CN108875376A - A kind of precise positioning method that smart card platform gangs up against - Google Patents
A kind of precise positioning method that smart card platform gangs up against Download PDFInfo
- Publication number
- CN108875376A CN108875376A CN201810516349.9A CN201810516349A CN108875376A CN 108875376 A CN108875376 A CN 108875376A CN 201810516349 A CN201810516349 A CN 201810516349A CN 108875376 A CN108875376 A CN 108875376A
- Authority
- CN
- China
- Prior art keywords
- code
- attack
- precise positioning
- point
- positioning method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention discloses a kind of precise positioning method that smart card platform gangs up against, and belongs to technical field of intelligent card.This method includes:Construct attack source program;On the basis of the source program, the sentence where the point of attack is found;Before sentence, loop body code and adjacent positioned code are being added where the point of attack.Loop body code is the multiple circulation of adjacent positioned code.Adjacent positioned code is the multiple circulation of single code.By using the frame, generate special test application, the positioning during can be used for ganging up against smart card platform, solve the problems, such as to gang up against in can not be accurately positioned the point of attack.
Description
Technical field
The present invention relates to technical field of intelligent card more particularly to a kind of precise positioning sides that smart card platform gangs up against
Method.
Background technique
Demand due to industry fields such as fiscards to smart card is increasingly urgent to and mobile payment field is to mostly using soft
The demand of part platform causes intelligent card embedded software safe practice to have become nearest 2 years popular skills of smart card industry
Art.
In smart card platform security evaluation field, what testing agency had been applied to software and hardware combining gangs up against this attack
Mode.Ganging up against relative to the physical attacks on chip on smart card platform, difficult point are that the execution code of platform is more,
It is longer to execute the time, it is difficult to be accurately positioned to attack point.
Summary of the invention
It cannot be accurately positioned to solve the problems, such as to gang up against on smart card platform, the present invention provides a kind of smart cards
The precise positioning method of Platform Alliance attack.
The technical solution adopted by the present invention is as follows:
A kind of precise positioning method that smart card platform gangs up against, includes the following steps:
Step S1:Construct attack source program;
Step S2:On the basis of the source program, the sentence where the point of attack is found.
Step S3:Before sentence, loop body code and adjacent positioned code are being added where the point of attack.
Further, the loop body code is the multiple circulation of adjacent positioned code.
Further, loop body code is the multiple circulation of single code.
Further, sentence where adjacent positioned code and the point of attack close to.
The beneficial effects of the present invention are:The present invention enhances adjacent positioned code specific location by loop body code and exists
Identifiability in overall power figure enhances point of attack specific location in then overall power figure by adjacent positioned code
Identifiability.The application program realized according to this frame is solved the problems, such as to gang up against and cannot be accurately positioned, and is made to combine and be attacked
It hits and is possibly realized.
Detailed description of the invention
Fig. 1 is a kind of precise positioning method and step figure that smart card platform gangs up against.
Fig. 2 is an application program for being attacked ifne sentence.
Fig. 3 is the bytecode of application program.
Fig. 4 is the template matching figure based on power consumption for the strike order realized in application program.
Specific embodiment
Fig. 1 is a kind of precise positioning method and step figure that smart card platform gangs up against.
Below in conjunction with the drawings and specific embodiments, the present invention is described further.
To be ganged up against on javacard platform, and for doing the process of precise positioning using the present invention.
Firstly, building attack source program.An attack applet is write using java language, is downloaded it on card
Operation is able to respond test APDU.The processing of test APDU is to execute one section of java program comprising the point of attack.
Secondly, finding the sentence where the point of attack on the basis of source program.It is indicated in two-wire frame in Fig. 2
Sentence where one point of attack ifne bytecode.The sentence carries out zero judgement to a local variable.Its bytecode is
Sload_3 and ifne.
Before sentence, loop body code and adjacent positioned code are being added where the point of attack.In Fig. 2, for circulation
For the loop body code, 3 j++ sentences are the adjacent positioned code.
Loop body code is the multiple circulation of adjacent positioned code.First dotted line frame in Fig. 3 is that loop body code is compiled
The bytecode of generation is translated, second dotted line frame is the bytecode that adjacent positioned code compilation generates.It include continuous 3
sinc.Loop body code is p2 circulation of adjacent positioned code.
Downloading attack is on applet to javacard platform, after then sending test command to it, obtained power consumption diagram.
And after handling by observation, Fig. 4 is obtained after carrying out the template matching of repetition power consumption.Abscissa in figure is timeline, ordinate
For matching degree.Can see in dotted line frame for adjacent positioned code approximate 5 time points, matching value has 5 close to 1 point.
Last 1 is adjacent positioned code position.It thereafter is sload_3 and ifne.The time point that power consumption diagram provides is very quasi-
Really, without error, to realize the precise positioning of the point of attack.
Obviously, those skilled in the art can carry out various changes and deformation without departing from essence of the invention to the present invention
Mind and range.In this way, if these modification and variation of the invention belong to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (5)
1. a kind of precise positioning method that smart card platform gangs up against, characterized in that include the following steps:
Step S1:Construct attack source program;
Step S2:On the basis of the source program, the sentence where the point of attack is found;
Step S3:Before sentence, loop body code and adjacent positioned code are being added where the point of attack.
2. according to precise positioning method described in right 1, it is characterized in that:Loop body code is repeatedly following for adjacent positioned code
Ring.
3. according to precise positioning method described in right 1, it is characterized in that:The bytecode that adjacent positioned code is formed is single code
Multiple circulation.
4. according to precise positioning method described in right 1, it is characterized in that:Loop body code and adjacent positioned code close to.
5. according to precise positioning method described in right 1, it is characterized in that:Sentence where adjacent positioned code and the point of attack close to.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810516349.9A CN108875376A (en) | 2018-05-25 | 2018-05-25 | A kind of precise positioning method that smart card platform gangs up against |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810516349.9A CN108875376A (en) | 2018-05-25 | 2018-05-25 | A kind of precise positioning method that smart card platform gangs up against |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108875376A true CN108875376A (en) | 2018-11-23 |
Family
ID=64333321
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810516349.9A Pending CN108875376A (en) | 2018-05-25 | 2018-05-25 | A kind of precise positioning method that smart card platform gangs up against |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108875376A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102662807A (en) * | 2012-03-13 | 2012-09-12 | 浙江大学 | Java card stack performance test application program and making method for framework thereof |
CN106878258A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | One kind attacks localization method and device |
US10078833B2 (en) * | 2012-08-30 | 2018-09-18 | Worldpay, Llc | Combination payment card and methods thereof |
-
2018
- 2018-05-25 CN CN201810516349.9A patent/CN108875376A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102662807A (en) * | 2012-03-13 | 2012-09-12 | 浙江大学 | Java card stack performance test application program and making method for framework thereof |
US10078833B2 (en) * | 2012-08-30 | 2018-09-18 | Worldpay, Llc | Combination payment card and methods thereof |
CN106878258A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | One kind attacks localization method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gascón et al. | Template-based circuit understanding | |
CN104298534B (en) | Programmed method and device based on Lua language | |
CN110941552B (en) | Memory analysis method and device based on dynamic taint analysis | |
CN107480476B (en) | Android native layer instruction compiling virtualization shell adding method based on ELF infection | |
CN104572436B (en) | Automatic debugging and error proofing method and device | |
CN109614103A (en) | A kind of code completion method and system based on character | |
JP2022009556A (en) | Method for securing software codes | |
CN106528261A (en) | Application page initialization compiling and controlling device and method | |
US10241767B2 (en) | Distributed function generation with shared structures | |
CN105446741A (en) | API (Application Program Interface) comparison based mobile application identification method | |
CN109543409B (en) | Method, device and equipment for detecting malicious application and training detection model | |
KR20210024161A (en) | Method for analysis of source texts | |
CN108875376A (en) | A kind of precise positioning method that smart card platform gangs up against | |
MX2011001796A (en) | Simulated processor execution using branch override. | |
US11144693B1 (en) | Method and system for generating verification tests at runtime | |
US20090300754A1 (en) | Protecting a Program Interpreted by a Virtual Machine | |
CN116450431A (en) | Instruction function test system of CPU reference model, method thereof, computer equipment and storage medium | |
CN109036554B (en) | Method and apparatus for generating information | |
CN106055935A (en) | Process control method and device and electronic equipment | |
CN110018953B (en) | Method, storage medium, device and system for testing JS code by using python | |
Schmitt et al. | Verifying the Mondex case study | |
CN114637988A (en) | Binary-oriented function level software randomization method | |
CN114637672A (en) | Automatic data testing method and device, computer equipment and storage medium | |
CN113010177A (en) | Software-defined instrument, information acquisition method, computer, and storage medium | |
CN106951288A (en) | A kind of exploitation, application process and the device of heat more resource |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181123 |
|
WD01 | Invention patent application deemed withdrawn after publication |