CN108965573A - A kind of guard method of Android mixed mode mobile application internal resource and device - Google Patents
A kind of guard method of Android mixed mode mobile application internal resource and device Download PDFInfo
- Publication number
- CN108965573A CN108965573A CN201710381078.6A CN201710381078A CN108965573A CN 108965573 A CN108965573 A CN 108965573A CN 201710381078 A CN201710381078 A CN 201710381078A CN 108965573 A CN108965573 A CN 108965573A
- Authority
- CN
- China
- Prior art keywords
- resource
- key
- protected
- mobile application
- mixed mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72403—User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/72—Mobile telephones; Cordless telephones, i.e. devices for establishing wireless links to base stations without route selection
- H04M1/724—User interfaces specially adapted for cordless or mobile telephones
- H04M1/72448—User interfaces specially adapted for cordless or mobile telephones with means for adapting the functionality of the device according to specific conditions
Abstract
The invention discloses a kind of guard method of Android mixed mode mobile application internal resource and device, the guard method includes: to encrypt to the resource to be protected of mixed mode mobile application;In mixed mode mobile application operation; monitor internal file access operation; when through resource to be protected described in disclosed JAVA application programming interface API Access; return to the cipher-text information of encryption; when accessing the resource to be protected by privately owned JAVA local interface JNI; corresponding ciphertext is decrypted, the cleartext information after returning to decryption.The encipherment protection to selected resource file may be implemented in the embodiment of the present invention; decrypting process is in local realization; and return result to component; enable WebView etc. that can only read the component being shown in plain text and reads cipher-text information; when user cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android; while enhancing function, the safety for the internal resource for also protecting hybrid to apply.
Description
Technical field
The present invention relates to information of mobile terminal protection technique, money inside espespecially a kind of Android mixed mode mobile application
The guard method in source and device.
Background technique
After Android (Android) application issued, it is faced with by the risk of conversed analysis, by static analysis means,
Attacker can get the resource inside application program, such as page layout file, the script under Assets file, picture money
Source, for mixed mode mobile application (Hybrid App), these are more important resource, they participate directly in application
Logic in, for safeguard protection, will not usually be released in other catalogues of equipment, maliciously be obtained with wishing to reduce
Probability.But when reading internal resource due to components such as WebView (network view), use system API (Application
Programming Interface, application programming interface), user can not directly control the process that intervention is read, thus interior
Portion's resource can only exist in the form of plaintext again.
Summary of the invention
The present invention provides a kind of guard method of Android mixed mode mobile application internal resource and devices, can
Realize the encipherment protection that resource is selected inside Android mixed mode mobile application.
In order to reach the object of the invention, the embodiment of the invention provides inside a kind of Android mixed mode mobile application
The guard method of resource, comprising:
The resource to be protected of mixed mode mobile application is encrypted;
In mixed mode mobile application operation, internal file access operation is monitored, is answered when by disclosed JAVA
When the resource to be protected described in Program Interfaces API Access, the cipher-text information of encryption is returned to, when local by privately owned JAVA
When interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the cleartext information after returning to decryption.
The embodiment of the invention also provides a kind of protective device of Android mixed mode mobile application internal resource, packets
It includes:
Encrypting module is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module, for internal file access operation being monitored, when passing through in mixed mode mobile application operation
When resource to be protected described in disclosed JAVA application programming interface API Access, the cipher-text information of encryption is returned to, when passing through private
When some JAVA local interface JNI access the resource to be protected, corresponding ciphertext is decrypted, the plaintext after returning to decryption
Information.
The embodiment of the invention also provides a kind of computer readable storage mediums, are stored with computer executable instructions, institute
State the protection that above-mentioned Android mixed mode mobile application internal resource is realized when computer executable instructions are executed by processor
Method.
Compared with prior art, the embodiment of the present invention includes the resources to be protected to mixed mode mobile application to add
It is close;The mixed mode mobile application operation when, monitor internal file access operation, when pass through disclosed JAVA API Access
When the resource to be protected, return to the cipher-text information of encryption, when by privately owned JNI (JAVA Native Interface,
JAVA local interface) access the resource to be protected when, corresponding ciphertext is decrypted, return decryption after cleartext information.
The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, and decrypting process is returned in local realization, and by result
Back to component, enables WebView etc. that can only read the component being shown in plain text and read cipher-text information, when user passes through
The internal resource of the encryption of JAVA API Access disclosed in Android cannot obtain in plain text, while enhancing function, also protecting
The safety of the internal resource of hybrid application.
In embodiments of the present invention, be grouped using by the resource to be protected, for example, can according to the type of resource and/or
Importance is grouped, and every group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure
It is more perfect.
In embodiments of the present invention, key and key are stored in server with ciphertext corresponding relationship or are stored in
It is local, convenient for protecting key not to be stolen.
In embodiments of the present invention, the function for reading Assets internal file is monitored by Hook (hook) mode, is passed through
Strategy realizes effective monitoring.
Other features and advantages of the present invention will be illustrated in the following description, also, partly becomes from specification
It obtains it is clear that understand through the implementation of the invention.The objectives and other advantages of the invention can be by specification, right
Specifically noted structure is achieved and obtained in claim and attached drawing.
Detailed description of the invention
Attached drawing is used to provide to further understand technical solution of the present invention, and constitutes part of specification, with this
The embodiment of application technical solution for explaining the present invention together, does not constitute the limitation to technical solution of the present invention.
Fig. 1 is the guard method flow chart of the Android mixed mode mobile application internal resource of the embodiment of the present invention;
Fig. 2 is the protective device schematic diagram of the Android mixed mode mobile application internal resource of the embodiment of the present invention;
Fig. 3 is the schematic diagram of application example of the present invention monitored by Hook mode;
Fig. 4 is the schematic diagram by disclosed JAVA API Access resource to be protected of application example of the present invention;
Fig. 5 is the schematic diagram that resource to be protected is accessed by privately owned JNI of application example of the present invention.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention
Embodiment be described in detail.It should be noted that in the absence of conflict, in the embodiment and embodiment in the application
Feature can mutual any combination.
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
As shown in Figure 1, the guard method of Android mixed mode mobile application internal resource, comprising:
Step 101, the resource to be protected of mixed mode mobile application is encrypted;
Step 102, the mixed mode mobile application run when, monitor internal file access operation, when pass through disclosure
JAVA application programming interface API Access described in resource to be protected when, the cipher-text information of encryption is returned to, when by privately owned
When JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the plaintext letter after returning to decryption
Breath.
The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, decrypting process in local realization, and
Return result to component, enable WebView etc. that can only read the component that is shown in plain text and read cipher-text information, when with
Family cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android, while enhancing function,
The safety for the internal resource for protecting hybrid to apply.
In one embodiment, in step 101, the resource to be protected to mixed mode mobile application carries out encrypted packet
It includes:
The resource to be protected is grouped, every group is encrypted using different keys.
Encrypted file will be replaced into original document.
Wherein it is possible to which the type and/or importance according to resource are grouped.
It is grouped, such as can be grouped according to the type and/or importance of resource using by the resource to be protected, often
Group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure is more perfect.
Wherein, in step 101, symmetric encipherment algorithm can be used, such as CBC (Cipher Block can be used
Chaining, cipher block chaining) mode.
In one embodiment, after step 101, further includes:
Key and key and ciphertext corresponding relationship are stored in server;It is run in the mixed mode mobile application
Later, the key and key and ciphertext corresponding relationship are requested to the server.
Alternatively, after step 101, further includes: key and key and ciphertext corresponding relationship are stored in local;Institute
After stating the operation of mixed mode mobile application, the key and key and ciphertext corresponding relationship are obtained from local.
Wherein, it when key and key and ciphertext corresponding relationship being stored in local, safe mode can be used is stored in and answer
With in program.
Key and key and ciphertext corresponding relationship are stored in server or are stored in local by the embodiment of the present invention,
Convenient for protecting key not to be stolen.
In one embodiment, in the step 102, the step of monitoring internal file access operation, includes:
The function for reading Assets internal file is monitored by hook Hook mode.
Wherein, using Hook in program process, JAVA API, the JNI sound of internal resource access is related in abduction system
Bright API etc., to realize that file reads decryption, decrypting process is realized in local code, and returns result to component.This hair
Bright embodiment monitors the function for reading Assets internal file by Hook (hook) mode, realizes effective monitoring by strategy.
In one embodiment, described to include: by the privately owned JNI access resource to be protected in step 102
WebView component accesses the resource to be protected by privately owned JNI.
In the embodiment of the present invention, the available plaintext of WebView component, influence not encrypted.
As shown in Fig. 2, the protective device of Android mixed mode mobile application internal resource, comprising:
Encrypting module 21 is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module 22, for monitoring internal file access operation in mixed mode mobile application operation, when logical
When crossing resource to be protected described in disclosed JAVA application programming interface API Access, the cipher-text information of encryption is returned to, when passing through
When privately owned JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, it is bright after returning to decryption
Literary information.
The encipherment protection to selected resource file may be implemented in the embodiment of the present invention, decrypting process in local realization, and
Return result to component, enable WebView etc. that can only read the component that is shown in plain text and read cipher-text information, when with
Family cannot be obtained in plain text by the internal resource of the encryption of JAVA API Access disclosed in Android, while enhancing function,
The safety for the internal resource for protecting hybrid to apply.
In one embodiment, encrypting module 21 are further used for for the resource to be protected being grouped, and every group using different
Key encrypted.
Encrypted file will be replaced original document by encrypting module 21.
Wherein, encrypting module 21 can be grouped according to the type and/or importance of resource.
It is grouped, such as can be grouped according to the type and/or importance of resource using by the resource to be protected, often
Group is encrypted using different keys, encipherment protection can be made more targeted, safeguard measure is more perfect.
Wherein, symmetric encipherment algorithm can be used in encrypting module 21, such as CBC mode can be used.
In one embodiment, the protective device further include:
First memory module, for key and key and ciphertext corresponding relationship to be stored in server;
The feedback module 22 is further used for after the mixed mode mobile application is run, to the server
Request the key and key and ciphertext corresponding relationship.
Alternatively, the protective device further include:
Second memory module, for key and key and ciphertext corresponding relationship to be stored in local;
The feedback module 22 is further used for after the mixed mode mobile application is run, and obtains institute from local
State key and key and ciphertext corresponding relationship.
Wherein, it when key and key and ciphertext corresponding relationship being stored in local, safe mode can be used is stored in and answer
With in program.
Key and key and ciphertext corresponding relationship are stored in server or are stored in local by the embodiment of the present invention,
Convenient for protecting key not to be stolen.
In one embodiment, the feedback module 22 is further used for monitoring reading by hook Hook mode
The function of Assets internal file.
Wherein, feedback module 22 uses Hook in program process, and the JAVA of internal resource access is related in abduction system
API, JNI state API etc., to realize that file reads decryption, decrypting process is realized in local code, and is returned result to
Component.The embodiment of the present invention monitors the function for reading Assets internal file by Hook (hook) mode, is realized by strategy
Effective monitoring.
It is illustrated below with an application example.
One, preprocessing process:
1, decompiling target apk file, the resource file, configuration file and byte code files for obtaining apk (are answered possessing
In the case where with source code, operations described below can be directly carried out).
2, according to hybrid apply in the Resources list for using, resource file corresponding in assets file is carried out
Encryption, encryption key can be grouped specified according to file type, importance.
3, the application class stated in application node is searched out according to configuration file, and searches its place
Byte code files, modify the byte digital content, the method for making it possible to load control unit.
4, the dynamic library file where control unit is copied to lib file that decompiling comes out.
5, it recompilates, and signs.
Two, after program operation, following process is executed:
1, after control unit is activated, meeting Hook, which boards at school, takes the correlation function of Assets internal file, including disclosed
JAVA interface (JAVA API) and privately owned JNI interface (statement of JNI interface), as shown in Figure 3.
2, to the corresponding relationship of server requests key group and key group and ciphertext, when local there are key group and close
When the corresponding relationship of key group and ciphertext, it can choose from local load.
3, actual decryption process is realized in the local code of Hook JNI.
When the mode of Hook JAVA API intercepts internal resource file open request, decryption file can will not be executed
Operation information sharing to the Hook method of JNI interface, when calling to JNI interface, the method intercepted herein can be refused to hold
Row decryption oprerations will cannot obtain the function of plaintext with this to realize if application is by JAVA API reading resource file.Such as
Shown in Fig. 4, Hook process intercept judges without reading permission, then to the request for reading internal resource file by JAVA API
Ciphertext is back to JAVA API through the statement of Native (local) API, JNI interface, since Hook process can carry out shared letter
Breath transmitting, so ciphertext will not be decrypted at JNI interface statement, therefore exporting is ciphertext.
When WebView component reads resource file, JNI interface is called directly to realize, when interception JNI interface
Function has directly obtained read requests, as shown in figure 5, ciphertext will do it decryption oprerations through Native API to JNI interface statement,
Cleartext information is passed into component.
Wherein, described control unit is included in the feedback module, can be realized by processor or program.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored with computer executable instructions, described
The protection side of above-mentioned Android mixed mode mobile application internal resource is realized when computer executable instructions are executed by processor
Method.
In conclusion guard method and the device of above-mentioned Android mixed mode mobile application internal resource, are realized to peace
The protection for the resource file selected in dress packet, the protection for not being related to application program and external information input and output controls, by data
Due care is to using itself.
Obviously, it is logical to should be understood that the module of the above-mentioned embodiment of the present invention or step can be used by those skilled in the art
Computing device realizes that they can be concentrated on a single computing device, or be distributed in multiple computing device institutes group
At network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are deposited
Storage is performed by computing device in the storage device, and in some cases, can be to be different from sequence execution institute herein
The step of showing or describing, perhaps they are fabricated to integrated circuit modules or by the multiple modules or step in them
Suddenly single integrated circuit module is fabricated to realize.In this way, the embodiment of the present invention is not limited to any specific hardware and software
In conjunction with.
Although disclosed herein embodiment it is as above, the content only for ease of understanding the present invention and use
Embodiment is not intended to limit the invention.Technical staff in any fields of the present invention is taken off not departing from the present invention
Under the premise of the spirit and scope of dew, any modification and variation, but the present invention can be carried out in the form and details of implementation
Scope of patent protection, still should be subject to the scope of the claims as defined in the appended claims.
Claims (13)
1. a kind of guard method of Android mixed mode mobile application internal resource, comprising:
The resource to be protected of mixed mode mobile application is encrypted;
In mixed mode mobile application operation, internal file access operation is monitored, when passing through disclosed JAVA application journey
When resource to be protected described in sequence programming interface API Access, return to the cipher-text information of encryption, when pass through privately owned JAVA local interface
When JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the cleartext information after returning to decryption.
2. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application
Source carries out encryption
The resource to be protected is grouped, every group is encrypted using different keys.
3. guard method according to claim 2, which is characterized in that described the step of being grouped the resource to be protected
In,
It is grouped according to the type and/or importance of resource.
4. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application
After source is encrypted, further includes:
Key and key and ciphertext corresponding relationship are stored in server;
After mixed mode mobile application operation, the key and key and ciphertext pair are requested to the server
It should be related to.
5. guard method according to claim 1, which is characterized in that the money to be protected to mixed mode mobile application
After source is encrypted, further includes:
Key and key and ciphertext corresponding relationship are stored in local;
After mixed mode mobile application operation, the key and key and ciphertext corresponding relationship are obtained from local.
6. guard method described according to claim 1~any one of 5, which is characterized in that the monitoring internal file is visited
The step of asking operation include:
The function for reading Assets internal file is monitored by hook Hook mode.
7. guard method described according to claim 1~any one of 5, which is characterized in that described to be visited by privately owned JNI
Ask that the resource to be protected includes:
Network view WebView component accesses the resource to be protected by privately owned JNI.
8. a kind of protective device of Android mixed mode mobile application internal resource characterized by comprising
Encrypting module is encrypted for the resource to be protected to mixed mode mobile application;
Feedback module, for the mixed mode mobile application operation when, monitor internal file access operation, when pass through disclosure
JAVA application programming interface API Access described in resource to be protected when, the cipher-text information of encryption is returned to, when by privately owned
When JAVA local interface JNI accesses the resource to be protected, corresponding ciphertext is decrypted, the plaintext letter after returning to decryption
Breath.
9. protective device according to claim 8, which is characterized in that
Encrypting module is further used for for the resource to be protected being grouped, and every group is encrypted using different keys.
10. protective device according to claim 9, which is characterized in that
Encrypting module is further used for being grouped according to the type and/or importance of resource.
11. protective device according to claim 8, which is characterized in that further include:
First memory module, for key and key and ciphertext corresponding relationship to be stored in server;
The feedback module is further used for after the mixed mode mobile application is run, and requests institute to the server
State key and key and ciphertext corresponding relationship.
12. protective device according to claim 8, which is characterized in that further include:
Second memory module, for key and key and ciphertext corresponding relationship to be stored in local;
The feedback module is further used for after the mixed mode mobile application is run, and obtains the key from local,
And key and ciphertext corresponding relationship.
13. the protective device according to any one of claim 8~12, which is characterized in that
The feedback module is further used for monitoring the function for reading Assets internal file by hook Hook mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710381078.6A CN108965573A (en) | 2017-05-25 | 2017-05-25 | A kind of guard method of Android mixed mode mobile application internal resource and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710381078.6A CN108965573A (en) | 2017-05-25 | 2017-05-25 | A kind of guard method of Android mixed mode mobile application internal resource and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108965573A true CN108965573A (en) | 2018-12-07 |
Family
ID=64494025
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710381078.6A Pending CN108965573A (en) | 2017-05-25 | 2017-05-25 | A kind of guard method of Android mixed mode mobile application internal resource and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108965573A (en) |
-
2017
- 2017-05-25 CN CN201710381078.6A patent/CN108965573A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
USRE49904E1 (en) | Systems and methods for cloud data security | |
US9946895B1 (en) | Data obfuscation | |
US10708051B2 (en) | Controlled access to data in a sandboxed environment | |
Fabian et al. | Collaborative and secure sharing of healthcare data in multi-clouds | |
Ongtang et al. | Porscha: Policy oriented secure content handling in Android | |
US9246947B2 (en) | Method and apparatus for protecting access to corporate applications from a mobile device | |
US11290446B2 (en) | Access to data stored in a cloud | |
CN109923548A (en) | Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process | |
US10795985B2 (en) | Applications of secured memory areas and secure environments in policy-based access control systems for mobile computing devices | |
CN103246850A (en) | Method and device for processing file | |
CN106992851B (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
JP6461137B2 (en) | Method and device for protecting private data | |
Herbster et al. | Privacy capsules: Preventing information leaks by mobile apps | |
Albuquerque et al. | Security in cloud-computing-based mobile health | |
JP2010134935A (en) | Method and apparatus for performing file operation | |
CN108965573A (en) | A kind of guard method of Android mixed mode mobile application internal resource and device | |
Fan et al. | Ucam: A User-Centric, Blockchain-Based and End-to-End Secure Home IP Camera System | |
US20160063264A1 (en) | Method for securing a plurality of contents in mobile environment, and a security file using the same | |
Majchrzycka et al. | Process of mobile application development from the security perspective | |
Jasim et al. | Cloud Computing Cryptography" State-of-the-Art" | |
Blochberger | Key-value Storage with Cryptographic Client-separation | |
Baghel et al. | Multilevel security model for cloud third-party authentication | |
Schmitt | Server-Dependent File Access Systems | |
CN117708842A (en) | Data processing method and data processing engine based on trusted execution environment | |
Hofmarcher et al. | Cross-platform end-to-end encryption of contact data for mobile platforms using the example of android |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20181207 |
|
WD01 | Invention patent application deemed withdrawn after publication |