CN111190604A - Android application memory confusion method and device, electronic equipment and medium - Google Patents
Android application memory confusion method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN111190604A CN111190604A CN201911400569.6A CN201911400569A CN111190604A CN 111190604 A CN111190604 A CN 111190604A CN 201911400569 A CN201911400569 A CN 201911400569A CN 111190604 A CN111190604 A CN 111190604A
- Authority
- CN
- China
- Prior art keywords
- register
- stack
- address
- redundant
- pointing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 125000004122 cyclic group Chemical group 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 6
- 101100166068 Schizosaccharomyces pombe (strain 972 / ATCC 24843) arg5 gene Proteins 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30098—Register arrangements
- G06F9/3012—Organisation of register space, e.g. banked or distributed register file
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses an android application memory obfuscation method, device, electronic equipment and medium, wherein the method comprises the following steps: step 1: acquiring an assembly code of the android application program in a local program library; step 2: decompiling the so file storing the assembly code to obtain an assembly program; and step 3: filling a stack-in instruction for adding a redundant register in an assembler; and 4, step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address. According to the method, any number of registers can be compiled by one instruction in an ARM system, the data in the stack is shifted by adding an additional redundancy register to shift the stack data, so that an intruder can hardly predict the data position in the stack, privacy data can be protected, introduction of malicious codes is avoided, and meanwhile, the method is realized based on an assembler, other instructions do not need to be added, and the size of the program cannot be increased.
Description
Technical Field
The invention belongs to the technical field of android compiling under an ARM platform, and particularly relates to an android application memory obfuscation method based on stack randomization.
Background
In the android system, when an intruder installs a local copy of an application program on a target system, the location of the program in memory can be obtained. In general, private data (such as a password or identity information) of a user is stored in a stack in the form of a local variable, so that an intruder can acquire the local variable by using a technique such as dynamic debugging as long as the intruder knows the position of the local variable in the stack. In addition, if the application program has buffer overflow, the intruder can execute malicious code by rewriting local variables in the stack or replacing function return addresses.
Therefore, an application memory obfuscation method of the android system based on the ARM platform, which can protect the application program security, is particularly needed.
Disclosure of Invention
In view of the above, the invention provides a stack randomization-based android application memory obfuscation method, device, electronic device and medium, which at least solve the problem that an android system application program based on an ARM platform in the prior art is not secure.
In a first aspect, the present invention provides a stack randomization-based android application memory obfuscation method, including: step 1: acquiring an assembly code of the android application program in a local program library; step 2: decompiling the so file storing the assembly code to obtain an assembly program; and step 3: filling a stack-in instruction for adding a redundant register in the assembler; and 4, step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
Preferably, the step 4 comprises: when the pointing address of the stack pointer is data, adding the data and the number of redundant registers added before the data to be used as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
Preferably, the stack entry instruction for adding the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all in front of the link register.
Preferably, the added plurality of redundancy registers are located at any position in front of the link register.
Preferably, the assembly code comprises an apk file storage mode and an apk file storage mode, and when the assembly code is in the apk file storage mode, the apk file is decompressed to obtain the so file.
In a second aspect, the present invention also provides an electronic device, including: a memory storing executable instructions; the processor runs the executable instructions in the memory to realize the android application memory obfuscation method based on stack randomization.
In a third aspect, the present invention further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for obfuscating an android application memory based on stack randomization is implemented.
In a fourth aspect, the present invention further provides an android application memory obfuscation apparatus based on stack randomization, including: an acquisition module: acquiring an assembly code of the android application program in a local program library; a disassembling module: decompiling the so file storing the assembly code to obtain an assembly program; a filling module: filling a stack-in instruction for adding a redundant register in the assembler; a calculation module: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
Preferably, the calculation module is configured to perform the following steps: when the pointing address of the stack pointer is data, adding the data and the number of redundant registers added before the data to be used as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
Preferably, the stack entry instruction for adding the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all in front of the link register.
The invention has the beneficial effects that: according to the android application memory obfuscation method based on stack randomization, an ARM system is utilized, one instruction can write any number of registers, the stack data can be shifted by adding an additional redundancy register, and the data in the stack are shifted, so that an intruder can hardly predict the data position in the stack, privacy data can be protected, introduction of malicious codes is avoided, meanwhile, the method is realized based on an assembler, other instructions do not need to be added, the method is simple to realize, and the size of a program cannot be increased.
The present invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
FIG. 1 shows a flowchart of an android application memory obfuscation method based on stack randomization, according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a stack state after adding redundant registers for a stack randomization-based memory obfuscation method for android applications, according to an embodiment of the present invention.
FIG. 3 is a block diagram of an android application memory obfuscation device based on stack randomization according to an embodiment of the present invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the following describes preferred embodiments of the present invention, it should be understood that the present invention may be embodied in various forms and should not be limited by the embodiments set forth herein.
The invention provides an android application memory obfuscation method based on stack randomization, which comprises the following steps: the method comprises the following steps: step 1: acquiring an assembly code of the android application program in a local program library; step 2: decompiling the so file storing the assembly code to obtain an assembly program; and step 3: filling a stack-in instruction for adding a redundant register in an assembler; and 4, step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
Specifically, the implementation is realized by adding an additional register to an assembly code program of a local database of an Android (Android) application program under the armv7-a architecture, and the specific process is as follows: acquiring an assembly code of an Android application program in a local database, wherein the assembly code has two storage conditions: the first is known source code: a C/C + + file with a compiled source code generates a file with an extension name of so; another is only. apk file: decompressing the apk file through an archive program or obtaining a library by using apktool to obtain the file of so; then, decompiling the so file by using a decompiling tool to obtain an assembly program; filling a stack-entering instruction for adding a redundant register in an assembler, adding the redundant register to a stack, and adding the redundant register to any position in front of an lr register (a connection register) of the stack; in the assembler, when the stack pointer points to the address to read the data, a new offset address is calculated based on the stack pointer pointing to the address and the added redundancy register, and the data stored in the new offset address is read. The method can be applied to any operating system supporting an ARM architecture.
According to an exemplary implementation mode, the stack randomization-based android application memory obfuscation method utilizes the characteristic that one instruction in an ARM system can write any number of registers, stack data can be shifted by adding an additional redundant register, and data in a stack are shifted, so that an intruder can hardly predict the position of the data in the stack, privacy data can be protected, introduction of malicious codes is avoided, meanwhile, the method is implemented based on an assembler, other instructions do not need to be added, the method is simple to implement, and the size of a program cannot be increased.
Preferably, step 4 comprises: when the pointing address of the stack pointer is data, adding the data to the number of redundant registers added before the data to serve as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
Specifically, when the address pointed by the stack pointer sp is data, for example, # pos, that is, for an assembler instruction accessing an address according to [ sp, # pos ], the data stored at the address pointed by the stack pointer sp is directly read before the redundant register is added, and after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored at the original address pointed by the stack pointer. The new offset address is the address pointed to by the original stack pointer plus the number of redundant registers newly added before the pointed address, by which the new offset address, i.e. the new # new _ pos, reads the data stored with the pointed address pointed to by the original stack pointer.
When the stack register is stored in the first register, that is, for the situation of the instructions mov ra and sp, before the redundant register is not added, the directing address of ra is obtained, that is, the data stored in the directing address of ra is directly read according to the assembling instruction of [ ra, # pos ] access address, after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored in the original directing address of the stack pointer. The new offset address is the new offset address obtained by adding the number of the redundant registers newly added before the ra pointer points to the address by the original ra pointer, i.e. the new # new _ pos reads the data stored with the original stack pointer pointing address.
When the stack register is stored in the first register, the first register is stored in the second register, the second register is stored in the third register, and … corresponds to instructions of mov ra, sp; movrb, ra; …, respectively; when the mov ry, rz, i.e. the pointing address of the stack pointer, is cyclic addressing, for the situation of the last storage instruction, i.e. mov ry, rz, before the redundant register is not added, the pointing address of ry is obtained, i.e. the data stored in the pointing address of ry is directly read according to the [ ry, # pos ] assembly instruction of the access address, after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated, so that the data stored in the original pointing address of the stack pointer can be obtained. The new offset address is the new offset address obtained by adding the number of the redundant registers newly added before the ry pointer points to the address by the original ry pointer, namely, the new # new _ pos reads the data stored with the original stack pointer pointing address.
Preferably, the stack-in instruction for adding the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all in front of the link register.
Preferably, the added redundant registers are located at any position in front of the link registers.
Preferably, the assembly code comprises an apk file storage mode and an apk file storage mode, and when the assembly code is in the apk file storage mode, the apk file is decompressed to obtain the so file.
The present invention also provides an electronic device, comprising: a memory storing executable instructions; and the processor runs the executable instructions in the memory to realize the android application memory obfuscation method based on the stack randomization.
The present invention also provides a computer-readable storage medium storing a computer program, which when executed by a processor implements the above-mentioned android application memory obfuscation method based on stack randomization.
The invention also provides an android application memory obfuscation device based on stack randomization, which is characterized by comprising the following steps: an acquisition module: acquiring an assembly code of the android application program in a local program library; a disassembling module: decompiling the so file storing the assembly code to obtain an assembly program; a filling module: filling a stack-in instruction for adding a redundant register in an assembler; a calculation module: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
The method is realized by adding an extra register to an assembly code program of a local database of an Android (Android) application program under an armv7-a architecture, and comprises the following specific steps: acquiring an assembly code of an Android application program in a local database, wherein the assembly code has two storage conditions: the first is known source code: a C/C + + file with a compiled source code generates a file with an extension name of so; another is only. apk file: decompressing the apk file through an archive program or obtaining a library by using apktool to obtain the file of so; then, decompiling the so file by using a decompiling tool to obtain an assembly program; filling a stack-entering instruction for adding a redundant register in an assembler, adding the redundant register to a stack, and adding the redundant register to any position in front of an lr register (a connection register) of the stack; in the assembler, when the stack pointer points to the address to read the data, a new offset address is calculated based on the stack pointer pointing to the address and the added redundancy register, and the data stored in the new offset address is read. The device can be applied to any operation system supporting an ARM architecture.
Preferably, the calculation module is configured to perform the following steps: when the pointing address of the stack pointer is data, adding the data to the number of redundant registers added before the data to serve as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
Specifically, when the address pointed by the stack pointer sp is data, for example, # pos, that is, for an assembler instruction accessing an address according to [ sp, # pos ], the data stored at the address pointed by the stack pointer sp is directly read before the redundant register is added, and after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored at the original address pointed by the stack pointer. The new offset address is the address pointed to by the original stack pointer plus the number of redundant registers newly added before the pointed address, by which the new offset address, i.e. the new # new _ pos, reads the data stored with the pointed address pointed to by the original stack pointer.
When the stack register is stored in the first register, that is, for the situation of the instructions mov ra and sp, before the redundant register is not added, the directing address of ra is obtained, that is, the data stored in the directing address of ra is directly read according to the assembling instruction of [ ra, # pos ] access address, after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored in the original directing address of the stack pointer. The new offset address is the new offset address obtained by adding the number of the redundant registers newly added before the ra pointer points to the address by the original ra pointer, i.e. the new # new _ pos reads the data stored with the original stack pointer pointing address.
When the stack register is stored in the first register, the first register is stored in the second register, the second register is stored in the third register, and … corresponds to instructions of mov ra, sp; movrb, ra; …, respectively; when the mov ry, rz, i.e. the pointing address of the stack pointer, is cyclic addressing, for the situation of the last storage instruction, i.e. mov ry, rz, before the redundant register is not added, the pointing address of ry is obtained, i.e. the data stored in the pointing address of ry is directly read according to the [ ry, # pos ] assembly instruction of the access address, after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated, so that the data stored in the original pointing address of the stack pointer can be obtained. The new offset address is the new offset address obtained by adding the number of the redundant registers newly added before the ry pointer points to the address by the original ry pointer, namely, the new # new _ pos reads the data stored with the original stack pointer pointing address.
Preferably, the stack-in instruction for adding the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all in front of the link register.
Preferably, the added redundant registers are located at any position in front of the link registers.
Preferably, the assembly code comprises an apk file storage mode and an apk file storage mode, and when the assembly code is in the apk file storage mode, the apk file is decompressed to obtain the so file.
Specifically, assembly code has two storage cases: the first is known source code: a C/C + + file with a compiled source code generates a file with an extension name of so; another is only. apk file: and decompressing the apk file through an archive program or acquiring the library by using the apktool to acquire the file of the so.
Example one
FIG. 1 shows a flowchart of an android application memory obfuscation method based on stack randomization, according to an embodiment of the present invention. FIG. 2 is a diagram illustrating a stack state after adding redundant registers for a stack randomization-based memory obfuscation method for android applications, according to an embodiment of the present invention.
With reference to fig. 1 and fig. 2, the method for obfuscating an android application memory based on stack randomization includes:
step 1: acquiring an assembly code of the android application program in a local program library;
step 2: decompiling the so file storing the assembly code to obtain an assembly program;
and step 3: filling a stack-in instruction for adding a redundant register in an assembler;
and 4, step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
Wherein, step 4 includes: when the pointing address of the stack pointer is data, adding the data to the number of redundant registers added before the data to serve as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
For example, as shown in fig. 2, a gray background is an added redundant register, a white background is a register in the original stack, and before the redundant register is not added, if the data stored in the register arg5 is read, the address pointed by the pointer of the register arg5 is directly read, but after the redundant register is added, a new redundant register is added before the register arg5, and the address pointed by the register arg5 is added to the number of the redundant registers newly added before the address pointed by the register arg5 to serve as a new offset address.
The stack-in instruction added with the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all arranged in front of the connection register.
Wherein the added plurality of redundant registers are located at any position in front of the link register.
And when the assembly code is in the apk file storage mode, decompressing the apk file to obtain the so file.
Example two
FIG. 3 is a block diagram of an android application memory obfuscation device based on stack randomization according to an embodiment of the present invention.
As shown in fig. 3, the apparatus for obfuscating an android application memory based on stack randomization includes: the acquisition module 102: acquiring an assembly code of the android application program in a local program library; disassembling module 104: decompiling the so file storing the assembly code to obtain an assembly program; the filling module 106: filling a stack-in instruction for adding a redundant register in an assembler; the calculation module 108: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
Wherein, the calculation module 108 is configured to perform the following steps: when the pointing address of the stack pointer is data, adding the data to the number of redundant registers added before the data to serve as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
The stack-in instruction added with the redundancy register adds a plurality of redundancy registers in the stack, and the added redundancy registers are all arranged in front of the connection register.
Wherein the added plurality of redundant registers are located at any position in front of the link register.
And when the assembly code is in the apk file storage mode, decompressing the apk file to obtain the so file.
EXAMPLE III
The present disclosure provides an electronic device including: a memory storing executable instructions; and the processor runs the executable instructions in the memory to realize the android application memory obfuscation method based on the stack randomization.
An electronic device according to an embodiment of the present disclosure includes a memory and a processor.
The memory is to store non-transitory computer readable instructions. In particular, the memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device to perform desired functions. In one embodiment of the disclosure, the processor is configured to execute the computer readable instructions stored in the memory.
Those skilled in the art should understand that, in order to solve the technical problem of how to obtain a good user experience, the present embodiment may also include well-known structures such as a communication bus, an interface, and the like, and these well-known structures should also be included in the protection scope of the present disclosure.
For the detailed description of the present embodiment, reference may be made to the corresponding descriptions in the foregoing embodiments, which are not repeated herein.
Example four
The present disclosure provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the above-described stack randomization-based android application memory obfuscation method.
A computer-readable storage medium according to an embodiment of the present disclosure has non-transitory computer-readable instructions stored thereon. The non-transitory computer readable instructions, when executed by a processor, perform all or a portion of the steps of the methods of the embodiments of the disclosure previously described.
The computer-readable storage media include, but are not limited to: optical storage media (e.g., CD-ROMs and DVDs), magneto-optical storage media (e.g., MOs), magnetic storage media (e.g., magnetic tapes or removable disks), media with built-in rewritable non-volatile memory (e.g., memory cards), and media with built-in ROMs (e.g., ROM cartridges).
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments.
Claims (10)
1. An android application memory obfuscation method based on stack randomization is characterized by comprising the following steps:
step 1: acquiring an assembly code of the android application program in a local program library;
step 2: decompiling the so file storing the assembly code to obtain an assembly program;
and step 3: filling a stack-in instruction for adding a redundant register in the assembler;
and 4, step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
2. The stack randomization-based android application memory obfuscation method of claim 1, wherein the step 4 comprises: when the pointing address of the stack pointer is data, adding the data and the number of redundant registers added before the data to be used as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
3. The stack randomization-based android application memory obfuscation method of claim 1, wherein the push instruction to add redundancy registers adds a plurality of redundancy registers in the stack, each of the added redundancy registers being ahead of a link register.
4. The stack randomization-based android application memory obfuscation method of claim 3, wherein the added plurality of redundant registers are located at any position in front of the link register.
5. The stack randomization-based android application memory obfuscation method of claim 1, wherein the assembly code comprises an.so file storage manner and an.apk file storage manner, and when the assembly code is the.apk file storage manner, the.apk file is decompressed to obtain an.so file.
6. An electronic device, characterized in that the electronic device comprises:
a memory storing executable instructions;
a processor executing the executable instructions in the memory to implement the stack randomization-based android application memory obfuscation method of any of claims 1-5.
7. A computer-readable storage medium, storing a computer program which, when executed by a processor, implements the stack randomization-based android application memory obfuscation method of any of claims 1-5.
8. An android application memory obfuscation device based on stack randomization, comprising:
an acquisition module: acquiring an assembly code of the android application program in a local program library;
a disassembling module: decompiling the so file storing the assembly code to obtain an assembly program;
a filling module: filling a stack-in instruction for adding a redundant register in the assembler;
a calculation module: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address.
9. The stack randomization-based android application memory obfuscation device of claim 8, wherein the computing module is configured to perform the following steps: when the pointing address of the stack pointer is data, adding the data and the number of redundant registers added before the data to be used as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register to the number of redundant registers added before the pointing address of the last stored register to serve as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added to the number of redundant registers added before the pointing address of the first register as a new offset address.
10. The stack randomization-based android application memory obfuscation device of claim 8, wherein the push instruction to add redundancy registers adds a plurality of redundancy registers in the stack, each preceding a link register.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911400569.6A CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911400569.6A CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111190604A true CN111190604A (en) | 2020-05-22 |
| CN111190604B CN111190604B (en) | 2023-11-03 |
Family
ID=70705945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911400569.6A Active CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111190604B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113238800A (en) * | 2021-05-25 | 2021-08-10 | 上海安路信息科技股份有限公司 | Stack structure and function calling method and system |
| CN116450361A (en) * | 2023-05-23 | 2023-07-18 | 南京芯驰半导体科技有限公司 | Memory prediction method, device and storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275984B1 (en) * | 1998-11-20 | 2001-08-14 | Sega Of America, Inc. | System and method for delaying indirect register offset resolution |
| US6463538B1 (en) * | 1998-12-30 | 2002-10-08 | Rainbow Technologies, Inc. | Method of software protection using a random code generator |
| US20070039048A1 (en) * | 2005-08-12 | 2007-02-15 | Microsoft Corporation | Obfuscating computer code to prevent an attack |
| US7210134B1 (en) * | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
| US20110167407A1 (en) * | 2010-01-06 | 2011-07-07 | Apple Inc. | System and method for software data reference obfuscation |
| CN103324481A (en) * | 2013-06-26 | 2013-09-25 | 网宿科技股份有限公司 | Compiling method and compiling system for obfuscating codes by means of assembly |
| US20140041026A1 (en) * | 2012-08-01 | 2014-02-06 | SIFTEO, Inc. | Hybrid Virtual Machine |
| US20140359773A1 (en) * | 2013-05-29 | 2014-12-04 | Raytheon BBN Technologies, Corp. | Intra stack frame randomization for protecting applications against code injection attack |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN105912893A (en) * | 2016-01-19 | 2016-08-31 | 北京鼎源科技有限公司 | Strengthening method based on Android system microinstruction just-in-time compilation |
| US20160357958A1 (en) * | 2015-06-08 | 2016-12-08 | Michael Guidry | Computer System Security |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| WO2017107706A1 (en) * | 2015-12-25 | 2017-06-29 | 北京奇虎科技有限公司 | Elf file protection method and system based on arm instruction virtualization |
| US20180088988A1 (en) * | 2016-09-27 | 2018-03-29 | Microsoft Technology Licensing, Llc | Return Flow Guard Using Control Stack Identified By Processor Register |
| US20180211046A1 (en) * | 2017-01-26 | 2018-07-26 | Intel Corporation | Analysis and control of code flow and data flow |
| US20190156025A1 (en) * | 2017-06-27 | 2019-05-23 | RAM Laboratories, Inc. | Software protection through code and control flow data hiding and obfuscation |
| CN110210190A (en) * | 2019-05-30 | 2019-09-06 | 中国科学院信息工程研究所 | A kind of Code obfuscation method based on secondary compilation |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
-
2019
- 2019-12-30 CN CN201911400569.6A patent/CN111190604B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275984B1 (en) * | 1998-11-20 | 2001-08-14 | Sega Of America, Inc. | System and method for delaying indirect register offset resolution |
| US6463538B1 (en) * | 1998-12-30 | 2002-10-08 | Rainbow Technologies, Inc. | Method of software protection using a random code generator |
| US7210134B1 (en) * | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
| US20070039048A1 (en) * | 2005-08-12 | 2007-02-15 | Microsoft Corporation | Obfuscating computer code to prevent an attack |
| US20110167407A1 (en) * | 2010-01-06 | 2011-07-07 | Apple Inc. | System and method for software data reference obfuscation |
| US20140041026A1 (en) * | 2012-08-01 | 2014-02-06 | SIFTEO, Inc. | Hybrid Virtual Machine |
| US20140359773A1 (en) * | 2013-05-29 | 2014-12-04 | Raytheon BBN Technologies, Corp. | Intra stack frame randomization for protecting applications against code injection attack |
| CN103324481A (en) * | 2013-06-26 | 2013-09-25 | 网宿科技股份有限公司 | Compiling method and compiling system for obfuscating codes by means of assembly |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| US20160357958A1 (en) * | 2015-06-08 | 2016-12-08 | Michael Guidry | Computer System Security |
| WO2017107706A1 (en) * | 2015-12-25 | 2017-06-29 | 北京奇虎科技有限公司 | Elf file protection method and system based on arm instruction virtualization |
| CN105912893A (en) * | 2016-01-19 | 2016-08-31 | 北京鼎源科技有限公司 | Strengthening method based on Android system microinstruction just-in-time compilation |
| US20180088988A1 (en) * | 2016-09-27 | 2018-03-29 | Microsoft Technology Licensing, Llc | Return Flow Guard Using Control Stack Identified By Processor Register |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| US20180211046A1 (en) * | 2017-01-26 | 2018-07-26 | Intel Corporation | Analysis and control of code flow and data flow |
| US20190156025A1 (en) * | 2017-06-27 | 2019-05-23 | RAM Laboratories, Inc. | Software protection through code and control flow data hiding and obfuscation |
| CN110210190A (en) * | 2019-05-30 | 2019-09-06 | 中国科学院信息工程研究所 | A kind of Code obfuscation method based on secondary compilation |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
Non-Patent Citations (3)
| Title |
|---|
| ENOOREZ: "[原创]汇编指令级混淆器的实现" * |
| 杨宇波;黄玮;李忠献;胡正名;: "抵御静态反汇编的代码混淆算法", no. 03 * |
| 畅畅1: "9. 汇编语言——缓冲区溢出" * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113238800A (en) * | 2021-05-25 | 2021-08-10 | 上海安路信息科技股份有限公司 | Stack structure and function calling method and system |
| CN113238800B (en) * | 2021-05-25 | 2022-06-28 | 上海安路信息科技股份有限公司 | Stack frame structure and function calling method and system |
| CN116450361A (en) * | 2023-05-23 | 2023-07-18 | 南京芯驰半导体科技有限公司 | Memory prediction method, device and storage medium |
| CN116450361B (en) * | 2023-05-23 | 2023-09-29 | 南京芯驰半导体科技有限公司 | Memory prediction method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111190604B (en) | 2023-11-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10229277B2 (en) | Code processing apparatus and computer program product | |
| KR102649092B1 (en) | Apparatus and method for controlling use of bound pointers | |
| JP7154365B2 (en) | Methods for securing software code | |
| EP1366404B1 (en) | Digital data protection arrangement | |
| JP5467271B2 (en) | Information processing apparatus and program, information processing method, and recording medium | |
| US20170364679A1 (en) | Instrumented versions of executable files | |
| US9116621B1 (en) | System and method of transfer of control between memory locations | |
| CN111190604B (en) | Android application memory confusion method and device, electronic equipment and medium | |
| US20210150028A1 (en) | Method of defending against memory sharing-based side-channel attacks by embedding random value in binaries | |
| US11036852B2 (en) | System and method for software diversification | |
| CN113485716B (en) | Program compiling method and device for preventing memory boundary crossing | |
| CN107463513B (en) | System and method for transferring control between storage locations | |
| CN115422554B (en) | Request processing method, compiling method and trusted computing system | |
| US11256786B2 (en) | Method to secure a software code | |
| CN107209815B (en) | Method for code obfuscation using return-oriented programming | |
| CN108021790B (en) | File protection method and device, computing equipment and computer storage medium | |
| CN115994348A (en) | Control method for program pipeline, processing device and storage medium | |
| CN113220314A (en) | APP resource loading and APK generation method, device, equipment and medium | |
| CN106897588B (en) | Processing method and device of label function | |
| Xinyu et al. | A code self-relocation method for embedded system | |
| CN113448958B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN111611555B (en) | Physical layer authorization and access method and device | |
| CN115421876B (en) | Binary translation method and device | |
| CN114090099A (en) | Loading method, equipment, storage medium and device for reinforced ELF file | |
| EP3522006A1 (en) | Method for protecting an executable code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |