CN108932436B - Android system-based software security reinforcement method for APP specification - Google Patents

Android system-based software security reinforcement method for APP specification Download PDF

Info

Publication number
CN108932436B
CN108932436B CN201810737851.2A CN201810737851A CN108932436B CN 108932436 B CN108932436 B CN 108932436B CN 201810737851 A CN201810737851 A CN 201810737851A CN 108932436 B CN108932436 B CN 108932436B
Authority
CN
China
Prior art keywords
file
dex file
word
dex
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810737851.2A
Other languages
Chinese (zh)
Other versions
CN108932436A (en
Inventor
胡敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201810737851.2A priority Critical patent/CN108932436B/en
Publication of CN108932436A publication Critical patent/CN108932436A/en
Application granted granted Critical
Publication of CN108932436B publication Critical patent/CN108932436B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a software security reinforcement method of an APP specification based on an android system, the software security reinforcement method based on the APP specification of the android system utilizes a large amount of text information in the specification document, the software security is selectively reinforced, thereby improving the code running efficiency, and the reinforcement technology is mixed and added with shells, thereby reducing the intrusion record of reverse engineering and simultaneously reducing the readability of source files, after the codes are reinforced, the running efficiency of the codes is not influenced, the use safety of the android software APP is improved, and the privacy safety of a user is protected.

Description

Android system-based software security reinforcement method for APP specification
Technical Field
The invention relates to the technical field of android software security in mobile internet, in particular to a software security reinforcing method based on an APP specification of an android system.
Background
With the rapid development of smart phones, a large amount of android software is convenient for human life. The specification document of android software contains a great deal of useful information. With the use of a large amount of android software, various malicious software steals the privacy (such as a telephone and a mailbox) of a user and steals property, thereby causing great potential safety hazard. How to improve the safety of software use and protect various information of a user without influencing the software operation efficiency becomes a problem which needs to be solved urgently by combining a software specification in the process of using android software by the user.
Disclosure of Invention
The invention aims to overcome the defects in the background technology, and provides a software security reinforcement method based on an APP specification of an android system.
In order to achieve the technical effects, the invention adopts the following technical scheme:
a software security reinforcement method of an APP specification based on an android system specifically comprises the following steps:
A. decompressing an APK file of the software to obtain a DEX file and analyzing the DEX file;
B. extracting keywords in the DEX file code by adopting an extraction algorithm;
C. carrying out confusion processing on the keywords to obtain an encrypted source APK file;
D. encrypting the encrypted source APK file on a shell APK file by using a fragmentation shell adding technology so as to obtain an encrypted DEX file;
E. replacing the DEX file in the shell program with the encrypted DEX file to obtain an encrypted APK file so as to finish software reinforcement;
the software security reinforcing method based on the APP specification of the android system has the advantages that the safety reinforcement of software is realized by reading the specification document, extracting the keywords from the specification, obfuscating the function codes corresponding to the keywords to obtain the new DEX file and adding the shell to the new DEX file, a large amount of text information in the specification document is utilized to selectively reinforce the software security, so that the code operation efficiency is improved, obfuscation and shell adding are carried out in the reinforcement technology, the intrusion record of reverse engineering is reduced, the readability of a source file is reduced, the operation efficiency of the codes is not influenced after the codes are reinforced, the use security of the APP of the android software is improved, and the privacy security of a user is protected.
Further, the step B specifically extracts the keyword by using a TF-IDF method and includes the following steps:
B1. dividing all documents of the DEX file into words, and creating a word order dictionary for storing the occurrence times of each word;
B2. traversing all words to obtain reverse file frequency of a single word in the DEX file, and then calculating the word frequency of each word, wherein the reverse file frequency is calculated by dividing the total number of files contained in the file set by the number of files in which the selected word appears in the measured file, and the word frequency is calculated by dividing the number of times of the selected word appears by the number of total words contained in the DEX file;
B3. creating a word letter dictionary, storing all word information, calculating the weight of each word, storing the weight of each word in the word letter dictionary, and selecting a plurality of words with the top rank according to the ranking sequence from the big to the small of the weight as the keywords to be extracted, wherein the weight of each word is the product of the reverse file frequency of the word and the word frequency of the word.
Further, the step C specifically includes: and renaming the keyword code name in the extracted DEX file code by using a rare word or simple and meaningless English characters so as to generate an encrypted source APK file.
Further, in the step C, after renaming the keyword code name, a string of invalid codes may be added to the end of the keyword code, and adding the invalid codes may further improve the confusion effect of the DEX file and ensure the security of the encryption processing.
Further, the step D is divided into two stages, namely an APK preprocessing stage and a DEX file operation stage;
the APK pretreatment stage specifically comprises the following steps:
the first step is as follows: c, dividing the DEX file subjected to the obfuscation processing in the step C into a plurality of independent segments;
the second step is that: respectively encrypting each DEX file segment by using an encryption algorithm and different keys;
the DEX file operation stage specifically comprises the following steps:
the first step is as follows: decrypting each DEX file segment respectively and mapping the DEX file segment into a memory;
the second step is that: repairing the DEX file segment by utilizing a hot patch dynamic repairing technology;
the third step: copying and Manifest configuration of resources in the software are completed;
the fourth step: a sharding run is performed in which context switching work is performed to run the entire DEX file in its entirety as the program crosses shards.
Further, the DEX file is specifically divided into 8 independent segments in the APK preprocessing stage.
Further, the encryption algorithm used when encrypting each DEX file segment is an exclusive or encryption algorithm or an AES encryption algorithm.
Further, the step E specifically includes the following steps:
E1. deleting the original DEX file and writing the encrypted DEX file in the step D into a data area;
E2. updating the offset position of the field in the file header according to the positions of the current field in the data area and the index area;
E3. performing CRC on the encrypted DEX file, and updating a checksum value in a file header;
E4. and copying the encrypted source APK file content behind the encrypted DEX file to finally generate an encrypted APK file.
Compared with the prior art, the invention has the following beneficial effects:
according to the android system-based APP specification software security reinforcing method, the specification document is read, the keywords are extracted from the specification, the function codes corresponding to the keywords are obfuscated to obtain the new DEX file, and the new DEX file is subjected to shell adding processing, so that the security reinforcement of software is achieved.
Drawings
Fig. 1 is a general flow diagram of a software security reinforcement method based on an APP specification of an android system in the present invention.
Fig. 2 is a schematic flow diagram of performing fragmentation and shell adding processing in a software security reinforcement method based on an APP specification of the android system according to an embodiment of the present invention.
Detailed Description
The invention will be further elucidated and described with reference to the embodiments of the invention described hereinafter.
Example (b):
as shown in fig. 1, a software security reinforcement method based on an APP specification of an android system specifically includes the following steps:
A. decompressing an APK file of the software to obtain a DEX file and analyzing the DEX file;
B. extracting keywords in the DEX file code by adopting an extraction algorithm;
specifically, in this embodiment, the method for extracting the keyword specifically uses a TF-IDF method and includes the following steps:
B1. dividing all documents of the DEX file into words, and creating a word order dictionary for storing the occurrence times of each word;
B2. traversing all words to obtain reverse file frequency of a single word in the DEX file, and then calculating the word frequency of each word, wherein the reverse file frequency is calculated by dividing the total number of files contained in the file set by the number of files in which the selected word appears in the measured file, and the word frequency is calculated by dividing the number of times of the selected word appears by the number of total words contained in the DEX file;
B3. creating a word letter dictionary, storing all word information, calculating the weight of each word, storing the weight of each word in the word letter dictionary, and selecting a plurality of words with the top rank according to the ranking sequence from the big to the small of the weight as the keywords to be extracted, wherein the weight of each word is the product of the reverse file frequency of the word and the word frequency of the word.
Specifically, in the present embodiment, the first four words ranked in the ranking with the weights from large to small in the word and letter dictionary are "pay", "password", "call", "read message", respectively, and in the present embodiment, the first 4 words are specifically extracted as keywords.
C. Renaming the name of the keyword code in the extracted DEX file code by using a rarely used word or simple and meaningless English characters so as to generate an encrypted source APK file;
in the implementation, byte confusion is carried out on 4 keywords of 'payment', 'password', 'calling', 'reading short message', and concretely, F is used for renaming 'payment', M is used for renaming 'password', D is used for renaming 'calling', and ME is used for renaming 'reading short message'.
Meanwhile, in order to increase invalid codes, the confusion effect of the DEX file can be further improved, and the security of encryption processing is guaranteed, and a string of invalid codes can be added to the tail end of the keyword codes after the name of the keyword codes is renamed.
D. Encrypting the encrypted source APK file on a shell APK file by using a fragmentation shell adding technology so as to obtain an encrypted DEX file;
the method specifically comprises an APK preprocessing stage and a DEX file operation stage;
the APK pretreatment stage specifically comprises the following steps:
the first step is as follows: c, dividing the DEX file subjected to the obfuscation processing in the step C into a plurality of independent segments;
the second step is that: respectively encrypting each DEX file segment by using an encryption algorithm and different keys;
the DEX file operation stage specifically comprises the following steps:
the first step is as follows: decrypting each DEX file segment respectively and mapping the DEX file segment into a memory;
the second step is that: repairing the DEX file segment by utilizing a hot patch dynamic repairing technology;
the third step: copying and Manifest configuration of resources in the software are completed;
the fourth step: a sharding run is performed in which context switching work is performed to run the entire DEX file in its entirety as the program crosses shards.
In this embodiment, specifically, during APK preprocessing, in a DEX file obtained based on obfuscation, the DEX file is divided into 8 independent segments, and each segment is encrypted by using an AES algorithm and using different keys.
Specifically, in order to ensure correct explanation and execute fragmented DEX files, some repair work needs to be done by using a hot patch dynamic repair technology to perform technical repair work, then copy work and Manifest configuration work of resources are completed, specifically, as shown in FIG. 2, resource files Manifest.xml, images, L ibraries and the like are copied to a data area, and a visual view of a set file is opened by double-clicking in a project manager to configure basic information of applications by setting the Manifest.json file in the android file.
Then, in the slicing operation, when the program is subjected to slicing crossing, the context switching operation is executed, namely when the current process enters the next process, the DEXCClass L loader file is used for replacing the program, so that the encrypted DEX file is obtained, and the whole DEX file is completely operated
E. And replacing the DEX file in the shell program by the encrypted DEX file to obtain an encrypted APK file so as to finish software reinforcement. The method specifically comprises the following steps:
E1. deleting the original DEX file and writing the encrypted DEX file in the step D into a data area;
E2. updating the offset position of the field in the file header according to the positions of the current field in the data area and the index area;
E3. performing CRC on the encrypted DEX file, and updating a checksum value in a file header;
E4. and copying the encrypted source APK file content behind the encrypted DEX file to finally generate an encrypted APK file.
Specifically, the encryption algorithm used in this embodiment is an AES encryption algorithm used when encrypting each DEX file segment, and other encryption algorithms may be actually used, such as performing xor processing on each byte by using an xor encryption algorithm.
Therefore, the android-system-based APP specification software security reinforcing method selectively reinforces software security by utilizing a large amount of text information in specification documents, so that the code operation efficiency is improved, confusion and shell adding are carried out in the reinforcing technology, intrusion records of reverse engineering are reduced, the readability of a source file is reduced, the operation efficiency of codes is not influenced after the codes are reinforced, the use security of android software APP is improved, and the privacy security of users is protected.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.

Claims (5)

1. A software security reinforcement method of an APP specification based on an android system is characterized by specifically comprising the following steps:
A. decompressing an APK file of the software to obtain a DEX file and analyzing the DEX file;
B. extracting keywords in the DEX file code by adopting an extraction algorithm;
the step B specifically adopts a TF-IDF method to extract keywords and comprises the following steps:
B1. dividing all documents of the DEX file into words, and creating a word order dictionary for storing the occurrence times of each word;
B2. traversing all words in the DEX file to obtain the reverse file frequency of a single word in the DEX file, and then calculating the word frequency of each word, wherein the reverse file frequency is calculated by dividing the total number of files contained in a file set by the number of files in which selected words appear in the file to be measured, and the word frequency is calculated by dividing the number of times of the selected words by the number of total words contained in the DEX file;
B3. creating a word letter dictionary, storing all word information, calculating the weight of each word, storing the weight of each word in the word letter dictionary, and selecting a plurality of words with the top rank as key words to be extracted according to the ranking sequence of the weights from large to small, wherein the weight of each word is the product of the reverse file frequency of the word and the word frequency of the word;
C. carrying out confusion processing on the keywords to obtain an encrypted source APK file;
D. encrypting the encrypted source APK file on a shell APK file by using a fragmentation shell adding technology so as to obtain an encrypted DEX file;
the step D is divided into two stages, namely an APK preprocessing stage and a DEX file operation stage;
the APK pretreatment stage specifically comprises the following steps:
the first step is as follows: c, dividing the DEX file subjected to the obfuscation processing in the step C into a plurality of independent segments;
the second step is that: respectively encrypting each DEX file segment by using an encryption algorithm and different keys;
the DEX file operation stage specifically comprises the following steps:
the first step is as follows: decrypting each DEX file segment respectively and mapping the DEX file segment into a memory;
the second step is that: repairing the DEX file segment by utilizing a hot patch dynamic repairing technology;
the third step: copying and Manifest configuration of resources in the software are completed;
the fourth step: executing fragment operation, wherein when the program is in fragment spanning, the context switching work is executed so as to completely operate the whole DEX file;
E. replacing the DEX file in the shell program with the encrypted DEX file to obtain an encrypted APK file so as to finish software reinforcement;
the step E specifically comprises the following steps:
E1. deleting the original DEX file and writing the encrypted DEX file in the step D into a data area;
E2. updating the offset position of the field in the file header according to the positions of the current field in the data area and the index area;
E3. performing CRC on the encrypted DEX file, and updating a checksum value in a file header;
E4. copying the encrypted source APK file content in the encrypted DEX file, and finally generating an encrypted APK file.
2. The android system-based APP specification software security reinforcement method according to claim 1, wherein the step C specifically includes: and renaming the keyword code name in the extracted DEX file code by using a rare word or simple and meaningless English characters so as to generate an encrypted source APK file.
3. The android-system-based APP specification software security reinforcing method according to claim 2, wherein in the step C, a string of invalid codes can be added to the end of the keyword code after the keyword code name is renamed.
4. The android system-based APP specification software security reinforcement method according to claim 1, wherein the DEX file is specifically divided into 8 independent segments in the APK preprocessing stage.
5. The android-system-based software security reinforcing method for the APP specification, as recited in claim 1, wherein an encryption algorithm used when the DEX file segments are respectively encrypted is an exclusive OR encryption algorithm or an AES encryption algorithm.
CN201810737851.2A 2018-07-06 2018-07-06 Android system-based software security reinforcement method for APP specification Active CN108932436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810737851.2A CN108932436B (en) 2018-07-06 2018-07-06 Android system-based software security reinforcement method for APP specification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810737851.2A CN108932436B (en) 2018-07-06 2018-07-06 Android system-based software security reinforcement method for APP specification

Publications (2)

Publication Number Publication Date
CN108932436A CN108932436A (en) 2018-12-04
CN108932436B true CN108932436B (en) 2020-07-28

Family

ID=64447779

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810737851.2A Active CN108932436B (en) 2018-07-06 2018-07-06 Android system-based software security reinforcement method for APP specification

Country Status (1)

Country Link
CN (1) CN108932436B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110781462B (en) * 2019-10-10 2022-02-15 郑州阿帕斯科技有限公司 Resource confusion method and device
CN111522555B (en) * 2020-04-24 2024-03-08 中国传媒大学 apk file reinforcement method, decryption method and related devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544414A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Deep code obfuscation method for Android system applications
CN106096439A (en) * 2016-06-03 2016-11-09 武汉大学 A kind of intimacy protection system obscured based on mobile user profile and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102087605B (en) * 2011-01-28 2014-05-07 宇龙计算机通信科技(深圳)有限公司 Android-based platform application installation control method and system
CN103886230A (en) * 2014-02-24 2014-06-25 四川长虹电器股份有限公司 Software copyright protection method of android system and system thereof
CN105184118B (en) * 2015-08-31 2018-02-23 西北大学 A kind of Android application program shell adding guard methods and device based on code fragmentation
CN105426708B (en) * 2016-01-19 2018-08-21 北京鼎源科技有限公司 A kind of reinforcement means of the application program of android system
CN105930745A (en) * 2016-04-25 2016-09-07 北京珊瑚灵御科技有限公司 Android platform-based character string reinforcement method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544414A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Deep code obfuscation method for Android system applications
CN106096439A (en) * 2016-06-03 2016-11-09 武汉大学 A kind of intimacy protection system obscured based on mobile user profile and method

Also Published As

Publication number Publication date
CN108932436A (en) 2018-12-04

Similar Documents

Publication Publication Date Title
CN106126981B (en) Software security means of defence based on the replacement of virtual function table
Garfinkel Digital media triage with bulk data analysis and bulk_extractor
CN105426708A (en) Reinforcing method of application program of Android system
Walls et al. Forensic Triage for Mobile Phones with {DEC0DE}
US20100070518A1 (en) Method for protecting private information and computer-readable recording medium storing program for executing the same
CN108932436B (en) Android system-based software security reinforcement method for APP specification
WO2015035827A1 (en) Method and apparatus for providing string encryption and decryption in program files
CN105095771A (en) Method and apparatus for protecting shared target file
CN104090793A (en) Device and method for destroying Android mobile phone body data
CN104298926A (en) Method and device for running encrypted file
WO2015067996A1 (en) Methods and apparatuses of digital data processing
Park et al. A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system
CN107995174A (en) File key acquisition device and method, file deciphering device and method
CN114036561A (en) Information hiding method, information acquiring method, information hiding device, information acquiring device, storage medium and electronic equipment
CN107092834A (en) A kind of finger print data management method and terminal
CN110119601A (en) Program reinforcement means and device based on application program installation kit
CN111104693A (en) Android platform software data cracking method, terminal device and storage medium
CN104765986A (en) Steganography-based code protecting and restoring method
CN115292731A (en) Encryption storage method of text reading and amending information and related equipment
Jiang et al. A novel image-based malware classification model using deep learning
CN111563266B (en) Encryption method and device, decryption method and device for data operation program of power system
CN109710899B (en) Method and device for decrypting and obtaining evidence of file in storage medium
CN116235174A (en) Apparatus and method for performing encryption algorithm
CN111984941A (en) File processing method and device, terminal equipment and readable storage medium
CN109344574B (en) Self-adaptive android reinforcement method based on specification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant