CN110210190A - A kind of Code obfuscation method based on secondary compilation - Google Patents
A kind of Code obfuscation method based on secondary compilation Download PDFInfo
- Publication number
- CN110210190A CN110210190A CN201910462869.0A CN201910462869A CN110210190A CN 110210190 A CN110210190 A CN 110210190A CN 201910462869 A CN201910462869 A CN 201910462869A CN 110210190 A CN110210190 A CN 110210190A
- Authority
- CN
- China
- Prior art keywords
- instruction
- rubbish
- binary file
- file
- obscured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000003780 insertion Methods 0.000 claims abstract description 18
- 230000037431 insertion Effects 0.000 claims abstract description 18
- 238000007689 inspection Methods 0.000 claims abstract description 9
- 238000007781 pre-processing Methods 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 229910002056 binary alloy Inorganic materials 0.000 claims 1
- 238000006467 substitution reaction Methods 0.000 claims 1
- 230000008901 benefit Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 230000003068 static effect Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000003362 replicative effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The present invention proposes a kind of Code obfuscation method based on secondary compilation, belongs to Software Protection Technique field, this method the following steps are included: to binary file carry out legitimacy inspection, check its whether be format specification binary file;The binary file of format specification is pre-processed, the address information of rubbish instruction block is found out in relation to jump instruction and be suitably inserted into;Secondary compilation is carried out to binary file, the assembly instruction in file is substituted for equivalent instruction sequence, and the instruction of insertion rubbish carries out control stream and obscures hereof, generates the assembling file obscured, then be compiled into the binary file obscured;The binary file obscured is encrypted, executable encrypted binary file is generated.This method avoids traditional binaries to obscure existing reorientation problem, while introducing diversity, the advantages such as fine granularity, to more effectively prevent reverse-engineering, code, which is usurped, waits attack means.
Description
Technical field
The invention belongs to Software Protection Technique fields, are related to a kind of side that software protection is carried out by Code Obfuscation Security Technology
Method, in particular to a kind of Code obfuscation method based on secondary compilation technology.
Background technique
The threat that software security faces mainly has software piracy, and code is usurped, maliciously distort etc..And the reverse work of software
Cheng Ze is the basis of these attack patterns.Protect a software from distorting, malicious modification and reverse-engineering are a Xiang Feichang
Difficult task, main cause are that software analysis personnel can be with unconfined access software, he can be by tool analog subscriber
Normal operating carries out single-step debug, dis-assembling, decompiling etc. in debugger;The sensitive data in memory can also be read
Even encryption key, or any median is modified during software operation further to analyze, purpose is exactly to manage
Solution programmed logic and further replicating code distort check logic.
" reverse-engineering " technology of computer field refers to analyzing by data flow to program and control stream,
By a variety of analysis means, restore or reconstruct the structure of corresponding high-level language and the process of meaning from low-level language.
Reverse-engineering using very extensive, in the case where source code is lost, reverse-engineering can help developer or system research
The code or logic of PERSONNEL RECOVERY's key aspect, to improve current code or study.In addition to these positive purposes, reverse-engineering
Also it is commonly used for software to crack, code is plagiarized, the negative purposes such as rogue attacks.The reverse-engineering of broad sense include conversed analysis with again
Two stages are built, the reverse-engineering of narrow sense only includes conversed analysis, i.e., analyzes by purposive program, obtains to certainly
Oneself useful information.Such as by software crack for the purpose of attacker, do not need the logic for restoring entire software, they only need
To navigating to software protection algorithm position, but it can equally cause considerable damage and loss.Object code is analyzed
The important branch of program analysis field, it is without other additional informations, it is only necessary to which an executable file, use are relevant
Analysis tool analyzes binary machine code, obtains the control stream of program, data flow and code reference, function call
Between relationship.It therefore is the core missions of software protection for the protection of object code.
Code Obfuscation Security Technology is to prevent software by one of effective means of reverse-engineering.It is referred to by carrying out to program
Obscure variation, keep original function and it is semantic under the premise of so that transformed program than the program before obscuring be more difficult by
Attacker understands or reduction.Code obfuscation can be divided into obscuring based on source code according to the difference in protection stage, based on can hold
Obscuring for part of style of writing and obscuring based on Intermediate semantic layer.It is mixed based on executable file that wherein application range is most commonly used
Confuse mode, such as software shelling and code virtualize.Software shelling is referred to through the code segment and data to binary program
Duan Jinhang encryption, and one section of decrypted code is added, and this section of code can preferentially obtain the control of program when program is run, and
The data and code that encrypt in advance in program are decrypted, control is then given back source code again.Therefore pass through
The program of shell adding can effectively resist static analysis means.However the shortcomings that this software protection mode of shell adding be can will be original
Then code decryption is executed into memory, this also results in the program after shelling that can not continue to be protected, it can be considered that
Shell adding is a kind of protected mode of coarseness.
Secondary compilation (Reassemble) technology can be classified as one kind of binary rewrite technology, it refers to hold
Style of writing part dis-assembling then recompilates into new binary process at assembling file (.s file) again.Due to executable file
The complexity of structure, directly modifies to binary file or patch installing is not an easy thing.Therefore it is based on
Such situation, ShuaiWang et al. (S.Wang, P.Wang, and D.Wu, " Reassembleable Disassembling, "
in24th USENIX Security Symposium(USENIX Security’15).USENIX Association,2015,
Pp.627-642.) secondary compilation technology is proposed, and point out to solve the problems, such as that reorientation is the key that secondary compilation success
Place.Namely whether a secondary compilation tool can recognize that the address of which element in executable file is possible in new text
It changes in part, and these specific address references is abstracted into symbolic reference.The problem also can simplify are as follows: provide one
The dis-assembling code of a executable file, how to distinguish immediate therein is address or constant.The difficult point of problem is machine
Device language belongs to typeless language, and many complicated reference situations are possible in file and are occurred, and functional boundary etc. is also difficult
With determine, once and occur a little mistake in type recovery, the binary file of generation be likely to be error.It is at present
Only more mature secondary compilation tool be by RuoyuWang et al. (RuoyuWang, Yan Shoshitaishvili,
Antonio Bianchi, " Ramblr:Making Reassembly Great Again " in NDSS) publication Ramblr work
Tool occurs the probability of mistake by reducing in semiosis, improve the success rate of secondary assembly process, and has corresponding
Fault tolerant mechanism.
For traditional obfuscated manner, such as Collberg et al. (Collberg C, Thomborson C, Low D.A
Taxonomy of Obfuscation Transformations.Department of Computer Science,The
University of Auckland, Technical Report 148,1997.) data encryption pointed out, variable alias will
Static number is converted into service hours value etc., and with the development of software analysis technology in recent years, many static analysis softwares are all
Can with automatic identification these relatively simple obfuscated manners.And the currently used obfuscation schemes based on executable file are as added
Shell, virtual machine protection etc., then since reorientation problem cannot be destroyed between code that is, when being modified to binary file
Adduction relationship causes misquotation, to limit the design and final effect of obfuscation schemes.It is mixed based on intermediate language
Confuse, such as the OLLVM realized based on LLVM, this kind of obfuscated manner uses the problem is that since it is integrated in compiler
Person need to use specified compiler in the development phase.But the publication form of software is mostly sent out in a manner of executable file at present
Cloth, obscuring based on binary form file obviously have wider application range than the obfuscated manner based on intermediate language layer
With actual research significance.
Original program can not be effectively protected in single, single Obfuscating Algorithms, even if complicated such as virtual machine protection technique, such as
Fruit conversed analysis personnel have enough patient and abilities to find the corresponding relationship between instruction, and cracking virtual machine protection technique is not yet
One difficult matter.So need to design it is a set of can iteration, the fine granularity Obfuscating Algorithms with diversity, scalability.In conjunction with a variety of
Different Obfuscating Algorithms and being iterated can be generated with sufficient intensity, can be resisted static and dynamic analysis mixed
Confuse variation.
Summary of the invention
It is an object of the invention to propose a kind of Code obfuscation method based on secondary compilation, this method avoid tradition two
System obscures existing reorientation problem, while introducing diversity, the advantages such as fine granularity, to more effectively prevent reverse
Engineering, code usurp equal attack means.
The technical solution adopted by the invention is as follows:
A kind of Code obfuscation method based on secondary compilation, comprising the following steps:
To binary file carry out legitimacy inspection, check its whether be format specification binary file;
The binary file of format specification is pre-processed, related jump instruction is found out and is suitably inserted into rubbish instruction block
Address information;
Secondary compilation is carried out to binary file, the assembly instruction in file is substituted for equivalent instruction sequence, and
In file be inserted into rubbish instruction carry out control stream obscure, generate the assembling file obscured, then be compiled into the binary file obscured;
The binary file obscured is encrypted, executable encrypted binary file is generated.
Further, when replacement instruction, classified according to instruction operation code to instruction, if there is immediate appearance, into
The encryption of row immediate, if there is specified register appearance, directly addition flower instruction;Call corresponding processing function, random selection
Obscure template, generates the replacement instruction after obscuring;The replacement instruction is returned, former instruction is substituted.
Further, when control stream is obscured, rubbish instruction is inserted by the insertion algorithm based on former jump instruction, this is based on
The insertion algorithm of former jump instruction is to carry out control stream by way of the intermediate jump of insertion to obscure, specifically: it first records original and jumps
Destination address recycles rubbish instruction generator to generate one section of new rubbish instruction, then the target of former jump instruction is changed to insert
The rubbish instruction block entered, rubbish instruction block continue to jump to former target execution after being finished, and realize that control stream is obscured.
Further, when control stream is obscured, by being inserted into rubbish instruction based on the Obfuscating Algorithms jumped between rubbish instruction block,
This is to connect by being inserted into random several rubbish instruction blocks, and by jump instruction based on the Obfuscating Algorithms jumped between rubbish instruction block
Each rubbish instruction block is connect, realizes that control stream is obscured.
Further, encryption method is to encrypt .text section of content, adds one for binary file and newly saves, and to new
Decrypted code is added in section, modification document entry point is the program entry newly saved, after the completion of which decrypts .text sections, then is jumped
Go to the original entrance of program.
A kind of Code obfuscation system based on secondary compilation, comprising:
Legitimacy inspection module checks whether it is format specification for carrying out legitimacy inspection to binary file
Binary file;
Preprocessing module is pre-processed for the binary file to format specification, is found out related jump instruction and is fitted
Close the address information of insertion rubbish instruction block;
Secondary compilation module, including instruction replacement submodule and control stream obscure submodule, which replaces submodule and use
In the assembly instruction in file to be substituted for equivalent instruction sequence, which, which obscures submodule and be inserted into rubbish hereof, refers to
Order carries out control stream and obscures;
Encrypting module generates executable encrypted binary file for encrypting to the binary file obscured.
Further, further include rubbish instruction generator, obscure what submodule was inserted into hereof for generating control stream
Rubbish instruction.
Detailed description of the invention
Fig. 1 is a kind of combination of embodiment based on the Code obfuscation method flow diagram of secondary compilation;
Fig. 2 is instruction replacement flow chart;
Fig. 3 is that control stream obscures flow chart;
Fig. 4 is a kind of Code obfuscation method flow diagram based on secondary compilation of example.
Specific embodiment
To enable features described above and advantage of the invention to be clearer and more comprehensible, the present invention is carried out with reference to the accompanying drawing further
Detailed description.
The present embodiment discloses a kind of Code obfuscation method based on secondary compilation, passes through a kind of code based on secondary compilation
System realization is obscured, as shown in Figure 1, being described as follows.
1) legitimacy inspection module
Legitimacy inspection is carried out to binary file first, that is, checks whether the binary file is a format specification
The target executable file of (format complete and meet the requirements), the only file of format specification can just carry out subsequent obscuring place
Reason.
2) preprocessing module
It for satisfactory executable file, is pre-processed by preprocessing module, executable file is carried out
Preliminary analysis obtains in relation to jump instruction, instructs the relevant informations such as layout, the address for being suitably inserted into rubbish instruction block, after building
It is continuous to obscure required data structure, it is ready for obscuring for next step.
3) secondary compilation module
After preprocessing module is completed to the preliminary analysis of executable file, then enter secondary compilation module.In the module
Interior, completion obscures operation to executable file.Binary file forms structure after the analysis by secondary compilation engine
At structural information needed for corresponding assembling file, by being modified to the information, to generate the assembling file by obscuring.
The method of obscuring used mainly instructs replacement and control stream to obscure, and is obscured submodule by instruction replacement submodule and control stream and is born
Duty is implemented.
Wherein, the treatment process of instruction replacement submodule is as shown in Fig. 2, be described as follows:
In secondary assembly process, classified according to instruction operation code to instruction, and calls corresponding processing function.It is right
In there is the case where immediate occurs, immediate encrypting module is called, for there is the case where specified register occurs, such as stack top is posted
Storage changes, and in order to protect specified register numerical value, generallys use the way of directly addition flower instruction, not special to original instruction
Different register is modified.Then into corresponding processing function, template is obscured in random selection, generates the replacement after obscuring
Instruction, finally returns to the replacement instruction, substitutes former instruction.The design principle for wherein obscuring template is by using idle deposit
Device is as transfer register or using the memory headroom of stack top, in cache and data in register etc., by one
Instruction is converted into a plurality of instruction functionally of equal value.Instruction is divided into sensitive instructions and ordinary instruction two major classes are handled, it is quick
Sense refers to that control stream jump instruction, typically program analysis provide key message, ordinary instruction, that is, normal instruction.
Control stream obscures the treatment process of submodule as shown in figure 3, being described as follows:
It controls stream to obscure mainly by way of the intermediate jump of insertion come what is realized, rubbish instructs insertion algorithm including being based on
The insertion algorithm of former jump instruction and based on the Obfuscating Algorithms jumped between rubbish instruction block.The former mainly passes through the intermediate jump of insertion
Mode is obscured to carry out control stream, records former jump target addresses first, while generating a Duan Xin using rubbish instruction generator
Rubbish instruction, during secondary compilation, by the target of former jump instruction be changed to insertion rubbish instruction block, rubbish instruction
Block continues to jump to former target execution after being finished, and realizes that control stream is obscured in this way.The latter be by insertion with
The several rubbish instruction blocks of machine, and each rubbish instruction block is connected by jump instruction, to achieve the effect that obscure control stream.
4) encrypting module
Encrypting module is that the file after obscuring in order to prevent is disassembled, and by being encrypted to file, it can interfere
The analysis of static disassembly device.The encryption method used in the present invention is to encrypt .text sections of content, and add for binary file
Add a new section, and add decrypted code in Xiang Xinjie, modification document entry point is the program entry newly saved, program decryption
.text after the completion of section, then the original entrance of program is jumped to.
A specific example is set forth below, and is described further in conjunction with Fig. 4
User is software developer, and for the demand for protecting oneself intellectual property, seeking a kind of software protection mode can
To protect the software of oneself not cracked easily inversely.It in such a case, can be with using the Code obfuscation method in the present invention
Effectively protection is provided for target software.
User will need executable program to be protected as input, in this example by taking ELF file as an example.First to file into
Row legitimacy is examined, and checks whether file format meets specification.File format continues to analyze in next step if correct.Then
Preliminary analysis and information extraction are carried out to the program into preprocessing module.Since replacement is obscured and instructed to subsequent control stream
It needs to carry out classification processing and replacement to the instruction in executable program, therefore in preprocessing module, emphasis jumps control stream
Turn instruction and sensitive instructions have carried out statistics and analysis, provide the address for insertion rubbish instruction, while constructing corresponding
Data structure for next module carry out using.
After preprocessing module, the relevant information of all jump instructions in program is got, and for rubbish
The address information of rubbish instruction insertion, subsequently enters secondary compilation module, obscures in secondary assembly process instruction, obscure
Method mainly includes that instruction replacement and control stream are obscured.Instruction replacement template is random selection as used in this method, and
And the generation of flower instruction also has randomness, so that confusion result has diversity, i.e., after same file each run
As a result all different.The executable program by obscuring can be obtained after obscuring.If executable program at this time uses
It is that can directly be seen that command content, therefore user needs to carry out the code segment of program if disassembler is directly viewable
Encryption, to increase safety.
The instruction complexity and controlling stream graph complexity of program after obscuring are tested, we are used to ten programs
Method is protected, and has counted the instruction degrees of expansion for obscuring backward-forward procedure respectively, and program basic block increases number and control
The variation of number of edges and number of nodes in flow graph processed.As a result as shown in Table 1 and Table 2.
Table 1. obscures the variation of front and back controlling stream graph
Table 2. obscures front and back basic block and instruction increases
As can be seen from Table 1 and Table 2, the controlling stream graph for obscuring rear file will much be more complex than former controlling stream graph, after obscuring
Node quantity and number of edges in the controlling stream graph of program are more than 50% or more original program.And pass through the system to instruction degrees of expansion
Meter, it can be seen that the program basic block increment rate and instruction increment rate after obscuring are all considerably beyond 100%.
In addition to this, also the similitude for obscuring backward-forward procedure is tested, it is believed that if obscure front and back two two into
File difference processed is bigger, then illustrates that this obscures more effective, difference is smaller, then illustrates that the aliasing effect is bad.Come using Bindiff
The similarity of former and later two programs is obscured in comparison, and data are as shown in the table:
3. similarity-rough set of table
By experiment it is found that two entirely different programs are compared using Bindiff, similarity degree close to
0.03.And the file after obscuring is approximate with the similarity of original 0.034, it can be seen that program and original after obscuring
The similarity of file is extremely low.The above experiment has absolutely proved that the present invention can effectively increase the complexity of binary file, is
It provides protection.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this field
Personnel can be with modification or equivalent replacement of the technical solution of the present invention are made, without departing from the spirit and scope of the present invention, this
The protection scope of invention should be subject to described in claims.
Claims (7)
1. a kind of Code obfuscation method based on secondary compilation, comprising the following steps:
To binary file carry out legitimacy inspection, check its whether be format specification binary file;
The binary file of format specification is pre-processed, the ground of rubbish instruction block is found out in relation to jump instruction and be suitably inserted into
Location information;
Secondary compilation is carried out to binary file, the assembly instruction in file is substituted for equivalent instruction sequence, and in file
Middle insertion rubbish instruction carries out control stream and obscures, and generates the assembling file obscured, then be compiled into the binary file obscured;
The binary file obscured is encrypted, executable encrypted binary file is generated.
2. the method as described in claim 1, which is characterized in that when replacement instruction, divided according to instruction operation code instruction
Class carries out immediate encryption if there is immediate appearance, if there is specified register appearance, directly addition flower instruction;Call phase
Template is obscured in the processing function answered, random selection, generates the replacement instruction after obscuring;The replacement instruction is returned, substitution original refers to
It enables.
3. the method as described in claim 1, which is characterized in that when control stream is obscured, pass through the insertion based on former jump instruction
Algorithm is inserted into rubbish and instructs, and being somebody's turn to do the insertion algorithm based on former jump instruction is control flowing by way of being inserted into intermediate jump mixing
Confuse, specifically: former jump target addresses are first recorded, recycle rubbish instruction generator to generate one section of new rubbish instruction, then will
The target of former jump instruction is changed to the rubbish instruction block of insertion, and rubbish instruction block, which continues to jump to former target after being finished, to be held
Row realizes that control stream is obscured.
4. the method as described in claim 1, which is characterized in that when control stream is obscured, jumped between rubbish instruction block by being based on
Obfuscating Algorithms insertion rubbish instruction, should be that pass through to be inserted into random several rubbish based on the Obfuscating Algorithms jumped between rubbish instruction block
Instruction block, and each rubbish instruction block is connected by jump instruction, realize that control stream is obscured.
5. the method as described in claim 1, which is characterized in that encryption method is the content for encrypting .text sections, is binary system text
Part adds a new section, and decrypted code is added in Xiang Xinjie, and modification document entry point is the program entry newly saved, the program solution
After the completion of .text sections close, then jump to the original entrance of program.
6. a kind of Code obfuscation system based on secondary compilation, comprising:
Legitimacy inspection module, for binary file carry out legitimacy inspection, check its whether be format specification two into
File processed;
Preprocessing module is pre-processed for the binary file to format specification, is found out related jump instruction and is suitble to insert
Enter the address information of rubbish instruction block;
Secondary compilation module, including instruction replacement submodule and control stream obscure submodule, and instruction replacement submodule is used for will
Assembly instruction in file is substituted for equivalent instruction sequence, the control stream obscure submodule be inserted into hereof rubbish instruct into
Row control stream is obscured;
Encrypting module generates executable encrypted binary file for encrypting to the binary file obscured.
7. system as claimed in claim 6, which is characterized in that it further include rubbish instruction generator, it is mixed for generating control stream
The rubbish instruction that the submodule that confuses is inserted into hereof.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910462869.0A CN110210190A (en) | 2019-05-30 | 2019-05-30 | A kind of Code obfuscation method based on secondary compilation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910462869.0A CN110210190A (en) | 2019-05-30 | 2019-05-30 | A kind of Code obfuscation method based on secondary compilation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110210190A true CN110210190A (en) | 2019-09-06 |
Family
ID=67789640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910462869.0A Pending CN110210190A (en) | 2019-05-30 | 2019-05-30 | A kind of Code obfuscation method based on secondary compilation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110210190A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110659459A (en) * | 2019-09-27 | 2020-01-07 | 北京金山云网络技术有限公司 | Software code processing method and device, electronic equipment and storage medium |
CN110807177A (en) * | 2019-11-06 | 2020-02-18 | 南京法艾博光电科技有限公司 | Reverse engineering defense device and method |
CN111190604A (en) * | 2019-12-30 | 2020-05-22 | 航天信息股份有限公司 | Android application memory confusion method and device, electronic equipment and medium |
CN111339503A (en) * | 2020-02-25 | 2020-06-26 | Oppo广东移动通信有限公司 | Control flow obfuscation method and related product |
CN111475168A (en) * | 2020-04-14 | 2020-07-31 | 中国人民解放军战略支援部队信息工程大学 | Code compiling method and device |
CN111930386A (en) * | 2020-09-24 | 2020-11-13 | 武汉精鸿电子技术有限公司 | PATTERN file compiling method and device and electronic equipment |
CN112069466A (en) * | 2020-09-15 | 2020-12-11 | 常熟理工学院 | Code obfuscation information security control method, system and device based on mode switching |
CN112231703A (en) * | 2020-11-09 | 2021-01-15 | 北京理工大学 | Malicious software countermeasure sample generation method combined with API fuzzy processing technology |
CN112528241A (en) * | 2020-11-27 | 2021-03-19 | 北京深思数盾科技股份有限公司 | Code obfuscation method, code obfuscator and computer readable storage medium |
CN112612480A (en) * | 2020-12-28 | 2021-04-06 | 苏州浪潮智能科技有限公司 | Confusion removing method and device for decompiled original code |
CN114357389A (en) * | 2021-12-31 | 2022-04-15 | 北京大学 | Instruction flower adding confusion method and device based on LLVM |
CN115048623A (en) * | 2022-04-01 | 2022-09-13 | 上海任意门科技有限公司 | Method, computing device and storage medium for encrypting code |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964040A (en) * | 2010-09-10 | 2011-02-02 | 西安理工大学 | PE loader-based software packing protection method |
CN103544414A (en) * | 2013-10-25 | 2014-01-29 | 苏州通付盾信息技术有限公司 | Deep code obfuscation method for Android system applications |
CN103699820A (en) * | 2013-12-25 | 2014-04-02 | 北京深思数盾科技有限公司 | Obfuscating method for relative jump instruction |
CN103778355A (en) * | 2014-01-15 | 2014-05-07 | 西北大学 | Code morphing-based binary code obfuscation method |
CN104063635A (en) * | 2014-07-02 | 2014-09-24 | 北京深思数盾科技有限公司 | Method and system for protecting object files |
CN106529224A (en) * | 2016-10-27 | 2017-03-22 | 南京大学 | Binary obfuscation method based on ROP (Return Oriented Programming) attack feature |
US20180307837A1 (en) * | 2017-04-20 | 2018-10-25 | Line Corporation | Method and system for evaluating security of application |
-
2019
- 2019-05-30 CN CN201910462869.0A patent/CN110210190A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101964040A (en) * | 2010-09-10 | 2011-02-02 | 西安理工大学 | PE loader-based software packing protection method |
CN103544414A (en) * | 2013-10-25 | 2014-01-29 | 苏州通付盾信息技术有限公司 | Deep code obfuscation method for Android system applications |
CN103699820A (en) * | 2013-12-25 | 2014-04-02 | 北京深思数盾科技有限公司 | Obfuscating method for relative jump instruction |
CN103778355A (en) * | 2014-01-15 | 2014-05-07 | 西北大学 | Code morphing-based binary code obfuscation method |
CN104063635A (en) * | 2014-07-02 | 2014-09-24 | 北京深思数盾科技有限公司 | Method and system for protecting object files |
CN106529224A (en) * | 2016-10-27 | 2017-03-22 | 南京大学 | Binary obfuscation method based on ROP (Return Oriented Programming) attack feature |
US20180307837A1 (en) * | 2017-04-20 | 2018-10-25 | Line Corporation | Method and system for evaluating security of application |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110659459A (en) * | 2019-09-27 | 2020-01-07 | 北京金山云网络技术有限公司 | Software code processing method and device, electronic equipment and storage medium |
CN110807177A (en) * | 2019-11-06 | 2020-02-18 | 南京法艾博光电科技有限公司 | Reverse engineering defense device and method |
CN111190604A (en) * | 2019-12-30 | 2020-05-22 | 航天信息股份有限公司 | Android application memory confusion method and device, electronic equipment and medium |
CN111190604B (en) * | 2019-12-30 | 2023-11-03 | 航天信息股份有限公司 | Android application memory confusion method and device, electronic equipment and medium |
CN111339503A (en) * | 2020-02-25 | 2020-06-26 | Oppo广东移动通信有限公司 | Control flow obfuscation method and related product |
CN111475168B (en) * | 2020-04-14 | 2023-05-05 | 中国人民解放军战略支援部队信息工程大学 | Code compiling method and device |
CN111475168A (en) * | 2020-04-14 | 2020-07-31 | 中国人民解放军战略支援部队信息工程大学 | Code compiling method and device |
CN112069466A (en) * | 2020-09-15 | 2020-12-11 | 常熟理工学院 | Code obfuscation information security control method, system and device based on mode switching |
CN112069466B (en) * | 2020-09-15 | 2023-11-03 | 常熟理工学院 | Code confusion information safety control method, system and device based on mode switching |
CN111930386A (en) * | 2020-09-24 | 2020-11-13 | 武汉精鸿电子技术有限公司 | PATTERN file compiling method and device and electronic equipment |
CN111930386B (en) * | 2020-09-24 | 2020-12-29 | 武汉精鸿电子技术有限公司 | PATTERN file compiling method and device and electronic equipment |
CN112231703A (en) * | 2020-11-09 | 2021-01-15 | 北京理工大学 | Malicious software countermeasure sample generation method combined with API fuzzy processing technology |
CN112231703B (en) * | 2020-11-09 | 2022-08-05 | 北京理工大学 | Malicious software countermeasure sample generation method combined with API fuzzy processing technology |
CN112528241B (en) * | 2020-11-27 | 2021-09-14 | 北京深思数盾科技股份有限公司 | Code obfuscation method, code obfuscator and computer readable storage medium |
CN112528241A (en) * | 2020-11-27 | 2021-03-19 | 北京深思数盾科技股份有限公司 | Code obfuscation method, code obfuscator and computer readable storage medium |
CN112612480A (en) * | 2020-12-28 | 2021-04-06 | 苏州浪潮智能科技有限公司 | Confusion removing method and device for decompiled original code |
CN114357389A (en) * | 2021-12-31 | 2022-04-15 | 北京大学 | Instruction flower adding confusion method and device based on LLVM |
CN114357389B (en) * | 2021-12-31 | 2024-04-16 | 北京大学 | LLVM (logical Low level virtual machine) -based instruction flower adding confusion method and device |
CN115048623A (en) * | 2022-04-01 | 2022-09-13 | 上海任意门科技有限公司 | Method, computing device and storage medium for encrypting code |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110210190A (en) | A kind of Code obfuscation method based on secondary compilation | |
CN106126981B (en) | Software security means of defence based on the replacement of virtual function table | |
Behera et al. | Different obfuscation techniques for code protection | |
CN104091100B (en) | Software protection method based on intermediate result compiling | |
CN105683990B (en) | Method and apparatus for protecting dynamic base | |
CN105787305B (en) | A kind of method for protecting software for resisting semiology analysis and stain analysis | |
US20110035601A1 (en) | System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms | |
CN102118512A (en) | Method and system for preventing application program of mobile phone from being cracked | |
CN101986326A (en) | Method and device for protecting software security | |
CN104462990A (en) | Character string decrypting and encrypting method and device | |
CN103136458A (en) | Code protection method for Linux operating system and module of method | |
Sebastian et al. | A study & review on code obfuscation | |
Balachandran et al. | Software code obfuscation by hiding control flow information in stack | |
Demsky | Cross-application data provenance and policy enforcement | |
Guo et al. | Eliminating the hardware-software boundary: A proof-carrying approach for trust evaluation on computer systems | |
CN109325322B (en) | Software intellectual property protection system and method for embedded platform | |
CN110457869A (en) | Program compiles encryption method, device, storage medium and electronic equipment | |
CN107577925B (en) | Based on the virtual Android application program guard method of dual ARM instruction | |
Joshi et al. | Impact of software obfuscation on susceptibility to return-oriented programming attacks | |
CN104504310A (en) | Method and device for software protection based on shell technology | |
Monden et al. | A framework for obfuscated interpretation | |
Duan et al. | TEEFuzzer: A fuzzing framework for trusted execution environments with heuristic seed mutation | |
Lee et al. | Classification and analysis of security techniques for the user terminal area in the internet banking service | |
Guo et al. | A survey of obfuscation and deobfuscation techniques in android code protection | |
Kinsy et al. | Sphinx: A secure architecture based on binary code diversification and execution obfuscation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190906 |
|
RJ01 | Rejection of invention patent application after publication |