CN109992974A - Guard method, equipment and the readable storage medium storing program for executing of Virtual Machine bytecodes file - Google Patents
Guard method, equipment and the readable storage medium storing program for executing of Virtual Machine bytecodes file Download PDFInfo
- Publication number
- CN109992974A CN109992974A CN201711477003.4A CN201711477003A CN109992974A CN 109992974 A CN109992974 A CN 109992974A CN 201711477003 A CN201711477003 A CN 201711477003A CN 109992974 A CN109992974 A CN 109992974A
- Authority
- CN
- China
- Prior art keywords
- file
- virtual machine
- critical field
- byte code
- code files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of guard methods of Virtual Machine bytecodes file, and the method comprising the steps of: extracting the critical field of byte code files in virtual machine into the first file;Cryptography key field;Protect the key of cryptography key field;Encrypted critical field is put under the catalogue of byte code files;The catalogue file for being put into encrypted critical field is repacked, to generate the executable compressed package of the virtual machine.In addition, the present invention also provides a kind of equipment and readable storage medium storing program for executing, compared with prior art, invention achieves the Virtual Machine bytecodes protected in memory not by the extracted effect of attacker.
Description
Technical field
The present invention relates to technical field of software security more particularly to a kind of guard method of Virtual Machine bytecodes file, set
Standby and readable storage medium storing program for executing.
Background technique
Android (Android) system since entering into market, has been quickly grown, and obtains numerous developers and many factories
The support of quotient.As the current highest operating system of smart phone occupation rate of market, the safety of Android system is looked steadily
Mesh.Although Android platform uses multi-level safety protecting mechanism, it is easy to counter since Android platform has used and compiles
The java language translated makes its software be easy inversely to be attacked.Each application program installation kit in Android platform
There is virtual machine executable file in (Android Package, abbreviation APK), it contains the source code of the application program,
If there is attacker, attacker can pass through decompiling virtual machine executable file, it will be able to Virtual Machine bytecodes are obtained,
And then application program is cracked, so, it is very important to the protection of virtual machine executable file.
It in the prior art, for the protection of virtual machine executable file is can be performed using by actual and virtual machine
The encryption technology that file hiding gets up.However, howsoever hidden file, it finally at runtime all must loaded virtual machine word
Code is saved to memory, attacker passes through the works such as interactive disassembler (Interactive Disassembler, IDA), ZJDroid
Virtual Machine bytecodes can be extracted from memory and then crack APK by tool, bring huge safety hidden to terminal user
Suffer from.
Summary of the invention
It is a primary object of the present invention to propose a kind of guard method of Virtual Machine bytecodes file, equipment and readable deposit
Storage media, it is intended to solve to be extracted by attacker there are the bytecode of virtual machine in memory and be used to crack asking for application program
Topic.
To achieve the above object, the guard method of a kind of Virtual Machine bytecodes file provided by the invention, the method packet
Include step:
The critical field of byte code files in virtual machine is extracted into the first file;
Encrypt the critical field;
Protection encrypts the key of the critical field;
Encrypted critical field is put under the catalogue of the byte code files;
The catalogue file for being put into the encrypted critical field is repacked, it is executable to generate the virtual machine
Compressed package.
In addition, to achieve the above object, the present invention also proposes a kind of guard method of Virtual Machine bytecodes file, described
Method comprising steps of
When detecting the byte code files for running zero setting in virtual machine, the byte code files are loaded to memory;
Obtain the critical field encrypted in the catalogue of byte code files;
Decrypt the critical field of the encryption;
Critical field after dynamic reduction decryption is into memory.
In addition, to achieve the above object, the present invention also proposes that a kind of equipment, the equipment include processor and storage
Device;
The processor is used to execute the protective program of the Virtual Machine bytecodes file stored in memory, on realizing
The method stated.
In addition, to achieve the above object, the present invention also proposes a kind of computer readable storage medium, and the computer can
It reads storage medium and is stored with one or more program, one or more of programs can be by one or more processor
It executes, to realize above-mentioned method.
Guard method, equipment and the readable storage of Virtual Machine bytecodes file provided in this embodiment proposed by the present invention
Medium, the critical field by extracting byte code files in virtual machine encrypt the critical field into the first file, protect
Encrypted critical field is put under the catalogue of the byte code files, repacks by the key for encrypting the critical field
It is put into the catalogue file of encrypted critical field, to generate the executable compressed package of the virtual machine.Protection memory is reached
In Virtual Machine bytecodes not by the extracted effect of attacker, while also concealing key information, improve safety.
Detailed description of the invention
Fig. 1 is the flow diagram of the guard method for the Virtual Machine bytecodes file that the application first embodiment provides;
Fig. 2 is the sub-process schematic diagram of the guard method for the Virtual Machine bytecodes file that the application first embodiment provides;
Fig. 3 is another process signal of the guard method for the Virtual Machine bytecodes file that the application first embodiment provides
Figure;
Fig. 4 is the example flow diagram one of the guard method for the Virtual Machine bytecodes file that the application first embodiment provides;
Fig. 5 is the example flow diagram two of the guard method for the Virtual Machine bytecodes file that the application first embodiment provides;
Fig. 6 is the flow diagram of the guard method for the Virtual Machine bytecodes file that the application second embodiment provides;
Fig. 7 is the sub-process schematic diagram of the guard method for the Virtual Machine bytecodes file that the application second embodiment provides
One;
Fig. 8 is the sub-process schematic diagram of the guard method for the Virtual Machine bytecodes file that the application second embodiment provides
Two;
Fig. 9 is three flow chart of example that the application second embodiment provides;
Figure 10 is four flow chart of example that the application second embodiment provides;
Figure 11 is the schematic diagram for the device hardware framework that the application 3rd embodiment provides;
Figure 12 is the module diagram of the protective program of Virtual Machine bytecodes file in Figure 11;
Figure 13 is the schematic diagram for the device hardware framework that the application fourth embodiment provides;
Figure 14 is the module diagram of the protective program of Virtual Machine bytecodes file in Figure 13.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to limit this hair
It is bright.
In subsequent description, it is only using the suffix for indicating such as " module ", " component " or " unit " of element
Be conducive to explanation of the invention, itself there is no a specific meaning.Therefore, " module ", " component " or " unit " can mix
Ground uses.
First embodiment
As shown in Figure 1, the process of the guard method of the Virtual Machine bytecodes file provided for the application first embodiment is shown
It is intended to.In Fig. 1, the guard method of the Virtual Machine bytecodes file, comprising:
Step 110, the critical field of byte code files in virtual machine is extracted into the first file;
Step 120, the critical field is encrypted;
Step 130, protection encrypts the key of the critical field;
Step 140, encrypted critical field is put under the catalogue of the byte code files;
Step 150, the catalogue file for being put into encrypted critical field is repacked, can be held with generating the virtual machine
Capable compressed package.
Specifically, extracting the critical field in Virtual Machine bytecodes file, and generate key.The pass is encrypted by key
Key field, then the key is protected, to be hidden to key.Encrypted critical field is put into the catalogue of byte code files
Under, and updated catalogue file is repacked, to generate the executable compressed package of the virtual machine.
Optionally, prior to step 110, the method also includes:
The compressed package of executable file in the virtual machine is parsed, it, should as shown in Fig. 2 to obtain the byte code files
Step specifically includes:
Step 210, the compressed package for decompressing the executable file obtains the byte code files;
Step 220, the information of class is read from the byte code files.
Specifically, in the present embodiment, the information of class includes at least: number, class name, the number of method and the pass of class
Key field offset and length.
Optionally, as shown in figure 3, after step 110, the method also includes:
Step 310, the critical field in the byte code files after extraction is instructed into zero setting;
Step 320, by the metadata of the critical field instruction in the byte code files before extraction and in first text
Metadata in part is written in the second file.
Specifically, using the byte code files before extraction as former byte code files, by the byte code files after extraction
As new byte code files.After extracting critical field from byte code files, by the critical field in former byte code files
Zero setting.
Optionally, step 130 specifically includes:
Two look-up tables are generated by whitepack algorithm and the key and protect the key, correspondingly, the bytecode is literary
The catalogue of part includes described two look-up tables, first file and second file.
Specifically, whitepack Encryption Algorithm is to refer to resist a kind of special encryption method of attack under whitepack environment.
White-box attack refers to that attacker possesses complete control ability to device end, the binary system of program operation can be tracked,
Read the intermediate result and change the result etc. calculated that the key observation program in memory executes.
In the present embodiment, algorithm and key have closely been bundled in together by whitepack Encryption Algorithm, raw by algorithm and key
At two look-up tables for decryption, the two look-up tables are T table and M table respectively, wherein T table is for carrying out text replacement, M
Table is for searching corresponding plaintext.Due to the merging of algorithm and key, key information will not be occurred directly in memory, so
Can effective secrete key, also obscured encryption logic at the same time, attacker cannot directly extract close directly from memory
Key information.
Optionally, the guard method of the Virtual Machine bytecodes file of the present embodiment can also include: to the byte after extraction
Code file carries out shell adding processing.
In order to keep the guard method of the Virtual Machine bytecodes file of the present embodiment more clear and easy to understand, shown with following two
Example is illustrated the course of work of the guard method of the Virtual Machine bytecodes file:
Example one
This sample application is in the virtual machine Dalvik of Android (Android) platform.Dalvik virtual machine operation be
Dalvik bytecode can support the fortune for having been converted into the Java application program of .dex (i.e. Dalvik Executable) format
Row.Dalvik bytecode generates DEX file, and DEX file contains the file of application program key message.As shown in figure 4,
The protection process of Dalvik virtual machine byte code files is as follows:
Step 410, Android installation kit (Android Package, APK) is decompressed;
Step 420, it parses and modifies the xml document information in APK file;
Step 430, former DEX file is read and parsed, the number and critical field of the number of class, class name, method are obtained
Offset and length;
Step 440, critical field is extracted to codedata.txt file, by the critical field zero setting of former DEX file;
Step 450, by the metadata of critical field in former DEX file and first number in codedata.txt file
According in write-in codeinfo.txt file;
Step 460, key and cryptography key field needed for generating encryption;
Step 470, two look-up tables are generated to protect key by whitepack algorithm, i.e. encryption table and decryption table is hidden
Key;
Step 480, calculate and change the check value of DEX file;
Step 490, look-up table, codedata.txt and codeinfo.txt are put under the assets catalogue of former APK,
And former DEX file is replaced with shell DEX file, complete shell adding;
Step 400, the APK file in step 490 is repacked, to generate the executable compressed package of Dalvik virtual machine.
Example two
This sample application is in Java Virtual Machine.In computer programming field, Java programming language is used for each main
Industry part and be present in various devices, in computer and networks.Java application is by with Java programming language
Speech establishment, and it is compiled as machine-independent bytecode, which executes in Java Virtual Machine (JVM).Class
File (format .class) is the file that can directly run on a java virtual machine generated by Java bytecode.Such as Fig. 5
Shown, the protection process of Java Virtual Machine byte code files is as follows:
Step 510, JAR packet is decompressed;
Step 520, former Class file is read and parsed, the number of the number of class, class name, method is obtained from constant pool
And critical field command offsets and length;
Step 530, critical field is extracted to codedata.txt file, and the critical field instruction of former Class file is set
Zero;
Step 540, by the metadata of critical field instruction in former Class file and in codedata.txt file
Metadata write-in codeinfo.txt file in;
Step 550, key and cryptography key field needed for generating encryption;
Step 560, two look-up tables of whitepack algorithm are generated, with secrete key;
Step 570, calculate and change the check value of Class file;
Step 580, catalogue where look-up table, codedata.txt and codeinfo.txt being put into after former JAR packet decompresses
Under;
Step 590, the JAR packet in step 580 is repacked, to generate the executable compressed package of Java Virtual Machine.
The guard method of Virtual Machine bytecodes file provided in this embodiment, by extracting byte code files in virtual machine
Critical field into the first file, encrypt the critical field, protection encrypts the key of the critical field, after encryption
Critical field be put under the catalogue of the byte code files, repack the catalogue file for being put into encrypted critical field,
To generate the executable compressed package of the virtual machine.Reach and the Virtual Machine bytecodes in memory is protected not mentioned by attacker
The effect taken.Key information is also concealed simultaneously, improves safety.
Second embodiment
As shown in fig. 6, the process of the guard method of the Virtual Machine bytecodes file provided for the application second embodiment is shown
It is intended to.In Fig. 6, the guard method of the Virtual Machine bytecodes file is the decrypting process to first embodiment comprising:
Step 610, when detecting the byte code files for running zero setting in virtual machine, the byte code files are loaded to interior
It deposits;
Step 620, the critical field encrypted in the catalogue of the byte code files is obtained;
Step 630, the critical field of the encryption is decrypted;
Step 640, the critical field after dynamic reduction decryption is into memory.
Specifically, loading the byte code files when detecting operation byte code files in virtual machine to memory, obtaining
The critical field encrypted in the catalogue of byte code files, and the critical field of the encryption is decrypted, then after dynamic reduction decryption
Critical field is into the memory.So-called dynamic reduction refers to: byte code files include one or more critical field, often
When calling a critical field of byte code files, then the critical field is restored to memory.
It optionally, after step 610, can also include: to obtain the starting of the byte code files in the memory
Address, correspondingly, step 640 includes: that dynamic restores the critical field after decryption into the initial address.
Optionally, as shown in fig. 7, step 620 includes:
Step 710, the second file in the catalogue of the byte code files is parsed, the information of class is obtained;
Step 720, the information of the class is stored;
Step 730, by Classloader, the critical field encrypted in the category information is extracted.
Specifically, the second file in the catalogue for passing through parsing byte code files, obtains the information of class, and to the letter of class
Breath is stored, then by Classloader, and rewrites the function of Classloader, is completed in the function to cryptography key field
Extraction, decryption and reduction.
Correspondingly, as shown in fig. 7, step 630 specifically includes:
Step 810, two look-up tables in the catalogue of the byte code files are obtained;
Step 820, the critical field of the encryption is decrypted by described two look-up tables.
Specifically, also obtain two look-up tables in the catalogue of byte code files by Classloader, i.e., black list and
Decryption table, and the decryption to cryptography key field is completed by the two look-up tables.
In order to keep the guard method of the Virtual Machine bytecodes file of the present embodiment more clear and easy to understand, shown with following two
Example is illustrated the course of work of the guard method of the Virtual Machine bytecodes file:
Example three
As shown in figure 9, this example is specifically included to the decrypting process of example one in first embodiment:
Step 910, the DEX file of zero setting is loaded into memory, generates ODEX file;
Step 920, ODEX (or OAT) file initial position in memory is obtained, and calculates DEX in ODEX (or OAT) file
The initial position of file;
Step 930, codeinfo.txt file is parsed, by the offset of critical field in class name, side operator, former DEX file
The offset of cryptography key field and these information of length are stored in map with length and in codedata.txt file;
Step 940, Classloader is set, to rewrite PathClassLoader, is completed in the function to cryptography key
Extraction, decryption and the backfill of field;
Step 950, when one class of every load, according to the offset and length of cryptography key field deposited in class name and map
Information parses from codedata.txt and obtains cryptography key field;
Step 960, pass through whitepack algorithm decrypted key field in conjunction with two look-up tables;
Step 970, according to the initial position of DEX file and map institute in ODEX (or OAT) file in obtained memory
Critical field after the offset for the former DEX file critical field deposited and length backfill decryption.
Example four
As shown in Figure 10, this example is specifically included to the decrypting process of example two in first embodiment:
Step 1010, the Class file after zero setting is loaded into memory;
Step 1020, Class file initial position in memory is obtained;
Step 1030, parse codeinfo.txt file, in class name, side operator, former DEX file critical field it is inclined
It moves with length and the offset of cryptography key field and these information of length is stored in map in codedata.txt file;
Step 1040, customized Classloader is set, ClassLoader is rewritten, completes to close encryption in the function
Extraction, decryption and the backfill of key field instruction;
Step 1050, when one class of every load, according to the offset and length of cryptography key field deposited in class name and map
Degree information is parsed from codedata.txt obtains the instruction of cryptography key field;
Step 1060, it is instructed in conjunction with two look-up tables using whitepack algorithm decrypted key field;
Step 1070, the former Class file deposited according to the initial position of Class file and map in obtained memory
Critical field instruction after the offset of critical field and length backfill decryption.
The guard method of the Virtual Machine bytecodes file of the present embodiment, by when the word for running zero setting in detection virtual machine
When saving code file, load byte code files to memory obtain the critical field encrypted in the catalogue of byte code files, and decryption adds
Close critical field, and dynamic restores the critical field after decryption into memory, can protect the Virtual Machine bytecodes in memory
Not by the extracted effect of attacker, the safety of system is improved.
3rd embodiment
As shown in figure 11, a kind of schematic diagram of device hardware framework is provided for the application 3rd embodiment.In Figure 11,
Equipment includes: first memory 1110, first processor 1120 and is stored on the first memory 1110 and can be described
The protective program 1130 of the Virtual Machine bytecodes file run on first processor 1120.In the present embodiment, described virtual
The protective program 1130 of machine byte code files includes that a series of computer program being stored on first memory 1110 refers to
It enables, when the computer program instructions are executed by first processor 1120, the virtual machine word of various embodiments of the present invention may be implemented
Save the protection operation of code file.In some embodiments, it is realized based on the computer program instructions each section specific
Operation, the protective program 1130 of Virtual Machine bytecodes file can be divided into one or more modules.As shown in figure 12, empty
The protective program 1130 of quasi- machine byte code files include: extraction module 1210, encrypting module 1220, cryptographic key protection module 1230,
Update module 1240, packetization module 1250, parsing module 1260 and shell adding processing module 1270.Wherein,
Extraction module 1210, for extracting the critical field of byte code files in virtual machine into the first file;
Encrypting module 1220, for encrypting the critical field;
Cryptographic key protection module 1230, for protecting the key for encrypting the critical field;
Update module 1240, for encrypted critical field to be put under the catalogue of the byte code files;
Packetization module 1250, for repacking the catalogue file for being put into encrypted critical field, to generate the void
The executable compressed package of quasi- machine.
Specifically, extraction module 1210 extracts the critical field in Virtual Machine bytecodes file, and generate key.Encryption
Module 1220 encrypts the critical field by key, and cryptographic key protection module 1230 protects the key again, hidden to carry out to key
Hiding.Encrypted critical field is put under the catalogue of byte code files by update module 1240, and packetization module 1250 is repacked
Updated catalogue file, to generate the executable compressed package of the virtual machine.
Parsing module 1260, for parsing the compressed package of executable file in the virtual machine, to obtain the bytecode
File.Parsing module 1260 is specifically used for:
The compressed package for decompressing the executable file obtains the byte code files;
The information of class is read from the byte code files.
Specifically, in the present embodiment, the information of class includes at least: number, class name, the number of method and the pass of class
Key field offset and length.
Update module 1240, the critical field in the byte code files after being also used to extract instruct zero setting;And it will mention
The metadata and the metadata in first file of critical field instruction in byte code files before taking are written to the
In two files.
Specifically, using the byte code files before extraction as former byte code files, by the byte code files after extraction
As new byte code files.After extracting critical field from byte code files, update module 1240 is by former byte code files
In critical field zero setting.
Optionally, cryptographic key protection module 1230 is specifically used for:
Two look-up tables are generated by whitepack algorithm and the key and protect the key, correspondingly, the bytecode is literary
The catalogue of part includes described two look-up tables, first file and second file.
Specifically, whitepack Encryption Algorithm is to refer to resist a kind of special encryption method of attack under whitepack environment.
White-box attack refers to that attacker possesses complete control ability to device end, the binary system of program operation can be tracked,
Read the intermediate result and change the result etc. calculated that the key observation program in memory executes.
In the present embodiment, algorithm and key have closely been bundled in together by whitepack Encryption Algorithm, raw by algorithm and key
At two look-up tables for decryption, the two look-up tables are T table and M table respectively, wherein T table is for carrying out text replacement, M
Table is for searching corresponding plaintext.It can independently be encrypted using black list, be decrypted with decryption table, is no longer dependent on original
Enciphering and deciphering algorithm and key.Due to the merging of algorithm and key, key information will not be occurred directly in memory, it is possible to
Effective secrete key, has also obscured encryption logic at the same time, and attacker cannot directly extract key letter directly from memory
Breath.
Optionally, shell adding processing module 1270, for carrying out shell adding processing to the byte code files after extraction.
Equipment provided in this embodiment extracts the critical field of byte code files in virtual machine by extraction module 1210
Into the first file, encrypting module 1220 encrypts the critical field, and the protection of cryptographic key protection module 1230 encrypts the keyword
Encrypted critical field is put under the catalogue of the byte code files by the key of section, update module 1240, packetization module
1250 repack the catalogue file for being put into encrypted critical field, to generate the executable compressed package of the virtual machine, reach
To the Virtual Machine bytecodes protected in memory not by the extracted effect of attacker.Key information is also concealed simultaneously, is improved
Safety.
Fourth embodiment
As shown in figure 13, a kind of schematic diagram of device hardware framework is provided for the application fourth embodiment.In Figure 13,
Equipment includes: second memory 1310, second processor 1320 and is stored on the second memory 1310 and can be described
The protective program 1330 of the Virtual Machine bytecodes file run in second processor 1320.In the present embodiment, described virtual
The protective program 1330 of machine byte code files includes that a series of computer program being stored on second memory 1310 refers to
It enables, when the computer program instructions are executed by second processor 1320, the virtual machine word of various embodiments of the present invention may be implemented
Save the protection operation of code file.In some embodiments, it is realized based on the computer program instructions each section specific
Operation, the protective program 1330 of Virtual Machine bytecodes file can be divided into one or more modules.As shown in figure 14, empty
The protective program 1330 of quasi- machine byte code files include: loading module 1410, obtain module 1420, deciphering module 1430 and
Dynamic recovery module 1440.Wherein,
Loading module 1410, for loading the bytecode when detecting the byte code files for running zero setting in virtual machine
File is to memory;
Obtain module 1420, the critical field encrypted in the catalogue for obtaining byte code files;
Deciphering module 1430, for decrypting the critical field of the encryption;
Dynamic recovery module 1440 restores the critical field after decryption into memory for dynamic.
Specifically, when detecting that loading module 1410 loads the byte code files when running byte code files in virtual machine
To memory, the critical field encrypted in the catalogue of the acquisition byte code files of module 1420 is obtained, and is solved by deciphering module 1430
The critical field of the close encryption, dynamic recovery module 1440 dynamically restore the critical field after decryption into the memory.Institute
Meaning dynamic reduction refers to: byte code files include one or more critical field, every key for calling byte code files
When field, then the critical field is restored to memory.
Optionally, module 1420 is obtained, is also used to obtain the initial address of the byte code files in the memory,
Correspondingly, dynamic recovery module 1440, specifically for the critical field after dynamic reduction decryption into the initial address.
In the present embodiment, module 1420 is obtained to be specifically used for:
The second file in the catalogue of the byte code files is parsed, the information of class is obtained;
Store the information of the class;
By Classloader, the critical field encrypted in the category information is extracted.
Specifically, the second file in the catalogue for passing through parsing byte code files, obtains the information of class, and to the letter of class
Breath is stored, then by Classloader, and rewrites the function of Classloader, is completed in the function to cryptography key field
Extraction, decryption and reduction.
Correspondingly, deciphering module 1430 is specifically used for:
Obtain two look-up tables in the catalogue of the byte code files;
The critical field of the encryption is decrypted by described two look-up tables.
Specifically, also obtain two look-up tables in the catalogue of byte code files by Classloader, i.e., black list and
Decryption table, and the decryption to cryptography key field is completed by the two look-up tables.
The equipment of the present embodiment, when detecting the byte code files for running zero setting in virtual machine, loading module 1410 is loaded
Byte code files obtain the critical field encrypted in the catalogue of the acquisition byte code files of module 1420, deciphering module to memory
The critical field of 1430 decryption encryptions, dynamic recovery module 1440 dynamically restore the critical field after decryption into memory, can
It protects the Virtual Machine bytecodes in memory not by the extracted effect of attacker, improves the safety of system.
5th embodiment
The embodiment of the present application also provides a kind of computer readable storage mediums.Here computer readable storage medium
It is stored with one or more program.Wherein, computer readable storage medium may include volatile memory, such as at random
Access memory;Memory also may include nonvolatile memory, such as read-only memory, flash memory, hard disk or solid
State hard disk;Memory can also include the combination of the memory of mentioned kind.When one in computer readable storage medium or
Multiple programs can be executed by one or more processor, to realize that above-mentioned first embodiment or second embodiment are provided
Virtual Machine bytecodes file guard method.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant be intended to it is non-
It is exclusive to include, so that the process, method, article or the device that include a series of elements not only include those elements,
It but also including other elements that are not explicitly listed, or further include for this process, method, article or device institute
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or device including the element.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but many situations
It is lower the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to the prior art
The part to contribute can be embodied in the form of software products, which is stored in a storage and is situated between
In matter (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, clothes
Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned tools
Body embodiment, the above mentioned embodiment is only schematical, rather than restrictive, the ordinary skill of this field
Personnel under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, can also make
Many forms, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of guard method of Virtual Machine bytecodes file, which is characterized in that the method includes the steps:
The critical field of byte code files in virtual machine is extracted into the first file;
Encrypt the critical field;
Protection encrypts the key of the critical field;
Encrypted critical field is put under the catalogue of the byte code files;
The catalogue file for being put into the encrypted critical field is repacked, to generate the executable compression of the virtual machine
Packet.
2. the guard method of Virtual Machine bytecodes file according to claim 1, which is characterized in that in extracting virtual machine
After the critical field of byte code files, the method also includes:
Critical field in the byte code files after extraction is instructed into zero setting;
By the metadata of the critical field instruction in the byte code files before extraction and the member in first file
Data are written in the second file.
3. the guard method of Virtual Machine bytecodes file according to claim 2, which is characterized in that protection encrypts the pass
The key of key field, comprising:
Two look-up tables, which are generated, by whitepack algorithm and the key protects the key, correspondingly, the byte code files
Catalogue includes described two look-up tables, first file and second file.
4. the guard method of Virtual Machine bytecodes file according to claim 1, which is characterized in that in extracting virtual machine
Before the critical field of byte code files, the method also includes:
The compressed package of executable file in the virtual machine is parsed, to obtain the byte code files.
5. the guard method of Virtual Machine bytecodes file according to claim 4, which is characterized in that parse the virtual machine
The compressed package of middle executable file, comprising:
The compressed package for decompressing the executable file obtains the byte code files;
The information of class is read from the byte code files.
6. a kind of guard method of Virtual Machine bytecodes file, which is characterized in that the method includes the steps:
When detecting the byte code files for running zero setting in virtual machine, the byte code files are loaded to memory;
Obtain the critical field encrypted in the catalogue of byte code files;
Decrypt the critical field of the encryption;
Critical field after dynamic reduction decryption is into memory.
7. the guard method of Virtual Machine bytecodes file according to claim 6, which is characterized in that obtain the bytecode
The critical field encrypted in file, comprising:
The second file in the catalogue of the byte code files is parsed, the information of class is obtained;
Store the information of the class;
By Classloader, the critical field encrypted in the category information is extracted;
Correspondingly, the critical field of the decryption encryption, comprising:
Obtain two look-up tables in the catalogue of the byte code files;
The critical field of the encryption is decrypted by described two look-up tables.
8. the guard method of Virtual Machine bytecodes file according to claim 7, which is characterized in that load the bytecode
After file to memory, the method also includes:
Obtain the initial address of the byte code files in the memory;
Correspondingly, the critical field after dynamic reduction decryption is into memory, comprising:
The information of the class, the critical field after dynamic reduction decryption is into the initial address.
9. a kind of equipment, which is characterized in that the equipment includes processor and memory;
The processor is used to execute the protective program of the Virtual Machine bytecodes file stored in memory, to realize claim
The described in any item methods of 1-5 or 6-8.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage have one or
Multiple programs, one or more of programs can be executed by one or more processor, with realize claim 1-5 or
The described in any item methods of 6-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711477003.4A CN109992974B (en) | 2017-12-29 | 2017-12-29 | Method and device for protecting byte code file of virtual machine and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711477003.4A CN109992974B (en) | 2017-12-29 | 2017-12-29 | Method and device for protecting byte code file of virtual machine and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109992974A true CN109992974A (en) | 2019-07-09 |
| CN109992974B CN109992974B (en) | 2023-04-14 |
Family
ID=67108754
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711477003.4A Active CN109992974B (en) | 2017-12-29 | 2017-12-29 | Method and device for protecting byte code file of virtual machine and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109992974B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113609517A (en) * | 2021-10-11 | 2021-11-05 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
| CN113849245A (en) * | 2021-09-23 | 2021-12-28 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
| CN114090965A (en) * | 2021-11-22 | 2022-02-25 | 全景智联(武汉)科技有限公司 | Java code obfuscation method, system, computer device and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1690957A (en) * | 2004-04-27 | 2005-11-02 | 微软公司 | A method and system of enforcing a security policy via a security virtual machine |
| CN1976491A (en) * | 2005-12-02 | 2007-06-06 | 三星电子株式会社 | Mobile content management apparatus |
| CN105282157A (en) * | 2015-10-22 | 2016-01-27 | 中国人民解放军装备学院 | Secure communication control method |
| US20170124306A1 (en) * | 2015-10-30 | 2017-05-04 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for preventing application from being deciphered |
-
2017
- 2017-12-29 CN CN201711477003.4A patent/CN109992974B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1690957A (en) * | 2004-04-27 | 2005-11-02 | 微软公司 | A method and system of enforcing a security policy via a security virtual machine |
| CN1976491A (en) * | 2005-12-02 | 2007-06-06 | 三星电子株式会社 | Mobile content management apparatus |
| CN105282157A (en) * | 2015-10-22 | 2016-01-27 | 中国人民解放军装备学院 | Secure communication control method |
| US20170124306A1 (en) * | 2015-10-30 | 2017-05-04 | Baidu Online Network Technology (Beijing) Co., Ltd. | Method and apparatus for preventing application from being deciphered |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849245A (en) * | 2021-09-23 | 2021-12-28 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
| CN113849245B (en) * | 2021-09-23 | 2023-09-12 | 武汉深之度科技有限公司 | Application program running method, computing device and storage medium |
| CN113609517A (en) * | 2021-10-11 | 2021-11-05 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
| CN113609517B (en) * | 2021-10-11 | 2022-02-08 | 深圳市沃易科技有限公司 | Data encryption method for computer software development based on Internet of things |
| CN114090965A (en) * | 2021-11-22 | 2022-02-25 | 全景智联(武汉)科技有限公司 | Java code obfuscation method, system, computer device and storage medium |
| CN114090965B (en) * | 2021-11-22 | 2024-05-17 | 全景智联(武汉)科技有限公司 | Java code confusion method, system, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109992974B (en) | 2023-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102890758B (en) | Method and system for protecting executable file | |
| KR101518420B1 (en) | Apparatus and method for managing apk file in a android platform | |
| KR102433011B1 (en) | Method of apk file protection, apk file protection system performing the same, and storage medium storing the same | |
| CN105683990B (en) | Method and apparatus for protecting dynamic base | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| CN108363911B (en) | Python script obfuscating and watermarking method and device | |
| CN104318135B (en) | A kind of Java code Safety actuality loading method based on credible performing environment | |
| CN105681039A (en) | Method and device for secret key generation and corresponding decryption | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| CN104268444A (en) | Cloud OS Java source code protection method | |
| CN103617401A (en) | Method and device for protecting data files | |
| CN108133147B (en) | Method and device for protecting executable code and readable storage medium | |
| CN106155729A (en) | The hot update method of Lua script, Apparatus and system | |
| CN109992974A (en) | Guard method, equipment and the readable storage medium storing program for executing of Virtual Machine bytecodes file | |
| US10867017B2 (en) | Apparatus and method of providing security and apparatus and method of executing security for common intermediate language | |
| US20150186681A1 (en) | Method of encryption and decryption for shared library in open operating system | |
| CN109241707A (en) | Application program obscures method, apparatus and server | |
| CN108134673A (en) | A kind of method and device for generating whitepack library file | |
| JP2007233426A (en) | Application execution device | |
| Park et al. | A methodology for the decryption of encrypted smartphone backup data on android platform: A case study on the latest samsung smartphone backup system | |
| CN108537010A (en) | AES (advanced encryption standard) algorithm-based Android application Native shell encryption method | |
| KR101688814B1 (en) | Application code hiding apparatus through modifying code in memory and method for hiding application code using the same | |
| KR101749209B1 (en) | Method and apparatus for hiding information of application, and method and apparatus for executing application | |
| KR20170022023A (en) | An apparatus for obfuscating and restoring program execution code and method thereof | |
| CN107169370A (en) | The encryption method and encryption device of executable file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |