CN109657480A - A kind of document handling method, equipment and computer readable storage medium - Google Patents
A kind of document handling method, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN109657480A CN109657480A CN201710942091.4A CN201710942091A CN109657480A CN 109657480 A CN109657480 A CN 109657480A CN 201710942091 A CN201710942091 A CN 201710942091A CN 109657480 A CN109657480 A CN 109657480A
- Authority
- CN
- China
- Prior art keywords
- section
- library
- decrypted
- processed
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The present invention provides a kind of document handling method, equipment and computer readable storage medium, is related to database technical field, to improve the safety in the library SO.Document handling method of the invention, comprising: receive the cryptographic Hash in the library SO to be processed that client is sent, wherein include section to be decrypted in the library SO to be processed;Corresponding key is obtained according to the cryptographic Hash;The key is sent to the client, so that the client decrypts the section to be decrypted according to the key.The safety in the library SO can be improved in the present invention.
Description
Technical field
The present invention relates to database technical field more particularly to a kind of document handling method, equipment and computer-readable deposit
Storage media.
Background technique
.so library file is a kind of ELF (executable) file.ELF file format is by COFF (Common Object File
Format, common object file format) format develops, and it is a kind of data structure based on section.But android system
Lower SO software is easy analyzed, secondary packing, so that the safety in the library SO is not high.
Summary of the invention
In view of this, the present invention provides a kind of document handling method, equipment and computer readable storage medium, to improve
The safety in the library SO.
In order to solve the above technical problems, in a first aspect, the embodiment of the present invention provides a kind of document handling method, applied to clothes
Business device, comprising:
Receive the cryptographic Hash in the library SO to be processed that client is sent, wherein include to be decrypted in the library SO to be processed
Section;
Corresponding key is obtained according to the cryptographic Hash;
The key is sent to the client, so that the client decrypts the section to be decrypted according to the key.
Wherein, before the cryptographic Hash in the library SO to be processed that the reception client is sent, the method also includes:
Determine the section to be encrypted in the library SO to be processed;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
Wherein, the section to be encrypted in the determination library SO to be processed, comprising:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
Wherein, the encryption information is cryptographic Hash and key pair.
Wherein, the section to be encrypted is the section for being able to carry out memory mapping processing.
Second aspect, the embodiment of the present invention also provide a kind of document handling method, are applied to client, comprising:
Obtain the library SO to be processed;
The decruption key in the library SO to be processed is obtained from server;
It determines the section to be decrypted in the library SO to be processed, and the section to be decrypted is solved using the decruption key
It is close.
It is wherein, described to obtain the library SO to be processed, comprising:
According to the title lookup process listing file in the library SO to be processed;
According to lookup result, the library SO is obtained in the address in process virtual space, obtains the library SO to be processed.
Wherein, the decruption key that the library SO to be processed is obtained from server, comprising:
The cryptographic Hash in the library SO to be processed is obtained, and sends the cryptographic Hash to the server;
Receive the decruption key that the server is sent according to the cryptographic Hash.
Wherein, the section to be decrypted in the determination library SO to be processed, and using the decruption key to described wait solve
Close section is decrypted, comprising:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be decrypted is positioned according to section header portion table, and obtains the size of the section to be decrypted;
According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;
The section to be decrypted is decrypted using the decruption key.
Wherein, before the section to be decrypted is decrypted in the utilization decruption key, further includes:
Obtain the authority information of the section to be decrypted;
If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the section to be decrypted
Permission is revised as can write permission.
The third aspect, the embodiment of the invention provides a kind of servers, comprising: transceiver and processor;
The processor, for receiving the cryptographic Hash in the library SO to be processed that client is sent by the transceiver, wherein
It include section to be decrypted in the library SO to be processed;Corresponding key is obtained according to the cryptographic Hash;By the transceiver to
The client sends the key, so that the client decrypts the section to be decrypted according to the key;
The transceiver, for sending and receiving data under the control of the processor.
Wherein, the processor is also used to,
Determine the section to be encrypted in the library SO to be processed;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
Wherein, the processor is also used to,
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
Wherein, the encryption information is cryptographic Hash and key pair.
Wherein, the section to be encrypted is the section for being able to carry out memory mapping processing.
Fourth aspect, the embodiment of the invention provides a kind of clients, comprising: transceiver and processor;
The processor, for obtaining the library SO to be processed;The SO to be processed is obtained from server by the transceiver
The decruption key in library;Determine the section to be decrypted in the library SO to be processed, and using the decruption key to the section to be decrypted
It is decrypted;
The transceiver, for sending and receiving data under the control of the processor.
Wherein, the processor is also used to,
According to the title lookup process listing file in the library SO to be processed;
According to lookup result, the library SO is obtained in the address in process virtual space, obtains the library SO to be processed.
Wherein, the processor is also used to,
The cryptographic Hash in the library SO to be processed is obtained by the transceiver, and sends the Hash to the server
Value;
The decruption key that the server is sent according to the cryptographic Hash is received by the transceiver.
Wherein, the processor is also used to,
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be decrypted is positioned according to section header portion table, and obtains the size of the section to be decrypted;
According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;
The section to be decrypted is decrypted using the decruption key.
Wherein, the processor is also used to,
Obtain the authority information of the section to be decrypted;
If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the section to be decrypted
Permission is revised as can write permission.
5th aspect, the embodiment of the invention provides a kind of electronic equipment, comprising: transceiver, memory, processor and deposits
Store up the computer program that can be run on the memory and on the processor;
The step in method as described in relation to the first aspect is realized when the computer program is executed by processor;Or
The step in the method as described in second aspect is realized when the computer program is executed by processor.
6th aspect, the embodiment of the present invention provides a kind of computer readable storage medium, for storing computer program, institute
State the step realized in method as described in relation to the first aspect when computer program is executed by processor;Alternatively, the computer journey
The step in the method as described in second aspect is realized when sequence is executed by processor.
The advantageous effects of the above technical solutions of the present invention are as follows:
In embodiments of the present invention, it when client needs to be decoded section to be decoded, needs from server acquisition pair
The decruption key answered is decoded.Therefore, if the not no decruption key, client if, can not decrypt the library SO, can not also use
The tools such as IDA carry out static conversed analysis.Therefore, the safety in the library SO is improved using the scheme of the embodiment of the present invention.
Detailed description of the invention
Fig. 1 is the flow chart of the document handling method of the embodiment of the present invention;
Fig. 2 is the structural schematic diagram of executable file;
Fig. 3 is the structural schematic diagram of ELF Header;
Fig. 4 is the structural schematic diagram of Section header table;
Fig. 5 is the flow chart of the document handling method of the embodiment of the present invention;
Fig. 6 is the library the SO operating process schematic diagram of this law embodiment;
Fig. 7 is the structural schematic diagram when library SO is run in memory in the embodiment of the present invention;
Fig. 8 is the schematic diagram of server of the embodiment of the present invention;
Fig. 9 is the schematic diagram of client of the embodiment of the present invention;
Figure 10 is the schematic diagram of the electronic equipment of the embodiment of the present invention;
Figure 11 is the schematic diagram of the electronic equipment of the embodiment of the present invention.
Specific embodiment
Below in conjunction with drawings and examples, specific embodiments of the present invention will be described in further detail.Following reality
Example is applied for illustrating the present invention, but is not intended to limit the scope of the invention.
As shown in Figure 1, the document handling method of the embodiment of the present invention, is applied to server, comprising:
Step 101, the cryptographic Hash for receiving the library SO to be processed that client is sent, wherein in the library the SO Zhong Bao to be processed
Include section to be decrypted.
In embodiments of the present invention, one or more section in the library SO can be encrypted in advance.
Specifically, determining the section to be encrypted in the library SO to be processed in ciphering process, the section to be encrypted is carried out
Encryption, and encrypted section to be encrypted is written in the library SO to be processed, generate the SO to be processed for being written with the encrypted sections
The encryption information in library, and store the encryption information.
For executable file, as shown in Fig. 2, file is initially ELF Header field information;It is program later
Head table Program Header Table (optional);It is the content information of each section later;It is section header portion table (Section later
Header table), there is the physical length of each section of field record in section header portion table.The position of section header portion table can be by ELF
Value instruction in Header field.
ELF Header structure is shown in Fig. 3, and wherein e_shoff field is used to indicate Section header table (section header
Portion's table) the starting position relative to file header.
The structure of Section header table (section header portion table) is shown in Fig. 4, and wherein field sh_name is used to indicate section
Title;Sh_offset is used to indicate the starting position of section;Sh_size is used to indicate the size of section.
Therefore, according to above- mentioned information, section header portion table is positioned according to the ELF header portion in the library SO to be processed, according to the section
Head table positions the starting position of the section to be encrypted, and obtains the size of the section to be encrypted, according to the section to be encrypted
The size of starting position and the section to be encrypted obtains the section to be encrypted.
Wherein, the encryption information is cryptographic Hash (such as MD5 value) and key pair.Specifically, being written with the to be encrypted of encryption
The MD5 value and encryption key pair in the new library SO of section, are denoted as (hash, KEY), are stored on server, search when for decrypting special
Determine the corresponding KEY of hash.
Specifically, navigating to Section header table by the Elf32_Ehdr.e_shoff field of ELF Header
(section header portion table), the starting position of section to be encrypted is navigated to by section header portion table Elf32_Shdr.sh_offset, by Elf32_
Shdr.size obtains the size of section.The content of the section is read, carries out cryptographic operation, and encrypted section is write back into original position.Its
In, the Encryption Algorithm/scheme used in ciphering process can according to need any selection.
It should be noted that not every section can all do at runtime memory mapping processing (such as: shstrtab section,
Handled without memory mapping), therefore when selecting section to be encrypted, the section that can be carried out memory mapping processing should be selected as to be added
Close section.
Step 102 obtains corresponding key according to the cryptographic Hash.
Step 103, Xiang Suoshu client send the key so that the client according to key decryption it is described to
Decryption section.
In embodiments of the present invention, it when client needs to be decoded section to be decoded, needs from server acquisition pair
The decruption key answered is decoded.Therefore, if the not no decruption key, client if, can not decrypt the library SO, can not also use
The tools such as IDA carry out static conversed analysis.Therefore, the safety in the library SO is improved using the scheme of the embodiment of the present invention.
As shown in figure 5, the document handling method of the embodiment of the present invention, is applied to server, comprising:
Step 501 obtains the library SO to be processed.
In this step, it is obtained according to the title lookup process listing file in the library SO to be processed according to lookup result
The library SO obtains the library SO to be processed in the address in process virtual space.
Step 502, the decruption key that the library SO to be processed is obtained from server.
In this step, the cryptographic Hash in the library SO to be processed is obtained, and sends the cryptographic Hash to the server, is connect
Receive the decruption key that the server is sent according to the cryptographic Hash.
Step 503 determines section to be decrypted in the library SO to be processed, and using the decruption key to described to be decrypted
Section is decrypted.
In this step, section header portion table is positioned according to the ELF header portion in the library SO to be processed, it is fixed according to section header portion table
The starting position of the position section to be decrypted, and obtain the size of the section to be decrypted.Later, according to the beginning of the section to be decrypted
The size of position and the section to be decrypted obtains the section to be decrypted, is carried out using the decruption key to the section to be decrypted
Decryption.
Since different sections has different access limits, then, before decryption, the permission letter of the section to be decrypted can be obtained
Breath.If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the permission of the section to be decrypted
Being revised as can write permission.
In embodiments of the present invention, it when client needs to be decoded section to be decoded, needs from server acquisition pair
The decruption key answered is decoded.Therefore, if the not no decruption key, client if, can not decrypt the library SO, can not also use
The tools such as IDA carry out static conversed analysis.Therefore, the safety in the library SO is improved using the scheme of the embodiment of the present invention.
As shown in fig. 6, the library the SO operating process of this law embodiment includes:
Step 601, client calculate the cryptographic Hash (Hash) in the library SO to be processed.
Cryptographic Hash is sent to server by step 602, client.
Step 603, server receive the cryptographic Hash, according to the cryptographic Hash, search corresponding key, and close by what is found
Key is sent to client.
Step 604, client receive the key, utilize the section to be decrypted in the key decryption library SO.
Later, client can continue to execute the other function in the library SO.
During decryption, decryption restoring operation is to increase decryption restoring function generation on the basis of the former library SO source code
Code, compiling generate the new library SO, carry out dynamic decryption to encrypted section in memory first when software is run and restore, Zhi Houzai
Execute the function code in the original library SO.
Under normal circumstances, JNI_OnLoad () function is first carried out when the library SO is linked to be loaded into, but restores code calls
It completes the decryption to the library SO earlier than JNI_OnLoad () function to restore, proper method is that restoring operation is placed on init
Duan Zhong, linker can first traverse the function for executing and registering in init sections when loading SO, then recall JNI_OnLoad (),
Thus first complete the decryption reduction to SO.
Client obtains the hash value in the library SO first in implementation procedure, and sends it to server-side, server-side according to
(hash, KEY) table returns to client after finding Key.After client receives Key, operation is decrypted to encrypted section.
Decrypting process is that dynamic carries out, and positions the section of the library SO encryption and decryption in memory.The library SO is run in memory
When with SO file status flowering structure it is not exactly the same (see Fig. 7).Must have (the program head Program Header Table
Table), in addition there is " section " concept (the Segment X, X=1,2 in figure, 3 ... ...), section is the section same alike result
(section) be grouped together into, can effective solution because alignment reason caused by memory headroom waste.
The position in the library SO is positioned first.Lookup/proc/pid/maps file ,/proc/pid/maps list certain process
The address of virtual address space traverses every a line of this file, according to the title in the library SO, when finding corresponding title, reads
Address character string, this address are address of the library SO in process virtual space.Section header portion is navigated to by ELF Header later
Table is navigated to starting position and the size of section to be decrypted by section header portion table, operation is decrypted in memory.Due to different
Section has different access limits, if section to be decrypted only has read-only authority, it is necessary to which being revised as can write permission.
From the above, it can be seen that in embodiments of the present invention, it is based on C/S framework, if client is needed to code decryption,
It needs and server communication, obtains corresponding key from server.If the library SO can not solve without the key that server-side provides
It is close, static conversed analysis can not be also carried out with tools such as IDA.Therefore, the scheme of the embodiment of the present invention improves the safety in the library SO
Property.
As shown in figure 8, the server of the embodiment of the present invention includes: transceiver 801 and processor 802;
The processor 802, for receiving the Hash in the library SO to be processed that client is sent by the transceiver 801
Value, wherein include section to be decrypted in the library SO to be processed;Corresponding key is obtained according to the cryptographic Hash;By described
Transceiver 801 sends the key to the client, so that the client decrypts the section to be decrypted according to the key;
The transceiver 801, for sending and receiving data under the control of the processor.
Wherein, the processor 802 is also used to, and determines the section to be encrypted in the library SO to be processed;To described to be encrypted
Section is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;Generate be written with the encrypted sections to
The encryption information in the library SO is handled, and stores the encryption information.
Wherein, the processor 802 is also used to, and positions section header portion table according to the ELF header portion in the library SO to be processed;According to
Section header portion table positions the starting position of the section to be encrypted, and obtains the size of the section to be encrypted;According to described to be added
The size of the starting position of close section and the section to be encrypted obtains the section to be encrypted.
Wherein, the encryption information is cryptographic Hash and key pair, and the section to be encrypted is to be able to carry out memory mapping processing
Section.
In embodiments of the present invention, it when client needs to be decoded section to be decoded, needs from server acquisition pair
The decruption key answered is decoded.Therefore, if the not no decruption key, client if, can not decrypt the library SO, can not also use
The tools such as IDA carry out static conversed analysis.Therefore, the safety in the library SO is improved using the scheme of the embodiment of the present invention.
As shown in figure 9, the client of the embodiment of the present invention includes: transceiver 901 and processor 902;
The processor 902, for obtaining the library SO to be processed;By the transceiver 901 from server obtain it is described to
Handle the decruption key in the library SO;Determine the section to be decrypted in the library SO to be processed, and using the decruption key to it is described to
Decryption section is decrypted;
The transceiver 901, for sending and receiving data under the control of the processor.
Wherein, the processor 902 is also used to, according to the title lookup process listing file in the library SO to be processed;Root
It is investigated that looking for as a result, obtaining the library SO in the address in process virtual space, the acquisition library SO to be processed.
Wherein, the processor 902 is also used to, and the cryptographic Hash in the library SO to be processed is obtained by the transceiver, and
The cryptographic Hash is sent to the server;The solution that the server is sent according to the cryptographic Hash is received by the transceiver
Key.
Wherein, the processor 902 is also used to, and positions section header portion table according to the ELF header portion in the library SO to be processed;According to
Section header portion table positions the starting position of the section to be decrypted, and obtains the size of the section to be decrypted;According to described wait solve
The size of the starting position of close section and the section to be decrypted obtains the section to be decrypted;Using the decruption key to it is described to
Decryption section is decrypted.
Wherein, the processor 902 is also used to, and obtains the authority information of the section to be decrypted;If being believed according to the permission
Breath determines that the permission of the section to be decrypted is read-only authority, then being revised as the permission of the section to be decrypted can write permission.
In embodiments of the present invention, it when client needs to be decoded section to be decoded, needs from server acquisition pair
The decruption key answered is decoded.Therefore, if the not no decruption key, client if, can not decrypt the library SO, can not also use
The tools such as IDA carry out static conversed analysis.Therefore, the safety in the library SO is improved using the scheme of the embodiment of the present invention.
As shown in Figure 10, the electronic equipment of the embodiment of the present invention includes:
Processor 1000 executes following process: being received by transceiver 1010 for reading the program in memory 1020
The cryptographic Hash in the library SO to be processed that client is sent, wherein include section to be decrypted in the library SO to be processed;According to the Kazakhstan
Uncommon value obtains corresponding key;The key is sent to the client, so that the client decrypts institute according to the key
State section to be decrypted;
Transceiver 1010, for sending and receiving data under the control of processor 1000.
Wherein, in Figure 10, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor
The various circuits for the memory that 1000 one or more processors represented and memory 1020 represent link together.Total coil holder
Structure can also link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, this
It is all a bit it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver
1010 can be multiple element, that is, include transmitter and transceiver, provide for logical with various other devices over a transmission medium
The unit of letter.Processor 1000 is responsible for management bus architecture and common processing, memory 1020 can store processor 1000
The used data when executing operation.
Processor 1000, which is responsible for management bus architecture and common processing, memory 1020, can store processor 1000 and exists
Execute used data when operation.
Processor 1000 is also used to read the computer program, executes following steps:
Determine the section to be encrypted in the library SO to be processed;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
Processor 1000 is also used to read the computer program, executes following steps:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
Wherein, the encryption information is cryptographic Hash and key pair.
Wherein, the section to be encrypted is the section for being able to carry out memory mapping processing.
As shown in figure 11, the electronic equipment of the embodiment of the present invention, comprising:
Processor 1100 executes following process for reading the program in memory 1120:
Obtain the library SO to be processed;The decruption key in the library SO to be processed is obtained from server;Determine the SO to be processed
Section to be decrypted in library, and the section to be decrypted is decrypted using the decruption key;
Transceiver 1111, for sending and receiving data under the control of processor 1100.
Wherein, in Figure 11, bus architecture may include the bus and bridge of any number of interconnection, specifically by processor
The various circuits for the memory that 1100 one or more processors represented and memory 1120 represent link together.Total coil holder
Structure can also link together various other circuits of such as peripheral equipment, voltage-stablizer and management circuit or the like, this
It is all a bit it is known in the art, therefore, it will not be further described herein.Bus interface provides interface.Transceiver
1111 can be multiple element, that is, include transmitter and receiver, provide for logical with various other devices over a transmission medium
The unit of letter.For different user equipmenies, user interface 1130, which can also be, the interface for needing equipment external is inscribed, even
The equipment connect includes but is not limited to keypad, display, loudspeaker, microphone, control stick etc..
Processor 1100, which is responsible for management bus architecture and common processing, memory 1120, can store processor 1100 and exists
Execute used data when operation.
Processor 1100 is also used to read the computer program, executes following steps: according to the library SO to be processed
Title lookup process listing file;According to lookup result, obtain the library SO in the address in process virtual space, obtain it is described to
Handle the library SO.
Processor 1100 is also used to read the computer program, executes following steps: obtaining the library SO to be processed
Cryptographic Hash, and the cryptographic Hash is sent to the server;It is close to receive the decryption that the server is sent according to the cryptographic Hash
Key.
Processor 1100 is also used to read the computer program, executes following steps: according to the library SO to be processed
ELF header portion positions section header portion table;The starting position of the section to be decrypted is positioned according to section header portion table, and is obtained described wait solve
The size of close section;According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;Benefit
The section to be decrypted is decrypted with the decruption key.
Processor 1100 is also used to read the computer program, executes following steps: obtaining the power of the section to be decrypted
Limit information;If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the section to be decrypted
Permission is revised as can write permission.
In addition, the computer readable storage medium of the embodiment of the present invention, for storing computer program, the computer journey
Sequence can be executed by processor and perform the steps of
Receive the cryptographic Hash in the library SO to be processed that client is sent, wherein include to be decrypted in the library SO to be processed
Section;
Corresponding key is obtained according to the cryptographic Hash;
The key is sent to the client, so that the client decrypts the section to be decrypted according to the key.
Wherein, before the cryptographic Hash in the library SO to be processed that the reception client is sent, the method also includes:
Determine the section to be encrypted in the library SO to be processed;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
Wherein, the section to be encrypted in the determination library SO to be processed, comprising:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
Wherein, the encryption information is cryptographic Hash and key pair.
Wherein, the section to be encrypted is the section for being able to carry out memory mapping processing.
In addition, the computer readable storage medium of the embodiment of the present invention, for storing computer program, the computer journey
Sequence can be executed by processor and perform the steps of
Obtain the library SO to be processed;
The decruption key in the library SO to be processed is obtained from server;
It determines the section to be decrypted in the library SO to be processed, and the section to be decrypted is solved using the decruption key
It is close.
It is wherein, described to obtain the library SO to be processed, comprising:
According to the title lookup process listing file in the library SO to be processed;
According to lookup result, the library SO is obtained in the address in process virtual space, obtains the library SO to be processed.
Wherein, the decruption key that the library SO to be processed is obtained from server, comprising:
The cryptographic Hash in the library SO to be processed is obtained, and sends the cryptographic Hash to the server;
Receive the decruption key that the server is sent according to the cryptographic Hash.
Wherein, the section to be decrypted in the determination library SO to be processed, and using the decruption key to described wait solve
Close section is decrypted, comprising:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be decrypted is positioned according to section header portion table, and obtains the size of the section to be decrypted;
According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;
The section to be decrypted is decrypted using the decruption key.
Wherein, before the section to be decrypted is decrypted in the utilization decruption key, further includes:
Obtain the authority information of the section to be decrypted;
If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the section to be decrypted
Permission is revised as can write permission.
In several embodiments provided herein, it should be understood that disclosed method and apparatus, it can be by other
Mode realize.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
For a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can combine
Or it is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed phase
Coupling, direct-coupling or communication connection between mutually can be through some interfaces, the INDIRECT COUPLING or communication of device or unit
Connection can be electrical property, mechanical or other forms.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that the independent physics of each unit includes, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes receiving/transmission method described in each embodiment of the present invention
Part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, abbreviation
ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic or disk etc. are various can store
The medium of program code.
The above is a preferred embodiment of the present invention, it is noted that for those skilled in the art
For, without departing from the principles of the present invention, it can also make several improvements and retouch, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (22)
1. a kind of document handling method, which is characterized in that be applied to server, comprising:
Receive the cryptographic Hash in the library SO to be processed that client is sent, wherein include section to be decrypted in the library SO to be processed;
Corresponding key is obtained according to the cryptographic Hash;
The key is sent to the client, so that the client decrypts the section to be decrypted according to the key.
2. the method according to claim 1, wherein in the Kazakhstan in the library SO to be processed that the reception client is sent
Before uncommon value, the method also includes:
Determine the section to be encrypted in the library SO to be processed;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
3. according to the method described in claim 2, it is characterized in that, section to be encrypted in the determination library SO to be processed,
Include:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
4. according to the method described in claim 2, it is characterized in that, the encryption information is cryptographic Hash and key pair.
5. according to the method described in claim 2, it is characterized in that, the section to be encrypted is to be able to carry out memory mapping processing
Section.
6. a kind of document handling method, which is characterized in that be applied to client, comprising:
Obtain the library SO to be processed;
The decruption key in the library SO to be processed is obtained from server;
It determines the section to be decrypted in the library SO to be processed, and the section to be decrypted is decrypted using the decruption key.
7. according to the method described in claim 6, it is characterized in that, described obtain the library SO to be processed, comprising:
According to the title lookup process listing file in the library SO to be processed;
According to lookup result, the library SO is obtained in the address in process virtual space, obtains the library SO to be processed.
8. according to the method described in claim 6, it is characterized in that, the decryption for obtaining the library SO to be processed from server
Key, comprising:
The cryptographic Hash in the library SO to be processed is obtained, and sends the cryptographic Hash to the server;
Receive the decruption key that the server is sent according to the cryptographic Hash.
9. according to the method described in claim 6, it is characterized in that, section to be decrypted in the determination library SO to be processed,
And the section to be decrypted is decrypted using the decruption key, comprising:
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be decrypted is positioned according to section header portion table, and obtains the size of the section to be decrypted;
According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;
The section to be decrypted is decrypted using the decruption key.
10. according to the method described in claim 9, it is characterized in that, utilizing the decruption key to described to be decrypted described
Before section is decrypted, further includes:
Obtain the authority information of the section to be decrypted;
If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the permission of the section to be decrypted
Being revised as can write permission.
11. a kind of server characterized by comprising transceiver and processor;
The processor, for receiving the cryptographic Hash in the library SO to be processed that client is sent by the transceiver, wherein in institute
Stating includes section to be decrypted in the library SO to be processed;Corresponding key is obtained according to the cryptographic Hash;By the transceiver to described
Client sends the key, so that the client decrypts the section to be decrypted according to the key;
The transceiver, for sending and receiving data under the control of the processor.
12. server according to claim 11, which is characterized in that the processor is also used to, and is determined described to be processed
Section to be encrypted in the library SO;
The section to be encrypted is encrypted, and encrypted section to be encrypted is written in the library SO to be processed;
The encryption information for being written with the library SO to be processed of the encrypted sections is generated, and stores the encryption information.
13. server according to claim 12, which is characterized in that the processor is also used to,
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be encrypted is positioned according to section header portion table, and obtains the size of the section to be encrypted;
According to the size of the starting position of the section to be encrypted and the section to be encrypted, the section to be encrypted is obtained.
14. server according to claim 12, which is characterized in that the encryption information is cryptographic Hash and key pair.
15. server according to claim 12, which is characterized in that the section to be encrypted is to be able to carry out at memory mapping
The section of reason.
16. a kind of client characterized by comprising transceiver and processor;
The processor, for obtaining the library SO to be processed;The library SO to be processed is obtained from server by the transceiver
Decruption key;It determines the section to be decrypted in the library SO to be processed, and the section to be decrypted is carried out using the decruption key
Decryption;
The transceiver, for sending and receiving data under the control of the processor.
17. client according to claim 16, which is characterized in that the processor is also used to,
According to the title lookup process listing file in the library SO to be processed;
According to lookup result, the library SO is obtained in the address in process virtual space, obtains the library SO to be processed.
18. client according to claim 16, which is characterized in that the processor is also used to,
The cryptographic Hash in the library SO to be processed is obtained by the transceiver, and sends the cryptographic Hash to the server;
The decruption key that the server is sent according to the cryptographic Hash is received by the transceiver.
19. client according to claim 16, which is characterized in that the processor is also used to,
Section header portion table is positioned according to the ELF header portion in the library SO to be processed;
The starting position of the section to be decrypted is positioned according to section header portion table, and obtains the size of the section to be decrypted;
According to the size of the starting position of the section to be decrypted and the section to be decrypted, the section to be decrypted is obtained;
The section to be decrypted is decrypted using the decruption key.
20. client according to claim 19, which is characterized in that the processor is also used to,
Obtain the authority information of the section to be decrypted;
If the permission for determining the section to be decrypted according to the authority information is read-only authority, by the permission of the section to be decrypted
Being revised as can write permission.
21. a kind of electronic equipment, comprising: transceiver, memory, processor and be stored on the memory and can be at the place
The computer program run on reason device;It is characterized in that,
The step in the method as described in any one of claims 1 to 5 is realized when the computer program is executed by processor;
Or
The step in the method as described in any one of claim 6 to 10 is realized when the computer program is executed by processor
Suddenly.
22. a kind of computer readable storage medium, for storing computer program, which is characterized in that
The step in the method as described in any one of claims 1 to 5 is realized when the computer program is executed by processor;
Or
The step in the method as described in any one of claim 6 to 10 is realized when the computer program is executed by processor
Suddenly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710942091.4A CN109657480A (en) | 2017-10-11 | 2017-10-11 | A kind of document handling method, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710942091.4A CN109657480A (en) | 2017-10-11 | 2017-10-11 | A kind of document handling method, equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109657480A true CN109657480A (en) | 2019-04-19 |
Family
ID=66108915
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710942091.4A Pending CN109657480A (en) | 2017-10-11 | 2017-10-11 | A kind of document handling method, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109657480A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110096483A (en) * | 2019-05-08 | 2019-08-06 | 北京奇艺世纪科技有限公司 | A kind of duplicate file detection method, terminal and server |
| CN112182600A (en) * | 2020-09-18 | 2021-01-05 | 北京云钥网络科技有限公司 | Data encryption method, data decryption method and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106203006A (en) * | 2016-08-31 | 2016-12-07 | 北京鼎源科技有限公司 | Android application reinforcement means based on dex Yu so file Dynamic Execution |
| CN106355081A (en) * | 2016-09-07 | 2017-01-25 | 深圳市新国都支付技术有限公司 | Android program start verification method and device |
| CN106650327A (en) * | 2016-11-24 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | so file dynamic recovery-based Android application reinforcement method |
| CN107070656A (en) * | 2017-03-31 | 2017-08-18 | 武汉斗鱼网络科技有限公司 | The encryption method of so files, decryption method and system in a kind of application program |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
| CN107273723A (en) * | 2017-07-07 | 2017-10-20 | 广东工业大学 | A kind of Android platform applied software protection method based on so file shell addings |
-
2017
- 2017-10-11 CN CN201710942091.4A patent/CN109657480A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106203006A (en) * | 2016-08-31 | 2016-12-07 | 北京鼎源科技有限公司 | Android application reinforcement means based on dex Yu so file Dynamic Execution |
| CN106355081A (en) * | 2016-09-07 | 2017-01-25 | 深圳市新国都支付技术有限公司 | Android program start verification method and device |
| CN106650327A (en) * | 2016-11-24 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | so file dynamic recovery-based Android application reinforcement method |
| CN107070656A (en) * | 2017-03-31 | 2017-08-18 | 武汉斗鱼网络科技有限公司 | The encryption method of so files, decryption method and system in a kind of application program |
| CN107196907A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of guard method of Android SO files and device |
| CN107273723A (en) * | 2017-07-07 | 2017-10-20 | 广东工业大学 | A kind of Android platform applied software protection method based on so file shell addings |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110096483A (en) * | 2019-05-08 | 2019-08-06 | 北京奇艺世纪科技有限公司 | A kind of duplicate file detection method, terminal and server |
| CN112182600A (en) * | 2020-09-18 | 2021-01-05 | 北京云钥网络科技有限公司 | Data encryption method, data decryption method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6839437B1 (en) | Method and apparatus for managing keys for cryptographic operations | |
| US7107459B2 (en) | Secure CPU and memory management unit with cryptographic extensions | |
| RU2620712C2 (en) | Virtual machine device with driven key obfuscation and method | |
| EP3229397A1 (en) | Method for fulfilling a cryptographic request requiring a value of a private key | |
| JP5132782B2 (en) | Providing device, system, server device, program, and method | |
| CN103530535A (en) | Shell adding and removing method for Android platform application program protection | |
| JP5996777B2 (en) | Code processing apparatus and program | |
| CN103259762A (en) | File encryption and decryption method and system based on cloud storage | |
| CN105631251B (en) | A kind of APK method for reinforcing and protecting and system | |
| CN102918865A (en) | Protecting video content using virtualization | |
| WO2015035827A1 (en) | Method and apparatus for providing string encryption and decryption in program files | |
| US10867017B2 (en) | Apparatus and method of providing security and apparatus and method of executing security for common intermediate language | |
| JP2007233426A (en) | Application execution device | |
| CN106357402A (en) | Data encryption-decryption processing method and device | |
| CN109657480A (en) | A kind of document handling method, equipment and computer readable storage medium | |
| JP2010165275A (en) | Data storage system, information transmission device and server device | |
| CN111611606A (en) | File encryption and decryption method and device | |
| JP5969716B1 (en) | Data management system, data management program, communication terminal, and data management server | |
| CN112966227A (en) | Code encryption and decryption method and device and storage medium | |
| CN110113151B (en) | Non-invasive real-time encryption and decryption method for ELF format program | |
| CN111047444A (en) | Data transaction method and device based on block chain network | |
| JP5737788B2 (en) | A system for sending messages via lost communication | |
| EP4053722B1 (en) | Secured computer code and systems, methods, and storage media for creating the secured computer code from original computer code | |
| JP2006235688A (en) | Program obfuscation device and method and program thereof | |
| JP2006039794A (en) | File management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190419 |