be increased, and the anti-reverse analysis capability of the source code can be further improved.
Optionally, on the basis of any of the foregoing embodiments, the source code reinforcing apparatus 300 based on a code execution order provided in this embodiment may further include: and the first encryption module is used for encrypting the first preset code and/or the second preset code.
For example, the first encryption module may replace the first preset code and/or the second preset code with a messy code, so as to encrypt the first preset code and/or the second preset code. Of course, the first encryption module may also encrypt the first preset code and/or the second preset code in other manners, which is not limited in this embodiment of the present application.
It can be understood that, in the embodiment of the present application, the first preset code and/or the second preset code are/is encrypted, so that a correct execution sequence of code blocks in the source code can be better hidden, the difficulty of cracking the reinforced source code is improved, and the reverse analysis prevention capability of the reinforced source code is further improved.
Optionally, on the basis of any of the foregoing embodiments, the source code reinforcing apparatus 300 based on a code execution order provided in this embodiment may further include: and the second encryption module is used for encrypting the jump table.
The skip list may be encrypted by using an existing encryption algorithm, which is not limited in the embodiment of the present application.
It can also be understood that, in the embodiment of the present application, the jump table reflecting the correct execution order of the code block is encrypted, so that the correct execution order of the code block in the source code can be better hidden, and even if a static analysis attacker takes the source code, the static analysis attacker cannot obtain the correct execution order stored in the jump table, and cannot acquire the real service logic of the source code, thereby further improving the reverse analysis prevention capability of the source code.
Optionally, on the basis of any of the foregoing embodiments, the source code reinforcing apparatus 300 based on a code execution order provided in this embodiment may further include: the device comprises a first file storage module and a second file storage module.
And the first file storage module is used for storing the reinforced source code into a first file.
And the second file storage module is used for storing the encrypted jump table into a second file.
Wherein the first file and the second file are different files.
In the embodiment of the application, because the reinforced source code and the encrypted jump table are respectively stored in different files, the jump table can be more concealed and cannot be acquired by a static analysis attacker, so that the attacker cannot acquire the correct execution sequence stored in the jump table, and the reverse cracking prevention capability of the source code can be further improved.
On this basis, the source code reinforcing apparatus based on the code execution order provided by the embodiment of the present application may further include: and the file encryption module is used for encrypting the second file.
The specific encryption algorithm may be an existing encryption algorithm, which is not limited in this application.
It can be understood that the difficulty of a static analysis attacker in obtaining the correct execution sequence hidden in the jump table can be further increased by encrypting the second file, so that the capability of preventing reverse cracking of the source code is further improved.
Preferably, the encryption algorithm for the jump table may be different from the encryption algorithm for the second file. Therefore, the correct execution sequence hidden in the jump table can be obtained only by cracking two different encryption algorithms, so that the difficulty of a static analysis attacker in obtaining the correct execution sequence hidden in the jump table can be further increased, and the reverse cracking prevention capability of the source code is further improved.
Optionally, before obtaining the reinforced source code, the source code reinforcing apparatus based on the code execution order provided in this embodiment of the present application may further include: and the redundant code inserting module is used for inserting redundant code into the original source code. This can also further improve the anti-reverse cracking capability of the source code.
Fig. 5 shows a schematic structural diagram of an electronic device provided in an embodiment of the present application. Referring to fig. 5, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 5, but this does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads a corresponding computer program from the nonvolatile memory into the memory and then runs the computer program, and the source code strengthening device based on the execution sequence and single-point logic is formed on the logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
establishing a jump table representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
implementing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code;
and carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain the reinforced second source code.
The method executed by the source code reinforcing device based on the execution order and the single-point logic as disclosed in the embodiment shown in fig. 5 of the present application can be applied to or implemented by a processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
Embodiments of the present application further provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by an electronic device including a plurality of application programs, enable the electronic device to perform the method performed by the source code strengthening apparatus based on an execution order and single-point logic in the embodiment shown in fig. 5, and are specifically configured to perform:
splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
establishing a jump table representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
implementing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code;
and carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain the reinforced second source code.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that all the embodiments in the present application are described in a related manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (12)
1. A method for source code hardening based on execution order and single point logic, the method comprising:
splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
establishing a jump table representing the execution sequence of the plurality of code blocks based on the jump logic of the original source code during compiling or running, wherein the jump table stores the corresponding relation between the code block mark and the address of the code block; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
implementing skip logic between code blocks of the original source code through code block marks in the skip list to generate a reinforced first source code;
carrying out fuzzy processing on condition variables in the function of the first source code by using an opaque predicate to obtain a reinforced second source code;
wherein, the logic of skipping between the code blocks of the original source code is realized by the code block marks in the skipping table, and comprises:
determining an initial position of a first code block in the original source code;
inserting the first code block at a first location of the original source code, the first location being different from the initial location;
replacing the first code block located at the initial position with a first preset code, the first preset code including: a first preset jump statement and a first code block flag; the first preset jump statement is used for accessing the first code block mark, and the first code block mark is used for accessing an address corresponding to the first code block so as to execute the first code block;
determining a second code block, wherein the second code block is a next code block which needs to be executed after the original source code is compiled or run and the first code block is executed;
inserting a second preset code at the end of the first code block inserted at the first position, the second preset code comprising: a second preset jump statement and a second code block marker; wherein the second preset jump statement is used for accessing the second code block flag, and the second code block flag is used for accessing an address corresponding to the second code block to execute the second code block.
2. The method of claim 1, further comprising:
and encrypting the first preset code and/or the second preset code.
3. The method according to any one of claims 1-2, further comprising:
and encrypting the jump table.
4. The method of claim 3, further comprising:
storing the reinforced source code into a first file;
storing the encrypted jump table into a second file;
wherein the first file and the second file are different files.
5. The method of claim 1, wherein the obfuscating the condition variable in the function of the first source code using an opaque predicate comprises:
determining a first condition variable in a function of the first source code;
adding at least one opaque predicate in the first condition variable to obtain a second condition variable, wherein the value of the opaque predicate is constant;
replacing the first conditional variable with the second conditional variable.
6. The method of claim 5, wherein the opaque predicate is a function expression that is either constant true or constant false.
7. An apparatus for source code hardening based on execution order and single point logic, the apparatus comprising:
the code block splitting module is used for splitting an original source code of an application program into a plurality of code blocks based on the jump logic of the original source code during compiling or running;
a jump table establishing module, configured to establish a jump table representing an execution sequence of the multiple code blocks based on a jump logic of the original source code during compiling or running, where a correspondence between a code block flag and an address of a code block is stored in the jump table; the address is an address of a code block in a memory when the reinforced second source code is compiled or run, and the code block marks an address for accessing the corresponding code block;
a first reinforcement module, configured to implement a skip logic between code blocks of the original source code by using code block flags in the skip list, so as to generate a reinforced first source code;
the second reinforcement module is used for carrying out fuzzy processing on the condition variable in the function of the first source code by using an opaque predicate to obtain a reinforced second source code;
wherein the first reinforcement module comprises:
a first determining submodule for determining an initial position of a first code block in the original source code;
a first insertion sub-module for inserting the first code block at a first location of the original source code, the first location being different from the initial location;
a replacing submodule, configured to replace the first code block located at the initial position with a first preset code, where the first preset code includes: a first preset jump statement and a first code block flag; the first preset jump statement is used for accessing the first code block mark, and the first code block mark is used for accessing an address corresponding to the first code block so as to execute the first code block;
a second determining submodule, configured to determine a second code block, where the second code block is a next code block that needs to be executed after the original source code is compiled or run-time and the first code block is executed;
a second insertion submodule, configured to insert a second preset code at an end of the first code block inserted into the first position, where the second preset code includes: a second preset jump statement and a second code block marker; wherein the second preset jump statement is used for accessing the second code block flag, and the second code block flag is used for accessing an address corresponding to the second code block to execute the second code block.
8. The apparatus of claim 7, further comprising:
and the first encryption module is used for encrypting the first preset code and/or the second preset code.
9. The apparatus according to any one of claims 7-8, further comprising:
and the second encryption module is used for encrypting the jump table.
10. The apparatus of claim 9, further comprising:
the first file storage module is used for storing the reinforced source code into a first file;
the second file storage module is used for storing the encrypted jump table into a second file;
wherein the first file and the second file are different files.
11. The apparatus of claim 7, wherein the second reinforcement module comprises:
a determining submodule for determining a first condition variable in a function of the first source code;
the adding submodule is used for adding at least one opaque predicate in the first conditional variable to obtain a second conditional variable, and the value of the opaque predicate is constant;
a replacement submodule for replacing the first conditional variable with the second conditional variable.
12. The apparatus of claim 11, wherein the opaque predicate is a function expression formula that is either constant true or constant false.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810146606.4A CN108509772B (en) | 2018-02-12 | 2018-02-12 | Source code reinforcement method and device based on execution sequence and single-point logic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810146606.4A CN108509772B (en) | 2018-02-12 | 2018-02-12 | Source code reinforcement method and device based on execution sequence and single-point logic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108509772A CN108509772A (en) | 2018-09-07 |
| CN108509772B true CN108509772B (en) | 2022-01-07 |
Family
ID=63375021
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810146606.4A Active CN108509772B (en) | 2018-02-12 | 2018-02-12 | Source code reinforcement method and device based on execution sequence and single-point logic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108509772B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112541188B (en) * | 2019-09-20 | 2022-05-13 | 武汉斗鱼网络科技有限公司 | Method and device for preventing application program code from being statically analyzed |
| CN112988778B (en) * | 2019-12-13 | 2024-06-18 | 北京沃东天骏信息技术有限公司 | Method and device for processing database query script |
| CN112965458B (en) * | 2021-02-01 | 2022-04-22 | 杭州和利时自动化有限公司 | Control logic simulation debugging method and device for control system and readable storage medium |
| CN115202662B (en) * | 2021-04-14 | 2024-06-18 | 华为技术有限公司 | Code checking method under weak memory sequence architecture and corresponding equipment |
| CN113791770B (en) * | 2021-11-15 | 2022-06-21 | 北京壁仞科技开发有限公司 | Code compiler, code compiling method, code compiling system, and computer medium |
| CN114675831B (en) * | 2022-03-09 | 2023-10-31 | 韩济澎 | Compiling system and method for programming language |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3057021A1 (en) * | 2015-02-16 | 2016-08-17 | Thomson Licensing | Control flow graph flattening device and method obfuscating branches via interprocedural data |
| CN106529225A (en) * | 2016-10-27 | 2017-03-22 | 努比亚技术有限公司 | Device and method for protecting source code of application program |
| CN106599620A (en) * | 2016-11-16 | 2017-04-26 | 中国人民解放军国防科学技术大学 | Binary software protection method based on dynamic code conversion |
| CN107341374A (en) * | 2017-07-17 | 2017-11-10 | 广东工业大学 | A kind of insertion method and device of opaque predicate |
-
2018
- 2018-02-12 CN CN201810146606.4A patent/CN108509772B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3057021A1 (en) * | 2015-02-16 | 2016-08-17 | Thomson Licensing | Control flow graph flattening device and method obfuscating branches via interprocedural data |
| CN106529225A (en) * | 2016-10-27 | 2017-03-22 | 努比亚技术有限公司 | Device and method for protecting source code of application program |
| CN106599620A (en) * | 2016-11-16 | 2017-04-26 | 中国人民解放军国防科学技术大学 | Binary software protection method based on dynamic code conversion |
| CN107341374A (en) * | 2017-07-17 | 2017-11-10 | 广东工业大学 | A kind of insertion method and device of opaque predicate |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108509772A (en) | 2018-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108509772B (en) | Source code reinforcement method and device based on execution sequence and single-point logic | |
| CN108446535B (en) | Source code reinforcement method and device based on code execution sequence | |
| CN108345773B (en) | Code protection method and device based on virtual machine, electronic equipment and storage medium | |
| US8589897B2 (en) | System and method for branch extraction obfuscation | |
| US9602289B2 (en) | Steganographic embedding of executable code | |
| JP7154365B2 (en) | Methods for securing software code | |
| CN108537012B (en) | Source code obfuscation method and device based on variables and code execution sequence | |
| CN101568927A (en) | Obfuscating computer program code | |
| CN108710787B (en) | Code obfuscation method and apparatus, computing device, computer storage medium | |
| KR101861341B1 (en) | Deobfuscation apparatus of application code and method of deobfuscating application code using the same | |
| CN104102860A (en) | Protecting method and running method and device and system for Android platform application program | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| MX2015006158A (en) | Computing device configured with a table network. | |
| US20200380150A1 (en) | Method of encoding and decoding memory data for software security, recording medium and apparatus for performing the method | |
| US11119741B2 (en) | Compiling device and method | |
| CN112115427A (en) | Code obfuscation method, device, electronic device and storage medium | |
| EP2937803B1 (en) | Control flow flattening for code obfuscation where the next block calculation needs run-time information | |
| CN108460253B (en) | Source code reinforcing method and device based on sequence, symbolic execution and single-point logic | |
| CN108446538B (en) | Source code reinforcing method and device based on state, symbolic execution and single-point logic | |
| CN108182358B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN108733990B (en) | Block chain-based file protection method and terminal equipment | |
| CN107506623B (en) | Application program reinforcing method and device, computing equipment and computer storage medium | |
| CN108509773B (en) | Source code reinforcing method and device | |
| You et al. | Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART) | |
| CN108021790B (en) | File protection method and device, computing equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |