CN110119601B - Program reinforcing method and device based on application program installation package - Google Patents
Program reinforcing method and device based on application program installation package Download PDFInfo
- Publication number
- CN110119601B CN110119601B CN201910257445.0A CN201910257445A CN110119601B CN 110119601 B CN110119601 B CN 110119601B CN 201910257445 A CN201910257445 A CN 201910257445A CN 110119601 B CN110119601 B CN 110119601B
- Authority
- CN
- China
- Prior art keywords
- data
- program
- specific type
- constant
- binary file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000003014 reinforcing effect Effects 0.000 title claims abstract description 28
- 108091029480 NONCODE Proteins 0.000 claims abstract description 21
- 238000009434 installation Methods 0.000 claims description 31
- 238000012545 processing Methods 0.000 claims description 21
- 238000004891 communication Methods 0.000 claims description 15
- 238000000605 extraction Methods 0.000 claims description 5
- 230000037431 insertion Effects 0.000 claims 1
- 238000012423 maintenance Methods 0.000 abstract description 17
- 238000004458 analytical method Methods 0.000 abstract description 4
- 230000002787 reinforcement Effects 0.000 description 13
- 238000013500 data storage Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000009897 systematic effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
Abstract
The invention discloses a program reinforcing method and device based on an application program installation package. The method comprises the following steps: extracting a binary file from the application program installation package; determining a plurality of specific types of data contained in non-code sections in the binary file; the specific type data comprises constant data and symbol data; and encrypting the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type. According to the scheme, the application program can be reinforced by encrypting the specific type of data in the non-code section of the binary file, so that the reverse difficulty of the application program is greatly improved, the reverse analysis of the application program is effectively prevented, and the code expansion of the application program is not easily caused; moreover, the scheme is simple and flexible in implementation process, easy to maintain in batches and low in maintenance cost.
Description
Technical Field
The invention relates to the field of computers, in particular to a program reinforcing method and device based on an application program installation package.
Background
With the continuous development of science and technology and society, the number of various application programs is also rapidly increased. However, often, a program reverse developer or a program reverse product may easily crack an application program by decompiling the application program, so that the phenomena of pirating and repackaging the application program are endless.
Currently, in order to prevent reverse cracking of an application program, many products and methods exist in the prior art for reinforcing the application program. However, the inventor finds that the above mode in the prior art has at least the following defects in the process of implementing the invention:
the program reinforcing method provided in the prior art is usually a code obfuscation method for adding instructions and the like in a program, however, the reinforcing method often causes program expansion and wastes system resources; moreover, the existing program reinforcement method is completed by a compiler arranged in a developer terminal in the compiling process, so that the batch maintenance of the program reinforcement method cannot be realized, and the maintenance cost is high.
Disclosure of Invention
In view of the above, the present invention has been made to provide a program reinforcing method and apparatus based on an application installation package that overcomes or at least partially solves the above problems.
According to one aspect of the invention, a program reinforcing method based on an application program installation package is provided, and comprises the following steps:
extracting a binary file from the application installation package;
determining a plurality of specific types of data contained in non-code sections in the binary file; wherein the specific type of data comprises constant data and sign data;
and carrying out encryption processing on the specific type of data by adopting an encryption algorithm matched with the category of the specific type of data.
According to another aspect of the present invention, there is provided a program reinforcing apparatus based on an application installation package, including:
an extraction module adapted to extract a binary file from the application installation package;
the determining module is suitable for determining a plurality of types of specific data contained in non-code segments in the binary file; wherein the specific type of data comprises constant data and sign data;
and the encryption module is suitable for encrypting the specific type of data by adopting an encryption algorithm matched with the category of the specific type of data.
According to yet another aspect of the present invention, there is provided a computing device comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction enables the processor to execute the operation corresponding to the program reinforcing method based on the application program installation package.
According to still another aspect of the present invention, a computer storage medium is provided, where at least one executable instruction is stored, and the executable instruction causes a processor to perform operations corresponding to the program reinforcing method based on an application installation package as described above.
According to the program reinforcing method and device based on the application program installation package, the binary file is extracted from the application program installation package; determining a plurality of specific types of data contained in non-code sections in the binary file; the specific type data comprises constant data and symbol data; and encrypting the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type. According to the scheme, the application program can be reinforced by encrypting the specific type of data in the non-code section of the binary file, so that the reverse difficulty of the application program is greatly improved, the reverse analysis of the application program is effectively prevented, and the code expansion of the application program is not easily caused; in addition, the scheme has the advantages of simple and flexible implementation process, easy batch maintenance and low maintenance cost.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flowchart illustrating a method for program reinforcement based on an application installation package according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a method for program reinforcement based on an application installation package according to another embodiment of the present invention;
FIG. 3 is a diagram illustrating an architecture of a program installation package-based program reinforcement device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a flowchart illustrating a method for reinforcing a program based on an application installation package according to an embodiment of the present invention. The program reinforcing method based on the application installation package provided by the embodiment can be applied to an IOS and/or mach os system. As shown in fig. 1, the method includes:
step S110, extracting the binary file from the application installation package.
The program reinforcing method provided by the implementation is different from the prior art that the program is reinforced at the compiler stage (executable files are not formed). The application program can be reinforced based on the generated application program installation package, so that the defects that in the prior art, batch maintenance cannot be carried out and the maintenance cost is high due to the fact that program reinforcement is carried out through a compiler in a developer terminal can be avoided.
In an actual implementation process, an application installation package in the IOS system is usually an IPA (iphoneapplication) installation package, and in order to extract a binary file from the IPA installation package, the IPA installation package needs to be decompressed first (for example, decompressed by an unzip command), and then the decompressed file needs to be filtered and identified to obtain the binary file. For example, in an IOS system, a binary file is typically in a Mach-O format, so that extraction of the binary file can be performed by format information.
Further, after extracting the binary file from the application installation package, the application does not perform code obfuscation processing on the code in the application code section, but performs encryption processing on a plurality of specific types of data contained in the application non-code section. Therefore, the application can ensure the safety of the application program to a great extent through the encryption protection of the non-code segment, and the reverse difficulty of the application program is improved.
Step S120, determine a plurality of specific types of data contained in the non-code segment in the binary file.
In an IOS system, a binary file generally includes a header area, a load command area, and a segment data area. The segment data area may in turn contain data segments, code segments and/or link segments, etc. In the embodiment, the code in the code segment is not subjected to obfuscation processing, but is subjected to encryption protection aiming at various specific types of data in non-code segments (such as a data segment and a link segment), so that the code expansion amount can be reduced.
In this embodiment, the specific types of data specifically include: constant data and sign data. In the actual running process of the application program, the whole application program can be threatened by attack decoding behaviors aiming at the constant data and the symbol data, so that the application program can be ensured to a great extent through encryption protection on the constant data and the symbol data, and the reverse difficulty of the application program is improved.
And step S130, encrypting the data of the specific type by adopting an encryption algorithm matched with the type of the data of the specific type.
In order to further improve the program reinforcing effect, in this step, for different specific types of data, an encryption algorithm matched with the category of the specific type of data is used to encrypt the specific type of data. For example, the constant data may be encrypted by using a hidden encryption method using position information encryption, and the conforming data may be encrypted by using a symmetric encryption algorithm or the like. The present embodiment does not limit the specific encryption processing method.
Therefore, the embodiment extracts the binary file from the application installation package; determining a plurality of specific types of data contained in non-code sections in the binary file; the specific type data comprises constant data and symbol data; and encrypting the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type. According to the scheme, the application program can be reinforced by encrypting the specific type of data in the non-code section of the binary file, so that the reverse difficulty of the application program is greatly improved, the reverse analysis of the application program is effectively prevented, and the code expansion of the application program is not easily caused; in addition, the scheme has the advantages of simple and flexible implementation process, easy batch maintenance and low maintenance cost.
Fig. 2 is a flowchart illustrating a program reinforcing method based on an application installation package according to another embodiment of the present invention. As shown in fig. 2, the method includes:
step S210, extracting the binary file from the application installation package.
The program reinforcing method provided by the embodiment can reinforce the application program based on the generated application program installation package, so that the defects that batch maintenance cannot be performed and the maintenance cost is high due to the fact that program reinforcement is performed through a compiler in a developer terminal in the prior art can be avoided. In the IOS system, the binary files can be extracted by decompressing the IPA installation package.
Step S220, determining a plurality of specific types of data contained in the non-code segment in the binary file, and performing encryption processing on the specific types of data by using an encryption algorithm matched with the type of the specific types of data.
The non-code segments described in this embodiment are data segments and link segments; the multiple specific types of data comprise constant data and symbolic data; the symbol data further comprises data segment symbol data and link segment symbol data. In order to further improve the reinforcement effect of the application program, the encryption method matched with each specific type of data is adopted for encryption, so that the decompilation difficulty of the application program is improved, and the safety of the application program is guaranteed.
If the specific type of data includes constant data, the specific step of encrypting the constant data includes: extracting constant data storage parameters corresponding to the constant data from the data segments of the binary file (the constant data storage parameters comprise index position pointers and/or constant data length marks); and performing offset processing on the index position pointer corresponding to the constant data, and/or changing the content of the constant data length mark corresponding to the constant data. The index position pointer corresponding to the constant data is used for pointing to the storage position of the constant data, and the constant data length mark is used for identifying the length of the constant data. Therefore, the constant data are not modified, and the storage parameters (index position pointers and/or constant data length) of the constant data are encrypted and protected, so that the code expansion is reduced, and the reinforcement efficiency is improved.
In order to guarantee the normal operation of the program, after the constant data storage parameters corresponding to the constant data are encrypted, the storage position pointed by the index position pointer currently corresponding to the constant data is a readable attribute; and/or the storage position pointed by the index position pointer corresponding to the constant data at present can be modified into a readable attribute; and/or the index position pointer corresponding to the constant data currently shifts the storage position pointed by the constant data after the constant data corresponding to the constant data currently has the length, and the storage position is a readable attribute; and/or the index position pointer corresponding to the constant data at present is shifted from the storage position pointed by the constant data at present corresponding to the constant data after the constant data at present corresponds to the length, and the storage position can be modified into the readable attribute.
If the specific type of data includes data segment symbol data, the specific step of encrypting the data segment symbol data includes: determining data segment symbol data from a data segment of the binary file, and acquiring an index position pointer corresponding to the data segment symbol data; and carrying out offset processing on the index position pointer corresponding to the data segment symbol data. Wherein the data segment symbol data further comprises: symbolic data associated with a class (e.g., function name, method name, variable name, etc. associated with a class or class), and/or symbolic data associated with a selector, particularly data segment symbolic data, is developer-defined symbolic data.
After encrypting specific types of data (including data segment symbolic data), the storage position pointed by the index position pointer currently corresponding to the data segment symbolic data is a readability attribute; and/or the storage position pointed by the index position pointer currently corresponding to the data segment symbol data can be modified into the readability attribute. Thereby ensuring that the program can normally run. As a further alternative, after the index position pointer associated with the selector is offset, the index position pointer of the selector may be further located in the class or classified method ciphertext list, so as to ensure that the selector can operate normally when the selector is in the presentation operation.
If the specific type of data includes link segment symbol data, the specific step of encrypting the link segment symbol data includes: and determining the starting position and the ending position of the system symbol data section table from the link section of the binary file, and encrypting by adopting a preset encryption algorithm based on the starting position and the ending position of the system symbol data section table. For example, the whole or part of the contents of the systematic symbol data section table may be encrypted according to the start position and the end position of the systematic symbol data section table.
In an alternative embodiment, a symmetric encryption algorithm may be used to encrypt the constant data storage parameter of the constant data, the index position pointer corresponding to the data segment symbol data, and/or the link segment symbol data. The embodiment does not limit the specific symmetric encryption algorithm.
In step S230, a decryption key corresponding to the encryption algorithm is obtained and stored.
Specifically, after the specific type of data is encrypted by using an encryption algorithm matching the category of the specific type of data, a decryption key corresponding to the encryption method may be acquired and stored.
In the process of storing the decryption key, one or more of the following storage modes can be adopted:
in one embodiment, the decryption key may be stored in a meaningless field in the binary file and the storage location is guaranteed to be, or may be modified to be, a readable attribute at program run time. The meaningless field may be a blank or useless field in the binary file, such as a blank area between the end of the file header and the start of the code segment. Therefore, the secrecy of the decryption key is improved, and the occupation of redundant storage memory is avoided.
In another embodiment, a preset decryption key storage segment table may be created, and the decryption key may be stored in the decryption key storage segment table. For example, a segment table named "__ DATA, __ key systems" may be created, and the decryption key is stored in the newly created segment table, thereby facilitating centralized management of the decryption key.
In yet another embodiment, the decryption key may be stored in the application installation package in a preset file. For example, the decryption key may be stored in the IPA installation package in the form of text, picture, or the like, so that the decryption key is separated from the binary file, and the reverse difficulty of the application program is further improved.
In another embodiment, the storage mode of the decryption key may be dynamically determined according to information related to the decryption key, such as the type of the decryption key, the size of the occupied space, and the like.
After the application is reinforced, in order to ensure normal operation of the program, the decryption program may be executed during program operation to obtain a decryption key, and the decryption key is used to decrypt the encrypted specific type of data.
Optionally, to further improve the reinforcement effect, the decryption program may be compiled into a dynamic link library, and the load command of the dynamic link library is added to the binary file, and the load command of the dynamic link library is located at the first bit of the link command, so as to ensure that the command can be executed first.
Optionally, the code segments in the binary file may also be modified to insert the decryption program, and the preset program entry in the binary file points to the decryption program, and the change of the other segment table caused by the change of the code segments is adaptively modified.
Therefore, the program reinforcing method provided by the embodiment can be used for reinforcing the application program based on the generated application program installation package, so that the defects that batch maintenance cannot be performed and the maintenance cost is high due to the fact that program reinforcement is performed through a compiler in a developer terminal in the prior art can be avoided; in addition, in the reinforcing process, the constant data, the data segment symbol data and the link segment symbol data are encrypted, so that the application program is reinforced in an all-around manner, and the reverse difficulty of the application program is increased; in addition, in the embodiment, the encryption of the non-code segments such as the constant data, the data segment symbolic data, the link segment symbolic data and the like is beneficial to reducing code expansion and improving the reinforcement efficiency, and has a better reinforcement effect; in addition, the scheme has the advantages of simple and flexible implementation process, easiness in batch maintenance, low maintenance cost and easiness in large-scale application and implementation.
Fig. 3 is a schematic structural diagram illustrating a program reinforcing apparatus based on an application installation package according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes: an extraction module 31, a determination module 32, and an encryption module 33.
An extraction module 31 adapted to extract a binary file from the application installation package;
a determining module 32 adapted to determine a plurality of specific types of data contained in non-code segments in the binary file; wherein the specific type of data comprises constant data and sign data;
and the encryption module 33 is suitable for carrying out encryption processing on the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type.
Optionally, if the specific type of data includes constant data; the encryption module 33 is further adapted to:
extracting an index position pointer and/or a constant data length mark corresponding to the constant data from a data segment of the binary file;
performing offset processing on an index position pointer corresponding to the constant data; and/or changing the content of the constant data length mark corresponding to the constant data.
Optionally, after the encrypting process is performed on the specific type of data,
the storage position pointed by the index position pointer corresponding to the constant data at present is a readability attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data at present can be modified into a readable attribute;
and/or the index position pointer corresponding to the constant data currently points to a storage position after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently, and the storage position is a readable attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently can be modified into the readable attribute.
Optionally, the symbol data further includes: data segment symbol data and link segment symbol data.
Optionally, if the specific type of data includes data segment symbol data;
the encryption module 33 is further adapted to:
determining data segment symbol data from the data segment of the binary file, and acquiring an index position pointer corresponding to the data segment symbol data;
and carrying out offset processing on the index position pointer corresponding to the data segment symbol data.
Optionally, after the encrypting process is performed on the specific type of data,
the storage position pointed by the index position pointer corresponding to the data segment symbolic data at present is a readability attribute;
and/or the storage position pointed by the index position pointer currently corresponding to the data segment symbol data can be modified into the readability attribute.
Optionally, the data segment symbol data further includes: symbol data associated with a class, and/or symbol data associated with a selector.
Optionally, if the specific type of data includes link segment symbol data;
the encryption module 33 is further adapted to:
and determining the starting position and the ending position of the system symbol data section table from the link segment of the binary file, and encrypting by adopting a preset encryption algorithm based on the starting position and the ending position of the system symbol data section table.
Optionally, the apparatus further comprises: and the key storage module (not shown in the figure) is suitable for acquiring and storing a decryption key corresponding to the encryption algorithm after the specific type of data is subjected to encryption processing.
Optionally, the key storage module is further adapted to: storing the decryption key in a meaningless field in the binary file;
and/or creating a preset decryption key storage segment table, and storing the decryption key in the decryption key storage segment table;
and/or storing the decryption key in the application program installation package in a preset file form.
Optionally, the apparatus further comprises: and the decryption module (not shown in the figure) is suitable for executing a decryption program to obtain the decryption key when the program runs, and decrypting the encrypted specific type of data by using the decryption key.
Optionally, the apparatus further comprises: and the command adding module (not shown in the figure) is suitable for compiling the decryption program into the dynamic link library, adding the loading command of the dynamic link library in the binary file, and enabling the loading command of the dynamic link library to be positioned at the head of all link commands.
Optionally, the apparatus further comprises: and the program inserting module (not shown in the figure) is suitable for modifying the code segments in the binary file so as to insert the decryption program, and enabling a preset program inlet in the binary file to point to the decryption program.
The specific implementation process of each module in the apparatus provided in this embodiment may refer to the description of the corresponding part in the method embodiment shown in fig. 1 and/or fig. 2, which is not described herein again.
Thus, the embodiment extracts the binary file from the application installation package; determining a plurality of specific types of data contained in non-code sections in the binary file; the specific type data comprises constant data and symbol data; and encrypting the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type. According to the scheme, the application program can be reinforced by encrypting the specific type of data in the non-code section of the binary file, so that the reverse difficulty of the application program is greatly improved, the reverse analysis of the application program is effectively prevented, and the code expansion of the application program is not easily caused; in addition, the scheme has the advantages of simple and flexible implementation process, easy batch maintenance and low maintenance cost.
According to an embodiment of the present invention, a non-volatile computer storage medium is provided, where at least one executable instruction is stored, and the computer executable instruction may execute the program reinforcing method based on the application program installation package in any of the above method embodiments.
Fig. 4 is a schematic structural diagram of a computing device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the computing device.
As shown in fig. 4, the computing device may include: a processor (processor)402, a Communications Interface 404, a memory 406, and a Communications bus 408.
Wherein:
the processor 402, communication interface 404, and memory 406 communicate with each other via a communication bus 408.
A communication interface 404 for communicating with network elements of other devices, such as clients or other servers.
The processor 402 is configured to execute the program 410, and may specifically execute the relevant steps in the above embodiment of the program reinforcing method based on the application installation package.
In particular, program 410 may include program code comprising computer operating instructions.
The processor 402 may be a central processing unit CPU or an application Specific Integrated circuit asic or one or more Integrated circuits configured to implement embodiments of the present invention. The computing device includes one or more processors, which may be the same type of processor, such as one or more CPUs; or may be different types of processors such as one or more CPUs and one or more ASICs.
And a memory 406 for storing a program 410. Memory 406 may comprise high-speed RAM memory, and may also include non-volatile memory (non-volatile memory), such as at least one disk memory.
The program 410 may specifically be configured to cause the processor 402 to perform the following operations:
extracting a binary file from the application installation package;
determining a plurality of specific types of data contained in non-code sections in the binary file; wherein the specific type of data comprises constant data and sign data;
and carrying out encryption processing on the specific type of data by adopting an encryption algorithm matched with the category of the specific type of data.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
if the specific type of data comprises constant data; extracting an index position pointer and/or a constant data length mark corresponding to the constant data from the data segment of the binary file;
performing offset processing on an index position pointer corresponding to the constant data; and/or changing the content of the constant data length mark corresponding to the constant data.
In an alternative embodiment, after said encrypting said specific type of data,
the storage position pointed by the index position pointer corresponding to the constant data at present is a readability attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data at present can be modified into a readable attribute;
and/or the index position pointer corresponding to the constant data currently points to a storage position after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently, and the storage position is a readable attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently can be modified into the readable attribute.
In an optional embodiment, the symbol data further comprises: data segment symbol data and link segment symbol data.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
if the specific type of data comprises data segment symbol data; determining data segment symbol data from the data segment of the binary file, and acquiring an index position pointer corresponding to the data segment symbol data;
and carrying out offset processing on the index position pointer corresponding to the data segment symbol data.
In an alternative embodiment, after said encrypting said specific type of data,
the storage position pointed by the index position pointer corresponding to the data segment symbolic data at present is a readability attribute;
and/or the storage position pointed by the index position pointer currently corresponding to the data segment symbol data can be modified into the readability attribute.
In an optional embodiment, the data segment symbol data further comprises: symbol data associated with a class, and/or symbol data associated with a selector.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
if the specific type of data comprises link segment symbol data; determining the starting position and the ending position of the system symbol data section table from the link section of the binary file, and encrypting by adopting a preset encryption algorithm based on the starting position and the ending position of the system symbol data section table.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
and acquiring and storing a decryption key corresponding to the encryption algorithm after the specific type of data is encrypted.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
storing the decryption key in a meaningless field in the binary file;
and/or creating a preset decryption key storage segment table, and storing the decryption key in the decryption key storage segment table;
and/or storing the decryption key in the application program installation package in a preset file form.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
and executing a decryption program to obtain the decryption key when the program runs, and decrypting the encrypted specific type of data by using the decryption key.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
compiling the decryption program into a dynamic link library, adding a loading command of the dynamic link library in the binary file, and enabling the loading command of the dynamic link library to be located at the first position of all link commands.
In an alternative embodiment, the program 410 may be specifically configured to cause the processor 402 to perform the following operations:
and modifying code segments in the binary file to insert the decryption program, and enabling a preset program inlet in the binary file to point to the decryption program.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the devices in an embodiment may be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in an application installation package based program loading apparatus according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on a computer readable medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (20)
1. A program reinforcing method based on an application program installation package is characterized by comprising the following steps:
extracting a binary file from the application installation package;
determining a plurality of specific types of data contained in non-code sections in the binary file; wherein the specific type of data comprises constant data and sign data; the symbol data further includes: data segment symbol data and link segment symbol data;
encrypting the data of the specific type by adopting an encryption algorithm matched with the category of the data of the specific type;
acquiring a decryption key corresponding to the encryption algorithm, storing the decryption key in a meaningless field in the binary file, and ensuring that the storage position of the decryption key is a readable attribute during program operation or can be modified into the readable attribute;
if the specific type of data comprises constant data;
then said encrypting said specific type of data using an encryption algorithm matching said class of said specific type of data further comprises:
extracting an index position pointer and/or a constant data length mark corresponding to the constant data from a data segment of the binary file;
performing offset processing on an index position pointer corresponding to the constant data; and/or changing the content of the constant data length mark corresponding to the constant data.
2. The method according to claim 1, wherein, after said encrypting the specific type of data,
the storage position pointed by the index position pointer corresponding to the constant data at present is a readability attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data at present can be modified into a readable attribute;
and/or the index position pointer corresponding to the constant data currently points to a storage position after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently, and the storage position is a readable attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently can be modified into the readable attribute.
3. The method of claim 1, wherein if the specific type of data comprises data segment symbol data;
then said encrypting said specific type of data using an encryption algorithm matching said class of said specific type of data further comprises:
determining data segment symbol data from the data segment of the binary file, and acquiring an index position pointer corresponding to the data segment symbol data;
and carrying out offset processing on the index position pointer corresponding to the data segment symbol data.
4. The method according to claim 3, wherein, after said encrypting the specific type of data,
the storage position pointed by the index position pointer corresponding to the data segment symbolic data at present is a readability attribute;
and/or the storage position pointed by the index position pointer currently corresponding to the data segment symbol data can be modified into a readability attribute.
5. The method of claim 3, wherein the data segment symbol data further comprises: symbol data associated with a class, and/or symbol data associated with a selector.
6. The method of claim 1, wherein if the specific type of data comprises concatenated segment symbol data;
then said encrypting said specific type of data using an encryption algorithm matching said class of said specific type of data further comprises:
and determining the starting position and the ending position of the system symbol data section table from the link section of the binary file, and encrypting by adopting a preset encryption algorithm based on the starting position and the ending position of the system symbol data section table.
7. The method of claim 1, wherein the method further comprises:
and executing a decryption program to obtain the decryption key when the program runs, and decrypting the encrypted specific type of data by using the decryption key.
8. The method of claim 7, wherein the method further comprises:
compiling the decryption program into a dynamic link library, adding a loading command of the dynamic link library in the binary file, and enabling the loading command of the dynamic link library to be located at the first position of all link commands.
9. The method of claim 7, wherein the method further comprises:
and modifying code segments in the binary file to insert the decryption program, and enabling a preset program inlet in the binary file to point to the decryption program.
10. A program reinforcing apparatus based on an application installation package, comprising:
an extraction module adapted to extract a binary file from the application installation package;
the determining module is suitable for determining a plurality of types of specific data contained in non-code sections in the binary file; wherein the specific type of data comprises constant data and sign data; the symbol data further includes: data segment symbol data and link segment symbol data;
the encryption module is suitable for encrypting the specific type of data by adopting an encryption algorithm matched with the category of the specific type of data;
the key storage module is suitable for acquiring a decryption key corresponding to the encryption algorithm, storing the decryption key in a meaningless field in the binary file, and ensuring that the storage position of the decryption key is readable attribute or can be modified into readable attribute when a program runs;
if the specific type of data comprises constant data;
the encryption module is further adapted to:
extracting an index position pointer and/or a constant data length mark corresponding to the constant data from a data segment of the binary file;
performing offset processing on an index position pointer corresponding to the constant data; and/or changing the content of the constant data length mark corresponding to the constant data.
11. The apparatus of claim 10, wherein, after the cryptographic processing of the particular type of data,
the storage position pointed by the index position pointer corresponding to the constant data at present is a readability attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data at present can be modified into a readable attribute;
and/or the index position pointer corresponding to the constant data currently points to a storage position after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently, and the storage position is a readable attribute;
and/or the storage position pointed by the index position pointer corresponding to the constant data after the index position pointer corresponding to the constant data currently deviates from the constant data length corresponding to the constant data currently can be modified into the readable attribute.
12. The apparatus of claim 10, wherein if the particular type of data comprises data segment symbol data;
the encryption module is further adapted to:
determining data segment symbol data from the data segment of the binary file, and acquiring an index position pointer corresponding to the data segment symbol data;
and carrying out offset processing on an index position pointer corresponding to the data segment symbol data.
13. The apparatus of claim 12, wherein, after the cryptographic processing of the particular type of data,
the storage position pointed by the index position pointer corresponding to the data segment symbolic data at present is a readability attribute;
and/or the storage position pointed by the index position pointer currently corresponding to the data segment symbol data can be modified into the readability attribute.
14. The apparatus of claim 12, wherein the data segment symbol data further comprises: symbol data associated with a class, and/or symbol data associated with a selector.
15. The apparatus of claim 10, wherein if the specific type of data comprises concatenated segment symbol data;
the encryption module is further adapted to:
and determining the starting position and the ending position of the system symbol data section table from the link section of the binary file, and encrypting by adopting a preset encryption algorithm based on the starting position and the ending position of the system symbol data section table.
16. The apparatus of claim 10, wherein the apparatus further comprises:
and the decryption module is suitable for executing a decryption program to obtain the decryption key when the program runs, and decrypting the encrypted specific type of data by using the decryption key.
17. The apparatus of claim 16, wherein the apparatus further comprises:
and the command adding module is suitable for compiling the decryption program into a dynamic link library, adding a loading command of the dynamic link library into the binary file, and enabling the loading command of the dynamic link library to be positioned at the first position of all link commands.
18. The apparatus of claim 16, wherein the apparatus further comprises:
and the program insertion module is suitable for modifying the code segments in the binary file so as to insert the decryption program and enable a preset program inlet in the binary file to point to the decryption program.
19. A computing device, comprising: the system comprises a processor, a memory, a communication interface and a communication bus, wherein the processor, the memory and the communication interface complete mutual communication through the communication bus;
the memory is used for storing at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the program reinforcing method based on the application program installation package in any one of claims 1-9.
20. A computer storage medium having stored therein at least one executable instruction that causes a processor to perform operations corresponding to the application installation package based program hardening method of any one of claims 1-9.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910245606 | 2019-03-28 | ||
| CN2019102456064 | 2019-03-28 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110119601A CN110119601A (en) | 2019-08-13 |
| CN110119601B true CN110119601B (en) | 2022-07-12 |
Family
ID=67520638
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910257445.0A Active CN110119601B (en) | 2019-03-28 | 2019-04-01 | Program reinforcing method and device based on application program installation package |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110119601B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111695093A (en) * | 2020-05-29 | 2020-09-22 | 平安科技(深圳)有限公司 | iOS application-based reinforcement method, electronic device and storage medium |
| CN113434148B (en) * | 2021-06-30 | 2024-03-22 | 广东迅维信息产业股份有限公司 | Decryption-preventing client development compiling method and device, electronic equipment and storage medium |
| CN114519043A (en) * | 2021-12-31 | 2022-05-20 | 北京握奇数据股份有限公司 | Executable binary file format reverse analysis method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103745141A (en) * | 2013-12-02 | 2014-04-23 | 上海斐讯数据通信技术有限公司 | Method for preventing application program in intelligent terminal android system from being decompiled |
| CN106960156A (en) * | 2016-01-08 | 2017-07-18 | 广州市动景计算机科技有限公司 | Data encryption and access method based on application program, device |
| CN107977553A (en) * | 2017-12-25 | 2018-05-01 | 中国电子产品可靠性与环境试验研究所 | The method and device of the security hardening of mobile applications |
| CN109062582A (en) * | 2018-07-23 | 2018-12-21 | 北京云测信息技术有限公司 | A kind of encryption method and device of application installation package |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7987510B2 (en) * | 2001-03-28 | 2011-07-26 | Rovi Solutions Corporation | Self-protecting digital content |
-
2019
- 2019-04-01 CN CN201910257445.0A patent/CN110119601B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103745141A (en) * | 2013-12-02 | 2014-04-23 | 上海斐讯数据通信技术有限公司 | Method for preventing application program in intelligent terminal android system from being decompiled |
| CN106960156A (en) * | 2016-01-08 | 2017-07-18 | 广州市动景计算机科技有限公司 | Data encryption and access method based on application program, device |
| CN107977553A (en) * | 2017-12-25 | 2018-05-01 | 中国电子产品可靠性与环境试验研究所 | The method and device of the security hardening of mobile applications |
| CN109062582A (en) * | 2018-07-23 | 2018-12-21 | 北京云测信息技术有限公司 | A kind of encryption method and device of application installation package |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110119601A (en) | 2019-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110119601B (en) | Program reinforcing method and device based on application program installation package | |
| CN101908119B (en) | Method and device for processing dynamic link library (DLL) file | |
| CN111552931A (en) | Method and system for adding shell of java code | |
| US10586026B2 (en) | Simple obfuscation of text data in binary files | |
| CN108399319B (en) | Source code protection method, application server and computer readable storage medium | |
| US20150134976A1 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
| US9129113B2 (en) | Partition-based apparatus and method for securing bios in a trusted computing system during execution | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| CN109598107B (en) | Code conversion method and device based on application installation package file | |
| CN110147653B (en) | Application program security reinforcing method and device | |
| EP2874092A1 (en) | Recurrent BIOS verification with embedded encrypted hash | |
| CN106548046B (en) | Device and method for protecting code | |
| CN104866739A (en) | Application program encryption method and application program encryption system in Android system | |
| US20150134974A1 (en) | Apparatus and method for securing bios in a trusted computing system | |
| CN114547558B (en) | Authorization method, authorization control device, equipment and medium | |
| CN106055375A (en) | Application program installation method and device | |
| CN105279399A (en) | Application anti-crack method and device | |
| CN110119600A (en) | Program reinforcement means and device based on application program installation kit | |
| CN110110506B (en) | Program reinforcing method and device based on application program installation package | |
| CN108182358B (en) | File protection method and device, computing equipment and computer storage medium | |
| US10922682B2 (en) | Java card application memory footprint optimization | |
| CN106295327B (en) | Executable file reinforcing method and device | |
| CN108021790B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN108270787B (en) | Data decryption method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |