CN109190336A - A kind of method and system that the library So in Android application reinforces - Google Patents

A kind of method and system that the library So in Android application reinforces Download PDF

Info

Publication number
CN109190336A
CN109190336A CN201810940671.4A CN201810940671A CN109190336A CN 109190336 A CN109190336 A CN 109190336A CN 201810940671 A CN201810940671 A CN 201810940671A CN 109190336 A CN109190336 A CN 109190336A
Authority
CN
China
Prior art keywords
library
section
function
file
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810940671.4A
Other languages
Chinese (zh)
Inventor
夏立宁
张行
张大健
李华英
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Original Assignee
CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd filed Critical CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Priority to CN201810940671.4A priority Critical patent/CN109190336A/en
Publication of CN109190336A publication Critical patent/CN109190336A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Abstract

The invention belongs to field of information security technology, disclose a kind of method and system that the library So in Android application reinforces, which comprises by the library So the Key Functions of encryption in need be assigned in same customized section;Decryption function is added in the initialization function in the library So;The above modified program code of compiling, the So library file after being compiled;Customized section in So library file is encrypted.The present invention solves the problems, such as that the original library So code itself is easy to be cracked.

Description

A kind of method and system that the library So in Android application reinforces
Technical field
The invention belongs to field of information security technology, and in particular to it is a kind of to Android application in the library So reinforce method and System.
Background technique
With popularizing for Android application, more and more companies and the personal Android for developing oneself in succession are answered With and upload to application market.But due to the characteristic of Android itself, cause anyone that can be easy to get one not The source code of the App of reinforced processing.In face of such problems, developer first it is envisioned that the inner core logic of application and Code is put into the library So, and there is the characteristic for being difficult decompiling in the library So, so largely protecting source code, is prevented light Easily steal.But can be with the code of static analysis and the library dynamic debugging So by tools such as IDA, although the library So increases cracks difficulty Degree, but still there is method to analyze logic therein and source code.In face of such risk, it is badly in need of a kind of method to prevent attacker The analysis of the library So code itself is directly carried out by existing tool and is cracked.
Summary of the invention
It is original to solve it is an object of the present invention to provide a kind of method and system that the library So in Android application reinforces The library So code itself be easy the problem of being cracked.
In order to solve the above technical problems, the technical solution adopted in the present invention is as follows:
A method of it is reinforced to the library So in Android application, which comprises
By in the library So the Key Functions of encryption in need be assigned in same customized section;
Decryption function is added in the initialization function in the library So;
The above modified program code of compiling, the So library file after being compiled;
Customized section in So library file is encrypted.
Further, in the initialization function, customized section is found in text by the architecture of So library file Initial position in part obtains its size, calls deciphering module that the data in this section of memory are decrypted, the data after decryption For before by the Key Functions of encryption.
Further, customized section of starting hereof for needing to encrypt is found by the architecture of So library file Position obtains its size, calls encrypting module to encrypt the data in this memory, and encrypted data are write back the library So It is saved in file.
Further, in the software program code of So library file, specify section belonging to some function, and it is customized should Section attribute, by institute encryption in need Key Functions store in this paragraph.
Based on another design of the invention, a kind of system that the library So in Android application reinforces, the system are additionally provided System includes: memory module, deciphering module, collector and encrypting module, wherein
The memory module, for by encryption in need the specified storage of Key Functions in customized section;
The deciphering module, for decryption function to be added in the initialization function to the library So;
The collector, for being compiled to the program code that joined decryption function;
The encrypting module, for being encrypted to customized section in the So library file after compiling.
Compared with prior art, the method and system that a kind of library So in Android application provided by the present invention reinforces, By in the library So Key Functions or section carried out encryption, avoid application in the library So be used by others the works such as IDA Tool carries out static analysis, and then improves the safety of Android application program So file;And it is increased in initialization function Decryption function, the data after decryption are placed in memory for associated functional calls.In this way, which program can be as without encryption one Sample normally executes, and will not reduce the execution efficiency of program.
Detailed description of the invention
Fig. 1 is a kind of process principle for the method that the library So in Android application reinforces disclosed in the embodiment of the present invention Figure.
Specific embodiment
Below in conjunction with attached drawing, invention is further described in detail, but not as a limitation of the invention.
Shown in referring to Fig.1, a kind of method that the library So in Android application reinforces disclosed in the embodiment of the present invention, including Following steps:
Step S1, by the library So the Key Functions of encryption in need be assigned in same customized section.
It specifically, in step sl, can be by the setting of attribute, by important crucial letter before compiling the library So Number is assigned in same section, this section is preferably one customized section, i.e. section name oneself can be drafted.The benefit done so is just It is that encryption when can directly encrypt whole section, by just completing section encryption to the function encrypting in section, letter The inconvenience encrypted respectively for different functions is changed.
Attribute setting herein, that is, during writing code, it is possible to specify section belonging to a function, in this way It is compiled into after So file, this function will be compiled in corresponding section.
Such as: a function is defined as follows:
jstring JNICALL d(JNIEnv*env,jobject obj,jint index)__attribute__ ((section(".encdata")));So subsequent " _ _ ((section (" .encdata ")) " it is partially exactly this being arranged The attribute of a function specifies it to be stored in the section that one is " .encdata ", this " .encdata " character string is customized 's.In this way, in So file after compiling, function jstring JNICALL d (JNIEnv*env, jobject obj, Jint index) it will be stored in customized section of one entitled " .encdata ".
Step S2, decryption function is added in the initialization function in the library So.
In order to encrypt to function or section, need first to compile out So library file, then again to the So file compiled out Certain sections of encryption is carried out, this is carried out separately.But before compiling So file, need first to need inside So library file Functionally and logically finishing writing in advance for writing could compile, that is to say, that needs first add decryption logic in initialization function, in this way The So library file that compiling comes out can just include an initialization function with decryption function.Then again to compiled So library text Part carries out the lookup and encryption of customized section (the .encdata section in the example above), this encryption be exactly directly to compiling after Binary data carries out algorithm for encryption.
In initialization function, customized section of start bit in memory can be found by the structural information of SO library file It sets and the information such as shared memory size, then calls deciphering module that the data in this section of memory are decrypted, after decryption Data pass through the Key Functions of encryption before being exactly.
Each file has its corresponding file structure, and the library So is no exception, its format is exactly ELF file format, ELF file format is more complicated, such as following structure defines ELF file header:
typedef struct elf32_hdr{
unsigned char e_ident[EI_NIDENT];
Elf32_Half e_type;
Elf32_Half e_machine;
Elf32_Word e_version;
Elf32_Addr e_entry;/*Entry point*/
Elf32_Off e_phoff;
Elf32_Off e_shoff;
Elf32_Word e_flags;
Elf32_Half e_ehsize;
Elf32_Half e_phentsize;
Elf32_Half e_phnum;
Elf32_Half e_shentsize;
Elf32_Half e_shnum;
Elf32_Half e_shstrndx;
}Elf32_Ehdr;
In this above-mentioned file header structure, specify various pieces in file content relative to file header offset with And the information such as size.According to this format information, we can find required sector address and size etc..
Step S3, the above modified program code of compiling, the So library file after being compiled.
Step S4, customized section in So library file is encrypted.
In step s 4, the So library file for completing compiling is encrypted, the method for encryption is exactly to pass through the file in the library So The global analysis that format carries out file is positioned and is found according to file format, obtains customized section that needs encrypt in text Position in part, and obtain its size.Then it reads its content and encrypting module is called to be encrypted, then by encrypted number According to writing back in So library file and save.Only after compiling, the function for needing to encrypt can be just compiled into customized section, Then the section that could be come out to compiling is positioned and is encrypted, and the content of encryption is exactly the function instruction after compiling, so without Crossing compiling, also just there is no function instructions.
By above four step, the function encrypting in the library So is just completed, and can be placed into application and directly be used.
The present invention by So library file section or function do the encryption process, and in the initialization function in the library So plus Enter decryption function, since initialization function can be first carried out when the library So is called in application, to the section of encryption or letter in initialization function Number is decrypted, and the data after decryption are placed in memory for associated functional calls.In this way, program can as without Cross the equally normal execution of encryption.But if someone wants to be analyzed with tools such as IDA, since library So itself has carried out at encryption Reason, so IDA will can not parse when analyzing the instruction and quote many mistakes, function execute process also can not normal assay, Achieve the purpose that protect the library So.
The method reinforced is done in a kind of library So provided in an embodiment of the present invention, by the library So Key Functions or section carry out Encryption avoids the library So in application and is used by others the progress static analysis of the tools such as IDA, attacker can be effectively prevented and taking Static analysis and dynamic debugging are directly carried out after to So file.
Ground is corresponded to the above method, based on another design of the invention, the embodiment of the invention also provides one kind to peace The system that the library So in Zhuo Yingyong reinforces, the system comprises: memory module, deciphering module, collector and encrypting module, In,
The memory module, the Key Functions for that will need to encrypt, which are specified, to be stored in customized section;
The deciphering module, for decryption function to be added in the initialization function to the library So;
The collector, for being compiled to the program code that joined decryption function;
The encrypting module, for being encrypted to customized section in the So library file after compiling.
The system is to execute the method in a upper embodiment, and the not detailed place of system in the present embodiment please refers to Described in method in a upper embodiment, therefore not to repeat here.
The system reinforced is done in a kind of library So disclosed in the embodiment of the present invention, by encrypting module to the crucial letter in the library So Several or section is encrypted, and is avoided the library So in application and is used by others the progress static analysis of the tools such as IDA, and then improves peace The safety of tall and erect application program So file;And deciphering module is increased in initialization function, the data after decryption place memory It is middle for associated functional calls.In this way, which program normal as without encryption can execute, the execution of program will not be reduced Efficiency.
Several preferred embodiments of the invention have shown and described in above description, but as previously described, it should be understood that the present invention Be not limited to forms disclosed herein, should not be regarded as an exclusion of other examples, and can be used for various other combinations, Modification and environment, and above-mentioned guidance or the technology or knowledge of related fields can be passed through within that scope of the inventive concept describe herein It is modified.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in this hair In the protection scope of bright appended claims.

Claims (5)

1. a kind of method that the library So in Android application reinforces, which is characterized in that the described method includes:
By in the library So the Key Functions of encryption in need be assigned in same customized section;
Decryption function is added in the initialization function in the library So;
The above modified program code of compiling, the So library file after being compiled;
Customized section in So library file is encrypted.
2. the method reinforced as described in claim 1 to the library So in Android application, which is characterized in that in the initialization letter In number, customized section of initial position hereof is found by the architecture of So library file, obtains its size, calls solution The data in this section of memory are decrypted in close module, and the data after decryption pass through the Key Functions of encryption before being.
3. the method reinforced as described in claim 1 to the library So in Android application, which is characterized in that pass through So library file Architecture finds customized section of initial position hereof for needing to encrypt, and obtains its size, calls encrypting module pair Data in this memory are encrypted, and encrypted data are write back in So library file and are saved.
4. the method reinforced as described in claim 1 to the library So in Android application, which is characterized in that in the soft of So library file In part program code, specify section belonging to some function, and the attribute of this customized section, by encryption in need crucial letter Number storage is in this paragraph.
5. a kind of system that the library So in Android application reinforces, which is characterized in that the system comprises: memory module, decryption Module, collector and encrypting module, wherein
The memory module, for by encryption in need the specified storage of Key Functions in customized section;
The deciphering module, for decryption function to be added in the initialization function to the library So;
The collector, for being compiled to the program code that joined decryption function;
The encrypting module, for being encrypted to customized section in the So library file after compiling.
CN201810940671.4A 2018-08-17 2018-08-17 A kind of method and system that the library So in Android application reinforces Pending CN109190336A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810940671.4A CN109190336A (en) 2018-08-17 2018-08-17 A kind of method and system that the library So in Android application reinforces

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810940671.4A CN109190336A (en) 2018-08-17 2018-08-17 A kind of method and system that the library So in Android application reinforces

Publications (1)

Publication Number Publication Date
CN109190336A true CN109190336A (en) 2019-01-11

Family

ID=64918243

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810940671.4A Pending CN109190336A (en) 2018-08-17 2018-08-17 A kind of method and system that the library So in Android application reinforces

Country Status (1)

Country Link
CN (1) CN109190336A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111488557A (en) * 2019-01-28 2020-08-04 中国移动通信有限公司研究院 Encryption and decryption method and device, electronic equipment and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103136458A (en) * 2013-01-21 2013-06-05 中标软件有限公司 Code protection method for Linux operating system and module of method
CN105095771A (en) * 2014-05-08 2015-11-25 北京娜迦信息科技发展有限公司 Method and apparatus for protecting shared target file
US20170046180A1 (en) * 2015-08-13 2017-02-16 Quixey, Inc. System and Method for Identifying, Indexing, and Navigating to Deep States of Mobile Applications
CN107577715A (en) * 2017-08-08 2018-01-12 海信集团有限公司 The guard method of SO files and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103136458A (en) * 2013-01-21 2013-06-05 中标软件有限公司 Code protection method for Linux operating system and module of method
CN105095771A (en) * 2014-05-08 2015-11-25 北京娜迦信息科技发展有限公司 Method and apparatus for protecting shared target file
US20170046180A1 (en) * 2015-08-13 2017-02-16 Quixey, Inc. System and Method for Identifying, Indexing, and Navigating to Deep States of Mobile Applications
CN107577715A (en) * 2017-08-08 2018-01-12 海信集团有限公司 The guard method of SO files and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111488557A (en) * 2019-01-28 2020-08-04 中国移动通信有限公司研究院 Encryption and decryption method and device, electronic equipment and readable storage medium
CN111488557B (en) * 2019-01-28 2024-01-12 中国移动通信有限公司研究院 Encryption and decryption method and device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN106778103B (en) Reinforcement method, system and decryption method for preventing reverse cracking of android application program
CN107908933B (en) Character string encryption method based on intermediate language
CN108733988B (en) Method for protecting executable program on android platform
CN101438529B (en) Proactive computer malware protection through dynamic translation
US20180260199A1 (en) Method and apparatus for intermediate representation of applications
CN107273723B (en) So file shell adding-based Android platform application software protection method
CN107480476B (en) Android native layer instruction compiling virtualization shell adding method based on ELF infection
US9607160B2 (en) Method and apparatus for providing string encryption and decryption in program files
US20090138863A1 (en) Method And Apparatus For Protecting .NET Programs
US7805758B2 (en) Information processing apparatus
US20110271350A1 (en) method for protecting software
Lu et al. DeepAutoD: Research on distributed machine learning oriented scalable mobile communication security unpacking system
KR101861341B1 (en) Deobfuscation apparatus of application code and method of deobfuscating application code using the same
CN111881449B (en) Auxiliary analysis method and device for malicious codes
CN110633073A (en) Unity code obfuscation method based on Il2cpp compilation
CN113626773B (en) Code protection method based on intermediate language
CN109190336A (en) A kind of method and system that the library So in Android application reinforces
CN110597496B (en) Method and device for acquiring bytecode file of application program
You et al. Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART)
CN107209815B (en) Method for code obfuscation using return-oriented programming
US20070061790A1 (en) Partially compiled data security software
Guo et al. A survey of obfuscation and deobfuscation techniques in android code protection
Wang et al. Leveraging WebAssembly for Numerical JavaScript Code Virtualization
Sun et al. Atos: Adaptive program tracing with online control flow graph support
KR101556908B1 (en) Apparatus For Protecting Binary Code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination