CN109062582B - Encryption method and device for application installation package - Google Patents
Encryption method and device for application installation package Download PDFInfo
- Publication number
- CN109062582B CN109062582B CN201810811830.0A CN201810811830A CN109062582B CN 109062582 B CN109062582 B CN 109062582B CN 201810811830 A CN201810811830 A CN 201810811830A CN 109062582 B CN109062582 B CN 109062582B
- Authority
- CN
- China
- Prior art keywords
- entry address
- encrypted
- encryption
- installation package
- executable file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000009434 installation Methods 0.000 title claims abstract description 90
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000003860 storage Methods 0.000 claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 20
- 230000006870 function Effects 0.000 claims description 45
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000006837 decompression Effects 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an encryption method of an application installation package, which is used for solving the problem that an application program operation code is leaked due to the fact that the application program installation package can be cracked in a decompilation mode and the like. The method comprises the following steps: acquiring an executable file in an application installation package to be encrypted; determining an entry address to be encrypted in the executable file, wherein the entry address is used for indicating a storage position of a class name or a function name in the executable file; calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address to obtain an obfuscation encryption entry address; generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address. The application also discloses an encryption device of the application program installation package.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to an encryption method and apparatus for an application installation package.
Background
With the continuous development of internet information technology, more and more application programs which have different functions and can be applied to intelligent terminal equipment are developed, and the daily life of people is greatly enriched. The Application program may be, for example, an Application program on a computer or an Application (APP) on a mobile terminal.
However, with the rapid development of the terminal application market, the problem that the application programs are copied and cracked becomes more and more serious. For some excellent applications, due to the lack of a protection mechanism for the source code, the source code can be easily cracked in a decompilation mode, so that the application program code is leaked, and great loss is brought to developers of the application program.
Since the IOS system of the apple mobile operating system has a plurality of security protection measures, the IOS system and applications developed for the IOS system are well known for security.
However, with the rapid development of technologies such as vulnerability discovery and reverse engineering, the IOS system is no longer as safe as before, and malicious events such as cracking and emulations of the IOS platform apple app (IPA) are also endless. Moreover, because of the self-closed property of the IOS system, many software developers abandon the security protection for the IPA package of the IOS platform all the time, so that the IPA package developed by the IOS platform has no security protection when facing the cracking means such as decompilation and the like, thereby easily causing code leakage.
Therefore, the cracking difficulty of the IPA application package developed aiming at the IOS system is improved, and the problem to be solved urgently is solved.
Disclosure of Invention
The embodiment of the application installation package encryption method is used for solving the problem that the application installation package is possibly cracked to cause leakage of an application program operation code.
The embodiment of the application also provides an encryption device for the application installation package, which is used for solving the problem that the operation codes of the application program are leaked due to the fact that the application installation package can be cracked.
The embodiment of the application adopts the following technical scheme:
an encryption method for an application installation package, comprising:
acquiring an executable file in an application installation package to be encrypted; determining an entry address to be encrypted in the executable file, wherein the entry address is used for indicating a storage position of a class name or a function name in the executable file; calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address to obtain an obfuscation encryption entry address; generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address.
An encryption apparatus for an application installation package, comprising:
the executable file acquisition unit is used for acquiring the executable file in the application installation package to be encrypted;
an entry address determining unit, configured to determine an entry address to be encrypted in the executable file, where the entry address is used to indicate a storage location of a class name or a function name in the executable file;
the encryption unit is used for calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address so as to obtain an obfuscation encryption entry address;
and the installation package generating unit is used for generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address.
The embodiment of the application adopts at least one technical scheme which can achieve the following beneficial effects:
by adopting the method provided by the embodiment of the application, the entry address which is required to be encrypted and used for indicating the storage position of the class name or the function name in the executable file is determined in the executable file through the obtained executable file of the application installation package to be encrypted, the entry address is subjected to obfuscation encryption processing by calling the preset obfuscation encryption algorithm, so that the obfuscation encryption entry address is obtained, and the encrypted application installation package can be generated based on the executable file containing the obfuscation encryption entry address subsequently. In the scheme, the entry address in the executable file is encrypted and confused, namely, the correct class name or function name required by the application running cannot be found according to the entry address, so that the executable file of the application program can be obtained even if the application installation package encrypted by adopting the scheme is cracked by means of decompilation and the like, but because the entry address in the executable file is subjected to obfuscation, a cracker cannot obtain the correct class name and function name required by the application running according to the entry address, and further cannot determine the code of the program through the class name and function name of the application, so that the problem of application program code leakage is avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart illustrating an encryption method for an application installation package according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an executable file in a Mach-O format according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an encryption apparatus using an installation package according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
The embodiment of the application provides an encryption method of an application installation package, which is used for solving the problem that an application program operation code is leaked due to the fact that the application installation package can be cracked.
According to the encryption method for the application installation package provided by the embodiment of the application installation package, an execution main body of the method can be at least one of a mobile phone, a tablet Computer, a Personal Computer (PC), a smart television and any terminal device capable of running an application program. The execution subject of the method may be a server, for example, a server for encrypting an application installation package (may be referred to as an application installation package encryption server), or the like.
For convenience of description, the following description will be made of an embodiment of the method, taking an execution subject of the method as an example of the application installation package encryption server. It is understood that the execution subject of the method is an application encryption server, which is only an exemplary illustration, and should not be construed as a limitation of the method.
The specific implementation flow chart of the method is shown in fig. 1, and mainly comprises the following steps:
the application installation Package (Install Package) includes an installation file of the application program, the installation Package is operated, and the installation file of the application program can be stored in a storage device (such as a hard disk) of the intelligent terminal.
It should be noted that the application installation package encryption method provided by the present solution may be for an application Installation Package (IPA) on an apple mobile operating system (IOS system). Generally, the IPA installation package of an application is often a zip compact package, and the file contains 3 components: the application file is a main program of the whole application and contains all resources and executable files of the application; an iTunes virtual file, which is essentially a png picture without a suffix name, for displaying icons in iTunes; plist file, record data such as purchaser's information, selling price.
Therefore, in the embodiment of the present application, after the application installation package to be encrypted is decompressed, the executable file of the application installation package may be obtained from the decompressed ". app file". Wherein the executable file in the IPA installation package is a file in a Mach Object (Mach-O) format. An executable file in the Mach-O format is mainly composed of the following three parts, as shown in fig. 2:
1. header (Header), wherein the Header often has a specific character length in an executable file in the Mach-O format.
2. The Load command areas (Load commands) are often directly behind file header portions in executable files with Mach-O formats and comprise Load commands with various formats, and the Load commands are called by a kernel loader or a dynamic linker when the Mach-O files are loaded and analyzed to guide how to set and Load corresponding binary data segments.
The types of the loading commands stored in the loading command area are various, the specific content contained in the command can be determined according to the command types corresponding to the command, and some of the commands are used for indicating the storage positions of the class names or function names required to be called in operation in the data area, so that the loading commands used for indicating the addresses of the class names or function names can be determined according to the types of the loading commands, and the entry addresses used for indicating the class names or function names are determined in the loading commands. The details of how to determine the entry address of the class name or function name in the load command area are described in step 2 below.
3. And the Data area (Data) comprises a plurality of Data segments (segments), each Data segment defines the attributes of Data, address, memory and the like of the Mach-O file, and the Data segments are mapped into the virtual memory when the dynamic linker loads the program. Each data segment has different functions, typically including:
1) __ PAGEZERO a NULL pointer trap segment mapped to the first page of virtual memory space for capturing references to NULL pointers;
2) __ TEXT contains execution code and other read-only data. In order for the kernel to map it directly from the executable file to the shared memory, the static connector sets the virtual memory permission of the segment to no writes allowed.
3) __ DATA, containing program DATA;
4) __ OBJC: the Objective-C runtime support library comprises classes, class names, functions and function names which need to be called when the application is in operation;
5) __ LINKEDIT contains the raw data used for the dynamically linked library, such as symbols, strings, relocation table entries, etc.
Step 2: determining an entry address to be encrypted in the executable file acquired by executing the step 1;
wherein the entry address in the executable file is used for indicating the storage position of the class name or the function name in the executable file.
As can be seen from the above description, in the executable file in the Mach-O format, the entry address for indicating the storage location of the class name or the function name is often stored in the load command area in the form of a load command, and thus in the embodiment of the present application, the entry address of the class name or the function name that needs to be encrypted can be obtained from the load command area of the executable file in the Mach-O format.
It should be noted that the saved commands in the loading command area in the executable file with the Mach-O format often have a fixed format, for example, the format of the commands may often include:
the formats of the two pieces of information, namely the command type cmd and the whole command length, are fixed, the occupied character length is also fixed, and the two pieces of information occupy the first 8 bytes. The payload xxxx represents the specific content of the command, and the length of the payload is not fixed, but the entry address indicating the storage location of the class name or the function name is stored in the payload of the load command.
In this embodiment of the application installation package encryption server, the load command area may be traversed according to a file header of the executable file, so as to determine an entry address to be encrypted in the load command area. In particular, the entry address to be encrypted in the executable file may be determined by the following sub-steps:
a substep: determining the file length of a file header in the executable file, and determining the position which is away from the starting position of the executable file by the length of the file header as the starting position of a first loading command area of the executable file according to the length of the file header.
Assuming that the determined length of the file header is 6 bytes, the application installation package encryption server may determine a position 6 bytes from the start position of the executable file as the start position of the first load command.
And a substep b: and traversing all the load commands in the load command area according to the initial position of the first load command determined by executing the substep 2 to determine a storage position command in the load command area for indicating the class name or the function name required to be called in the running in the data area.
It should be noted that the load command area often includes a plurality of load commands, and in the file header of the executable file, a specific field is generally used to indicate the number of load commands in the load command area, so in this scheme, the application installation package encryption server may determine the number of load commands included in the load command area according to the specific field in the file header, and determine the starting position of each load command in the load command area according to the number of load commands and the starting position of the first load command, thereby implementing traversal of each load command to determine a storage position command in the load command area for indicating a class name or a function name that needs to be called in operation in the data area.
And a substep c: after determining the storage location command in the loading command area for indicating the class name or function name to be called in operation in the data area by executing the sub-step 2, determining the location 8 bytes away from the starting location of the command as the starting location of the specific data contained in the command, and in turn determining the entry address in the command.
For example, the storage location command for indicating the class name or function name to be called in operation, determined by performing substep 2, in the data area is as follows:
the SECTION information such as class name and method name is obtained by loading the following SEGMENT (32-bit) command.
In the above command, cmd indicates the type of the command, the command is a SEGMENT command, cmdsize indicates that the length of the command includes the length of the SECTION it owns, segramee indicates the name of the SEGMENT command, vmaddr indicates the virtual memory address of the data that the command refers to, vmsize indicates the data memory size that the command refers to, fileoff indicates the offset of the data in the file, filesize indicates the data size, nsects indicates the number of SECTIONs that the SEGMENT owns, SECTIONs have the same format, and all of their SECTION data can be traversed by the nsects parameter, as follows:
the specific offset address in the file, such as class name, method name, is obtained by the following SECTION (32-bit) structure.
In the above structure, sectname represents a name, segname represents a SEGMENT name where the section is located, addr represents a data memory address, size represents a data size, and offset represents an offset of data in a file, and the contents represented by the addr and the offset are entry addresses to be determined in the present scheme. The entry address to be encrypted can thus be determined in a load command indicating the storage location of the class name or function name to be called during operation in the data area.
And step 3: calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address to obtain an obfuscation encryption entry address;
it should be noted that, in the present solution, the offset in the entry address is mainly modified, so that the obfuscated encryption of the entry address is implemented by using the modified offset, specifically, the entry address may be obfuscated by using the following method: calculating an offset for obfuscating the entry address according to a preset encryption obfuscation algorithm; and rewriting the entry address according to the offset to obtain an encryption confusion entry address.
In actual operation, the kernel loader can determine the storage position of the class name to be called in the data area according to the address and the offset in the loading command, so that the correct storage position of the class name to be called in the data area cannot be determined according to the address and the confused offset in the scheme by changing the offset, and encryption confusion of the application installation package is achieved. In one embodiment, calculating the obfuscation offset for the entry address may specifically include: determining a storage area of the class name or the function name in the executable file; and calculating the confusion offset aiming at the entry address according to the position of the storage area in the executable file and a preset encryption confusion algorithm, so that the position indicated by the encryption confusion entry address is rewritten and obtained to be outside the storage area according to the confusion offset.
Specifically, the method for obfuscating and encrypting the offset may be adopted in the present scheme, where two constant values are preset at random, one of the constant values is used to calculate a new offset, and the other constant value is used to calculate a new memory length, and the two constant values are added or subtracted with the offset and the memory length value determined before, and it is verified whether the addition or subtraction result is abnormal, whether the data of each command is continuous, and the preset value is continuously corrected to obtain a correct calculation result, so as to obtain the obfuscated and encrypted offset.
Through the obfuscation, the entry address in the executable file is encrypted, that is, the correct class name or function name required by the application running cannot be found according to the entry address, so that even if the application installation package encrypted by the scheme is cracked through means such as decompilation and the like, the executable file of the application program can be obtained, but because the entry address in the executable file is obfuscated, a cracker cannot obtain the correct class name and function name required by the application running according to the entry address, and further cannot determine the code of the program through the class name and function name of the application, so that the problem of application program code leakage is solved
And 4, step 4: generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address.
The encrypted application installation package is an application installation package for the user to use. Subsequently, the encrypted application installation package can be issued, so that the user can download and use the encrypted application installation package as required. Specifically, the encrypted application installation package may be released to an application download platform (e.g., in an application mall) for downloading by a user.
By adopting the encryption method of the application installation package provided by the embodiment of the application installation package, the entry address which is required to be encrypted and used for indicating the storage position of the class name or the function name in the executable file is determined in the executable file through the obtained executable file of the application installation package to be encrypted, the entry address is subjected to obfuscation encryption processing by calling a preset obfuscation encryption algorithm, so that an obfuscation encryption entry address is obtained, and the encrypted application installation package can be generated based on the executable file containing the obfuscation encryption entry address subsequently. In the scheme, the entry address in the executable file is encrypted and confused, namely, the correct class name or function name required by the application running cannot be found according to the entry address, so that the executable file of the application program can be obtained even if the application installation package encrypted by adopting the scheme is cracked by means of decompilation and the like, but because the entry address in the executable file is subjected to obfuscation, a cracker cannot obtain the correct class name and function name required by the application running according to the entry address, and further cannot determine the code of the program through the class name and function name of the application, so that the problem of application program code leakage is avoided.
The application also provides an encryption device of the application installation package, which is used for solving the problem that the operation codes of the application program are leaked due to the fact that the application installation package can be cracked. The specific structural diagram of the device is shown in fig. 3, and the device comprises: an executable file acquisition unit 31, an entry address determination unit 32, an encryption unit 33, and an installation package generation unit 34.
The executable file acquiring unit 31 is configured to acquire an executable file in an application installation package to be encrypted;
an entry address determination unit 32, configured to determine an entry address to be encrypted in the executable file, where the entry address is used to indicate a storage location of a class name or a function name in the executable file;
the obfuscation unit 33 is configured to invoke a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address to obtain an obfuscated encryption entry address;
an installation package generating unit 34, configured to generate an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address.
In an embodiment, the entry address determining unit is specifically configured to: calculating an offset for obfuscating the entry address according to a preset encryption obfuscation algorithm; and rewriting the entry address according to the offset to obtain an encryption confusion entry address.
In one embodiment, the encryption unit is specifically configured to: determining a storage area of the class name or the function name in the executable file; and calculating the confusion offset aiming at the entry address according to the position of the storage area in the executable file and a preset encryption confusion algorithm, so that the position indicated by the encryption confusion entry address is rewritten and obtained to be outside the storage area according to the confusion offset.
In an embodiment, the executable file obtaining unit is specifically configured to: acquiring the application installation package to be encrypted; and decompressing the application installation package to be encrypted to obtain the executable file.
In an embodiment, the installation package generating unit is specifically configured to: and performing packaging processing corresponding to the decompression on the executable file containing the encrypted obfuscated entry address to obtain an encrypted application installation package.
In one embodiment, the application installation package is an iOS application package.
By adopting the encryption device for the application installation package provided by the embodiment of the application installation package, the entry address which is required to be encrypted and used for indicating the storage position of the class name or the function name in the executable file is determined in the executable file through the obtained executable file of the application installation package to be encrypted, the entry address is subjected to obfuscation encryption processing by calling a preset obfuscation encryption algorithm, so that an obfuscation encryption entry address is obtained, and the encrypted application installation package can be generated based on the executable file containing the obfuscation encryption entry address subsequently. In the scheme, the entry address in the executable file is encrypted and confused, namely, the correct class name or function name required by the application running cannot be found according to the entry address, so that the executable file of the application program can be obtained even if the application installation package encrypted by adopting the scheme is cracked by means of decompilation and the like, but because the entry address in the executable file is subjected to obfuscation, a cracker cannot obtain the correct class name and function name required by the application running according to the entry address, and further cannot determine the code of the program through the class name and function name of the application, so that the problem of application program code leakage is avoided.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (8)
1. An encryption method for an application installation package, comprising:
acquiring an executable file in an application installation package to be encrypted;
determining an entry address to be encrypted in the executable file, wherein the entry address is used for indicating a storage position of a class name or a function name in the executable file;
calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address to obtain an obfuscation encryption entry address;
generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address;
the calling a preset encryption and obfuscation algorithm to perform encryption and obfuscation processing on the entry address to obtain an encryption and obfuscation entry address specifically includes:
calculating an offset for obfuscating the entry address according to a preset encryption obfuscation algorithm;
rewriting the entry address according to the offset to obtain an encrypted and confused entry address;
calculating an obfuscation offset for the entry address according to a preset encryption obfuscation algorithm, specifically including:
determining a storage area of the class name or the function name in the executable file;
calculating a confusion offset aiming at the entry address according to the position of the storage area in the executable file and a preset encryption confusion algorithm, so that the position indicated by the encryption confusion entry address is outside the storage area after being rewritten according to the confusion offset;
firstly, randomly presetting two constant values, one of which is used for calculating new offset and the other is used for calculating new memory length, carrying out addition or subtraction operation on the two numbers and the previously determined offset and memory length values, verifying whether the addition or subtraction result is abnormal or not and whether the data of each command is continuous or not, and obtaining a correct calculation result by continuously correcting the preset values to obtain the offset after the confusion encryption.
2. The method according to claim 1, wherein obtaining the executable file in the application installation package to be encrypted specifically comprises:
acquiring the application installation package to be encrypted;
and decompressing the application installation package to be encrypted to obtain the executable file.
3. The method of claim 2, wherein generating an encrypted application installation package based on the encrypted obfuscated entry address specifically comprises:
and performing packaging processing corresponding to the decompression on the executable file containing the encrypted obfuscated entry address to obtain an encrypted application installation package.
4. The method of any of claims 1 to 3, wherein the application installation package is an iOS application package.
5. An encryption apparatus for an application installation package, comprising:
the executable file acquisition unit is used for acquiring the executable file in the application installation package to be encrypted;
an entry address determining unit, configured to determine an entry address to be encrypted in the executable file, where the entry address is used to indicate a storage location of a class name or a function name in the executable file;
the encryption unit is used for calling a preset obfuscation encryption algorithm to perform obfuscation encryption processing on the entry address so as to obtain an obfuscation encryption entry address;
the installation package generating unit is used for generating an encrypted application installation package based on the executable file containing the obfuscated encrypted entry address;
the entry address determining unit is specifically configured to:
calculating an offset for obfuscating the entry address according to a preset encryption obfuscation algorithm;
rewriting the entry address according to the offset to obtain an encrypted and confused entry address;
an encryption unit, specifically configured to:
determining a storage area of the class name or the function name in the executable file;
calculating a confusion offset aiming at the entry address according to the position of the storage area in the executable file and a preset encryption confusion algorithm, so that the position indicated by the encryption confusion entry address is outside the storage area after being rewritten according to the confusion offset;
firstly, randomly presetting two constant values, one of which is used for calculating new offset and the other is used for calculating new memory length, carrying out addition or subtraction operation on the two numbers and the previously determined offset and memory length values, verifying whether the addition or subtraction result is abnormal or not and whether the data of each command is continuous or not, and obtaining a correct calculation result by continuously correcting the preset values to obtain the offset after the confusion encryption.
6. The apparatus according to claim 5, wherein the executable file obtaining unit is specifically configured to:
acquiring the application installation package to be encrypted;
and decompressing the application installation package to be encrypted to obtain the executable file.
7. The apparatus according to claim 6, wherein the installation package generation unit is specifically configured to:
and performing packaging processing corresponding to the decompression on the executable file containing the encrypted obfuscated entry address to obtain an encrypted application installation package.
8. The apparatus of any of claims 5 to 7, wherein the application installation package is an iOS application package.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810811830.0A CN109062582B (en) | 2018-07-23 | 2018-07-23 | Encryption method and device for application installation package |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810811830.0A CN109062582B (en) | 2018-07-23 | 2018-07-23 | Encryption method and device for application installation package |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109062582A CN109062582A (en) | 2018-12-21 |
| CN109062582B true CN109062582B (en) | 2022-02-01 |
Family
ID=64835304
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810811830.0A Active CN109062582B (en) | 2018-07-23 | 2018-07-23 | Encryption method and device for application installation package |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109062582B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110147653B (en) * | 2019-03-28 | 2022-04-19 | 江苏通付盾信息安全技术有限公司 | Application program security reinforcing method and device |
| CN110119600A (en) * | 2019-03-28 | 2019-08-13 | 江苏通付盾信息安全技术有限公司 | Program reinforcement means and device based on application program installation kit |
| CN110110506B (en) * | 2019-03-28 | 2021-07-02 | 江苏通付盾信息安全技术有限公司 | Program reinforcing method and device based on application program installation package |
| CN110119601B (en) * | 2019-03-28 | 2022-07-12 | 江苏通付盾信息安全技术有限公司 | Program reinforcing method and device based on application program installation package |
| CN110147655A (en) * | 2019-03-28 | 2019-08-20 | 江苏通付盾信息安全技术有限公司 | The security protection system and method for application program |
| CN110135152B (en) * | 2019-03-28 | 2021-07-02 | 江苏通付盾信息安全技术有限公司 | Application program attack detection method and device |
| CN111917680A (en) * | 2019-05-07 | 2020-11-10 | 中国移动通信集团湖南有限公司 | Encryption system, method, server and storage medium |
| CN110597496B (en) * | 2019-09-10 | 2021-09-24 | 腾讯科技(深圳)有限公司 | Method and device for acquiring bytecode file of application program |
| CN110990056A (en) * | 2019-11-01 | 2020-04-10 | 北京三快在线科技有限公司 | Reverse analysis method, device, electronic equipment and storage medium |
| CN111212057B (en) * | 2019-12-30 | 2022-09-27 | 武汉联影医疗科技有限公司 | Resource packet transmission method and device, computer equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101634992A (en) * | 2009-06-11 | 2010-01-27 | 上海交通大学 | Light-weight file encryption and decrypting and recovering method in NTFS file system |
| CN104809414A (en) * | 2015-05-04 | 2015-07-29 | 深圳市创世达实业有限公司 | USB (universal serial bus) flash disk encryption key storing method capable of preventing cold boot attack |
| CN105978876A (en) * | 2016-05-11 | 2016-09-28 | 杭州图南电子有限公司 | Instruction encryption method applied to broadcast communication |
| CN106599629A (en) * | 2016-12-16 | 2017-04-26 | Tcl集团股份有限公司 | Strengthening method and apparatus for Android application program |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9450749B2 (en) * | 2000-03-29 | 2016-09-20 | Wolfgang S. Hammersmith | One-time-pad encryption with central key service |
| CN104573416B (en) * | 2013-10-25 | 2018-07-17 | 腾讯科技(深圳)有限公司 | A kind of method and device for generating application installation package, executing application |
| CN104111832A (en) * | 2014-07-03 | 2014-10-22 | 北京思特奇信息技术股份有限公司 | Android application program installation package packing method and system and unpacking method |
| CN104318135B (en) * | 2014-10-27 | 2017-04-05 | 中国科学院信息工程研究所 | A kind of Java code Safety actuality loading method based on credible performing environment |
| CN106034119B (en) * | 2015-03-16 | 2019-01-04 | 阿里巴巴集团控股有限公司 | Method and device is obscured in the encryption of application installation package |
| CN105512521A (en) * | 2015-12-25 | 2016-04-20 | 北京奇虎科技有限公司 | Reinforcement and protection method and system for software installation package |
| CN105740703A (en) * | 2016-01-29 | 2016-07-06 | 北京奇虎科技有限公司 | Application reinforcement method and apparatus |
| CN107169370A (en) * | 2017-04-21 | 2017-09-15 | 广州优视网络科技有限公司 | The encryption method and encryption device of executable file |
| CN108064382B (en) * | 2017-10-27 | 2021-11-09 | 福建联迪商用设备有限公司 | Ukey-based software decryption method and terminal |
-
2018
- 2018-07-23 CN CN201810811830.0A patent/CN109062582B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101634992A (en) * | 2009-06-11 | 2010-01-27 | 上海交通大学 | Light-weight file encryption and decrypting and recovering method in NTFS file system |
| CN104809414A (en) * | 2015-05-04 | 2015-07-29 | 深圳市创世达实业有限公司 | USB (universal serial bus) flash disk encryption key storing method capable of preventing cold boot attack |
| CN105978876A (en) * | 2016-05-11 | 2016-09-28 | 杭州图南电子有限公司 | Instruction encryption method applied to broadcast communication |
| CN106599629A (en) * | 2016-12-16 | 2017-04-26 | Tcl集团股份有限公司 | Strengthening method and apparatus for Android application program |
Non-Patent Citations (3)
| Title |
|---|
| AXI总线加密模块的设计与验证;贺依盟 等;《杭州电子科技大学学报(自然科学版)》;20160115;第36卷(第1期);第57-62页 * |
| PE可执行文件通用加密工具的设计与实现;张建明 等;《计算机系统应用》;20040805(第8期);第19-22页 * |
| Scalable, Cluster-based Anti-replay Protection for Wireless Sensor Networks;David R. Raymond 等;《In Proceedings of the 2007 IEEE SMC Information Assurance and Security Workshop》;20070709;第127-134页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109062582A (en) | 2018-12-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109062582B (en) | Encryption method and device for application installation package | |
| CN106971098B (en) | Method and device for preventing repacking | |
| CN108229112B (en) | Protection application program, and running method and device of application program | |
| US20080216071A1 (en) | Software Protection | |
| CN110033261B (en) | Block chain data processing method, device and system | |
| US20080270806A1 (en) | Execution Device | |
| CN111008034B (en) | Patch generation method and device | |
| CN111897623B (en) | Cluster management method, device, equipment and storage medium | |
| CN112069468B (en) | Page dynamic watermark method and device | |
| CN114327791B (en) | Virtualization-based trusted computing measurement method, device, equipment and storage medium | |
| CN110309630B (en) | Java code encryption method and device | |
| CN114840822A (en) | Code protection method, device, equipment and storage medium | |
| KR101863325B1 (en) | Method and apparatus for preventing reverse engineering | |
| CN111090425B (en) | Program packaging method and device and electronic equipment | |
| CN109409037B (en) | Method, device and equipment for generating data confusion rule | |
| CN111813460A (en) | Access method, device, equipment and storage medium for application program matching file | |
| CN113220314B (en) | APP resource loading and APK generation method, device, equipment and medium | |
| CN110502251B (en) | Application installation method and device | |
| KR102039380B1 (en) | Apparatus and Method of Providing Security, and Apparatus and Method of Executing Security for Protecting Code of Shared Object | |
| CN106897588B (en) | Processing method and device of label function | |
| CN110764782A (en) | Software protection method and device | |
| CN110968879A (en) | Data processing method and device based on block chain | |
| CN116700841B (en) | Method and device for calling native API (application program interface) | |
| CN117251234B (en) | Function calling method and device based on patches | |
| CN117492900A (en) | Class file loading method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |