CN110647329A - Code obfuscation method, apparatus, computer device and storage medium - Google Patents
Code obfuscation method, apparatus, computer device and storage medium Download PDFInfo
- Publication number
- CN110647329A CN110647329A CN201910746038.6A CN201910746038A CN110647329A CN 110647329 A CN110647329 A CN 110647329A CN 201910746038 A CN201910746038 A CN 201910746038A CN 110647329 A CN110647329 A CN 110647329A
- Authority
- CN
- China
- Prior art keywords
- code
- logic
- target
- obfuscated
- syntax
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/433—Dependency analysis; Data or control flow analysis
- G06F8/434—Pointers; Aliasing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
Abstract
The present application relates to the field of data security technologies, and in particular, to a code obfuscation method, apparatus, computer device, and storage medium. The method comprises the following steps: receiving a code to be obfuscated, and performing code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated; traversing the syntax tree to obtain a first syntax logic of the syntax tree; acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic through the first logic confusion rule, and obtaining an adjusted target syntax tree according to the adjusted first syntax logic; and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree. By adopting the method, the safety of the obfuscated code can be improved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a code obfuscation method, apparatus, computer device, and storage medium.
Background
With the development of computer technology, code-related technologies are also permeating into aspects of work and life, companies and individuals are increasingly dependent on codes in work and life, and security awareness of protecting codes is gradually enhanced, so that codes directly presented in a plain text form are confused to protect codes.
However, the existing confusion of codes only involves the confusion of code elements in the codes, such as simple character addition, character deletion, character rewriting and the like, and the confused codes are also easy to crack and have insufficient safety performance.
Disclosure of Invention
In view of the above, it is necessary to provide a code obfuscating method, apparatus, computer device and storage medium capable of improving security of obfuscated codes.
A method of code obfuscation, the method comprising:
receiving a code to be obfuscated, and performing code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated;
traversing the syntax tree to obtain a first syntax logic of the syntax tree;
acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic through the first logic confusion rule, and acquiring an adjusted target syntax tree according to the adjusted first syntax logic;
and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
In one embodiment, after obtaining the adjusted target syntax tree according to the adjusted first syntax logic, the method further includes:
acquiring a preset logic confusion rule, wherein the preset logic confusion rule comprises the first logic confusion rule and a second logic confusion rule, and acquiring the second logic confusion rule according to the preset logic confusion rule and the first logic confusion rule;
adjusting the first syntax logic of the syntax tree according to the second logic confusion rule to obtain an adjusted backup syntax tree;
generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree;
and storing the backup code, and replacing the target code as the backup code when detecting that the safety level of the target code reaches a preset risk level.
In one embodiment, after generating the target code corresponding to the code to be obfuscated according to the adjusted target syntax tree, the method further includes:
obtaining an adjustment strategy of the first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode;
when the target code has an execution error in the running process, inquiring the associated adjusting strategy through the target code, and restoring the target code according to the adjusting strategy.
In one embodiment, after storing the adjustment policy in association with the object code, the method further includes:
acquiring a code type of the target code, and storing the code type and the adjustment strategy in an associated manner;
receiving an unsecured code, and inquiring a code type corresponding to the unsecured code;
code analysis is carried out on the unsecured codes to obtain a syntax tree corresponding to the unsecured codes, and traversal is carried out on the syntax tree corresponding to the unsecured codes to obtain second syntax logic corresponding to the unsecured codes;
and when the code type of the unsecured code is matched with the code type of the target code, inquiring the associated adjusting strategy through the code type of the target code, and adjusting the second grammar logic according to the adjusting strategy.
In one embodiment, the method further comprises the following steps:
acquiring an original code file corresponding to the code to be obfuscated;
newly building a blank code file, and mapping the original code file, the code to be obfuscated and the target code into the blank code file;
and replacing the codes to be obfuscated of the original code file in the blank code file by the target codes to obtain an obfuscated code file.
A code obfuscation apparatus, the apparatus comprising:
the receiving module is used for receiving a code to be obfuscated and analyzing the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated; the traversal module is used for traversing the syntax tree to obtain a first syntax logic of the syntax tree;
the first adjusting module is used for adjusting the first grammar logic according to the first logic confusion rule after acquiring the corresponding first logic confusion rule according to the type of the first grammar logic, and obtaining an adjusted target grammar tree according to the adjusted first grammar logic;
and the first code generation module is used for generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
In one embodiment, the apparatus further comprises:
the obtaining module is used for obtaining a preset logic confusion rule, wherein the preset logic confusion rule comprises a first logic confusion rule and a second logic confusion rule, and the second logic confusion rule is obtained according to the preset logic confusion rule and the first logic confusion rule;
the second adjusting module is used for adjusting the first syntax logic of the syntax tree according to the second logic confusion rule to obtain an adjusted backup syntax tree;
the second code generation module is used for generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree;
and the storage module is used for storing the backup code and replacing the target code as the backup code when detecting that the safety level of the target code reaches a preset risk level.
In one embodiment, the apparatus further comprises:
the second storage module is used for obtaining an adjustment strategy of the first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode;
and the restoring module is used for inquiring the associated adjusting strategy through the target code when the target code has an execution error in the running process, and restoring the target code according to the adjusting strategy.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the above method when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
According to the code obfuscation method, the code obfuscation device, the computer equipment and the storage medium, in order to improve the safety of code obfuscation, firstly, a syntax tree corresponding to a code needs to be obtained, after a code to be obfuscated is received, the corresponding syntax tree needs to be subjected to code analysis on the code to be obfuscated, and a syntax tree corresponding to the code is obtained; traversing the obtained syntax tree to obtain a first syntax logic of the syntax tree; acquiring a first logic confusion rule corresponding to the type of the first syntax logic, and adjusting the first syntax logic of the syntax tree through the first logic confusion rule to obtain an adjusted target syntax tree; and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree, wherein the target code is the obfuscated code, so that the aim of changing the syntax logic of the code to be obfuscated is fulfilled. Compared with the traditional method of obfuscating code elements in the code, the method improves the safety of the obfuscated code.
Drawings
FIG. 1 is a diagram of an application scenario of a code obfuscation method in one embodiment;
FIG. 2 is a flow diagram illustrating a code obfuscation method in one embodiment;
FIG. 3 is a flowchart illustrating a method for code backup in one embodiment;
FIG. 4 is a block diagram of a code obfuscation device in one embodiment;
FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The code obfuscation method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. After receiving the codes to be obfuscated uploaded by the terminal 102, the server 104 analyzes the codes to be obfuscated to obtain a syntax tree corresponding to the codes; the server 104 traverses the obtained syntax tree to obtain a first syntax logic of the syntax tree; the server 104 acquires a first logic confusion rule corresponding to the type of the first syntax logic, and adjusts the first syntax logic of the syntax tree according to the first logic confusion rule to obtain an adjusted target syntax tree; the server 104 generates the target code corresponding to the code to be obfuscated according to the adjusted target syntax tree. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, as shown in fig. 2, a code obfuscation method is provided, which is illustrated by applying the method to the server 104 in fig. 1, and includes the following steps:
Specifically, the code to be obfuscated may be some code that needs to be protected by encryption and exists in a clear text form, such as JavaScript code on a browser, original code of a technology owned by a company or an individual, and the like. After receiving a code to be obfuscated, a server needs to perform code obfuscation on the code in order to protect the code and prevent the code from being directly compiled and stolen, and after obtaining the code to be obfuscated, the server performs code parsing on the code to be obfuscated, where the code parsing refers to parsing a character string of the code to form a syntax tree, and may include two parts, a word segmentation and a semantic analysis, the word segmentation may segment the code character string into code data of different units, the code data of each unit may correspond to node data in a subsequent syntax tree, such as various functional codes or other types of codes in the code, and the semantic analysis may analyze a relationship between data of each unit on the basis of a word segmentation result. After the server analyzes the codes, obtaining a code analysis result: and mapping the result of code analysis, the data of each unit and the relation between the data of each unit to the nodes of the syntax tree model to form the data of the nodes of the syntax tree model and the mutual relation between the nodes, and after the mapping is finished, obtaining the syntax tree which corresponds to the code to be obfuscated and represents the syntax logic of the original code.
And step 204, traversing the syntax tree to obtain a first syntax logic of the syntax tree.
Specifically, the traversal is used for accessing each node on the syntax tree, various relevant attributes of the syntax tree can be obtained by traversing the syntax tree, such as the number of nodes, the size of the nodes, the sequence of the nodes, the function of corresponding codes and the like of the syntax tree, the first syntax logic can represent functions which can be realized by the operation of the code to be obfuscated corresponding to the syntax tree, and the server obtains the first syntax logic of the syntax tree by traversing the syntax tree corresponding to the code to be obfuscated.
And step 206, acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic according to the first logic confusion rule, and obtaining an adjusted target syntax tree according to the adjusted first syntax logic.
Specifically, the first logic obfuscation rule may be a method for adjusting only the first syntax logic and the logic of code execution on the premise that the execution result of the original code to be obfuscated is not changed, where the first logic obfuscation rule may be obtained from a type of the first syntax logic, and includes, but is not limited to, methods of sequential change of the syntax logic, merging and splitting of the syntax logic, and the like, the target syntax tree is a syntax tree in which a syntax tree corresponding to the code to be obfuscated is adjusted by the first syntax logic, and after the server obtains the first logic obfuscation rule, the first syntax logic of the syntax tree is adjusted by the first logic obfuscation rule, and the adjustment method may be, for example: when the first syntax logic is a type including multiple independent functions and the first logic confusion rule is a rule for changing the order of the syntax logic, the order of the syntax logic is adjusted through the first logic confusion rule, for example, the syntax logic of the code corresponding to the syntax tree can realize A, B, C three independent functions, the order of the syntax logic is adjusted to adjust the function realized by the corresponding code to A, C, B, C, B, A and the like, and the order is adjusted on the premise of not influencing the execution result of the syntax tree, so that the adjusted target syntax tree is obtained.
And step 208, generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
Specifically, the target code is a code string for which the code to be obfuscated has completed code obfuscation. After the server obtains the adjusted target syntax tree, a code character string corresponding to the adjusted syntax tree is generated according to a syntax tree generation method, and the specific generation method can traverse the adjusted syntax tree again through a traversal method and then generate a corresponding target code according to a traversal result.
In the code obfuscation method, after receiving a code to be obfuscated, a server analyzes the code to be obfuscated to obtain a syntax tree corresponding to the code; traversing the obtained syntax tree to obtain a first syntax logic of the syntax tree; acquiring a first logic confusion rule corresponding to the type of the first syntax logic, and adjusting the first syntax logic of the syntax tree through the first logic confusion rule to obtain an adjusted target syntax tree; and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree, thereby achieving the purpose of changing the syntax logic of the code to be obfuscated. Compared with the traditional method of obfuscating code elements in the code, the obfuscated code security is improved.
In one embodiment, as shown in fig. 3, in the code obfuscation method, backing up obfuscated code includes:
Specifically, the second logic obfuscating rule may be another obfuscating rule other than the first logic obfuscating rule in the preset logic obfuscating rules that can logically obfuscate the first syntax logic on the premise that the execution result of the original code to be obfuscated is not changed. The server obtains a preset logic confusion rule after adjusting the syntax tree corresponding to the code to be confused through the first logic confusion rule, and obtains a second logic confusion rule according to the preset logic confusion rule and the first logic confusion rule.
Specifically, after the server obtains the second logic obfuscating rule, on the premise of ensuring that the execution result of the original code to be obfuscated is not changed, the first syntax logic of the syntax tree is adjusted by the second logic obfuscating rule, and the adjusting method may be, for example: when the second logic confusion rule is a rule for merging syntax logic, the syntax logic is merged by the second logic confusion rule, for example, the syntax logic of the code corresponding to the syntax tree can realize A, B, C three independent functions, so that the merging of the syntax logic can adjust the function realized by the corresponding code to A, D (B plus C) or E (a plus B), C, etc., and the sequence is adjusted on the premise of not affecting the execution result of the syntax tree, so as to obtain an adjusted backup syntax tree.
And step 306, generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree.
Specifically, after the server obtains the adjusted backup syntax tree, a code corresponding to the adjusted backup syntax tree is generated according to a syntax tree generation method, and the specific generation method may traverse the adjusted backup syntax tree again by a traversal method, and then generate a corresponding code character string according to a traversal result, that is, the backup code for which the code obfuscation has been completed.
And 308, storing the backup code, and replacing the target code into the backup code when the safety level of the target code reaches the preset risk level.
Specifically, when the security level of the target code reaches the preset risk level, after the server detects that the target code has a risk hazard, the security level of the target code is increased to a level with the risk, where the risk hazard may include a trace of cracking, a trace of copying, and the like of the target code. And when the safety level of the target code obtained by the adjustment of the first logic confusion rule reaches a preset risk level, because the target code and the backup code are obtained by the code logic confusion by using the same type of codes to be confused, and the execution result is the same, the target code can be replaced by the backup code.
In the code obfuscation method, after the adjusted syntax tree is obtained, the code obfuscation method can also obtain a second logic obfuscation rule except the first logic obfuscation rule, adjust the syntax logic through the second logic obfuscation rule to obtain a backup code corresponding to the code to be obfuscated, and replace the target code with the backup code when the safety level of the target code is at risk, so that the safety of code obfuscation is further improved.
In one embodiment, after the code obfuscating method generates the target code corresponding to the code to be obfuscated according to the adjusted target syntax tree, the method may further include: obtaining an adjustment strategy of a first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode; and when the target code has an execution error in the running process, inquiring the associated regulation strategy through the target code, and restoring the target code according to the regulation strategy.
Specifically, after generating an object code corresponding to a code to be obfuscated, the server establishes an association relationship between the object code and an adjustment policy, and stores the object code and the adjustment policy in association, where the adjustment policy may be obtained according to the code to be obfuscated before adjustment and the object code after adjustment, for example, the adjustment policy may be: when the server detects that the target code has an execution error in the running process, the server may perform a reverse operation of code obfuscation on the target code by adjusting a policy, which may specifically be: when the target code has an execution error, the target code is subjected to code analysis operation to obtain a corresponding syntax tree, then the syntax tree of the target code is adjusted through the reverse direction of the adjustment strategy, and finally an initial code to be confused is generated through the adjusted syntax tree, namely a code restoring result.
In the embodiment, when the execution error of the target code is detected, the code recovery is performed on the target code through the associated adjustment strategy, so that the code can be timely recovered to an un-obfuscated state when the code has the error, and then the code is obfuscated again, thereby protecting the safety of the code.
In one embodiment, after the code obfuscation method stores the adjustment policy in association with the target code, the method may further include: acquiring a code type of a target code, and storing the code type and an adjustment strategy in an associated manner; receiving an unsecured code, and inquiring a code type corresponding to the unsecured code; analyzing the codes of the unsecured codes to obtain a syntax tree corresponding to the unsecured codes, and traversing the syntax tree corresponding to the unsecured codes to obtain a second syntax logic corresponding to the unsecured codes; and when the code type of the unsecured code is matched with the code type of the target code, inquiring the associated adjusting strategy through the code type of the target code, and adjusting the second grammar logic through the adjusting strategy.
Specifically, the code types may be classified according to characteristic attributes of the codes, the characteristic attributes of the codes of different classifications are different, for example, the codes may be classified into sequence codes, interval codes, and mnemonics according to functional classification, but actually, when the fields are different, the codes have more classification conditions, the second syntax logic is a subsequently received unsecured code, a syntax tree is obtained through code parsing, and then the syntax tree is traversed to obtain the syntax logic of the corresponding syntax tree. The unsecured code is a new code character string which is subsequently received and needs to be kept secret after the server performs code obfuscation on the code to be obfuscated to obtain a target code, the server establishes an association relationship between the target code and the adjustment strategy, and classifies the code after the target code and the adjustment strategy are associated and stored to obtain the code type of the target code, and the code type and the adjustment strategy are established and associated and stored. When the subsequent server receives the unsecured code, whether the code type corresponding to the unsecured code is matched with the code type of the target code or not can be inquired, when the code types of the unsecured code and the target code are matched, the adjustment strategy can be obtained directly through the corresponding relation between the code type of the target code and the adjustment strategy, and then the second grammar logic corresponding to the unsecured code is adjusted through the adjustment strategy.
In the embodiment, when the non-confidential code is subsequently received and the code type corresponding to the non-confidential code is detected to be matched with the code type of the target code, the second syntax logic corresponding to the non-confidential code is directly adjusted through the adjustment strategy corresponding to the target code type, so that the time for the code to be confidential to search the corresponding logic confusion rule again is saved, and the code confusion efficiency is improved.
In one embodiment, the code obfuscation method further comprises: acquiring an original code file corresponding to a code to be obfuscated; newly building a blank code file, and mapping the original code file, the code to be obfuscated and the target code into the blank code file; and replacing the codes to be obfuscated of the original code file in the blank code file by the target codes to obtain an obfuscated code file.
Specifically, the original code file may be a code file of an original address corresponding to the code to be obfuscated, where the original code file includes the code to be obfuscated, for example, if the original code file is 100 lines of code, the code to be obfuscated may be the code of which 30 th line to 50 th line have higher importance. The blank code file is a file which is newly built by the server and temporarily has no data storage and is used for storing codes subsequently, after the server obtains a target code to be obfuscated from the code to be obfuscated, an original code file corresponding to the code to be obfuscated can be obtained, the blank code file is newly built, the original code file, the code to be obfuscated and the target code are mapped into the blank code file, at the moment, the blank code file comprises the original code file, the code to be obfuscated and the target code, the target code replaces the code to be obfuscated in the original code file, and the replaced blank code file comprises other codes and target codes of the original code file except the code to be obfuscated, namely the obfuscated code file.
In the embodiment, the server acquires the original code file of the code to be obfuscated, and replaces the code to be obfuscated in the original code file with the target code, so that the original code file with the obfuscated code can be directly acquired, the steps of manually searching and replacing the code are saved, and the time is saved.
In an embodiment, in the code obfuscating method, after receiving the code to be obfuscated, the server obtains a syntax tree corresponding to the code to be obfuscated, adjusts syntax logic of the syntax tree according to the first syntax logic, and generates a target code corresponding to the code to be obfuscated according to an adjusted target syntax tree. For example, when a JavaScript code visible in a certain browser needs to be kept secret, and code obfuscation needs to be performed on the code, the JavaScript code is analyzed to obtain a syntax tree corresponding to the code, and the syntax tree is traversed to obtain syntax logic of the syntax tree, for example, the syntax logic of the syntax tree may be "page jump", "page refresh", or "return to previous page" 3 functions, then the corresponding first logic obfuscation rule may be to adjust the ordering of the 3 functions, for example, may be adjusted to be "page refresh", "return to previous page", or "page jump" 3 functions, after the adjusted syntax tree is obtained, a target code is generated according to the adjusted syntax tree, and the target code is a code obtained by code obfuscation of the JavaScript code.
It should be understood that, although the steps in the flowcharts of fig. 2 and 3 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 2 and 3 may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the sub-steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least some of the sub-steps or stages of other steps. Compared with the traditional method of obfuscating code elements in the code, the obfuscated code security is improved.
In one embodiment, as shown in fig. 4, there is provided a code obfuscation apparatus including: a receiving module 402, a traversing module 404, a first adjusting module 406, and a first code generating module 408, wherein:
the receiving module 402 is configured to receive a code to be obfuscated, and perform code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated.
And a traversal module 404, configured to traverse the syntax tree to obtain a first syntax logic of the syntax tree.
The first adjusting module 406 is configured to, after obtaining the corresponding first logic confusion rule according to the type of the first syntax logic, adjust the first syntax logic according to the first logic confusion rule, and obtain an adjusted target syntax tree according to the adjusted first syntax logic.
The first code generating module 408 is configured to generate a target code corresponding to a code to be obfuscated according to the adjusted target syntax tree.
In one embodiment, the apparatus may further comprise:
the obtaining module is used for obtaining a preset logic confusion rule, the preset logic confusion rule comprises a first logic confusion rule and a second logic confusion rule, and the second logic confusion rule is obtained according to the preset logic confusion rule and the first logic confusion rule.
And the second adjusting module is used for adjusting the first syntax logic of the syntax tree according to the second logic confusion rule to obtain the adjusted backup syntax tree.
And the second code generation module is used for generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree.
And the first storage module is used for storing the backup codes and replacing the target codes into the backup codes when the safety level of the target codes reaches the preset risk level.
In one embodiment, the apparatus may further comprise:
and the second storage module is used for obtaining the adjustment strategy of the first grammar logic according to the code to be obfuscated and the target code and storing the adjustment strategy and the target code in a correlation mode.
And the restoring module is used for inquiring the associated adjusting strategy through the target code when the target code has an execution error in the running process and restoring the target code according to the adjusting strategy.
In one embodiment, the apparatus may further comprise:
and the second acquisition module is used for acquiring the code type of the target code and storing the code type and the adjustment strategy in an associated manner.
And the second receiving module is used for receiving the unsecured code and inquiring the code type corresponding to the secure code.
And the second traversal module is used for carrying out code analysis on the unsecured codes to obtain a syntax tree corresponding to the unsecured codes and traversing the syntax tree corresponding to the unsecured codes to obtain second syntax logic corresponding to the unsecured codes.
And the third adjusting module is used for inquiring the associated adjusting strategy through the code type of the target code when the code type of the unsecured code is matched with the code type of the target code, and adjusting the second grammar logic through the adjusting strategy.
In one embodiment, the apparatus may further comprise:
and the third acquisition module is used for acquiring an original code file corresponding to the code to be obfuscated.
And the new building module is used for building a blank code file and mapping the original code file, the code to be obfuscated and the target code into the blank code file.
And the replacing module is used for replacing the codes to be obfuscated of the original code file in the blank code file through the target codes to obtain an obfuscated code file.
For specific limitations of the code obfuscating device, reference may be made to the above limitations of the code obfuscating method, which are not described in detail herein. The various modules in the code obfuscation apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing code data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a code obfuscation method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, there is provided a computer device comprising a memory storing a computer program and a processor implementing the following steps when the processor executes the computer program: receiving a code to be obfuscated, and performing code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated; traversing the syntax tree to obtain a first syntax logic of the syntax tree; acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic through the first logic confusion rule, and obtaining an adjusted target syntax tree according to the adjusted first syntax logic; and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
In one embodiment, after obtaining the adjusted target syntax tree according to the adjusted first syntax logic, the processor, when executing the computer program, may further include: acquiring a preset logic confusion rule, wherein the preset logic confusion rule comprises a first logic confusion rule and a second logic confusion rule, and acquiring the second logic confusion rule according to the preset logic confusion rule and the first logic confusion rule; adjusting the first syntax logic of the syntax tree according to a second logic confusion rule to obtain an adjusted backup syntax tree; generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree; and storing the backup code, and replacing the target code as the backup code when the safety level of the target code reaches the preset risk level.
In one embodiment, after the generating the object code corresponding to the code to be obfuscated according to the adjusted object syntax tree when the processor executes the computer program, the method may further include: obtaining an adjustment strategy of a first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode; and when the target code has an execution error in the running process, inquiring the associated regulation strategy through the target code, and restoring the target code according to the regulation strategy.
In one embodiment, after the storing the adjustment policy in association with the object code, which is implemented when the processor executes the computer program, the method may further include: acquiring a code type of a target code, and storing the code type and an adjustment strategy in an associated manner; receiving an unsecured code, and inquiring a code type corresponding to the unsecured code; analyzing the codes of the unsecured codes to obtain a syntax tree corresponding to the unsecured codes, and traversing the syntax tree corresponding to the unsecured codes to obtain a second syntax logic corresponding to the unsecured codes; and when the code type of the unsecured code is matched with the code type of the target code, inquiring the associated adjusting strategy through the code type of the target code, and adjusting the second grammar logic through the adjusting strategy.
In one embodiment, the processor, when executing the computer program, further performs the steps of: acquiring an original code file corresponding to a code to be obfuscated; newly building a blank code file, and mapping the original code file, the code to be obfuscated and the target code into the blank code file; and replacing the codes to be obfuscated of the original code file in the blank code file by the target codes to obtain an obfuscated code file.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving a code to be obfuscated, and performing code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated; traversing the syntax tree to obtain a first syntax logic of the syntax tree; acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic through the first logic confusion rule, and obtaining an adjusted target syntax tree according to the adjusted first syntax logic; and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
In one embodiment, after obtaining the adjusted target syntax tree according to the adjusted first syntax logic, the computer program when executed by the processor may further include: acquiring a preset logic confusion rule, wherein the preset logic confusion rule comprises a first logic confusion rule and a second logic confusion rule, and acquiring the second logic confusion rule according to the preset logic confusion rule and the first logic confusion rule; adjusting the first syntax logic of the syntax tree according to a second logic confusion rule to obtain an adjusted backup syntax tree; generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree; and storing the backup code, and replacing the target code as the backup code when the safety level of the target code reaches the preset risk level.
In one embodiment, after the generating the object code corresponding to the code to be obfuscated according to the adjusted object syntax tree, when the computer program is executed by the processor, the method may further include: obtaining an adjustment strategy of a first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode; and when the target code has an execution error in the running process, inquiring the associated regulation strategy through the target code, and restoring the target code according to the regulation strategy.
In one embodiment, storing the adjustment policy in association with the object code, when the computer program is executed by the processor, may further include: acquiring a code type of a target code, and storing the code type and an adjustment strategy in an associated manner; receiving an unsecured code, and inquiring a code type corresponding to the unsecured code; analyzing the codes of the unsecured codes to obtain a syntax tree corresponding to the unsecured codes, and traversing the syntax tree corresponding to the unsecured codes to obtain a second syntax logic corresponding to the unsecured codes; and when the code type of the unsecured code is matched with the code type of the target code, inquiring the associated adjusting strategy through the code type of the target code, and adjusting the second grammar logic through the adjusting strategy.
In one embodiment, the computer program when executed by the processor further performs the steps of: acquiring an original code file corresponding to a code to be obfuscated; newly building a blank code file, and mapping the original code file, the code to be obfuscated and the target code into the blank code file; and replacing the codes to be obfuscated of the original code file in the blank code file by the target codes to obtain an obfuscated code file.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A method of code obfuscation, the method comprising:
receiving a code to be obfuscated, and performing code analysis on the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated;
traversing the syntax tree to obtain a first syntax logic of the syntax tree;
acquiring a corresponding first logic confusion rule according to the type of the first syntax logic, adjusting the first syntax logic through the first logic confusion rule, and acquiring an adjusted target syntax tree according to the adjusted first syntax logic;
and generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
2. The method of claim 1, wherein after obtaining the adjusted target syntax tree according to the adjusted first syntax logic, further comprising:
acquiring a preset logic confusion rule, wherein the preset logic confusion rule comprises the first logic confusion rule and a second logic confusion rule, and acquiring the second logic confusion rule according to the preset logic confusion rule and the first logic confusion rule;
adjusting the first syntax logic of the syntax tree according to the second logic confusion rule to obtain an adjusted backup syntax tree;
generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree;
and storing the backup code, and replacing the target code as the backup code when detecting that the safety level of the target code reaches a preset risk level.
3. The method according to claim 1, wherein after generating the target code corresponding to the code to be obfuscated according to the adjusted target syntax tree, the method further comprises:
obtaining an adjustment strategy of the first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode;
when the target code has an execution error in the running process, inquiring the associated adjusting strategy through the target code, and restoring the target code according to the adjusting strategy.
4. The method of claim 3, wherein after storing the adjustment policy in association with the object code, further comprising:
acquiring a code type of the target code, and storing the code type and the adjustment strategy in an associated manner;
receiving an unsecured code, and inquiring a code type corresponding to the unsecured code;
code analysis is carried out on the unsecured codes to obtain a syntax tree corresponding to the unsecured codes, and traversal is carried out on the syntax tree corresponding to the unsecured codes to obtain second syntax logic corresponding to the unsecured codes;
and when the code type of the unsecured code is matched with the code type of the target code, inquiring the associated adjusting strategy through the code type of the target code, and adjusting the second grammar logic according to the adjusting strategy.
5. The method of claim 1, further comprising:
acquiring an original code file corresponding to the code to be obfuscated;
newly building a blank code file, and mapping the original code file, the code to be obfuscated and the target code into the blank code file;
and replacing the codes to be obfuscated of the original code file in the blank code file by the target codes to obtain an obfuscated code file.
6. A code obfuscation apparatus, comprising:
the receiving module is used for receiving a code to be obfuscated and analyzing the code to be obfuscated to obtain a syntax tree corresponding to the code to be obfuscated;
the traversal module is used for traversing the syntax tree to obtain a first syntax logic of the syntax tree;
the first adjusting module is used for adjusting the first grammar logic according to the first logic confusion rule after acquiring the corresponding first logic confusion rule according to the type of the first grammar logic, and obtaining an adjusted target grammar tree according to the adjusted first grammar logic;
and the first code generation module is used for generating a target code corresponding to the code to be obfuscated according to the adjusted target syntax tree.
7. The apparatus of claim 6, wherein the apparatus comprises:
the obtaining module is used for obtaining a preset logic confusion rule, wherein the preset logic confusion rule comprises a first logic confusion rule and a second logic confusion rule, and the second logic confusion rule is obtained according to the preset logic confusion rule and the first logic confusion rule;
the second adjusting module is used for adjusting the first syntax logic of the syntax tree according to the second logic confusion rule to obtain an adjusted backup syntax tree;
the second code generation module is used for generating backup codes corresponding to the codes to be obfuscated according to the adjusted backup syntax tree;
and the storage module is used for storing the backup code and replacing the target code as the backup code when detecting that the safety level of the target code reaches a preset risk level.
8. The apparatus of claim 6, wherein the apparatus comprises:
the second storage module is used for obtaining an adjustment strategy of the first grammar logic according to the code to be obfuscated and the target code, and storing the adjustment strategy and the target code in a correlation mode;
and the restoring module is used for inquiring the associated adjusting strategy through the target code when the target code has an execution error in the running process, and restoring the target code according to the adjusting strategy.
9. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910746038.6A CN110647329A (en) | 2019-08-13 | 2019-08-13 | Code obfuscation method, apparatus, computer device and storage medium |
| PCT/CN2020/093622 WO2021027367A1 (en) | 2019-08-13 | 2020-05-30 | Code obfuscation method and apparatus, computer device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910746038.6A CN110647329A (en) | 2019-08-13 | 2019-08-13 | Code obfuscation method, apparatus, computer device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110647329A true CN110647329A (en) | 2020-01-03 |
Family
ID=69009560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910746038.6A Pending CN110647329A (en) | 2019-08-13 | 2019-08-13 | Code obfuscation method, apparatus, computer device and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110647329A (en) |
| WO (1) | WO2021027367A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111274057A (en) * | 2020-01-13 | 2020-06-12 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
| CN112269566A (en) * | 2020-11-03 | 2021-01-26 | 支付宝(杭州)信息技术有限公司 | Script generation processing method, device, equipment and system |
| WO2021027367A1 (en) * | 2019-08-13 | 2021-02-18 | 平安科技(深圳)有限公司 | Code obfuscation method and apparatus, computer device, and storage medium |
| CN113094031A (en) * | 2021-03-16 | 2021-07-09 | 上海晓途网络科技有限公司 | Factor generation method and device, computer equipment and storage medium |
| CN113158147A (en) * | 2021-03-24 | 2021-07-23 | 中国人民解放军战略支援部队信息工程大学 | Code obfuscation method based on parent fusion |
| CN117349803A (en) * | 2023-12-06 | 2024-01-05 | 浙江大学 | Code confusion method, device, electronic equipment and computer readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090235089A1 (en) * | 2008-03-12 | 2009-09-17 | Mathieu Ciet | Computer object code obfuscation using boot installation |
| CN104992083A (en) * | 2015-07-09 | 2015-10-21 | 广州视源电子科技股份有限公司 | Code obfuscation method and system for application |
| CN105354449A (en) * | 2015-11-04 | 2016-02-24 | 北京鼎源科技有限公司 | Scrambling and obfuscating method for Lua language and decryption method |
| CN108182358A (en) * | 2017-12-28 | 2018-06-19 | 江苏通付盾信息安全技术有限公司 | Document protection method, device, computing device and computer storage media |
| CN108595921A (en) * | 2018-03-22 | 2018-09-28 | 北京奇艺世纪科技有限公司 | Character string obscures method and apparatus in a kind of source code |
| CN108710787A (en) * | 2018-03-26 | 2018-10-26 | 江苏通付盾信息安全技术有限公司 | Code obfuscation method and device, computing device, computer storage media |
| CN109033764A (en) * | 2017-06-09 | 2018-12-18 | 腾讯科技(深圳)有限公司 | Antialiasing processing method and terminal, computer equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478785B (en) * | 2009-01-21 | 2010-08-04 | 华为技术有限公司 | Resource pool management system and signal processing method |
| CN110647329A (en) * | 2019-08-13 | 2020-01-03 | 平安科技(深圳)有限公司 | Code obfuscation method, apparatus, computer device and storage medium |
-
2019
- 2019-08-13 CN CN201910746038.6A patent/CN110647329A/en active Pending
-
2020
- 2020-05-30 WO PCT/CN2020/093622 patent/WO2021027367A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090235089A1 (en) * | 2008-03-12 | 2009-09-17 | Mathieu Ciet | Computer object code obfuscation using boot installation |
| CN104992083A (en) * | 2015-07-09 | 2015-10-21 | 广州视源电子科技股份有限公司 | Code obfuscation method and system for application |
| CN105354449A (en) * | 2015-11-04 | 2016-02-24 | 北京鼎源科技有限公司 | Scrambling and obfuscating method for Lua language and decryption method |
| CN109033764A (en) * | 2017-06-09 | 2018-12-18 | 腾讯科技(深圳)有限公司 | Antialiasing processing method and terminal, computer equipment |
| CN108182358A (en) * | 2017-12-28 | 2018-06-19 | 江苏通付盾信息安全技术有限公司 | Document protection method, device, computing device and computer storage media |
| CN108595921A (en) * | 2018-03-22 | 2018-09-28 | 北京奇艺世纪科技有限公司 | Character string obscures method and apparatus in a kind of source code |
| CN108710787A (en) * | 2018-03-26 | 2018-10-26 | 江苏通付盾信息安全技术有限公司 | Code obfuscation method and device, computing device, computer storage media |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021027367A1 (en) * | 2019-08-13 | 2021-02-18 | 平安科技(深圳)有限公司 | Code obfuscation method and apparatus, computer device, and storage medium |
| CN111274057A (en) * | 2020-01-13 | 2020-06-12 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
| CN111274057B (en) * | 2020-01-13 | 2021-07-06 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
| CN112269566A (en) * | 2020-11-03 | 2021-01-26 | 支付宝(杭州)信息技术有限公司 | Script generation processing method, device, equipment and system |
| CN113094031A (en) * | 2021-03-16 | 2021-07-09 | 上海晓途网络科技有限公司 | Factor generation method and device, computer equipment and storage medium |
| CN113094031B (en) * | 2021-03-16 | 2024-02-20 | 上海晓途网络科技有限公司 | Factor generation method, device, computer equipment and storage medium |
| CN113158147A (en) * | 2021-03-24 | 2021-07-23 | 中国人民解放军战略支援部队信息工程大学 | Code obfuscation method based on parent fusion |
| CN113158147B (en) * | 2021-03-24 | 2022-12-09 | 中国人民解放军战略支援部队信息工程大学 | Code obfuscation method based on parent fusion |
| CN117349803A (en) * | 2023-12-06 | 2024-01-05 | 浙江大学 | Code confusion method, device, electronic equipment and computer readable storage medium |
| CN117349803B (en) * | 2023-12-06 | 2024-03-19 | 浙江大学 | Code confusion method, device, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021027367A1 (en) | 2021-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110647329A (en) | Code obfuscation method, apparatus, computer device and storage medium | |
| CN110460571B (en) | Business system vulnerability processing method and device, computer equipment and storage medium | |
| CN110209652B (en) | Data table migration method, device, computer equipment and storage medium | |
| JP2020030866A (en) | Sensitive information processing method, device and server, and security determination system | |
| CN110572355A (en) | Webpage data monitoring method and device, computer equipment and storage medium | |
| CN110598380B (en) | User right management method, device, computer equipment and storage medium | |
| CN109413153B (en) | Data crawling method and device, computer equipment and storage medium | |
| CN108365958B (en) | Account login verification method and device, computer equipment and storage medium | |
| CN109657177A (en) | The generation method of the page, device, storage medium and computer equipment after upgrading | |
| WO2021120628A1 (en) | Blockchain-based sensitive word detection method and apparatus, computer device and computer-readable storage medium | |
| CN110750750A (en) | Webpage generation method and device, computer equipment and storage medium | |
| CN110659297A (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN112528201A (en) | Method and device for calling third-party platform, computer equipment and storage medium | |
| CN112507729A (en) | Method and device for translating text in page, computer equipment and storage medium | |
| CN113472803A (en) | Vulnerability attack state detection method and device, computer equipment and storage medium | |
| US11405374B2 (en) | System and method for automatic mitigation of leaked credentials in computer networks | |
| CN111125748A (en) | Judgment method and device for unauthorized query, computer equipment and storage medium | |
| CN111683083B (en) | Block chain user identity authentication method, device, equipment and medium | |
| CN108848165B (en) | Service request processing method and device, computer equipment and storage medium | |
| CN110597782B (en) | Database dynamic switching method and device, computer equipment and storage medium | |
| CN111008377A (en) | Account monitoring method and device, computer equipment and storage medium | |
| CN110460585B (en) | Equipment identity identification method and device, computer equipment and storage medium | |
| CN108959486B (en) | Audit field information acquisition method and device, computer equipment and storage medium | |
| CN109656948B (en) | Bitmap data processing method and device, computer equipment and storage medium | |
| CN105653948A (en) | Method and device for preventing malicious operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |