CN110298146B - Application processing and running method and device - Google Patents
Application processing and running method and device Download PDFInfo
- Publication number
- CN110298146B CN110298146B CN201910569332.4A CN201910569332A CN110298146B CN 110298146 B CN110298146 B CN 110298146B CN 201910569332 A CN201910569332 A CN 201910569332A CN 110298146 B CN110298146 B CN 110298146B
- Authority
- CN
- China
- Prior art keywords
- file
- preset
- executable file
- application program
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000012545 processing Methods 0.000 title claims abstract description 19
- 230000006870 function Effects 0.000 claims abstract description 190
- 230000003068 static effect Effects 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 19
- 238000009434 installation Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 16
- 238000004458 analytical method Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 2
- 238000013507 mapping Methods 0.000 abstract description 25
- 238000003672 processing method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000007726 management method Methods 0.000 description 2
- 238000011017 operating method Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000001174 ascending effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000010189 synthetic method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Mathematical Physics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention provides a method and a device for processing and running an application program. The scheme provided by the embodiment of the invention does not use the original calling relationship to directly call the preset function, but calls the preset function through the configuration file containing the preset calling relationship, and the preset calling relationship can hide the mapping relationship between the preset functions in the executable file, so that a cracker is difficult to restore the source code of the application program. By applying the scheme provided by the embodiment of the invention, the safety of the application program can be improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for processing and running an application.
Background
With the development of software technology, people have higher dependence on application programs in work and life, and therefore, the requirement on the safety of the application programs is gradually enhanced.
To enhance the security of an application, the executable file in an application installation package (application for short) is typically reinforced. Taking an application program applied to an android operating system as an example, one way to consolidate files in the prior art is as follows:
the file in the dex format in the application program is compressed and encrypted, and then the source code of the file in the dex format is hidden, so that even a cracker takes the application program, the source code of the file in the dex format cannot be directly obtained.
However, although compressing and encrypting the dex format file can improve the security of the application program, when the application program is run, the compressed and encrypted dex format file needs to be decrypted and decompressed, and then the application program is run. However, in the process of running the installation package, the dump file can still be generated, and the dump file records the memory mirror image of the process, that is, the dump file records the execution state of the installation package in the running process, so that a cracker can restore the source code of the application program according to the dump file, the application program is cracked, and the security of the application program is low.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for processing and running an application program, so as to improve the safety of the application program. The specific technical scheme is as follows:
a method of processing an application, the application comprising an executable file, the method comprising:
detecting a preset function called in the executable file;
modifying the original calling relationship of the preset function in the executable file to obtain the modified preset calling relationship of the preset function in the executable file; the preset calling relation comprises that the executable file calls the preset function through a Java native interface JNI;
generating a configuration document containing the preset calling relation;
and packaging the application program containing the configuration document to obtain the processed application program.
Further, the application program further comprises a smali file, and the method further comprises:
and correspondingly replacing the codes in the smali file according to the modified preset calling relation of the preset function in the executable file.
Further, the application program further comprises a so file, and the executable file calls the preset function in the so file through JNI.
Further, before the detecting a preset function called in the executable file, the method further includes:
generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function;
aiming at each object to be confused, replacing the object name of the object to be confused with an object replacement name corresponding to the object to be confused;
for each file to be obfuscated, generating a file replacement name of the file to be obfuscated according to an object replacement name of an object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated;
and replacing the file name of each file to be obfuscated with a corresponding file replacement name.
Further, the generating an object replacement name of an object to be obfuscated in the executable file includes:
and generating an object replacement name of each object to be confused according to a preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
Further, the object to be obfuscated in each executable file is determined as follows:
determining a non-static class object in the executable file;
replacing the determined non-static class object with a preset static class object;
and determining the objects except the pre-specified object in the executable file as the objects to be confused.
A method of operating an application, the application comprising an executable file, the method comprising:
in the process of running an application program, obtaining a configuration file from the application program, wherein the configuration file stores a preset calling relationship, and the preset calling relationship is as follows: modifying the original calling relationship of a preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
analyzing the preset calling relationship in the configuration file, and calling the preset function;
and continuing to run the application program based on the preset function obtained by analysis.
An apparatus for processing an application, the application comprising an executable file, the apparatus comprising:
the detection module is used for detecting a preset function called in the executable file;
a preset calling relationship obtaining module, configured to modify an original calling relationship of the preset function in the executable file, so as to obtain a modified preset calling relationship of the preset function in the executable file; the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
the configuration document generation module is used for generating a configuration document containing the preset calling relationship;
and the application program generating module is used for packaging the application program containing the configuration document to obtain the processed application program.
Further, the application program further comprises a smali file, and the device further comprises:
and correspondingly replacing the codes in the smali file according to the modified preset calling relation of the preset function in the executable file.
Further, the application program further comprises a so file, and the executable file calls the preset function in the so file through JNI.
Further, the apparatus further comprises:
the object replacement name generating module is used for generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function;
the device comprises a first replacing module, a second replacing module and a third replacing module, wherein the first replacing module is used for replacing the object name of each object to be confused with the object replacing name corresponding to the object to be confused aiming at each object to be confused;
the file replacement name generating module is used for generating a file replacement name of each file to be obfuscated according to an object replacement name of an object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated;
and the second replacement module is used for replacing the file name of each file to be obfuscated with the corresponding file replacement name.
Further, the object replacement name generation module comprises:
and the object replacement name generation submodule is used for generating the object replacement name of each object to be confused according to the preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
Further, the apparatus also includes a confusing object determining module,
and the confusion object determining module is used for determining the confusion object in each executable file.
Wherein the confusing object determining module is specifically configured to:
determining a non-static class object in the executable file;
replacing the determined non-static class object with a preset static class object;
and determining the objects except the pre-specified object in the executable file as the objects to be confused.
An apparatus for running an application, the apparatus comprising:
the installation package operation module is used for acquiring a configuration file from an application program in the process of operating the application program, wherein the configuration file stores a preset calling relationship, and the preset calling relationship is as follows: modifying the original calling relationship of a preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
the analysis module is used for analyzing the preset calling relationship in the configuration file and calling the preset function;
and the continuous operation module is used for continuously operating the application program based on the preset function obtained by analysis.
In yet another aspect of the present invention, there is also provided a computer-readable storage medium having stored therein instructions, which, when executed on a computer, cause the computer to perform the process of any one of the above-described application programs, or the execution method of the application program.
In another aspect of the present invention, the present invention further provides a computer program product including instructions, which when run on a computer, make the computer execute the processing of the application program on the processing side of the application program or the running method of the application program.
According to the method and device for processing and running the application program, provided by the embodiment of the invention, the modified preset call relation of the preset function in the executable file can be obtained by modifying the original call relation of the preset function in the executable file, and the application program of the configuration document containing the preset call relation is packaged to obtain the processed application program. Compared with the prior art, the scheme provided by the embodiment of the invention does not use the original calling relationship to directly call the preset function, but calls the preset function through the configuration file containing the preset calling relationship, and the preset calling relationship can hide the mapping relationship among the preset functions in the executable file, so that a cracker is difficult to restore the source code of the application program, and the safety of the application program can be improved. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic flowchart of a processing method of an application according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of an operation method of an application according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a processing method of an application based on an android installation package according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a processing apparatus for an application according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an application running apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart of a processing method of an application program according to an embodiment of the present invention, where the application program includes an executable file, and includes the following steps:
s101, detecting a preset function called in the executable file.
In order to improve the security of the application program, this step needs to process the called preset function in the executable file, so that it is difficult for a cracker to obtain the called preset function contained in the executable file.
It should be noted that the application program may be an application program installation package suitable for multiple different types of operating systems, for example, the application program may be an application program installation package suitable for the iOS, which is abbreviated as an iOS installation package, or an application program installation package suitable for an android operating system, which is abbreviated as an Android Package (APK), which is not limited in this embodiment of the present invention.
When the application program is the above-mentioned iOS installation package, the executable file may be a MACH-O file; when the application is an android installation package, the executable file may be a dex file.
Taking an android installation package as an example, the preset function is a function selected in the dex file in advance; this step may be understood as detecting a preset function for invocation from a plurality of dex files of the application.
To further improve the security of the application, the object containing the called preset function in the executable file may be obfuscated. The detailed description will be given in the following examples, and will not be detailed here.
S102, modifying the original calling relationship of the preset function in the executable file to obtain the modified preset calling relationship of the preset function in the executable file; the preset calling relation comprises that the executable file calls a preset function through a Java native interface JNI.
The original calling relation refers to an initial mapping relation of a preset function in an executable file.
In this step, the original call relation in the executable file where the preset function is located is modified, which means that the initial mapping relation is changed, so that a cracker cannot easily obtain the function corresponding to the original call relation in the executable file by using the modified preset call relation.
The preset calling relation is obtained by modifying the original calling relation according to a preset rule. The preset rule is a rule for calling the preset function through a Java native interface JNI.
For example, it is assumed that the preset functions called in the executable file include a function a and a function B, where the preset functions are a function a ' and a function B ', the function a ' mapped to the function a can be directly obtained through the original calling relationship, the function B ' mapped to the function B can be directly obtained through the original calling relationship, after the original calling relationship is modified, the function a ' mapped to the function a can be called through a Java native interface JNI, and the function B ' mapped to the function B can be called through a Java native interface JNI, that is, the original mapping relationship between the function a and the function a ' is changed into a mapping relationship between the function a and the JNI, and the mapping relationship between the JNI and the function a ' is changed into a mapping relationship between the function B and the JNI, and the mapping relationship between the JNI and the function B '.
In an embodiment of the present invention, the application program may further include a smali file, and the method may further include:
and correspondingly replacing the code in the smali file according to the modified preset calling relation of the preset function in the executable file.
The executable file is in one-to-one correspondence with the smali file, and after the preset calling relationship is obtained, the codes of the preset calling relationship are used for replacing the original calling relationship codes of the preset function in the smali file.
Therefore, according to the method provided by the embodiment, codes in the smali file are correspondingly replaced according to the preset calling relation of the preset function in the executable file, so that the difficulty of cracking the smali file in the application program by a cracker can be improved, and the safety of the application program can be further improved.
S103, generating a configuration document containing the preset calling relationship.
The configuration document is a document storing the preset calling relationship, that is, a preset function can be obtained through the configuration document.
Based on the above example, if the preset functions are a function a 'and a function B', the configuration document stores a mapping relationship between the function a and the JNI, a mapping relationship between the JNI and the function a ', a mapping relationship between the function B and the JNI, and a mapping relationship between the JNI and the function B'. Obtaining a function A 'mapped with the function A through the mapping relation between the function A and the JNI and the mapping relation between the JNI and the function A'; the function B 'mapped with the function B can be obtained through the mapping relation between the function B and the JNI and the mapping relation between the JNI and the function B'.
In an embodiment of the present invention, the application program further includes a so file, and the executable file calls a preset function in the so file through a JNI.
Wherein the so file is a dynamic link library of unix, is a binary file and has the function equivalent to a dll file under windows. In an android operating system, calling a dynamic library file (. so) is to load an application program provided by a so file in a JNI (just noticeable information) interface mode.
The executable file calls a preset function in the so file through the JNI by using a preset calling relation in the configuration file.
Based on the above example, if the preset functions are a function a 'and a function B', the function a 'mapped with the function a in the so file can be called through the mapping relationship between the function a and the JNI and the mapping relationship between the JNI and the function a'; the function B 'mapped with the function B in the so file can be called through the mapping relation between the function B and the JNI and the mapping relation between the JNI and the function B'.
In an embodiment of the present invention, the so file and the configuration file may be respectively placed in preset subdirectories in the application program, which may further improve the security of the application program.
Taking an android installation package as an example, the preset subdirectories are a lib directory and an assets directory in an application program. And calling the so file under the lib directory by using the configuration file under the assets directory to obtain a preset function.
And S104, packaging the application programs containing the configuration documents to obtain processed application programs.
The packaged application is an application containing the configuration document, that is, the packaged application contains a preset calling relationship. Therefore, a cracker is difficult to directly obtain the preset function in the application program through the preset calling relationship, namely, the application program is difficult to crack.
In addition, in order to further increase the security of the application program, the application program can be signed after being packaged.
Therefore, the method provided by the embodiment of the invention obtains the modified preset call relation of the preset function in the executable file by modifying the original call relation of the preset function in the executable file, and packages the application program of the configuration document containing the preset call relation to obtain the processed application program. Compared with the prior art, the scheme provided by the embodiment of the invention does not use the original calling relationship to directly call the preset function, but calls the preset function through the configuration file containing the preset calling relationship, and the preset calling relationship can hide the mapping relationship among the preset functions in the executable file, so that a cracker is difficult to restore the source code of the application program, and the safety of the application program can be improved.
In an embodiment of the present invention, before S101, the following steps a to C may be further included:
and step A, generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function.
In this step, the purpose of obfuscating the object to be obfuscated is to: the object to be confused is not displayed in the disassembling process, and even if the object to be confused can be found, the object to be confused is difficult to read or messy, so that the application program is difficult to restore the source code, namely, a cracker cannot directly obtain the source code of the file in the dex format.
Based on the above situation, in order to improve the security of the application program, the step needs to obfuscate the object to be obfuscated, which includes the preset function, so that it is difficult for a cracker to obtain the object, which includes the preset function, in the executable file through obfuscation.
In this step, one implementation manner of generating the object replacement name may be: and generating an object replacement name of each object to be confused according to a preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
The preset sequence may be a sequence from front to back according to the package name, the class name, the object name, the input parameter, and the output parameter, or may be a sequence from back to front according to the package name, the class name, the object name, the input parameter, and the output parameter, which is not limited in this embodiment of the present invention.
For example, if the object name of the object to be obfuscated is a0, and the package name, the class name, the input parameter, and the output parameter corresponding to a0 are Z, s, x1, and x2 in sequence, the generated object alternate names may be spliced by Z, s, a0, x1, and x2 in order from front to back, that is, Zsa0x1x2, and Zsa0x1x2 is the object alternate name of the object name a0 of the object to be obfuscated.
And B, replacing the object name of each object to be confused with the object replacement name corresponding to the object to be confused.
After the object replacement names of the objects to be confused are generated, the original object name of each object to be confused needs to be replaced by the corresponding object replacement name, so that a cracker is difficult to search for the object represented by the object replacement name, and even if the cracker sees the object replacement name, the cracker is difficult to know which object is represented by the object replacement name.
Based on the above example, if the object name of the object to be confused is replaced by a0 to Zsa0x1x2, a0 is easily recognized as a specific object by those skilled in the art, and thus is also easily broken, but Zsa0x1x2 is difficult for those skilled in the art to recognize a specific object corresponding to Zsa0x1x2, and especially when the arrangement order from front to back of human thinking and solidifying is broken according to Z, s, a0, x1 and x2, for example, sa0x1x2Z is generated, it is more difficult for a breaker to know the specific object corresponding to sa0x1x2Z than Zsa0x1x 2.
And step C, aiming at each file to be obfuscated, generating a file replacement name of the file to be obfuscated according to the object replacement name of the object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated.
In order to further improve the safety of the application program, the step confuses the file to be obfuscated, so that a cracker is difficult to obtain the file to be obfuscated through obfuscation, and further difficult to obtain the object to be obfuscated.
In this step, the file name of one file to be obfuscated corresponds to one file replacement name.
An implementation manner of a file replacement name may be: and aiming at each file to be obfuscated, generating a file replacement name of the file to be obfuscated according to a preset sequence of object replacement names of objects to be obfuscated contained in the file to be obfuscated.
For example, if the file name of the file to be obfuscated is a, which is referred to as file a for short, the file a includes three objects to be obfuscated, and the object replacement names corresponding to the three objects to be obfuscated are b1asx1x2, b2rtx1x2, and b3yux1x2, respectively;
the file replacement name of the generated file a may be b1asx1x2b2rtx1x2b3yux1x2, and in order to shorten the file replacement name, the replacement names may also be sequentially extracted according to the ascending order of the object replacement name, for example, b1asx1x2 extracts b1, b2rtx1x2 extracts r, b3yux1x2 extracts u, and b1, r, and u are sequentially spliced to obtain b1ru, so that b1ru is the file replacement name of the file a.
And D, replacing the file name of each file to be confused with a corresponding file replacement name.
Based on the example in step C, File A is replaced with File b1ru. Taking an android installation package of an android operating system as an example, a.dex is replaced by b1ru.dex.
Therefore, in the embodiment, the object name of the object to be obfuscated is replaced by the generated object replacement name, the file name of the executable file where the object to be obfuscated is replaced by the file replacement name, and the obfuscated object replacement name and the file replacement name are difficult to be directly hooked by an application program by a destroyer or find out function call through keywords after decompilation, so that the security of the application program is improved.
In one embodiment of the invention, the object to be obfuscated in each executable file may be determined as follows:
and E, determining the non-static class objects in the executable file.
Taking an android installation package of an android operating system as an example, the nonstationary class object, namely the Instatic method, is queried from each executable file.
And F, replacing the determined non-static class object with a preset static class object.
Since the non-static class object may call the static class object, but the static class object may not call the non-static class object. To improve the security of the objects, non-static class objects are therefore replaced with static class objects.
Based on the above example, the Instic method can be replaced with a static-like method, i.e., invoke-static.
And G, determining the objects except the pre-specified object in the executable file as the objects to be confused.
Based on the above example, the specified object may be an int method, a synthetic method with a symbol of $ or a method in an invoke-super class call function.
It can be seen that the above embodiments can make certain objects to be obfuscated more secure than unprocessed objects.
Based on the first application processing method, an embodiment of the present invention provides an application operating method, specifically referring to fig. 2, including the following steps:
s201, in the process of running an application program, obtaining a configuration file from the application program, wherein the configuration file stores a preset calling relationship, and the preset calling relationship is as follows: modifying the calling relation obtained by the original calling relation of a preset function called by the executable file in the executable file, wherein the preset calling relation comprises that the executable file calls the preset function through a Java native interface JNI;
the application program is an application program processed by the first application program processing method.
In an embodiment of the present invention, before S201, the following steps may be further performed:
and decompressing the application program, and decrypting the signature of the application program by using a preset secret key to obtain the decompressed and decrypted application program.
In the step, the signature is decrypted by using the secret key, so that the safety of the application program can be improved compared with the application program without the password or with the password.
S202, analyzing the preset calling relation in the configuration file and calling a preset function.
In step S201, the preset call relationship includes that the executable file calls a preset function through the Java native interface JNI, and in this step, the preset call relationship included in the configuration file is analyzed, and the preset function is called through the Java native interface JNI.
In an embodiment of the present invention, the application program further includes a so file, and the executable file calls a preset function in the so file through the JNI.
The so file and the configuration file are each placed in a preset subdirectory in the application. Taking an android installation package as an example, the preset subdirectories are a lib directory and an assets directory in an application program.
And calling a preset function in the so file under the lib directory by using the configuration file under the assets directory.
When the application program in this step runs, a destroyer assumes to crack the obfuscated object to obtain the preset function called in the executable file, but because it is difficult to obtain the preset function from the JINI, that is, it is difficult for the destroyer to obtain the mapping relationship between the functions, which contains the preset calling relationship, in the configuration file, the security of the application program is protected doubly.
And S203, continuing to run the application program based on the preset function obtained by analysis.
After S202 is completed, the application program needs to continue to be run, so that the installation of the application program is safely realized.
Therefore, when the method provided by the embodiment of the invention runs the application program, the configuration file containing the preset calling relationship for modifying the original calling relationship is used for calling the preset function, so that a destroyer cannot directly obtain the preset function in the application program through the preset calling relationship, and the safety of the application program can be improved.
In order to make the processing method of the application program provided by the embodiment of the present invention easier to understand, taking an android installation package of an android operating system as an example, referring to fig. 3, fig. 3 is a flowchart of a processing method of an application program based on an android installation package provided by the embodiment of the present invention, and specifically includes the following steps:
s301, generating a method replacement name of a method to be obfuscated, wherein the method to be obfuscated is a method including a called preset function.
S302, aiming at each method to be obfuscated, replacing the method name of the method to be obfuscated with a method replacement name corresponding to the method to be obfuscated.
S303, aiming at each file to be obfuscated, generating a file replacement name of the file to be obfuscated according to the method replacement name of the method to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is a dex file containing the method to be obfuscated;
s304, replacing the file name of each file to be obfuscated with a corresponding file replacement name.
And carrying out object confusion processing on the object to be confused to obtain a confused object.
S305, detecting a preset function called in a dex file in the application program.
And modifying the original calling relationship of the preset function in the dex file to obtain the modified preset calling relationship of the preset function in the dex file.
S306, generating a configuration document containing the preset calling relationship.
And S307, packaging the application programs containing the configuration documents to obtain the processed application programs.
Corresponding to the processing method of the application program, the embodiment of the application also provides a processing device of the application program.
Referring to fig. 4, an embodiment of the present invention provides a schematic structural diagram of a processing apparatus for an application, where the apparatus includes:
the detecting module 401 is configured to detect a preset function called in the executable file.
A preset call relation obtaining module 402, configured to modify an original call relation of the preset function in the executable file, so as to obtain a modified preset call relation of the preset function in the executable file; the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI.
A configuration document generating module 403, configured to generate a configuration document containing the preset invoking relationship.
An application generating module 404, configured to package the application including the configuration document to obtain a processed application.
The application program further comprises a smali file, and the device further comprises:
and correspondingly replacing the codes in the smali file according to the modified preset calling relation of the preset function in the executable file.
Preferably, the application program may further include a so file, and the executable file calls a preset function in the so file through the JNI.
Preferably, the apparatus may further comprise:
the object replacement name generation module is used for generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function;
the device comprises a first replacing module, a second replacing module and a third replacing module, wherein the first replacing module is used for replacing the object name of each object to be confused with the object replacing name corresponding to the object to be confused aiming at each object to be confused;
the file replacement name generating module is used for generating a file replacement name of each file to be obfuscated according to an object replacement name of an object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated;
and the second replacement module is used for replacing the file name of each file to be obfuscated with the corresponding file replacement name.
Preferably, the object replacement name generating module may include:
and the object replacement name generation submodule is used for generating the object replacement name of each object to be confused according to the preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
Preferably, the apparatus may further comprise a confusing object determining module,
and the confusion object determining module is used for determining the confusion object in each executable file.
The confusing object determining module is specifically configured to:
determining a non-static class object in the executable file;
replacing the determined non-static class object with a preset static class object;
and determining the objects except the pre-specified object in the executable file as the objects to be confused.
Therefore, the device provided by the embodiment of the invention obtains the modified preset call relation of the preset function in the executable file by modifying the original call relation of the preset function in the executable file, and packages the application program of the configuration document containing the preset call relation to obtain the processed application program. Compared with the prior art, the scheme provided by the embodiment of the invention does not use the original calling relationship to directly call the preset function, but calls the preset function through the configuration file containing the preset calling relationship, and the preset calling relationship can hide the mapping relationship among the preset functions in the executable file, so that a cracker is difficult to restore the source code of the application program, and the safety of the application program can be improved.
Based on the processing apparatus for an application, referring to fig. 5, an embodiment of the present invention provides a schematic structural diagram of an application running apparatus, where the apparatus includes:
an installation package running module 501, configured to obtain a configuration file from an application program in a process of running the application program, where the configuration file stores a preset calling relationship, and the preset calling relationship is: and modifying the original calling relationship of the preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI.
The parsing module 502 is configured to parse the preset call relationship in the configuration file, and call the preset function.
A continuous operation module 503, configured to continue to operate the application program based on the preset function obtained through the analysis.
Therefore, when the device provided by the embodiment of the invention runs the application program, the preset function is called by using the configuration file containing the preset calling relation for modifying the original calling relation, so that a destroyer cannot directly obtain the preset function in the application program through the preset calling relation, and the safety of the application program can be improved.
An embodiment of the present invention further provides an electronic device, as shown in fig. 6, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, where the processor 601, the communication interface 602, and the memory 603 complete mutual communication through the communication bus 604,
a memory 603 for storing a computer program;
the processor 601 is configured to implement a processing method of an application program or/and an operating method of an application program provided in an embodiment of the present invention when executing the program stored in the memory 603.
Specifically, the processing method of the application program includes:
detecting a preset function called in the executable file;
modifying the original calling relationship of the preset function in the executable file to obtain the modified preset calling relationship of the preset function in the executable file; the preset calling relation comprises that an executable file calls a preset function through a Java native interface JNI;
generating a configuration document containing the preset calling relation;
and packaging the application programs containing the configuration documents to obtain the processed application programs.
Therefore, when the electronic device provided by this embodiment is executed, the original call relation of the preset function in the executable file is modified, so as to obtain the modified preset call relation of the preset function in the executable file, and the application program of the configuration document containing the preset call relation is packaged, so as to obtain the processed application program. Compared with the prior art, the scheme provided by the embodiment of the invention does not use the original calling relationship to directly call the preset function, but calls the preset function through the configuration file containing the preset calling relationship, and the preset calling relationship can hide the mapping relationship among the preset functions in the executable file, so that a cracker is difficult to restore the source code of the application program, and the safety of the application program can be improved.
The above-mentioned embodiment of the method for processing the related content application program is the same as the management method of the application program processing provided in the foregoing method embodiment, and is not described here again.
Specifically, the method for running the application program includes:
in the process of running an application program, obtaining a configuration file from the application program, wherein the configuration file stores a preset calling relationship, and the preset calling relationship is as follows: modifying the original calling relationship of a preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java local interface JNI;
analyzing the preset calling relationship in the configuration file, and calling the preset function;
and continuing to run the application program based on the preset function obtained by analysis.
Therefore, when the electronic device provided by the embodiment is executed, when the application program runs, the configuration file containing the preset calling relationship for modifying the original calling relationship is used for calling the preset function, so that a destroyer cannot directly obtain the preset function in the application program through the preset calling relationship, and the safety of the application program can be improved.
The above-mentioned implementation of the operation method of the related application program is the same as the management method of the operation of the application program provided in the foregoing method embodiment, and is not described here again.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present invention,
in another embodiment of the present invention, a computer-readable storage medium is further provided, where instructions are stored, and when the instructions are executed on a computer, the instructions cause the computer to execute the processing method of any one of the above-mentioned application programs in the above-mentioned embodiments.
In another embodiment of the present invention, there is also provided a computer program product containing instructions, which when run on a computer, causes the computer to execute the processing method of any one of the above application programs in the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the invention are all or partially effected when the above-described computer program instructions are loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (12)
1. A method for processing an application, wherein the application comprises an executable file, the method comprising:
detecting a preset function called in the executable file;
modifying the original calling relationship of the preset function in the executable file to obtain the modified preset calling relationship of the preset function in the executable file; the preset calling relation comprises that the executable file calls the preset function through a Java native interface JNI;
generating a configuration document containing the preset calling relation;
packaging the application program containing the configuration document to obtain a processed application program;
before the detecting the preset function called in the executable file, the method further includes:
generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function;
aiming at each object to be confused, replacing the object name of the object to be confused with an object replacement name corresponding to the object to be confused;
for each file to be obfuscated, generating a file replacement name of the file to be obfuscated according to an object replacement name of an object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated;
replacing the file name of each file to be confused with a corresponding file replacement name;
the application program further comprises a smali file, and the method further comprises the following steps:
and correspondingly replacing the codes in the smali file according to the modified preset calling relation of the preset function in the executable file.
2. The method of claim 1, wherein the application program further comprises a so file, and wherein the executable file calls the preset function in the so file through a JNI.
3. The method of claim 1, wherein generating an object alternate name for an object to be obfuscated in an executable file comprises:
and generating an object replacement name of each object to be confused according to a preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
4. A method as claimed in any one of claims 1 or 3, wherein the object to be obfuscated in each executable file is determined as follows:
determining a non-static class object in the executable file;
replacing the determined non-static class object with a preset static class object;
and determining the objects except the pre-specified object in the executable file as the objects to be confused.
5. A method for running an application program, wherein the application program comprises an executable file, the method comprising:
in the process of running the application program obtained in claim 1, obtaining a configuration file from the application program, where the configuration file stores a preset calling relationship, where the preset calling relationship is: modifying the original calling relationship of a preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
analyzing the preset calling relationship in the configuration file, and calling the preset function;
and continuing to run the application program based on the preset function obtained by analysis.
6. An apparatus for processing an application, wherein the application comprises an executable file, the apparatus comprising:
the detection module is used for detecting a preset function called in the executable file;
a preset calling relationship obtaining module, configured to modify an original calling relationship of the preset function in the executable file, so as to obtain a modified preset calling relationship of the preset function in the executable file; the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
the configuration document generation module is used for generating a configuration document containing the preset calling relationship;
the application program generating module is used for packaging the application program containing the configuration document to obtain a processed application program;
the object replacement name generating module is used for generating an object replacement name of an object to be confused, wherein the object to be confused is an object containing a called preset function;
the device comprises a first replacing module, a second replacing module and a third replacing module, wherein the first replacing module is used for replacing the object name of each object to be confused with the object replacing name corresponding to the object to be confused aiming at each object to be confused;
the file replacement name generating module is used for generating a file replacement name of each file to be obfuscated according to an object replacement name of an object to be obfuscated in the file to be obfuscated, wherein the file to be obfuscated is an executable file containing the object to be obfuscated;
the second replacement module is used for replacing the file name of each file to be confused with a corresponding file replacement name;
the application program further comprises a smali file, and the device further comprises:
and correspondingly replacing the codes in the smali file according to the modified preset calling relation of the preset function in the executable file.
7. The apparatus of claim 6, wherein the application program further comprises a so file, and the executable file calls the preset function in the so file through a JNI.
8. The apparatus of claim 6, wherein the object replacement name generation module comprises:
and the object replacement name generation submodule is used for generating the object replacement name of each object to be confused according to the preset sequence of the package name, the class name, the object name, the input parameter and the output parameter corresponding to each object to be confused in the executable file.
9. The apparatus of any one of claims 6 or 8, wherein the apparatus further comprises a confusing object determination module,
an obfuscated object determination module for determining an obfuscated object in each executable file;
wherein the confusing object determining module is specifically configured to:
determining a non-static class object in the executable file;
replacing the determined non-static class object with a preset static class object;
and determining the objects except the pre-specified object in the executable file as the objects to be confused.
10. An apparatus for executing an application program, the apparatus comprising:
an installation package running module, configured to obtain a configuration file from the application program in a process of running the application program obtained in claim 1, where the configuration file stores a preset calling relationship, and the preset calling relationship is: modifying the original calling relationship of a preset function called by the executable file in the executable file to obtain the modified calling relationship of the preset function in the executable file, wherein the preset calling relationship comprises that the executable file calls the preset function through a Java native interface JNI;
the analysis module is used for analyzing the preset calling relationship in the configuration file and calling the preset function;
and the continuous operation module is used for continuously operating the application program based on the preset function obtained by analysis.
11. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1 to 4 when executing a program stored in the memory.
12. An electronic device is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing mutual communication by the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of claim 5 when executing a program stored in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910569332.4A CN110298146B (en) | 2019-06-27 | 2019-06-27 | Application processing and running method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910569332.4A CN110298146B (en) | 2019-06-27 | 2019-06-27 | Application processing and running method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110298146A CN110298146A (en) | 2019-10-01 |
| CN110298146B true CN110298146B (en) | 2022-04-22 |
Family
ID=68029299
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910569332.4A Active CN110298146B (en) | 2019-06-27 | 2019-06-27 | Application processing and running method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110298146B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113064607A (en) * | 2021-06-02 | 2021-07-02 | 统信软件技术有限公司 | Installation method of operating system, computing equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105930744A (en) * | 2016-04-22 | 2016-09-07 | 北京奇虎科技有限公司 | File reinforcement method and apparatus |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN107038354A (en) * | 2016-02-03 | 2017-08-11 | 阿里巴巴集团控股有限公司 | Code obfuscation method, code operation method and device |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650341A (en) * | 2016-11-18 | 2017-05-10 | 湖南鼎源蓝剑信息科技有限公司 | Android application reinforcement method based on the process confusion technology |
| CN108733988B (en) * | 2017-04-19 | 2023-01-24 | 北京梆梆安全科技有限公司 | Method for protecting executable program on android platform |
| CN109598107B (en) * | 2018-11-20 | 2021-02-02 | 江苏通付盾信息安全技术有限公司 | Code conversion method and device based on application installation package file |
-
2019
- 2019-06-27 CN CN201910569332.4A patent/CN110298146B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107038354A (en) * | 2016-02-03 | 2017-08-11 | 阿里巴巴集团控股有限公司 | Code obfuscation method, code operation method and device |
| CN105930744A (en) * | 2016-04-22 | 2016-09-07 | 北京奇虎科技有限公司 | File reinforcement method and apparatus |
| CN106326694A (en) * | 2016-08-30 | 2017-01-11 | 北京鼎源科技有限公司 | Android application reinforcing method baed on C source code mixing |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110298146A (en) | 2019-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9836612B2 (en) | Protecting data | |
| US10586026B2 (en) | Simple obfuscation of text data in binary files | |
| CN109871704B (en) | Android resource file protection method, equipment and storage medium based on Hook | |
| US20080216071A1 (en) | Software Protection | |
| CN109657488B (en) | Resource file encryption processing method, intelligent terminal and storage medium | |
| CN110555293A (en) | Method, apparatus, electronic device and computer readable medium for protecting data | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| CN110708335A (en) | Access authentication method and device and terminal equipment | |
| CN112231702A (en) | Application protection method, device, equipment and medium | |
| CN113312577B (en) | Webpage resource processing method and device, electronic equipment and storage medium | |
| CN110298146B (en) | Application processing and running method and device | |
| CN112035803A (en) | Protection method and device based on Windows platform software | |
| CN116910712A (en) | Code protection method, system, electronic equipment and storage medium | |
| CN113220314B (en) | APP resource loading and APK generation method, device, equipment and medium | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| US11138319B2 (en) | Light-weight context tracking and repair for preventing integrity and confidentiality violations | |
| CN113449330B (en) | Method for transmitting Javascript encrypted file | |
| CN115033870A (en) | Anti-malicious tampering code method and device based on big data cloud deployment | |
| CN111752570B (en) | Compiling method, compiling device, compiling terminal and computer-readable storage medium | |
| CN114139117A (en) | Application program reinforcing method and device, electronic equipment and storage medium | |
| CN114756833A (en) | Code obfuscation method, apparatus, device, medium, and program product | |
| CN113407434B (en) | Method and device for processing debug file | |
| JP5863689B2 (en) | Shared library with unauthorized use prevention function | |
| CN113360181A (en) | Code calling method and device for industrial Internet | |
| CN113722639A (en) | Website access verification method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |