CN109918917B - Method, computer device and storage medium for preventing leakage of H5 source code - Google Patents
Method, computer device and storage medium for preventing leakage of H5 source code Download PDFInfo
- Publication number
- CN109918917B CN109918917B CN201910206140.7A CN201910206140A CN109918917B CN 109918917 B CN109918917 B CN 109918917B CN 201910206140 A CN201910206140 A CN 201910206140A CN 109918917 B CN109918917 B CN 109918917B
- Authority
- CN
- China
- Prior art keywords
- function
- code
- source code
- encrypted
- character string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method, computer equipment and a storage medium for preventing H5 source code from leaking, wherein the method comprises the following steps: initializing a template object, defining a global function, and returning a global object in the global function; performing lexical analysis and syntactic analysis on the source codes, and encrypting functions, character strings, expressions and constants in the source codes; performing shell encryption on the encrypted source code and generating a decryption function; the decryption function decrypts the shell-added code to obtain an encrypted code, loads a decryption object and executes the encrypted code, dynamically decrypts the decryption object into a plaintext password, and executes the plaintext password, the encrypted code has a complex structure, different encrypted files exist in each encryption through randomizing the global object name and control flow randomization, the encrypted files are in a polymorphic form, dynamic decryption is performed through a template object during operation, the problem that a decryption key is easily discovered when being embedded into a source code is solved, and meanwhile, a counter-debugging technology and a domain name binding technology are added through a template under a special environment, so that the H5 source code is effectively protected.
Description
Technical Field
The present invention relates to the field of computer technology, and in particular, to a method, a computer device, and a storage medium for preventing H5 source code leakage.
Background
In the web application and the mobile terminal h5 application, since the JavaScript parser directly parses the JavaScript source codes, the JavaScript codes of the web terminal and the mobile terminal are displayed in the form of the source codes, the source codes of the program are leaked, the core service logic is exposed, great potential safety hazards are brought to the program, the source codes are stolen, and developers cannot effectively protect own intellectual property rights from being abused. In order to protect the software core functions, program security and intellectual property, a protection technology is needed to prevent H5 source code from leaking.
Although some H5 compression and obfuscation technologies are on the market, the solution is to transform function names and variable names in JavaScript source codes, so that the function names and variable names are difficult to read on keywords, but API calls of source code logic and object properties are obvious. For another example, the JavaScript code is encrypted by an algorithm such as AES or DES, and the decryption key is embedded in the source code, but an attacker can easily obtain the original code from the encrypted JavaScript source code by using the key as long as finding the decryption key.
Accordingly, the prior art is yet to be improved and developed.
Disclosure of Invention
Based on this, it is necessary to provide a method, a computer apparatus and a storage medium for preventing H5 source code from leaking, so as to solve the problems that source code logic exposure, object property API call exposure and decryption key embedding in source code are easy to be discovered, and effectively protect H5 source code.
A method of preventing H5 source code leakage, the method comprising the steps of:
A. initializing a template object, defining a global function, and returning a global object in the global function;
B. performing lexical analysis and syntactic analysis on the source codes, and encrypting functions, character strings, expressions and constants in the source codes;
C. performing shell encryption on the encrypted source code and generating a decryption function;
D. the decryption function decrypts the encrusted code, decrypts the encrypted code, loads the decrypted object and executes the encrypted code, dynamically decrypts the decrypted object into a plaintext password, and executes the plaintext password.
Wherein, the step A further comprises:
a1, randomizing and specially identifying the name of the global object, wherein the name of the global object encrypted each time is different and unique;
the global object has multiple Key-Value forms, and the Key Value is randomized at each initialization and is unique;
the type of Value includes: the system comprises a character string interaction template, an expression interaction template, a plurality of constants and a plurality of judgment functions.
The character string interaction template comprises two character string interaction functions and one character string interaction function;
in the two character string interaction functions, one function is the value of case in a switch structure in function control flow flattening in decoding source codes, and the other function is all character strings in the decoding source codes; in the character string interaction function, the function decodes a preset domain name coding character string.
Wherein, the step C specifically comprises:
c1, carrying out de-spacing and de-annotation processing on the encrypted source codes, and randomly encrypting the encrypted source codes;
c2, generating an encrypted character string array, a replaced position, necessary variables of the decryption function and necessary judgment conditions related to the decryption function;
c3, generating a decryption function, and using the result of the processed source code as the parameter of the decryption function.
Wherein, the step C further comprises:
c4, by encoding a section of anti-debugging code into an encrypted character string, embedding the section of anti-debugging code into a decryption function, when the code is executed, executing the section of anti-debugging code, and executing the anti-debugging code by using an eval function.
Wherein, the encrypting the function in the source code in the step B includes:
if a code for calculating the time difference is inserted into the function, when the execution time of the two sections of codes is more than a certain value, the program enters an infinite loop code;
if the template code judged by the domain name is inserted into the function, a return value is obtained, and whether the program is executed or not is judged according to the truth of the return value;
if the control flow for transforming the function body structure into the switch structure is flattened, the sequence of the function body statement is randomized, some codes which cannot be executed and can be executed but do not influence the result are inserted, the control flow is complicated, the case value of the switch statement is automatically generated, the case value is put into an array, the array is encrypted, and the unreadable character string is processed.
Wherein, the encrypting the expression in the source code in the step B includes:
extracting the interspersed expressions in the JavaScript, and replacing all interspersed expressions with brackets expressions to convert the attribute call of the object into a character string form;
extracting expression operation in the source code, converting the expression into a form of expression interaction template function call or judging function call, and taking left and right values participating in the expression as parameters of the function.
Wherein, when encrypting the character string in the source code in the step B, the method includes:
extracting character strings in JavaScript, extracting all the character strings, putting the character strings into an array, encrypting the array, and processing the array into unreadable character strings;
the encrypting the constant in the source code in the step B includes:
the constants in the source code are extracted, all constants are imported and exported into the template object, and the original constants are replaced by the access attribute form of the template object.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method described above when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
A method, computer device and storage medium for preventing leakage of H5 source code has the following advantages:
(1) by randomizing the global object name and randomizing the control flow, each encryption has different encryption files, which is a polymorphic form;
(2) the problem that a decryption secret key is easily found when being embedded into a source code is solved through dynamic decryption of a template object during operation;
(3) all constants, character strings and expressions are completely hidden, core logic and core codes are protected, hidden attribute API calls are carried out, the encrypted code structure is complex, and the code can hardly be read;
(4) and performing domain name protection and anti-debugging protection in a special environment (browser).
Drawings
Fig. 1 is a flow chart illustrating a method for preventing H5 source code leakage according to an embodiment.
Fig. 2 is a schematic diagram of an encryption principle of a method for preventing H5 source code leakage in one embodiment.
Fig. 3 is a schematic diagram of code shelling of a method of preventing H5 source code leakage in one embodiment.
FIG. 4 is a flow diagram illustrating the execution of encrypted code in one embodiment of a method for preventing leakage of H5 source code.
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The method for preventing the H5 source code from being leaked can be applied to the terminal. The terminal may be, but is not limited to, various personal computers, notebook computers, mobile phones, tablet computers, vehicle-mounted computers, and portable wearable devices. The terminal of the invention adopts a multi-core processor. The processor of the terminal may be at least one of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a Video Processing Unit (VPU), and the like.
In one embodiment, as shown in fig. 1, a flowchart of a method for preventing H5 source code leakage is provided, which is described by taking the method as an example for the above terminal, and includes the following steps:
s100, initializing a template object, defining a global function, and returning a global object in the global function;
specifically, a template object is initialized, a global function is defined, a global object is returned in the global function, the name of the global object is randomized, a special identifier is not conflicted with the name of a function and the name of a variable in a source code, a cache technology is used, the name of the global object encrypted each time is different and unique, a plurality of Key-Value forms are arranged in the object, and the Key Value is randomized each time, the Key Value is unique, and the values are mainly classified into the following types:
(1) value is two character string interactive functions (character string interactive templates), wherein one function is the Value of case in the switch structure in the function control flow flattening in the decoding source code, and the other function is all the character strings in the decoding source code. An object is returned from two character string interactive functions, the object contains a Key-Value form, the Value is a function, and the main functions of the function are as follows: the method comprises the steps of transcoding character strings, carrying out exclusive-or operation, splicing the character strings, cutting the character strings and finally obtaining an array in which the character strings are stored, obtaining the character strings from the array and returning the character strings through subscripts in function parameters each time, wherein the function exists in a global object and has the main function of dynamically decoding the character strings through a character string template function when a program runs.
(2) Value is a plurality of expression functions (expression interaction templates) which calculate incoming values and directly return results, wherein the expression functions include: the main function of the method is to hide the expression in the source code and convert the expression into a function call form.
(3) The Value is of a plurality of constant types, the Value is all constants in the extracted source code, the Value is unique, the occurrence frequency of the constants in the source code is reduced, and the main function is to hide the constants in the source code.
(4) Value is a plurality of judgment functions, the main body of the function is a trinocular operation, the function returns the result of the trinocular operation, the result of the trinocular operation is another function which is called in the object, and the parameter of the function is transferred to another function, and the main function of the Value is to complicate the business logic of the global object.
(5) Value is a character string interaction function (character string interaction template), which mainly decodes a preset domain name coding character string, then decodes the pre-coded domain name in the dynamic acquisition of the domain name of the website where the current browser page is located (under the environment of a web browser), and then compares and returns a Value of the pool type, and the function is mainly used for dynamically acquiring the domain name to judge the domain name.
S200, performing lexical analysis and syntactic analysis on the source codes, and encrypting functions, character strings, expressions and constants in the source codes;
in a special environment (in a web browser environment), the functions in the JavaScript are extracted by performing lexical analysis and syntax analysis on JavaScript source codes, a code for calculating the time difference is inserted into some functions, and when the execution time of two sections of codes is more than a certain value, the program enters an infinite loop code, so that the codes are effectively protected from being debugged.
The method comprises the steps of performing lexical analysis and syntax analysis on JavaScript source codes, extracting functions in the JavaScript, inserting a template code (limited in a browser) judged by a domain name into some functions to obtain a return value, judging whether a program is continuously executed or not by judging whether the program is true or false, automatically returning a random number to the current function if the program is not executed, and effectively protecting the codes from being stolen by illegal websites.
Wherein, the function in the JavaScript is extracted by performing lexical analysis and syntax analysis on the JavaScript source code, flattening the control flow for transforming the function body structure into the switch structure, randomizing the order of the function body statements, meanwhile, some codes which can not execute codes and can execute the codes without influencing the results of the codes are inserted, the control flow is complicated, the case values of the switch statement are automatically generated and are put into an array, encrypting the array, processing the encrypted array into unreadable character strings, applying a character string interaction template (putting the encrypted character strings into a character string interaction template function, simultaneously using the character string interaction template function or a judgment function of a template object to equivalently replace case values in the switch structure, recording subscripts of each character string corresponding to the array, and taking the subscripts as parameters of the template function and the judgment function), so as to achieve the purpose of obfuscating the source code logic and hiding the case value of the switch.
The method comprises the steps of extracting the interspersed expressions in the JavaScript by performing lexical analysis and syntactic analysis on JavaScript source codes, and replacing all interspersed expressions with square bracket expressions, so that the attribute call of an object is converted into a character string form, and the extracted character string is hidden.
The method comprises the steps of performing lexical analysis and syntactic analysis on a JavaScript source code, extracting character strings in the JavaScript, extracting all the character strings, putting the character strings into an array, encrypting the array, processing the array into unreadable character strings, applying a character string interaction template (putting the encrypted character strings into a character string interaction template function, simultaneously using a character string interaction template function or a judgment function of a template object, performing equivalent replacement on a case value in a switch structure, recording subscripts corresponding to each character string in the array, and using the subscripts as parameters of the template function and the judgment function) so as to achieve the purpose of hiding the character strings.
The JavaScript source code is subjected to lexical analysis and syntax analysis to extract expression operation in the source code, and an expression interaction template (the expression is converted into a form of function call of the expression interaction template or judging the function call, and left and right values participating in the expression are parameters of a function) is applied to hide the expression in the source code.
The method comprises the steps of performing lexical analysis and syntactic analysis on JavaScript source codes, extracting constants in the source codes, inputting and outputting all the constants into and out of a template object, and replacing the original constants with a template object access attribute form to achieve the purposes of separating the constants in the source codes and hiding the constants.
S300, performing shell encryption on the encrypted source code and generating a decryption function;
the method specifically comprises the following steps:
s310, carrying out space removal and annotation removal on the encrypted source code, and carrying out random encryption on the encrypted source code, wherein the random encryption comprises the steps of coding, transforming, cutting and replacing the source code;
s320, generating an encrypted character string array, a replaced position, necessary variables of a decryption function and necessary judgment conditions related to the decryption function;
s330, generating a decryption function, and taking the result of the processed source code as the parameter of the decryption function;
s340, a section of anti-debugging code is coded into an encrypted character string, the section of anti-debugging code is embedded into a decryption function, and when the code is executed, the section of anti-debugging code is executed and executed by an eval function.
Specifically, in a web browser environment, a section of anti-debugging code is coded into an encryption character string, the section of anti-debugging code is embedded into a decryption function, when the code is executed, the section of anti-debugging code is executed, and the anti-debugging code is executed by using an eval function, wherein when the eval function executes the code, only the current anti-debugging code can be checked in debugging, codes around the anti-debugging code cannot be checked, and the codes are effectively protected from being debugged and checked.
S400, the decryption function decrypts the shell-added code to obtain an encrypted code, loads a decryption object and executes the encrypted code, dynamically decrypts the decryption object into a plaintext password, and executes the plaintext password.
The invention protects the core logic and the core code by changing the code execution logic, hiding API call, hiding character strings through a template, hiding constant through the template, hiding expression through the template and changing the source code display, the encrypted code has a complex structure, the code can not be read almost, different encrypted files can be obtained by randomizing the global object name and control flow randomization during each encryption, the encrypted files are in a polymorphic form, the problem that a decryption secret key is easily found when being embedded into the source code is solved by dynamically decrypting the template object during the operation, and meanwhile, the H5 source code is effectively protected by adding a reverse debugging technology and a domain name binding technology through the template under a special environment (a browser end).
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In an embodiment, in order to better understand the present application, the present invention further provides an encryption principle schematic diagram of a method for preventing H5 source code leakage, as shown in fig. 2, a JavaScript source code is lexical analyzed and grammatical analyzed, and then functions, character strings, constants and expressions in the JavaScript source code are encrypted, wherein in a web browser environment, a return value is obtained by extracting functions in the JavaScript and inserting a template code determined by a domain name into some functions, whether the program is continuously executed or not is judged, a random number is automatically returned without executing a current function, and an effective protection code is not stolen by an illegal website; in a JavaScript language environment, the control flow of functions, character strings, constants and expressions in JavaScript source codes is flattened, the names of function name variables are confused, the character strings are encrypted, the constants are replaced, the operators are equivalently replaced, after code compression (space removal and annotation removal) is carried out, the source codes are randomly encrypted (encoding, transformation, cutting and replacement), an encrypted character string group array, a replaced position, necessary variables of a decryption function and necessary judgment conditions related to the decryption function are generated, the decryption function is generated, the processed source codes are used as parameters of the decryption function, and the encrypted source codes are randomly encrypted, namely, the encrypted source codes are subjected to shell adding processing, so that encrypted codes are obtained.
In the web browser environment, a section of anti-debugging code is coded into an encryption character string and is embedded into a decryption function, and when the code is executed, the section of anti-debugging code is executed and is executed by an eval function. When executing the code, the eval function can only check the current anti-debugging code in the debugging process, and the codes around the anti-debugging code cannot be checked, so that the codes are effectively protected from being debugged and checked.
In one embodiment, for better understanding of the present application, the present invention also provides a schematic diagram of a method code shelling for preventing H5 source code leakage, as shown in fig. 3, after de-spacing and de-annotating the code, the source code is randomly encrypted (encoded, transformed, cut, replaced), for example, the uncapped code is subjected to an encapsidation process, then generating the encrypted character string array, the replaced position, the necessary variable of the decryption function and the necessary judgment condition related to the decryption function, and generates a decryption function and uses the result of the processed source code as a parameter of the decryption function by re-randomly encrypting the encrypted source code, i.e., adding a shell code program on the basis of the code replacement program to obtain an executable program, wherein the program cannot normally run when the anti-debugging code is executed in the web browser environment.
In one embodiment, as shown in fig. 4, a flow chart of the execution of the encrypted code of the method for preventing H5 source code leakage is provided, which includes the following steps:
s01, starting;
s02, executing the encrypted codes;
s03, executing a decryption function and decrypting an encrypted source code; the decryption function is executed by necessary variables of the decryption function and necessary judgment conditions related to the decryption function, specifically, the position replaced by the source code is found through subscript, and the source code is restored through necessary parameters.
S04, loading the decryption object and executing to the decryption code;
s05, dynamically decrypting the decrypted object into a plaintext code;
s06, judging whether the normal code is executed or not; if so, go to step S07, otherwise go to step S08.
S07, normally running a program;
s08, judging whether the anti-debugging code is executed or not; if so, go to step S11, otherwise go to step S09.
In the web browser environment, by inserting a code for calculating a time difference into some functions, when the execution time of two pieces of code is greater than a certain value, the program will enter an infinite loop code, i.e., step S11 is executed; by encoding a piece of anti-debugging code as an encrypted character string, the piece of anti-debugging code is embedded into the decryption function, and when the code is executed, the piece of anti-debugging code is executed, that is, step S11 is executed.
S09, executing the domain name check code;
s10, judging whether the domain names are consistent; if so, go to step S11, otherwise go to step S12.
S11, abnormal program operation;
and S12, ending.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of preventing H5 source code leakage. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. A method for preventing H5 source code leakage, the method comprising the steps of:
A. initializing a template object, defining a global function, and returning a global object in the global function; the template object comprises a character string interaction template, the character string interaction template decodes all character strings in the source code, and the character string interaction template exists in the global object and is used for dynamically decoding the character strings through the character string interaction template when the program runs;
the step A further comprises the following steps:
a1, randomizing the name of the global object, wherein the name of the global object encrypted each time is different and unique;
B. performing lexical analysis and syntactic analysis on the source codes, and encrypting functions, character strings, expressions and constants in the source codes; extracting all character strings, putting the character strings into an array, encrypting the array, processing the encrypted array into an unreadable character string, putting the encrypted array into a character string interaction template, recording subscripts of each character string corresponding to the array, and taking the subscripts as parameters of the character string interaction template so as to achieve the purpose of hiding the character strings;
C. performing shell encryption on the encrypted source code and generating a decryption function;
the step C specifically comprises the following steps:
c1, carrying out de-spacing and de-annotation processing on the encrypted source codes, and randomly encrypting the encrypted source codes;
c2, generating an encrypted character string array, a replaced position, a variable of a decryption function and a judgment condition related to the decryption function;
c3, generating a decryption function, and using the result of the processed source code as the parameter of the decryption function;
D. the decryption function decrypts the encrusted code, decrypts the encrypted source code, loads a decryption object and executes the encrypted source code, dynamically decrypts the decryption object into a plaintext password, and executes the plaintext password;
wherein, by randomizing the name of the global object and randomizing the control flow, each encryption will result in a different encrypted file.
2. The method for preventing H5 source code leakage according to claim 1, wherein the global object has multiple Key-Value forms, and the Key Value is randomized and unique each time it is initialized;
the type of Value includes: the system comprises a character string interaction template, an expression interaction template, a plurality of constants and a plurality of judgment functions.
3. The method for preventing H5 source code leakage according to claim 2, wherein the string interaction template is used to decode the value of case in switch structure in function control flow flattening in source code, or decode all strings in source code, or decode the preset domain name encoding string.
4. The method for preventing leakage of H5 source codes according to claim 1, wherein the step C further comprises: c4, by encoding a section of anti-debugging code into an encrypted character string, embedding the section of anti-debugging code into a decryption function, when the code is executed, executing the section of anti-debugging code, and executing the anti-debugging code by using an eval function.
5. The method for preventing H5 source code leakage according to claim 1, wherein the encrypting the function in the source code in step B includes:
if a code for calculating the time difference is inserted into the function, when the execution time of the two sections of codes is more than a certain value, the program enters an infinite loop code;
if a template code for domain name judgment is inserted into the function, a return value is obtained, and whether the program is executed or not is judged according to the truth of the return value;
if the control flow for transforming the function body structure into the switch structure is flattened, the sequence of the function body statement is randomized, codes which cannot be executed and can be executed but do not influence the result are inserted, the control flow is complicated, the case value of the switch statement is automatically generated, the case value is put into an array, the array is encrypted, and the unreadable character string is processed.
6. The method for preventing H5 source code leakage according to claim 1, wherein the encrypting the expression in the source code in step B includes:
extracting the interspersed expressions in the JavaScript, and replacing all interspersed expressions with brackets expressions to convert the attribute call of the object into a character string form;
extracting expression operation in the source code, converting the expression into a form of expression interaction template function call or judging function call, and taking left and right values participating in the expression as parameters of the function.
7. The method of claim 1, wherein the H5 source code leakage is prevented,
the encrypting the constant in the source code in the step B includes:
and extracting constants in the source code, putting all the constants into the template object, and replacing the original constants into the form of the access attribute of the template object.
8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 7 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910206140.7A CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910206140.7A CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109918917A CN109918917A (en) | 2019-06-21 |
| CN109918917B true CN109918917B (en) | 2021-06-08 |
Family
ID=66965589
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910206140.7A Active CN109918917B (en) | 2019-03-19 | 2019-03-19 | Method, computer device and storage medium for preventing leakage of H5 source code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109918917B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110309631B (en) * | 2019-07-12 | 2021-04-06 | 北京智游网安科技有限公司 | Programming language structure confusion processing method, intelligent terminal and storage medium |
| CN110377276B (en) * | 2019-07-19 | 2023-05-23 | 潍柴动力股份有限公司 | Source code file management method and device |
| CN110457869B (en) * | 2019-07-23 | 2022-03-22 | Oppo广东移动通信有限公司 | Program compiling and encrypting method and device, storage medium and electronic equipment |
| CN111159748A (en) * | 2019-12-31 | 2020-05-15 | 中国银行股份有限公司 | Front-end information encryption method and device |
| CN111367505A (en) * | 2020-03-02 | 2020-07-03 | 广州致远电子有限公司 | JavaScript source code secrecy method, device, equipment and storage medium |
| CN111797388A (en) * | 2020-06-12 | 2020-10-20 | 武汉大学 | JavaScript engine memory information leakage defense method and system based on runtime randomization |
| CN113642015A (en) * | 2021-08-02 | 2021-11-12 | 北京奇艺世纪科技有限公司 | File encryption method and device, electronic equipment and storage medium |
| CN113987471A (en) * | 2021-10-29 | 2022-01-28 | 山西大鲲智联科技有限公司 | Executable file execution method and device, electronic equipment and computer readable medium |
| CN115203652B (en) * | 2022-09-15 | 2022-12-13 | 中电信数智科技有限公司 | IOS end security encryption control method based on source confusion |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| CN104166822A (en) * | 2013-05-20 | 2014-11-26 | 阿里巴巴集团控股有限公司 | Data protecting method and device |
| CN104504313A (en) * | 2014-12-31 | 2015-04-08 | 北京畅游天下网络技术有限公司 | Confidential treatment method and device for code |
| US9112699B1 (en) * | 2012-12-19 | 2015-08-18 | Verifyle, Inc. | System, processing device, computer program and method, to tranparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords |
| CN105205359A (en) * | 2015-10-12 | 2015-12-30 | 厦门飞信网络科技有限公司 | Method and device for protecting JavaScript codes |
| CN107480477A (en) * | 2017-07-21 | 2017-12-15 | 四川长虹电器股份有限公司 | Mobile terminal product copy-right protection method based on html5 technologies |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9582678B2 (en) * | 2011-04-19 | 2017-02-28 | Invenia As | Method for secure storing of a data file via a computer communication network |
| CN105095771B (en) * | 2014-05-08 | 2018-12-28 | 北京娜迦信息科技发展有限公司 | A kind of guard method of shared file destination and device |
| CN104462959B (en) * | 2014-12-04 | 2017-09-01 | 北京奇虎科技有限公司 | A kind of method for reinforcing and protecting, server and the system of Android application |
| CN107958158A (en) * | 2017-10-27 | 2018-04-24 | 国网辽宁省电力有限公司 | The dynamic data desensitization method and system of a kind of big data platform |
-
2019
- 2019-03-19 CN CN201910206140.7A patent/CN109918917B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103377326A (en) * | 2012-04-13 | 2013-10-30 | 腾讯科技(北京)有限公司 | Confusion encrypting method and device for dynamic webpage program codes |
| US9112699B1 (en) * | 2012-12-19 | 2015-08-18 | Verifyle, Inc. | System, processing device, computer program and method, to tranparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords |
| CN104166822A (en) * | 2013-05-20 | 2014-11-26 | 阿里巴巴集团控股有限公司 | Data protecting method and device |
| CN104504313A (en) * | 2014-12-31 | 2015-04-08 | 北京畅游天下网络技术有限公司 | Confidential treatment method and device for code |
| CN105205359A (en) * | 2015-10-12 | 2015-12-30 | 厦门飞信网络科技有限公司 | Method and device for protecting JavaScript codes |
| CN107480477A (en) * | 2017-07-21 | 2017-12-15 | 四川长虹电器股份有限公司 | Mobile terminal product copy-right protection method based on html5 technologies |
Non-Patent Citations (1)
| Title |
|---|
| JShaman 技术原理;JShaman.com;《http://www.jshaman.com/JShaman产品说明书v2.pdf》;20181231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109918917A (en) | 2019-06-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109918917B (en) | Method, computer device and storage medium for preventing leakage of H5 source code | |
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| JP6257754B2 (en) | Data protection | |
| US11281769B2 (en) | Software integrity verification | |
| JP5990654B2 (en) | Application code obfuscation device and method | |
| CN102890758B (en) | Method and system for protecting executable file | |
| CN104680039B (en) | A kind of data guard method and device of application program installation kit | |
| Kovacheva | Efficient code obfuscation for Android | |
| CN106203006A (en) | Android application reinforcement means based on dex Yu so file Dynamic Execution | |
| US20170116410A1 (en) | Software protection | |
| CN109871704B (en) | Android resource file protection method, equipment and storage medium based on Hook | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| CN106650327A (en) | so file dynamic recovery-based Android application reinforcement method | |
| CN110210211B (en) | Data protection method and computing equipment | |
| CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
| CN112115427A (en) | Code obfuscation method, device, electronic device and storage medium | |
| US10331896B2 (en) | Method of protecting secret data when used in a cryptographic algorithm | |
| US7000119B1 (en) | Instruction/data protection employing derived obscuring instruction/data | |
| Huang et al. | Smart contract watermarking based on code obfuscation | |
| Sun et al. | Selwasm: A code protection mechanism for webassembly | |
| JP3970856B2 (en) | Program obfuscation device, program distribution system, computer program | |
| Groß et al. | Protecting JavaScript apps from code analysis | |
| CN111291333A (en) | Java application program encryption method and device | |
| JP6215468B2 (en) | Program protector |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |