CN109492354A - A kind of method, apparatus and system of obfuscated codes - Google Patents
A kind of method, apparatus and system of obfuscated codes Download PDFInfo
- Publication number
- CN109492354A CN109492354A CN201811236601.7A CN201811236601A CN109492354A CN 109492354 A CN109492354 A CN 109492354A CN 201811236601 A CN201811236601 A CN 201811236601A CN 109492354 A CN109492354 A CN 109492354A
- Authority
- CN
- China
- Prior art keywords
- code
- item
- mapping
- dynamic link
- concordance list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 112
- 238000013507 mapping Methods 0.000 claims abstract description 127
- 230000006870 function Effects 0.000 claims description 20
- 238000005538 encapsulation Methods 0.000 claims description 13
- 239000000243 solution Substances 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 241000208340 Araliaceae Species 0.000 description 3
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 3
- 235000003140 Panax quinquefolius Nutrition 0.000 description 3
- 235000008434 ginseng Nutrition 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/433—Dependency analysis; Data or control flow analysis
- G06F8/434—Pointers; Aliasing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
This application discloses a kind of method, apparatus of obfuscated codes and systems.The technical solution of the application can detach the corresponding code_item code of Java method;According to operation code mapping table to pull out come code_item code carry out mapping obscure, generate code_item concordance list;Code_item concordance list is encapsulated into dynamic link library;Register the code_item concordance list in dynamic link library.Code_item concordance list after registration due to comprising be code after obscuring, so not seeing any logic of former Java method from code, guarantee that the dex file in APK file can not be repacked in reverse-engineering, include the codes such as wooden horse, advertisement in preventing from applying, the safety for guaranteeing APK file, is further ensured that the safety of user information.
Description
Technical field
This application involves field of computer technology more particularly to the method, apparatus and system of a kind of obfuscated codes.
Background technique
Android application is the application based on android system exploitation, it can be achieved that many functions that user needs.Mainstream
Android application in most logic realized by Java code, Android engineering code is packaged as APK
(AndroidPackage, Android installation kit) file, then APK file is passed into Android simulator or Android phone
Middle execute is mountable corresponding application.
During Android engineering code is packaged as APK file, Java code can be compiled into holding for dex format
Style of writing part.This document is directly packaged in APK file packet.Attacker can carry out its APK file by reverse-engineering reverse
Compiling obtains Smali or Java source code, beats again packet after then carrying out analysis modification, and Android application is made to face the evil such as wooden horse, advertisement
Code injection of anticipating is attacked, and the data in application software may be stolen by third party's malice, and user account information is faced with safely pole
Big risk.
Therefore, how to prevent APK file from being repacked in reverse-engineering, become urgent problem to be solved in the industry.
Summary of the invention
This application provides a kind of method, apparatus of obfuscated codes and systems, and APK file is avoided to be weighed in reverse-engineering
New be packaged leads to the unsafe problem of user account.
On the one hand, this application provides a kind of methods of obfuscated codes, comprising:
The corresponding code_item code of Java method is detached, the code_item code is for corresponding to Java method
Dex file;
According to operation code mapping table to it is described pull out come code_item code carry out mapping obscure, generate code_
Item concordance list, the operation code mapping table be used to provide operation code in code_item code with map after operation code it is corresponding
Relationship;
The code_item concordance list is encapsulated into dynamic link library, the dynamic link library is used to share library function, with
And the dynamic link library is located at native layers;
Register the code_item concordance list in the dynamic link library.
With reference to first aspect, the method also includes:
Interpreter is mapped according to the operation mapping table and Dalvik bytecode standard implementation;
The mapping interpreter is encapsulated into dynamic link library;
According to the mapping interpreter and the code_item concordance list in the dynamic link library, mapping solution is generated
Release the performing environment of device.
With reference to first aspect, it is described according to operation code mapping table to it is described pull out come code_item code reflect
Penetrate and obscure, generate code_item concordance list the step of include:
According to Dalvik bytecode grammer, the operation code letter in the insns field instruction stream is determined in insns field
Breath;
According to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, the system after obtaining mapping
Arrange new operation code;
According to a series of new operation codes, code_item concordance list is generated.
With reference to first aspect, before the code_item code detached in Java method, further includes:
The corresponding code_item code of Java method is found in the dex file of APK file.
With reference to first aspect, step of the encapsulation code_item concordance list into dynamic link library includes:
By C/C++ program, the code_item concordance list is compiled as binary file;
The binary file is encapsulated into the dynamic link library.
Optionally, the step of code_item concordance list registered in the dynamic link library includes:
Obtain the different return type of Java method;
According to the different return type, different entry methods is defined, the parameter of the entry method is variable ginseng
Number, and the type of the parameter is all native attribute.
Second aspect, this application provides a kind of devices of obfuscated codes, comprising:
Code detaches unit, and for detaching the corresponding code_item code of Java method, the code_item code is used
In Java method is corresponded to dex file;
Map obfuscation unit, for according to operation code mapping table to it is described pull out come code_item code reflect
It penetrates and obscures, generate code_item concordance list, the operation code mapping table is for providing in code_item code operation code and reflecting
Penetrate the corresponding relationship of rear operation code;
Encapsulation unit, for encapsulating the code_item concordance list into dynamic link library, the dynamic link library is used for
Shared library function, and, the dynamic link library is located at native layers;
Registering unit, for registering the code_item concordance list in the dynamic link library.
In conjunction with second aspect, described device further include:
Interpreter realizes unit, for being explained according to the operation mapping table and the mapping of Dalvik bytecode standard implementation
Device;
Interpreter encapsulation unit, for encapsulating the mapping interpreter into dynamic link library;
Performing environment generation unit, for according to the mapping interpreter and the code_ in the dynamic link library
Item concordance list generates the performing environment of mapping interpreter.
In conjunction with second aspect, the mapping obfuscation unit is also used to:
According to Dalvik bytecode grammer, the operation code letter in the insns field instruction stream is determined in insns field
Breath;
According to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, the system after obtaining mapping
Arrange new operation code;
According to a series of new operation codes, code_item concordance list is generated.
In conjunction with second aspect, the code detaches unit and is also used to:
The corresponding code_item code of Java method is found in the dex file of APK file.
In conjunction with second aspect, the encapsulation unit is also used to:
By C/C++ program, the code_item concordance list is compiled as binary file;
The binary file is encapsulated into the dynamic link library.
Optionally, the registering unit is also used to:
Obtain the different return type of Java method;
According to the different return type, different entry methods is defined, the parameter of the entry method is variable ginseng
Number, and the type of the parameter is all native attribute.
The third aspect, the application also provide a kind of system of obfuscated codes, comprising: processor and memory;
The memory, for storing the executable program of the processor;
The processor, for detaching the corresponding code_item code of Java method, the code_item code is used for
Java method is corresponded into dex file;According to operation code mapping table to it is described pull out come code_item code map
Obscure, generates code_item concordance list, the operation code mapping table is for providing operation code and mapping in code_item code
The corresponding relationship of operation code afterwards;The code_item concordance list is encapsulated into dynamic link library, the dynamic link library is for altogether
Library function is enjoyed, and, the dynamic link library is located at native layers;Register the code_item index in the dynamic link library
Table.
By the above content it is found that the embodiment of the present application provides the method, apparatus and system of a kind of obfuscated codes.The application
Technical solution can detach the corresponding code_item code of Java method;According to operation code mapping table to pull out come
Code_item code, which carries out mapping, to be obscured, and code_item concordance list is generated;Code_item concordance list is encapsulated to dynamic link library
In;Register the code_item concordance list in dynamic link library.Code_item concordance list after registration due to comprising be to obscure
Code afterwards guarantees that dex file in APK file can not be so do not see any logic of former Java method from code
Repacked in reverse-engineering, prevent from applying in comprising codes such as wooden horse, advertisements, guarantee the safety of APK file, further
Guarantee the safety of user information.
Detailed description of the invention
In order to illustrate more clearly of the technical solution of the application, attached drawing needed in case study on implementation will be made below
Simply introduce, it should be apparent that, for those of ordinary skills, in the premise of not making the creative labor property
Under, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of first embodiment of the method for obfuscated codes provided by the embodiments of the present application;
Fig. 2 is the flow chart of the second embodiment of the method for obfuscated codes provided by the embodiments of the present application;
Fig. 3 is the 3rd embodiment flow chart of the method for obfuscated codes provided by the embodiments of the present application;
Fig. 4 is the fourth embodiment flow chart of the method for obfuscated codes provided by the embodiments of the present application;
Fig. 5 is the 5th embodiment flow chart of the method for obfuscated codes provided by the embodiments of the present application;
Fig. 6 is a kind of structural block diagram of the device of obfuscated codes provided by the embodiments of the present application;
Fig. 7 is a kind of schematic diagram of the system of obfuscated codes provided by the embodiments of the present application.
Specific embodiment
In order to make those skilled in the art better understand the technical solutions in the application, below in conjunction with attached drawing, it is right
Technical solution in the embodiment of the present application is clearly and completely described.
Referring to Fig. 1, this application provides the first embodiments of the method for obfuscated codes, this method comprises:
Step 101, the corresponding code_item code of Java method is detached, the code_item code is used for the side Java
Method corresponds to dex file, and compiled code needs two steps in android system, and the first step needs for Java code to be compiled as
Java bytecode file, second step need that Java bytecode file is compiled as dex executable file again, wherein code_item
Code is just with the realization code that the code in Java method is finally compiled into dex executable file, i.e., corresponding by Java method
To dex file.Being compiled be converted to assembly code to dex in android system is Smali disassembler, all includes
In APK file, when third party's malice inversely compiles APK file, the Smali being easy in acquisition APK file is counter to converge
Coder analyzes the corresponding Java source code of dex file in turn, modifies to it, the malicious codes such as wooden horse, advertisement is added, then
Repack APK file for users to use.In order to avoid the Java source code in APK file is by malicious modification, the embodiment of the present application
The middle operation code that realization Java method is corresponded to dex file is obscured, and generates new operation code, patrolling not comprising source code
Volume, avoid third-party malicious modification.Wherein, it before obfuscated codes, needs to pull out code_item operation code and.
Step 102, according to operation code mapping table to it is described pull out come code_item code carry out mapping and obscure, it is raw
At code_item concordance list, grasped after operation code and mapping due to being provided in the operation code mapping table in code_item code
Make the corresponding relationship of code, so the corresponding new operation of operation code for needing to be mapped can be got according to the corresponding relationship
Code, so that new operation code is generated code_item concordance list.
Step 103, the code_item concordance list is encapsulated into dynamic link library, and the dynamic link library is for sharing
Library function, and, the dynamic link library is located at native layers.File in dynamic link library is binary file, also, dynamic
It include a variety of library functions in state chained library, the extension name of these library functions is " .dll ", " .ocx " or " .drv " respectively, dynamic
Linking library file allows procedure sharing to execute code necessary to special duty and other resources, including library function.After mapping
Code_item concordance list be encapsulated into the calling for being conducive to other systems or program in dynamic link library.
Step 104, the code_item concordance list in the dynamic link library is registered, passes through JNI in the embodiment of the present application
(Java Native Interface, Java local interface) mechanism registers code_item concordance list, and JNI mechanism can make
Java language is obtained to interact with local other kinds of language.Registration mainly includes the parameter of setting Java method, setting
Performing environment entry method etc. is explained in code_item index value and setting mapping.Code_item concordance list satisfaction after registration is held
The requirement of row environment, and being performed in correct performing environment, generate new dex format executable file and
New APK file, mapping, which has been carried out, in code_item code obscures, even if third party can obtain code_ by reverse-engineering
Item code, but code_item code logic can not be obtained, and then Java source code can not be obtained, source code can not be repaired
Change, guarantee source code it is complete with it is safe.
In addition, it is described detach the corresponding code_item code of Java method before, further includes: in the dex text of APK file
The code_item code in Java method is found in part.It not only include the code_item generation of Java method in usual Java code
Code, there are also the member variables in java code, but in the embodiment of the present application only to the code_item code of Java method into
Row mapping is obscured, because after only obscuring code_item code mapping, as long as the corresponding relationship rule of mapping is not strong, third party
The logic of code just can not be managed substantially, further more, if also mapping the corresponding code of member variable in java code
Obscure, this process can expend more resources and performance.
The technical solution of the application first embodiment can detach the code_item code in Java method;According to operation
Code mapping table, which carries out mapping to the code_item code pulled out, to be obscured, and code_item concordance list is generated;Encapsulate code_
Item concordance list is into dynamic link library;Register the code_item concordance list in dynamic link library.Code_item after registration
Concordance list due to comprising be code after obscuring, so not seeing any logic of former Java method from code, guarantee APK
Dex file in file can not be repacked in reverse-engineering, prevent from applying in comprising codes such as wooden horse, advertisements, guarantee
The safety of APK file is further ensured that the safety of user information.
Referring to fig. 2, this application provides the second embodiment of the method for obfuscated codes, which implements with first
Example the difference is that, further includes:
Step 201, interpreter is mapped according to the operation mapping table and Dalvik bytecode standard implementation;Dalvik is to use
In the virtual machine of Android platform, it can support to have been converted into the operation of the java application of " .dex " format, " .dex "
Format is a kind of compressed format for aiming at Dalvik design, is suitble to memory and the limited system of processor speed.Usually first will
It has mapped the code_item code obscured to restore by operation code mapping table, then write by C/C++ for explaining and holding
The program of row Dalvik bytecode, overall process can be understood as the conversion of Dalvik bytecode to CPU bytecode.
Step 202, the mapping interpreter is encapsulated into dynamic link library;Generate being designed to provide for mapping interpreter
One is obscured the environment that rear code_item code is able to carry out, since the code_item code wrap after obscuring is in dynamic link
In library, the mapping interpreter should be also packaged under same environment, so as to the execution of the code_item code after obscuring.
Step 203, raw according to the mapping interpreter and the code_item concordance list in the dynamic link library
At the performing environment of mapping interpreter.The performing environment for mapping interpreter is an abstract concept, and specifically, performing environment can
The set for the condition that code_item code after being obscured with the mapping for being interpreted as being pulled out out can be executed correctly executes
Environment provides guarantee to the correct execution of code.
The technical solution of the application second embodiment generates mapping solution by mapping interpreter and code_item concordance list
The performing environment of device is released, a safe and reliable performing environment can be provided to map the code_item code after obscuring, it is ensured that
Code after obscuring can be correctly performed.
Referring to Fig. 3, this application provides the 3rd embodiment of the method for obfuscated codes, which implements with first
Example the difference is that, it is described according to operation code mapping table to it is described pull out come code_item code carry out mapping mix
Confuse, generate code_item concordance list the step of include:
Step 301, it according to Dalvik bytecode grammer, is determined in the insns field instruction stream in insns field
Opcode information;Dalvik is the virtual machine for Android platform, the insns field according to dex format, in code_item
It is directed to Dalvik bytecode, to determine the operation code in code_item code, it is also necessary to determine Dalvik bytecode language
Method determines the opcode information of code according to the grammer.
Step 302, according to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, obtains mapping
A series of new operation codes afterwards;What is saved in operation code mapping table is that pair between rear operation code is obscured in origin operation code and mapping
It should be related to, when knowing origin operation code, the operation code after mapping can be determined according to the operation code mapping table, after knowing mapping
Operation code when, can be done according to this operation code mapping table reversely determine origin operation code.For example, being an operation in the following table 1
Code mapping table:
| 0 | 0F | …… | 90 | 92 |
| 12 | 76 | …… | 2C | 17 |
Table 1
The content in the first row in table 1 is followed successively by different origin operation codes, and the content in the second row is grasped with for the first row
Operation code after making the operation code after code maps correspondingly, such as origin operation code " 0x00 " mapping is " 0x12 ", origin operation
Operation code after code " 0x0F " mapping is " 0x76 " etc..Such as the insns bytecode list in the code_item extracted is such as
Shown in table 2:
| 92 | 00 | 02 | 02 |
| 90 | 01 | 03 | 00 |
| 0F | 01 |
Table 2
In table 2, operation code is respectively " 0x92 ", " 0x90 " and " 0x0F ", then the content in corresponding table 1, after mapping
Operation code be respectively " 0x17 ", " 0x2C " and " 0x76 ", the insns bytecode list after mapping is as shown in table 3:
| 17 | 00 | 02 | 02 |
| 2C | 01 | 03 | 00 |
| 76 | 01 |
Table 3
So mapping the insns bytecode in the code_item after obscuring is 0x170002022C0103007601.
According to above content it is found that the operation code mapping in code_item ensure that even if Android application dex file
Code_item code be parsed out, third party is also difficult to inversely obtain out its original code_item code.
Step 303, according to a series of new operation codes, code_item concordance list is generated.In relational database,
Index is a kind of a kind of individual, physics storage organization being ranked up to the value of one or more columns per page in database table, it is
The set and the logical pointer of the data page of these values of physical label in corresponding Compass of a column or several train values in some table
Inventory.The catalogue for functioning as books of index, can be quickly found out required content according to the page number in catalogue.Concordance list
It is substantially the same with indexing, it is provided to reduce the time of searching code, so that code quick execution.
How the technical solution of the application 3rd embodiment specifically illustrates by the behaviour in code_item in insns field
Make code to determine, and how to obscure the operation code, any logic in original code is not seen in the code after obscuring, guarantees
Dex file in the APK file of android system can not be repacked in reverse-engineering, further prevent applying in wrap
Containing codes such as wooden horse, advertisements, guarantee the safety of APK file, guarantees the safety of user information.
Referring to fig. 4, present invention also provides the fourth embodiment of the method for obfuscated codes, the fourth embodiment is real with first
Apply example the difference is that, the step of the encapsulation code_item concordance list into dynamic link library includes:
Step 401, by C/C++ program, the code_item concordance list is compiled as binary file;Dynamic link
File in library is binary file, if code_item concordance list will be encapsulated into dynamic link library, it is necessary to first will
It is compiled into the file format for meeting dynamic link library requirement, i.e. binary file, uses C/C++ in the application fourth embodiment
The compiling of program progress binary file.
Step 402, the binary file is encapsulated into the dynamic link library.Code_item concordance list passes through volume
Binary file after translating, which can be encapsulated into dynamic link library, carries out shared use.
The technical solution of the application fourth embodiment specifically illustrates how code_item concordance list is encapsulated into dynamic chain
It connects in library, on the basis of first embodiment, also code_item concordance list is compiled into and meets the two of dynamic link library requirement
Then binary file is encapsulated in dynamic link library again.The compilation process of binary file ensure that concordance list encapsulation
Accuracy avoids the problem that not being available caused by because of file format difference, is further ensured that the complete of mapping obfuscated codes process
Whole quick progress.
Referring to Fig. 5, present invention also provides the 5th embodiment of the method for obfuscated codes, the 5th embodiment is real with second
Apply example the difference is that, the step of code_item concordance list in the registration dynamic link library includes:
Step 501, the different return type of Java method is obtained;In the 5th embodiment of the application, the return of Java method
Type is also possible to the return type of function in Java.One existing input data of function, and have output data, input data
Type in parameter list specify.Result after being processed to input data, after needing to return processing.Result after processing
Data type is exactly function return type, is specified before the title that function defines.That is, function return type is exactly letter
Data type belonging to number return value.
Step 502, according to the different return type, different entry methods, the parameter of the entry method are defined
For variable element, and the type of the parameter is all native attribute.In java application, the main entrance of program execution
Method is the main method of program, is registered by JNI mechanism to code_item concordance list in the 5th embodiment of the application,
JNI mechanism can make Java language interact with local other kinds of language.Registration mainly includes setting Java method
Performing environment entry method etc. is explained in parameter, setting code_item index value and setting mapping.Carrying out Java method registration
When, a MethodStub class is defined first, it is the Java layer entrance class that performing environment is explained in mapping.MethodStub according to
The different return types of Java method, define different entry methods, such as MethodStub.cInt and
The parameter of MethodStub.cFloat etc., these entry methods are variable element, and are all native attributes, illustrate that it passes through
JNI mechanism calls the mapping of Native layers of realization to explain performing environment.
The technical solution of the 5th embodiment of the application specifically illustrates the code_item rope how registered in dynamic link library
Draw table, it is also assumed that being to illustrate how registration Java method.Method after registration, Android application in dex code_
Item code becomes code_item code corresponding to register method.When to Android application progress converse works analyzing
When, on the one hand original code_item code is pulled out mapping and obscures, and original code_item code when being executed will not
It is loaded dynamically ART (when Android Runtime, Android application hosting formula is run) running environment of android system
In, at ART, apply when installing first time, bytecode will be compiled into machine code in advance, become real sheet
Ground application, this process are called precompile.In this case, application starting (for the first time) and execute can all become more quickly.Separately
The code_item code of dex does not include any logic of former Java method in one side Android application, so being difficult to it
Carry out effective converse works analyzing.Dynamic link library of the code_item code at Native layers after detaching mapping and obscuring
In by mapping interpreter carry out mapping explain execute, they together constitute mapping explain performing environment.Wherein, mapping is explained
Device is a code_item obfuscated codes interpreter according to operation code mapping table and Dalvik operation code standard implementation.When not having
When having mapping to explain performing environment, the explanation of Android application code_item code is executed through android system
ART is completed.When Android, which is applied, there is mapping explanation performing environment, the solution of Android application code_item obfuscated codes
It releases execution and explains that performing environment is completed by mapping, call android system method etc. to patrol if existed in code_item code
Volume, it will be interacted by JNIEnv interface pointer with ART, the various functions that primary code is provided by JNIEnv interface pointer
Carry out the function using virtual machine.In addition, the code_item code not being confused in Android application, explains to execute and also will
It is completed by ART.
From the above technical scheme, the embodiment of the present application provides a kind of method of obfuscated codes.The technology of the application
Scheme can detach the code_item code in Java method;According to operation code mapping table to pull out come code_item generation
Code, which carries out mapping, to be obscured, and code_item concordance list is generated;Code_item concordance list is encapsulated into dynamic link library;Registration dynamic
Code_item concordance list in chained library.Code_item concordance list after registration due to comprising be code after obscuring, institute
Not see any logic of former Java method from code, guarantee dex file in APK file can not in reverse-engineering quilt
Repack, prevent from applying in comprising codes such as wooden horse, advertisements, guarantee the safety of APK file, be further ensured that user information
Safety.
Referring to Fig. 6, the embodiment of the present application also provides a kind of device of obfuscated codes, described device includes:
Code detaches unit 61, for detaching the corresponding code_item code of Java method, the code_item code
For Java method to be corresponded to dex file;
Map obfuscation unit 62, for according to operation code mapping table to it is described pull out come code_item code progress
Mapping is obscured, and generates code_item concordance list, the operation code mapping table for provide in code_item code operation code with
The corresponding relationship of operation code after mapping;
Encapsulation unit 63, for encapsulating the code_item concordance list into dynamic link library, the dynamic link library is used
In shared library function, and, the dynamic link library is located at native layers;
Registering unit 64, for registering the code_item concordance list in the dynamic link library.
Optionally, described device further include:
Interpreter realizes unit, for being explained according to the operation mapping table and the mapping of Dalvik bytecode standard implementation
Device;
Interpreter encapsulation unit, for encapsulating the mapping interpreter into dynamic link library;
Performing environment generation unit, for according to the mapping interpreter and the code_ in the dynamic link library
Item concordance list generates the performing environment of mapping interpreter.
Optionally, the mapping obfuscation unit 62 is also used to:
According to Dalvik bytecode grammer, the operation code letter in the insns field instruction stream is determined in insns field
Breath;
According to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, the system after obtaining mapping
Arrange new operation code;
According to a series of new operation codes, code_item concordance list is generated.
Optionally, the code detaches unit 61 and is also used to:
The corresponding code_item code of Java method is found in the dex file of APK file.
Optionally, the encapsulation unit 63 is also used to:
By C/C++ program, the code_item concordance list is compiled as binary file;
The binary file is encapsulated into the dynamic link library.
Optionally, the registering unit 64 is also used to:
Obtain the different return type of Java method;
According to the different return type, different entry methods is defined, the parameter of the entry method is variable ginseng
Number, and the type of the parameter is all native attribute.
Referring to Fig. 7, the embodiment of the present application also provides a kind of system of obfuscated codes, comprising: processor 71 and memory 72;
The memory 72, for storing the executable program of the processor 71;
The processor 71, for detaching the corresponding code_item code of Java method, the code_item code is used
In Java method is corresponded to dex file;According to operation code mapping table to it is described pull out come code_item code reflect
It penetrates and obscures, generate code_item concordance list, the operation code mapping table is for providing in code_item code operation code and reflecting
Penetrate the corresponding relationship of rear operation code;The code_item concordance list is encapsulated into dynamic link library, the dynamic link library is used for
Shared library function, and, the dynamic link library is located at native layers;Register the code_item rope in the dynamic link library
Draw table.
From the above technical scheme, the embodiment of the present application provides the method, apparatus and system of a kind of obfuscated codes.This
The technical solution of application can detach the code_item code in Java method;According to operation code mapping table to pull out come
Code_item code, which carries out mapping, to be obscured, and code_item concordance list is generated;Code_item concordance list is encapsulated to dynamic link library
In;Register the code_item concordance list in dynamic link library.Code_item concordance list after registration due to comprising be to obscure
Code afterwards guarantees that dex file in APK file can not be so do not see any logic of former Java method from code
Repacked in reverse-engineering, prevent from applying in comprising codes such as wooden horse, advertisements, guarantee the safety of APK file, further
Guarantee the safety of user information.
The application can be used in numerous general or special purpose computing system environments or configuration.Such as: personal computer, service
Device computer, handheld device or portable device, laptop device, multicomputer system, microprocessor-based system, top set
Box, programmable consumer-elcetronics devices, network PC, minicomputer, mainframe computer, including any of the above system or equipment
Distributed computing environment etc..
The application can describe in the general context of computer-executable instructions executed by a computer, such as program
Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group
Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by
Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with
In the local and remote computer storage media including storage equipment.
Those skilled in the art will readily occur to its of the application after considering specification and practicing application disclosed herein
Its embodiment.This application is intended to cover any variations, uses, or adaptations of the application, these modifications, purposes or
Person's adaptive change follows the general principle of the application and including the undocumented common knowledge in the art of the application
Or conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the application are by following
Claim is pointed out.
It should be understood that the application is not limited to the precise structure that has been described above and shown in the drawings, and
And various modifications and changes may be made without departing from the scope thereof.Scope of the present application is only limited by the accompanying claims.
Claims (13)
1. a kind of method of obfuscated codes characterized by comprising
The corresponding code_item code of Java method is detached, the code_item code is used to Java method corresponding to dex
File;
According to operation code mapping table to it is described pull out come code_item code carry out mapping obscure, generate code_item rope
Draw table, the corresponding relationship of operation code after the operation code mapping table is used to provide operation code in code_item code and maps;
The code_item concordance list is encapsulated into dynamic link library, the dynamic link library is used to share library function, and,
The dynamic link library is located at native layers;
Register the code_item concordance list in the dynamic link library.
2. the method according to claim 1, wherein the method also includes:
Interpreter is mapped according to the operation mapping table and Dalvik bytecode standard implementation;
The mapping interpreter is encapsulated into dynamic link library;
According to the mapping interpreter and the code_item concordance list in the dynamic link library, mapping interpreter is generated
Performing environment.
3. the method according to claim 1, wherein it is described according to operation code mapping table to it is described pull out come
Code_item code carries out mapping and includes: the step of obscuring, generate code_item concordance list
According to Dalvik bytecode grammer, the opcode information in the insns field instruction stream is determined in insns field;
According to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, it is a series of new after obtaining mapping
Operation code;
According to a series of new operation codes, code_item concordance list is generated.
4. the method according to claim 1, wherein the code_item code detached in Java method it
Before, further includes:
The corresponding code_item code of Java method is found in the dex file of APK file.
5. the method according to claim 1, wherein the encapsulation code_item concordance list is to dynamic link library
In step include:
By C/C++ program, the code_item concordance list is compiled as binary file;
The binary file is encapsulated into the dynamic link library.
6. according to the method described in claim 2, it is characterized in that, the code_item registered in the dynamic link library
The step of concordance list includes:
Obtain the different return type of Java method;
According to the different return type, different entry methods is defined, the parameter of the entry method is variable element, and
And the type of the parameter is all native attribute.
7. a kind of device of obfuscated codes, which is characterized in that described device includes:
Code detaches unit, and for detaching the corresponding code_item code of Java method, the code_item code is used for will
Java method corresponds to dex file;
Map obfuscation unit, for according to operation code mapping table to it is described pull out come code_item code carry out mapping mix
Confuse, code_item concordance list is generated, after the operation code mapping table is for providing operation code in code_item code and mapping
The corresponding relationship of operation code;
Encapsulation unit, for encapsulating the code_item concordance list into dynamic link library, the dynamic link library is for sharing
Library function, and, the dynamic link library is located at native layers;
Registering unit, for registering the code_item concordance list in the dynamic link library.
8. device according to claim 7, which is characterized in that described device further include:
Interpreter realizes unit, for mapping interpreter according to the operation mapping table and Dalvik bytecode standard implementation;
Interpreter encapsulation unit, for encapsulating the mapping interpreter into dynamic link library;
Performing environment generation unit, for according to the mapping interpreter and the code_item in the dynamic link library
Concordance list generates the performing environment of mapping interpreter.
9. device according to claim 7, which is characterized in that the mapping obfuscation unit is also used to:
According to Dalvik bytecode grammer, the opcode information in the insns field instruction stream is determined in insns field;
According to the corresponding relationship in the operation code mapping table, the operation code is successively mapped, it is a series of new after obtaining mapping
Operation code;
According to a series of new operation codes, code_item concordance list is generated.
10. device according to claim 7, which is characterized in that the code detaches unit and is also used to:
The corresponding code_item code of Java method is found in the dex file of APK file.
11. device according to claim 7, which is characterized in that the encapsulation unit is also used to:
By C/C++ program, the code_item concordance list is compiled as binary file;
The binary file is encapsulated into the dynamic link library.
12. device according to claim 8, which is characterized in that the registering unit is also used to:
Obtain the different return type of Java method;
According to the different return type, different entry methods is defined, the parameter of the entry method is variable element, and
And the type of the parameter is all native attribute.
13. a kind of system of obfuscated codes characterized by comprising processor and memory;
The memory, for storing the executable program of the processor;
The processor, for detaching the corresponding code_item code of Java method, the code_item code is used for will
Java method corresponds to dex file;According to operation code mapping table to it is described pull out come code_item code to carry out mapping mixed
Confuse, code_item concordance list is generated, after the operation code mapping table is for providing operation code in code_item code and mapping
The corresponding relationship of operation code;The code_item concordance list is encapsulated into dynamic link library, the dynamic link library is for sharing
Library function, and, the dynamic link library is located at native layers;Register the code_item concordance list in the dynamic link library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236601.7A CN109492354A (en) | 2018-10-23 | 2018-10-23 | A kind of method, apparatus and system of obfuscated codes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811236601.7A CN109492354A (en) | 2018-10-23 | 2018-10-23 | A kind of method, apparatus and system of obfuscated codes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109492354A true CN109492354A (en) | 2019-03-19 |
Family
ID=65692467
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811236601.7A Pending CN109492354A (en) | 2018-10-23 | 2018-10-23 | A kind of method, apparatus and system of obfuscated codes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109492354A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111274556A (en) * | 2020-02-27 | 2020-06-12 | 北京小米移动软件有限公司 | Code obfuscation method, device and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573426A (en) * | 2015-01-06 | 2015-04-29 | 北京邮电大学 | Confusing method and device of executable application |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN107992723A (en) * | 2017-11-29 | 2018-05-04 | 南京莱斯信息技术股份有限公司 | A kind of Java protection of source codes methods based on dynamic link library |
| CN108491235A (en) * | 2018-03-21 | 2018-09-04 | 北京理工大学 | In conjunction with the DEX guard methods of dynamic load and function Nativeization |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
-
2018
- 2018-10-23 CN CN201811236601.7A patent/CN109492354A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573426A (en) * | 2015-01-06 | 2015-04-29 | 北京邮电大学 | Confusing method and device of executable application |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN107992723A (en) * | 2017-11-29 | 2018-05-04 | 南京莱斯信息技术股份有限公司 | A kind of Java protection of source codes methods based on dynamic link library |
| CN108491235A (en) * | 2018-03-21 | 2018-09-04 | 北京理工大学 | In conjunction with the DEX guard methods of dynamic load and function Nativeization |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
Non-Patent Citations (1)
| Title |
|---|
| 乐德广等: "《一种抵御逆向工程的安卓应用混淆技术研究》", 《小型微型计算机系统》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111274556A (en) * | 2020-02-27 | 2020-06-12 | 北京小米移动软件有限公司 | Code obfuscation method, device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108027722B (en) | Dynamically updating applications in compilation and deployment | |
| CN108932406B (en) | Virtualization software protection method and device | |
| US8966635B2 (en) | Software module object analysis | |
| US8090959B2 (en) | Method and apparatus for protecting .net programs | |
| CN106844153B (en) | Application program operation monitoring method and device and terminal | |
| US20130007713A1 (en) | Automated testing process | |
| CN110059456B (en) | Code protection method, code protection device, storage medium and electronic equipment | |
| Mackey | Introducing. NET 4.0: With Visual Studio 2010 | |
| CN101030241A (en) | Method and system based on Keil C51 software protecting development | |
| CN117093286B (en) | Plug-in generation method, device, equipment and computer readable storage medium | |
| Albert et al. | Simulating concurrent behaviors with worst-case cost bounds | |
| CN106557350B (en) | JAVA byte code conversion method, device and equipment in application program installation package | |
| Alshara et al. | Materializing architecture recovered from object-oriented source code in component-based languages | |
| US8578352B1 (en) | Optimizing object oriented programs using limited customization | |
| CN104423932B (en) | The method that Binary Element is called in Javascript | |
| US11435989B2 (en) | Thread-local return structure for asynchronous state machine | |
| KR20110130611A (en) | Web platform unit for mobile terminal connectioned web-application program in heterogeneous operating system | |
| US20170052765A1 (en) | Method and system for creating app | |
| CN103150161A (en) | Task encapsulation method and device based on MapReduce computation module | |
| CN109492354A (en) | A kind of method, apparatus and system of obfuscated codes | |
| Lam et al. | Hob: A tool for verifying data structure consistency | |
| CN110764745A (en) | Variable transmission and collection method, device and computer readable storage medium | |
| Zhan et al. | Splitting third-party libraries’ privileges from android apps | |
| Choi et al. | A type and effect system for activation flow of components in android programs | |
| Mongiello et al. | AC-contract: Run-time verification of context-aware applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190319 |
|
| RJ01 | Rejection of invention patent application after publication |