CN110866226A - JAVA application software copyright protection method based on encryption technology - Google Patents

Abstract

The invention discloses a JAVA application software copyright protection method based on encryption technology, belonging to the technical field of information security, and comprising an information encryption authorization module, a software starting module and a software operation protection center; the information encryption authorization module completes encryption of application software codes (CLASS files), adopts application software operation server hardware information (main board serial number \ CPU serial number) for encryption authorization and generates anti-tampering verification codes for the software JAR package; the software starting module is used for realizing the decryption of application software codes and the loading of classes and finishing the verification of the authorization information; the software operation protection center realizes the operation registration of authorized application software and prevents illegal software from DUMP related codes in the memory of the JVM by tracking the operating application software. The method disclosed by the invention can be used for protecting piracy and destruction in a storage stage, a loading starting stage and an operating stage of the JAVA application software in multiple directions, and the copyright of the JAVA application software is effectively protected.

Description

JAVA application software copyright protection method based on encryption technology

Technical Field

The invention relates to a method for preventing JAVA application software from cracking and pirating, in particular to a systematized JAVA application software copyright protection method based on an encryption technology, belonging to the technical field of information security.

Background

Through the development of many years, the Java language is widely applied to the fields of Internet, big data, Android development and the like, the development efficiency is high, the cross-platform performance, the stability and the expandability are strong, and the Java language is also a common solution for large Internet platforms. However, since the Java language is compiled into bytecode and interpreted by the JVM, illegal decompilation is prevented, and product copyright protection developed by the Java language is a problem to be solved urgently.

At present, the main method for preventing illegal decompilation of Java codes is to mix up compiled codes, so that the decompilated codes become confused and unintelligible, but only the difficulty of reverse engineering is increased, and the problem of piracy is still not facilitated; another major method to prevent illegal decompilation of Java code is to encrypt the CLASS file, which is effective to prevent hard decryption, but cannot prevent export decompilation of CLASS during CLASS loading and loading into the JVM memory.

Disclosure of Invention

The invention aims to provide a method for protecting the copyright of JAVA application software based on an encryption technology, which solves the problems that the conventional JAVA application software is cracked and pirated by inverse compiling and reverse engineering.

In order to achieve the purpose, the invention adopts the following technical scheme:

a JAVA application software copyright protection method based on encryption technology comprises the following steps:

step 1: establishing a server for deploying application software and a data center for collecting and analyzing information of the server;

the data center is deployed in an application software operation tracking protection center;

the data center collects hardware information of a server deployed by application software, wherein the hardware information comprises a mainboard serial number and a CPU serial number and is used as subsequent encryption authorization basic data;

step 2: the data center encrypts a CLASS file in an application software JAR package to generate an application software release JAR package, generates a file verification code of the application software JAR package, and makes an application software authorization certificate, wherein the certificate content comprises encrypted server hardware information, application software validity period information, a software encryption key, a client account number, a starting password and a software file verification code;

and step 3: establishing a software starting module in a server for deploying application software, wherein the software starting module is used for application software running registration, software decryption authorization verification and custom class loading decryption;

and 4, step 4: the data center monitors the running state of the registered application software in real time and prevents illegal software from being linked to the protected application software process to acquire the JVM memory byte code data.

Preferably, when step 2 is executed, the software authorization encryption process includes the following steps:

step A1: DES encryption is carried out through C language, a secret key is stored in a binary code file, and the tool is used for encrypting the hardware information, the software validity period information and the software version description information and storing the encrypted information in an authorization certificate;

step A2: encrypting the JAR packet of the application software through C + JAVA, reading a CLASS file in the JAR packet of the application software through JAVA language, realizing that a dynamic library completes the encryption function of the CLASS file through JNI by utilizing C language, encrypting a key DES encrypted by the JAR packet of the application software and then storing the encrypted key DES in an authorization certificate;

step A3: and the JAR package of the application software to be issued generates a verification code by using MD5, the verification code DES is encrypted and then stored in the authorization certificate, and meanwhile, the JAR package of the JAVA virtual machine issued together generates the verification code DES by using MD5 and then is encrypted and then stored in the authorization certificate.

Preferably, when step 3 is executed, the processing method of the software startup module includes the following steps:

step B1: acquiring the hardware information, a JAR (java application file) package of application software to be started and a JVM (java virtual machine) to generate an MD5 verification code, reading authorization ciphertext information DES in an authorization certificate, decrypting, comparing and checking, and starting to run after checking passes;

step B2: generating a software decryption authorization dynamic password, starting a JAVA virtual machine JVM, and transmitting operating parameters: JAR package path and name, JVM parameters include: a ReduceSignalUsage parameter, a DisenablAttachMechanism parameter, hardware information in a ciphertext form, a software decryption key and a decryption authorization dynamic password, wherein the ReduceSignalUsage parameter ignores SIGHUP \ SIGING \ SIGTETM signal, and the DisenablAttachMechanism parameter prohibits a tool from being connected to the JVM parameter;

step B3: sending application software process PID, application software name, software operation validity period, timestamp and decryption authorization dynamic password to a data center for registration;

step B4: and establishing a CLASS loader in the software starting module, wherein a decryption dynamic link library in the CLASS loader acquires a decryption authorization dynamic password, a timestamp and an application software process PID transmitted by the starting module, then transmits the decryption authorization dynamic password, the timestamp and the application software process PID to a data center to verify the decryption authorization dynamic password registered by the starting module, decrypts the CLASS file in the JAR packet by acquiring a corresponding software decryption authority and loads the CLASS file to the JAVA virtual machine.

Preferably, when step 4 is executed, the processing of the data center includes the following steps:

step C1: receiving a decryption authorization request from a decryption dynamic library in the class loader, and authorizing after authenticating;

step C2: receiving a heartbeat request from the application software during running, forcibly killing the application software process if the heartbeat request of the registered application software is not received after overtime, and automatically quitting if the heartbeat request of the application software does not receive a response;

the heartbeat request is encrypted data;

step C3: after receiving a registration request from a software starting module, starting a process to track the application JVM process, preventing other illegal processes from being linked to the application JVM process to perform illegal operation, and when the tracking process is maliciously terminated, an application software running tracking protection center can kill the tracked application software process in time;

step C4: the data center periodically checks the running application software, and the application software process is immediately terminated when the validity period of the application software is found to be over.

The invention relates to a method for protecting JAVA application software copyright based on encryption technology, which solves the problems that the existing JAVA application software is cracked and pirated by decompiling reverse engineering, and uses a byte encryption algorithm to encrypt a CLASS file in a JAR packet of release software to prevent hard decryption; a starting module (written in C language) acquires hardware information of the operating server, reads an authorization certificate to complete starting authorization verification, and then performs application software operation registration; the class loader can not be encrypted, the class loader is prevented from being changed by the set through the verification code, and a decryption dynamic library in the class loader completes decryption authorization by transmitting a dynamic password transmitted by a starting module to an application software operation tracking protection center; the application software running tracking protection center tracks the process which is registered to run, prevents other illegal processes from linking (attach) to the application software process, and performs DUMP operation. The method protects the JAVA application software from a plurality of directions, and well protects the copyright of the JAVA application software.

Drawings

FIG. 1 is a functional block diagram of the present invention;

FIG. 2 is a start-up flow diagram of the present invention;

FIG. 3 is a timing diagram of the communication protocol between software modules according to the present invention.

Detailed Description

In order to make the technical solutions of the present invention more clear and definite for those skilled in the art, the following describes the present invention in further detail by implementing the Linux system with the attached drawings, but the embodiments of the present invention are not limited thereto

As shown in fig. 1-3, a JAVA application copyright protection method based on encryption technology includes the following steps:

step 1: establishing a server for deploying application software and a data center for collecting and analyzing information of the server;

the data center is deployed in an application software operation tracking protection center;

the data center collects hardware information of a server deployed by application software, wherein the hardware information comprises a mainboard serial number and a CPU serial number and is used as subsequent encryption authorization basic data;

the hardware information also includes a MAC address;

step 2: the data center encrypts a CLASS file in an application software JAR package to generate an application software release JAR package, generates a file verification code of the application software JAR package, and makes an application software authorization certificate, wherein the certificate content comprises encrypted server hardware information, application software validity period information, a software encryption key, a client account number, a starting password and a software file verification code;

and step 3: establishing a software starting module in a server for deploying application software, wherein the software starting module is used for application software running registration, software decryption authorization verification and custom class loading decryption;

in this embodiment, when step 1 is executed, the server hardware information used by the client for deploying the application software is completed by the starting module, the starting module acquires the server hardware information (the motherboard serial number and the CPU serial number) and verifies the authorization certificate before starting the application software, and if the verification fails, the user is informed to send the server hardware information to the application software issuer to make the authorization certificate.

In this embodiment, when step 2 is executed, the encryption algorithm of the CLASS file of the JAR packet of the application software is encrypted by using a single byte, which has the advantages of simple algorithm and high encryption and decryption speed. Algorithm function form: f (b), (i), k (j)) c, converting the byte into another byte by the function, k (j) being the j-th character of the key string, decryption being the inverse of the function.

In this embodiment, the MD5 is used to generate the file verification code of the JAR package of application software, and the DES encryption algorithm is used to encrypt the file verification code, the JAR package encryption key of application software, the server hardware information, the software expiration date, and the start account password and store them in the authorization certificate.

When the step 3 is executed, the software starting module firstly verifies the account number password, then verifies the authorization certificate, acquires the hardware information of the current server and the server time, reads the encrypted data of the software authorization certificate, verifies the encrypted data after decryption, and the MD5 generates the verification code of the JAR packet of the current start and verifies the verification code in the authorization certificate;

after the software starts the authorization verification and passes, generating the software decryption authorization dynamic password, reading the software operating parameters in the authorization certificate, including: JAVA virtual machine configuration, software JAR package configuration, an operation log file, a software decryption key (ciphertext) and machine hardware information, and a starting command is executed to transmit the parameters and a decryption authorization dynamic password;

after the application software is started, software running registration is carried out, and a software decryption authorization dynamic password, a timestamp, an application software PID and an application software name are sent to a data center of an application software running tracking protection center for registration;

the CLASS loader reads CLASS file streams to be loaded by the JAR package of the application software, a software decryption key (ciphertext), machine hardware information, an application software name and a decryption authorization dynamic password and transmits the CLASS file streams, the software decryption key (ciphertext), the machine hardware information, the application software name and the decryption authorization dynamic password to the decryption dynamic link library through JNI;

the decryption dynamic link library acquires application software PID, a timestamp and a decryption authorization dynamic password one and sends the application software PID, the timestamp and the decryption authorization dynamic password one to an application software operation protection center, the protection center receives decryption authorization request data and verifies the data registered by the starting module, and decryption authority is successfully granted after verification; and after the decryption dynamic link library obtains the decryption authority, the machine hardware information is used for extracting a key decryption software decryption key (ciphertext), and the software decryption key (plaintext) is obtained to decrypt the encrypted CLASS file byte stream.

And 4, step 4: the data center monitors the running state of the registered application software in real time and prevents illegal software from being linked to the protected application software process to acquire the JVM memory byte code data.

Preferably, when step 2 is executed, the software authorization encryption process includes the following steps:

step A1: DES encryption is carried out through C language, a secret key is stored in a binary code file, and the tool is used for encrypting the hardware information, the software validity period information and the software version description information and storing the encrypted information in an authorization certificate;

step A2: encrypting the JAR packet of the application software through C + JAVA, reading a CLASS file in the JAR packet of the application software through JAVA language, realizing that a dynamic library completes the encryption function of the CLASS file through JNI by utilizing C language, encrypting a key DES encrypted by the JAR packet of the application software and then storing the encrypted key DES in an authorization certificate;

step A3: and the JAR package of the application software to be issued generates a verification code by using MD5, the verification code DES is encrypted and then stored in the authorization certificate, and meanwhile, the JAR package of the JAVA virtual machine issued together generates the verification code DES by using MD5 and then is encrypted and then stored in the authorization certificate.

Preferably, when step 3 is executed, the processing method of the software startup module includes the following steps:

step B1: acquiring the hardware information, a JAR (java application file) package of application software to be started and a JVM (java virtual machine) to generate an MD5 verification code, reading authorization ciphertext information DES in an authorization certificate, decrypting, comparing and checking, and starting to run after checking passes;

step B2: generating a software decryption authorization dynamic password, starting a JAVA virtual machine JVM, and transmitting operating parameters: JAR package path and name, JVM parameters include: a ReduceSignalUsage parameter, a DisenablAttachMechanism parameter, hardware information in a ciphertext form, a software decryption key and a decryption authorization dynamic password, wherein the ReduceSignalUsage parameter ignores SIGHUP \ SIGING \ SIGTETM signal, and the DisenablAttachMechanism parameter prohibits a tool from being connected to the JVM parameter;

step B3: sending application software process PID, application software name, software operation validity period, timestamp and decryption authorization dynamic password to a data center for registration;

step B4: and establishing a CLASS loader in the software starting module, wherein a decryption dynamic link library in the CLASS loader acquires a decryption authorization dynamic password, a timestamp and an application software process PID transmitted by the starting module, then transmits the decryption authorization dynamic password, the timestamp and the application software process PID to a data center to verify the decryption authorization dynamic password registered by the starting module, decrypts the CLASS file in the JAR packet by acquiring a corresponding software decryption authority and loads the CLASS file to the JAVA virtual machine.

Preferably, when step 4 is executed, the processing of the data center includes the following steps:

step C1: receiving a decryption authorization request from a decryption dynamic library in the class loader, and authorizing after authenticating;

and receiving an operation registration request packet (ciphertext) of the starting module for decryption, searching a software operation list (each item in the list describes the name, process ID, operation state, heartbeat time, software validity period and software decryption authorization dynamic password of the operation software), checking a timestamp, and updating the software operation list item.

As shown in fig. 3, the data of the communication protocol is completely encrypted, so as to prevent the communication data from being leaked and altered; the time stamp prevents intercepted playback of the protocol packet data.

Step C2: receiving a heartbeat request from the application software during running, forcibly killing the application software process if the heartbeat request of the registered application software is not received after overtime, and automatically quitting if the heartbeat request of the application software does not receive a response;

the heartbeat request is encrypted data;

and receiving a decryption authorization request packet (ciphertext) of a decryption dynamic library in class loading, decrypting to obtain a software name, a process ID, a timestamp and a decryption authorization dynamic password, verifying the timestamp and the decryption authorization dynamic password, and updating a software running list item by granting a software decryption authority.

After the application software starts to run, a heartbeat packet (ciphertext) is sent to the application software tracking protection center at regular time, the process ID is obtained after decryption, the protection center updates the software running list and returns a heartbeat response, if the application software does not obtain the heartbeat response after overtime, the protection center automatically quits, scans the software running list at regular time, and the application software process which is not updated after the overtime is forcibly killed.

Step C3: after receiving a registration request from a software starting module, starting a process to track the application JVM process, preventing other illegal processes from being linked to the application JVM process to perform illegal operation, and when the tracking process is maliciously terminated, an application software running tracking protection center can kill the tracked application software process in time;

after the application software starts to run, the protection center starts a tracking thread for each registered running application software, the tracking thread starts a strand pid l inux command to prevent other illegal processes from entering the application software process, when the strand process is forcibly terminated, the tracking thread exits and kills the tracked application software process, and when the application software exits from running, the tracking thread stops tracking and exiting.

Step C4: the data center periodically checks the application software registered in operation, and immediately terminates the application software process when finding that the validity period of the application software exceeds the validity period of the application software;

the application software tracking protection center periodically scans the JVMTI tool and hidden processes on the server.

The above description is only for the purpose of illustrating the present invention and is not intended to limit the scope of the present invention, and any person skilled in the art can substitute or change the technical solution of the present invention and its conception within the scope of the present invention.

Claims (4)

1. A JAVA application software copyright protection method based on encryption technology is characterized in that: the method comprises the following steps:

step 1: establishing a server for deploying application software and a data center for collecting and analyzing information of the server;

the data center is deployed in an application software operation tracking protection center;

the data center collects hardware information of a server deployed by application software, wherein the hardware information comprises a mainboard serial number and a CPU serial number and is used as subsequent encryption authorization basic data;

step 2: the data center encrypts a CLASS file in an application software JAR package to generate an application software release JAR package, generates a file verification code of the application software JAR package, and makes an application software authorization certificate, wherein the certificate content comprises encrypted server hardware information, application software validity period information, a software encryption key, a client account number, a starting password and a software file verification code;

and step 3: establishing a software starting module in a server for deploying application software, wherein the software starting module is used for application software running registration, software decryption authorization verification and custom class loading decryption;

and 4, step 4: the data center monitors the running state of the registered application software in real time and prevents illegal software from being linked to the protected application software process to acquire the JVM memory byte code data.

2. The JAVA application software copyright protection method based on encryption technology as claimed in claim 1, wherein: when step 2 is executed, the software authorization encryption process comprises the following steps:

step A1: DES encryption is carried out through C language, a secret key is stored in a binary code file, and the tool is used for encrypting the hardware information, the software validity period information and the software version description information and storing the encrypted information in an authorization certificate;

step A2: encrypting the JAR packet of the application software through C + JAVA, reading a CLASS file in the JAR packet of the application software through JAVA language, realizing that a dynamic library completes the encryption function of the CLASS file through JNI by utilizing C language, encrypting a key DES encrypted by the JAR packet of the application software and then storing the encrypted key DES in an authorization certificate;

step A3: and the JAR package of the application software to be issued generates a verification code by using MD5, the verification code DES is encrypted and then stored in the authorization certificate, and meanwhile, the JAR package of the JAVA virtual machine issued together generates the verification code DES by using MD5 and then is encrypted and then stored in the authorization certificate.

3. The JAVA application software copyright protection method based on encryption technology as claimed in claim 2, wherein: when step 3 is executed, the processing method of the software starting module comprises the following steps:

step B1: acquiring the hardware information, a JAR (java application file) package of application software to be started and a JVM (java virtual machine) to generate an MD5 verification code, reading authorization ciphertext information DES in an authorization certificate, decrypting, comparing and checking, and starting to run after checking passes;

step B2: generating a software decryption authorization dynamic password, starting a JAVA virtual machine JVM, and transmitting operating parameters: JAR package path and name, JVM parameters include: a ReduceSignalUsage parameter, a DisenablAttachMechanism parameter, hardware information in a ciphertext form, a software decryption key and a decryption authorization dynamic password, wherein the ReduceSignalUsage parameter ignores SIGHUP \ SIGING \ SIGTETM signal, and the DisenablAttachMechanism parameter prohibits a tool from being connected to the JVM parameter;

step B3: sending application software process PID, application software name, software operation validity period, timestamp and decryption authorization dynamic password to a data center for registration;

step B4: and establishing a CLASS loader in the software starting module, wherein a decryption dynamic link library in the CLASS loader acquires a decryption authorization dynamic password, a timestamp and an application software process PID transmitted by the starting module, then transmits the decryption authorization dynamic password, the timestamp and the application software process PID to a data center to verify the decryption authorization dynamic password registered by the starting module, decrypts the CLASS file in the JAR packet by acquiring a corresponding software decryption authority and loads the CLASS file to the JAVA virtual machine.

4. The method for protecting the copyright of the JAVA application software based on the encryption technology as claimed in claim 3, wherein: in performing step 4, the processing of the data center includes the steps of:

step C1: receiving a decryption authorization request from a decryption dynamic library in the class loader, and authorizing after authenticating;

step C2: receiving a heartbeat request from the application software during running, forcibly killing the application software process if the heartbeat request of the registered application software is not received after overtime, and automatically quitting if the heartbeat request of the application software does not receive a response;

the heartbeat request is encrypted data;

step C3: after receiving a registration request from a software starting module, starting a process to track the application JVM process, preventing other illegal processes from being linked to the application JVM process to perform illegal operation, and when the tracking process is maliciously terminated, an application software running tracking protection center can kill the tracked application software process in time;

step C4: the data center periodically checks the running application software, and the application software process is immediately terminated when the validity period of the application software is found to be over.

Images