CN111190604B - Android application memory confusion method and device, electronic equipment and medium - Google Patents
Android application memory confusion method and device, electronic equipment and medium Download PDFInfo
- Publication number
- CN111190604B CN111190604B CN201911400569.6A CN201911400569A CN111190604B CN 111190604 B CN111190604 B CN 111190604B CN 201911400569 A CN201911400569 A CN 201911400569A CN 111190604 B CN111190604 B CN 111190604B
- Authority
- CN
- China
- Prior art keywords
- address
- register
- stack
- redundant
- registers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 125000004122 cyclic group Chemical group 0.000 claims description 8
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 6
- 101100166068 Schizosaccharomyces pombe (strain 972 / ATCC 24843) arg5 gene Proteins 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/30—Arrangements for executing machine instructions, e.g. instruction decode
- G06F9/30098—Register arrangements
- G06F9/3012—Organisation of register space, e.g. banked or distributed register file
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention discloses a memory confusion method and device for android applications, electronic equipment and a medium, wherein the method comprises the following steps: step 1: acquiring assembly codes of android application programs in a local program library; step 2: decompiling the so file for storing the assembly code to obtain an assembly program; step 3: filling a push instruction for adding a redundant register in an assembler; step 4: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read. According to the invention, any number of registers can be written by one instruction in the ARM system, and the data in the stack is shifted by adding the additional redundant registers to shift the stack data, so that an intruder is difficult to predict the data position in the stack, thereby protecting the privacy data and avoiding the introduction of malicious codes.
Description
Technical Field
The invention belongs to the technical field of compiling of android under an ARM platform, and particularly relates to an android application memory confusion method based on stack randomization.
Background
In an android system, when an intruder installs a local copy of an application on a target system, the location of the program in memory can be obtained. In general, privacy data (such as a password and identity information) of a user is stored in a stack in the form of a local variable, and thus, an intruder can acquire the privacy data by a dynamic debugging technique or the like as long as the intruder knows the location of the local variable in the stack. Furthermore, if an application program experiences a buffer overflow, an intruder can execute malicious code by overwriting local variables in the stack or replacing function return addresses.
Therefore, there is a particular need for an android system application memory confusion method based on an ARM platform that can protect application program security.
Disclosure of Invention
In view of the above, the invention provides a stack randomization-based android application memory confusion method, a stack randomization-based android application memory confusion device, an electronic device and a medium, which at least solve the problem that an android system application program based on an ARM platform is unsafe in the prior art.
In a first aspect, the present invention provides a stack randomization-based method for obfuscating an application memory, including: step 1: acquiring assembly codes of android application programs in a local program library; step 2: decompiling the so file for storing the assembly code to obtain an assembly program; step 3: filling a push instruction for adding a redundant register in the assembler; step 4: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
Preferably, the step 4 includes: when the pointed address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is the cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
Preferably, the stacking instruction with the added redundant registers adds a plurality of redundant registers in a stack, and the added redundant registers are all in front of the connection registers.
Preferably, the added plurality of redundant registers are located at any position in front of the connection registers.
Preferably, the assembly code comprises a. So file storage mode and an. Apk file storage mode, and when the assembly code is the. Apk file storage mode, the. Apk file is decompressed to obtain the. So file.
In a second aspect, the present invention also provides an electronic device, including: a memory storing executable instructions; and the processor runs the executable instructions in the memory to realize the stack randomization-based android application memory confusion method.
In a third aspect, the present invention further provides a computer readable storage medium, where a computer program is stored, where the computer program, when executed by a processor, implements the above stack randomization-based method for obfuscating an application memory of an android.
In a fourth aspect, the present invention further provides an android application memory obfuscation device based on stack randomization, which is characterized in that the device includes: the acquisition module is used for: acquiring assembly codes of android application programs in a local program library; disassembly module: decompiling the so file for storing the assembly code to obtain an assembly program; and a filling module: filling a push instruction for adding a redundant register in the assembler; the calculation module: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
Preferably, the calculation module is configured to perform the following steps: when the pointed address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is the cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stack register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
Preferably, the stacking instruction with the added redundant registers adds a plurality of redundant registers in a stack, and the added redundant registers are all in front of the connection registers.
The invention has the beneficial effects that: according to the stack randomization-based android application memory confusion method, an instruction can write any number of registers in an ARM system, and data in a stack can be shifted by adding the additional redundant registers to offset the stack data, so that an intruder is difficult to predict the data position in the stack, privacy data can be protected, introduction of malicious codes is avoided, meanwhile, the method is realized based on an assembler program without adding other instructions, the method is simple to realize, and the program size is not increased.
The invention has other features and advantages which will be apparent from or are set forth in detail in the accompanying drawings and the following detailed description, which are incorporated herein, and which together serve to explain certain principles of the invention.
Drawings
The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts throughout the exemplary embodiments of the invention.
FIG. 1 illustrates a flow chart of a method for memory obfuscation of an android application based on stack randomization in accordance with one embodiment of the present invention.
FIG. 2 is a diagram of a stack state after adding redundant registers based on a stack randomization based memory obfuscation method for an android application according to an embodiment of the present invention.
FIG. 3 illustrates a block diagram of an android application memory obfuscation device based on stack randomization, according to an embodiment of the invention.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below. While the preferred embodiments of the present invention are described below, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein.
The invention provides an android application memory confusion method based on stack randomization, which comprises the following steps: comprising the following steps: step 1: acquiring assembly codes of android application programs in a local program library; step 2: decompiling the so file for storing the assembly code to obtain an assembly program; step 3: filling a push instruction for adding a redundant register in an assembler; step 4: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
Specifically, the method is realized by adding an additional register to an assembly code program of a local database of an Android (Android) application program under an armv7-a architecture, and the specific process is as follows: acquiring assembly codes of Android application programs in a local database, wherein the assembly codes have two storage conditions: the first is known source code: C/C++ files with source codes compiled generate files with extension names of so; another type is the apk file: decompressing an apk file or using an apktool acquisition library through an archiving program to acquire a file of so; then decompiling the so file by using a decompiling tool to obtain an assembler; filling a push instruction for adding a redundant register in an assembler, adding the redundant register to a stack, and adding the redundant register to any position in front of an lr register (a connection register) of the stack; in the assembler, when the stack pointer points to the address to read data, a new offset address is calculated based on the stack pointer points to the address and the added redundant register, and the data stored in the new offset address is read. The method can be applied to any operating system supporting ARM architecture.
According to the embodiment, the android application memory confusion method based on stack randomization utilizes the characteristics that an instruction can write any number of registers in an ARM system and shift stack data by adding additional redundant registers, so that an intruder is difficult to predict the data position in the stack, privacy data can be protected, introduction of malicious codes is avoided, meanwhile, the method is realized based on an assembler program, other instructions are not needed, the method is simple to realize, and the program size is not increased.
Preferably, step 4 includes: when the pointing address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
Specifically, when the pointed address of the stack pointer sp is data, for example #pos, i.e. for the assembly instruction accessing the address according to [ sp, #pos ], before adding the redundant register, the data stored in the pointed address of the stack pointer sp is directly read, and after adding the redundant register, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored in the original pointed address of the stack pointer. The new offset address is obtained by adding the number of redundant registers newly added before the original stack pointer pointing address to the address, and the new offset address, namely the new #new_pos, is obtained to read the data stored with the original stack pointer pointing address.
When the stacked register is stored in the first register, that is, before the redundant registers are not added for the condition of instructions mov ra and sp, the pointing address of ra is obtained, that is, the data stored by the pointing address of ra is directly read according to the assembly instruction of [ ra, # pos ] access address, after the redundant registers are added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored by the original pointing address of the stack pointer. The new offset address is obtained by adding the number of redundant registers newly added before the ra pointer points to the address to the original ra pointer point to the address, and the data stored in the address pointed to by the original stack pointer is read by obtaining the new offset address, namely the new #new_pos.
When the stacked register is stored in the first register, the first register is stored in the second register, and the corresponding instruction of … stored in the third register is mov ra and sp; movrb, ra; …; when the pointing address of the memory, rz, i.e. the stack pointer is circularly addressed, the pointing address of the memory is obtained before the redundant register is not added, i.e. the data stored by the pointing address of the memory is directly read according to the assembly instruction of the [ ry, # pos ] access address, and after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated, so that the data stored by the original pointing address of the stack pointer can be obtained. The new offset address is obtained by adding the original ry pointer to the address plus the number of redundant registers newly added before the ry pointer to the address, and the data stored with the original stack pointer to the address is read by obtaining the new offset address, namely the new #new_pos.
Preferably, the push instruction with the redundant registers is provided with a plurality of redundant registers in the stack, and the plurality of redundant registers are all arranged in front of the connection register.
Preferably, the added plurality of redundant registers are located at any position in front of the connection registers.
Preferably, the assembly code comprises a.so file storage mode and an.apk file storage mode, and when the assembly code is the.apk file storage mode, the.apk file is decompressed to obtain the.so file.
The present invention also provides an electronic device including: a memory storing executable instructions; and the processor runs executable instructions in the memory to realize the stack randomization-based android application memory confusion method.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program which is executed by a processor to realize the stack randomization-based android application memory confusion method.
The invention also provides an android application memory confusion device based on stack randomization, which is characterized by comprising the following steps: the acquisition module is used for: acquiring assembly codes of android application programs in a local program library; disassembly module: decompiling the so file for storing the assembly code to obtain an assembly program; and a filling module: filling a push instruction for adding a redundant register in an assembler; the calculation module: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
By adding an extra register to an assembly code program of a local database of an Android (Android) application program under an armv7-a architecture, the specific process is as follows: acquiring assembly codes of Android application programs in a local database, wherein the assembly codes have two storage conditions: the first is known source code: C/C++ files with source codes compiled generate files with extension names of so; another type is the apk file: decompressing an apk file or using an apktool acquisition library through an archiving program to acquire a file of so; then decompiling the so file by using a decompiling tool to obtain an assembler; filling a push instruction for adding a redundant register in an assembler, adding the redundant register to a stack, and adding the redundant register to any position in front of an lr register (a connection register) of the stack; in the assembler, when the stack pointer points to the address to read data, a new offset address is calculated based on the stack pointer points to the address and the added redundant register, and the data stored in the new offset address is read. The device can be applied to any operating system supporting ARM architecture.
Preferably, the calculation module is configured to perform the following steps: when the pointing address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
Specifically, when the pointed address of the stack pointer sp is data, for example #pos, i.e. for the assembly instruction accessing the address according to [ sp, #pos ], before adding the redundant register, the data stored in the pointed address of the stack pointer sp is directly read, and after adding the redundant register, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored in the original pointed address of the stack pointer. The new offset address is obtained by adding the number of redundant registers newly added before the original stack pointer pointing address to the address, and the new offset address, namely the new #new_pos, is obtained to read the data stored with the original stack pointer pointing address.
When the stacked register is stored in the first register, that is, before the redundant registers are not added for the condition of instructions mov ra and sp, the pointing address of ra is obtained, that is, the data stored by the pointing address of ra is directly read according to the assembly instruction of [ ra, # pos ] access address, after the redundant registers are added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated to obtain the data stored by the original pointing address of the stack pointer. The new offset address is obtained by adding the number of redundant registers newly added before the ra pointer points to the address to the original ra pointer point to the address, and the data stored in the address pointed to by the original stack pointer is read by obtaining the new offset address, namely the new #new_pos.
When the stacked register is stored in the first register, the first register is stored in the second register, and the corresponding instruction of … stored in the third register is mov ra and sp; movrb, ra; …; when the pointing address of the memory, rz, i.e. the stack pointer is circularly addressed, the pointing address of the memory is obtained before the redundant register is not added, i.e. the data stored by the pointing address of the memory is directly read according to the assembly instruction of the [ ry, # pos ] access address, and after the redundant register is added, the address of the original stored data in the stack is changed, and a new offset address needs to be calculated, so that the data stored by the original pointing address of the stack pointer can be obtained. The new offset address is obtained by adding the original ry pointer to the address plus the number of redundant registers newly added before the ry pointer to the address, and the data stored with the original stack pointer to the address is read by obtaining the new offset address, namely the new #new_pos.
Preferably, the push instruction with the redundant registers is provided with a plurality of redundant registers in the stack, and the plurality of redundant registers are all arranged in front of the connection register.
Preferably, the added plurality of redundant registers are located at any position in front of the connection registers.
Preferably, the assembly code comprises a.so file storage mode and an.apk file storage mode, and when the assembly code is the.apk file storage mode, the.apk file is decompressed to obtain the.so file.
Specifically, there are two storage cases for assembly code: the first is known source code: C/C++ files with source codes compiled generate files with extension names of so; another type is the apk file: the files of so are obtained by decompressing the apk files or using the apktool acquisition library by an archiving program.
Example 1
FIG. 1 illustrates a flow chart of a method for memory obfuscation of an android application based on stack randomization in accordance with one embodiment of the present invention. FIG. 2 is a diagram of a stack state after adding redundant registers based on a stack randomization based memory obfuscation method for an android application according to an embodiment of the present invention.
Referring to fig. 1 and fig. 2, the stack randomization-based memory obfuscation method for an android application includes:
step 1: acquiring assembly codes of android application programs in a local program library;
step 2: decompiling the so file for storing the assembly code to obtain an assembly program;
step 3: filling a push instruction for adding a redundant register in an assembler;
step 4: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
Wherein, step 4 includes: when the pointing address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
For example, as shown in fig. 2, the gray background is an added redundancy register, the white background is a register in the original stack, before the redundancy register is not added, if the data stored in the register arg5 is read, the address pointed by the pointer of the register arg5 is directly read, but after the redundancy register is added, a new redundancy register is added before the register arg5, and the pointed address of the register arg5 is added with the number of the redundancy registers newly added before the pointed address of the register arg5 as a new offset address.
The stack-push instruction with the redundant registers adds a plurality of redundant registers in the stack, and the added redundant registers are all in front of the connection registers.
Wherein the added plurality of redundant registers are located at any position in front of the connection registers.
The assembly code comprises a.so file storage mode and an apk file storage mode, and when the assembly code is the.apk file storage mode, the.apk file is decompressed to obtain the.so file.
Example two
FIG. 3 illustrates a block diagram of an android application memory obfuscation device based on stack randomization, according to an embodiment of the invention.
As shown in fig. 3, the stack randomization-based android application memory obfuscation apparatus is characterized by comprising: the acquisition module 102: acquiring assembly codes of android application programs in a local program library; disassembly module 104: decompiling the so file for storing the assembly code to obtain an assembly program; filling module 106: filling a push instruction for adding a redundant register in an assembler; the calculation module 108: based on the added redundant registers and the pointing address of the stack pointer, a new offset address is calculated, based on which data is read.
Wherein the computing module 108 is configured to perform the steps of: when the pointing address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
The stack-push instruction with the redundant registers adds a plurality of redundant registers in the stack, and the added redundant registers are all in front of the connection registers.
Wherein the added plurality of redundant registers are located at any position in front of the connection registers.
The assembly code comprises a.so file storage mode and an apk file storage mode, and when the assembly code is the.apk file storage mode, the.apk file is decompressed to obtain the.so file.
Example III
The present disclosure provides an electronic device including: a memory storing executable instructions; and the processor runs executable instructions in the memory to realize the stack randomization-based android application memory confusion method.
An electronic device according to an embodiment of the present disclosure includes a memory and a processor.
The memory is for storing non-transitory computer readable instructions. In particular, the memory may include one or more computer program products, which may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions. In one embodiment of the present disclosure, the processor is configured to execute the computer readable instructions stored in the memory.
It should be understood by those skilled in the art that, in order to solve the technical problem of how to obtain a good user experience effect, the present embodiment may also include well-known structures such as a communication bus, an interface, and the like, and these well-known structures are also included in the protection scope of the present disclosure.
The detailed description of the present embodiment may refer to the corresponding description in the foregoing embodiments, and will not be repeated herein.
Example IV
The present disclosure provides a computer readable storage medium storing a computer program which when executed by a processor implements the above stack randomization based android application memory obfuscation method.
A computer-readable storage medium according to an embodiment of the present disclosure has stored thereon non-transitory computer-readable instructions. When executed by a processor, perform all or part of the steps of the methods of embodiments of the present disclosure described above.
The computer-readable storage medium described above includes, but is not limited to: optical storage media (e.g., CD-ROM and DVD), magneto-optical storage media (e.g., MO), magnetic storage media (e.g., magnetic tape or removable hard disk), media with built-in rewritable non-volatile memory (e.g., memory card), and media with built-in ROM (e.g., ROM cartridge).
The foregoing description of embodiments of the invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described.
Claims (8)
1. The stack randomization-based android application memory confusion method is characterized by comprising the following steps of:
step 1: acquiring assembly codes of android application programs in a local program library;
step 2: decompiling the so file for storing the assembly code to obtain an assembly program;
step 3: filling a push instruction for adding a redundant register in the assembler;
step 4: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address;
the step 4 comprises the following steps: when the pointed address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is the cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
2. The stack randomization based memory obfuscation method of claim 1, wherein the push instruction to add redundancy registers adds multiple redundancy registers in the stack, each of the multiple redundancy registers being in front of a connection register.
3. The stack randomization based android application memory obfuscation method of claim 2, wherein the added plurality of redundant registers are located at any position in front of the connection registers.
4. The stack randomization-based android application memory obfuscation method according to claim 1, wherein the assembly code includes a. So file storage mode and an. Apk file storage mode, and when the assembly code is the. Apk file storage mode, decompressing the. Apk file to obtain the. So file.
5. An electronic device, the electronic device comprising:
a memory storing executable instructions;
a processor executing the executable instructions in the memory to implement the stack randomization based android application memory obfuscation method of any of claims 1-4.
6. A computer readable storage medium, characterized in that it stores a computer program, which when executed by a processor implements the stack randomization based android application memory obfuscation method according to any of claims 1-4.
7. An android application memory obfuscation device based on stack randomization, comprising:
the acquisition module is used for: acquiring assembly codes of android application programs in a local program library;
disassembly module: decompiling the so file for storing the assembly code to obtain an assembly program;
and a filling module: filling a push instruction for adding a redundant register in the assembler;
the calculation module: calculating a new offset address based on the added redundant register and the pointing address of the stack pointer, and reading data based on the new offset address;
the computing module is used for executing the following steps: when the pointed address of the stack pointer is data, adding the data with the number of redundant registers added before the data as a new offset address; when the pointing address of the stack pointer is the cyclic addressing, adding the pointing address of the last stored register with the number of redundant registers added before the pointing address of the last stored register as a new offset address; when the stacked register is stored in the first register, the pointing address of the first register is added with the number of redundant registers added before the pointing address of the first register as a new offset address.
8. The stack randomization based android application memory obfuscation device of claim 7, wherein the push instruction to add redundancy registers adds multiple redundancy registers in the stack, each of the multiple redundancy registers added in front of a connection register.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911400569.6A CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911400569.6A CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111190604A CN111190604A (en) | 2020-05-22 |
| CN111190604B true CN111190604B (en) | 2023-11-03 |
Family
ID=70705945
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911400569.6A Active CN111190604B (en) | 2019-12-30 | 2019-12-30 | Android application memory confusion method and device, electronic equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111190604B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113238800B (en) * | 2021-05-25 | 2022-06-28 | 上海安路信息科技股份有限公司 | Stack frame structure and function calling method and system |
| CN116450361B (en) * | 2023-05-23 | 2023-09-29 | 南京芯驰半导体科技有限公司 | Memory prediction method, device and storage medium |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275984B1 (en) * | 1998-11-20 | 2001-08-14 | Sega Of America, Inc. | System and method for delaying indirect register offset resolution |
| US6463538B1 (en) * | 1998-12-30 | 2002-10-08 | Rainbow Technologies, Inc. | Method of software protection using a random code generator |
| US7210134B1 (en) * | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
| CN103324481A (en) * | 2013-06-26 | 2013-09-25 | 网宿科技股份有限公司 | Compiling method and compiling system for obfuscating codes by means of assembly |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN105912893A (en) * | 2016-01-19 | 2016-08-31 | 北京鼎源科技有限公司 | Strengthening method based on Android system microinstruction just-in-time compilation |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| WO2017107706A1 (en) * | 2015-12-25 | 2017-06-29 | 北京奇虎科技有限公司 | Elf file protection method and system based on arm instruction virtualization |
| CN110210190A (en) * | 2019-05-30 | 2019-09-06 | 中国科学院信息工程研究所 | A kind of Code obfuscation method based on secondary compilation |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7620987B2 (en) * | 2005-08-12 | 2009-11-17 | Microsoft Corporation | Obfuscating computer code to prevent an attack |
| US20110167407A1 (en) * | 2010-01-06 | 2011-07-07 | Apple Inc. | System and method for software data reference obfuscation |
| US20140041026A1 (en) * | 2012-08-01 | 2014-02-06 | SIFTEO, Inc. | Hybrid Virtual Machine |
| US9218467B2 (en) * | 2013-05-29 | 2015-12-22 | Raytheon Cyber Products, Llc | Intra stack frame randomization for protecting applications against code injection attack |
| US20160357958A1 (en) * | 2015-06-08 | 2016-12-08 | Michael Guidry | Computer System Security |
| US10157268B2 (en) * | 2016-09-27 | 2018-12-18 | Microsoft Technology Licensing, Llc | Return flow guard using control stack identified by processor register |
| US20180211046A1 (en) * | 2017-01-26 | 2018-07-26 | Intel Corporation | Analysis and control of code flow and data flow |
| US11074339B2 (en) * | 2017-06-27 | 2021-07-27 | RAM Laboratories, Inc. | Software protection through code and control flow data hiding and obfuscation |
-
2019
- 2019-12-30 CN CN201911400569.6A patent/CN111190604B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275984B1 (en) * | 1998-11-20 | 2001-08-14 | Sega Of America, Inc. | System and method for delaying indirect register offset resolution |
| US6463538B1 (en) * | 1998-12-30 | 2002-10-08 | Rainbow Technologies, Inc. | Method of software protection using a random code generator |
| US7210134B1 (en) * | 2001-09-06 | 2007-04-24 | Sonic Solutions | Deterring reverse-engineering of software systems by randomizing the siting of stack-based data |
| CN103324481A (en) * | 2013-06-26 | 2013-09-25 | 网宿科技股份有限公司 | Compiling method and compiling system for obfuscating codes by means of assembly |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| WO2017107706A1 (en) * | 2015-12-25 | 2017-06-29 | 北京奇虎科技有限公司 | Elf file protection method and system based on arm instruction virtualization |
| CN105912893A (en) * | 2016-01-19 | 2016-08-31 | 北京鼎源科技有限公司 | Strengthening method based on Android system microinstruction just-in-time compilation |
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
| CN110210190A (en) * | 2019-05-30 | 2019-09-06 | 中国科学院信息工程研究所 | A kind of Code obfuscation method based on secondary compilation |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
Non-Patent Citations (1)
| Title |
|---|
| 杨宇波 ; 黄玮 ; 李忠献 ; 胡正名 ; .抵御静态反汇编的代码混淆算法.北京理工大学学报.2015,(第03期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111190604A (en) | 2020-05-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170364679A1 (en) | Instrumented versions of executable files | |
| US9116621B1 (en) | System and method of transfer of control between memory locations | |
| CN111190604B (en) | Android application memory confusion method and device, electronic equipment and medium | |
| CN108537012B (en) | Source code obfuscation method and device based on variables and code execution sequence | |
| US10387300B2 (en) | System and method for transferring control of instruction execution between address spaces | |
| US10152592B2 (en) | Compiler assisted protection against arbitrary code execution | |
| US20160342399A1 (en) | Persistent pointers for programs running on nvram based computers | |
| US20210150028A1 (en) | Method of defending against memory sharing-based side-channel attacks by embedding random value in binaries | |
| EP2937803B1 (en) | Control flow flattening for code obfuscation where the next block calculation needs run-time information | |
| US11036852B2 (en) | System and method for software diversification | |
| CN113485716B (en) | Program compiling method and device for preventing memory boundary crossing | |
| EP3574425B1 (en) | Method to secure a software code | |
| CN115994348A (en) | Control method for program pipeline, processing device and storage medium | |
| CN113220314A (en) | APP resource loading and APK generation method, device, equipment and medium | |
| Xinyu et al. | A code self-relocation method for embedded system | |
| CN106897588B (en) | Processing method and device of label function | |
| CN117251234B (en) | Function calling method and device based on patches | |
| CN115421876B (en) | Binary translation method and device | |
| CN113448958B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114090099A (en) | Loading method, equipment, storage medium and device for reinforced ELF file | |
| EP3252610B1 (en) | System and method of transfer of control between memory locations | |
| CN114153457A (en) | Application program installation file generation method and device and storage medium | |
| CN114417266A (en) | Sensitive code protection method and device, computer equipment and storage medium | |
| CN116821863A (en) | Software code protection method, electronic device and computer readable storage medium | |
| KR20230033350A (en) | Device for hiding application code, method for hiding application code and computer program stored in a recording medium to execute the method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |