CN111274556A - Code obfuscation method, device and storage medium - Google Patents
Code obfuscation method, device and storage medium Download PDFInfo
- Publication number
- CN111274556A CN111274556A CN202010125783.1A CN202010125783A CN111274556A CN 111274556 A CN111274556 A CN 111274556A CN 202010125783 A CN202010125783 A CN 202010125783A CN 111274556 A CN111274556 A CN 111274556A
- Authority
- CN
- China
- Prior art keywords
- code
- file
- obfuscation
- calling
- confusion
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 230000002265 prevention Effects 0.000 claims description 31
- 238000012545 processing Methods 0.000 claims description 26
- 238000011161 development Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000003068 static effect Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000004927 fusion Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000004806 packaging method and process Methods 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000011800 void material Substances 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The present disclosure relates to a code obfuscation method, apparatus and storage medium; wherein the method comprises the following steps: obtaining an confusion rule file and an anti-confusion file; according to the call of the anti-aliasing file, determining a first part which does not participate in code aliasing and a second part which participates in code aliasing in the code to be obfuscated; code obfuscating the second portion according to obfuscation rules contained in the obfuscation rule file. Therefore, by the calling mode for preventing the confusion file, the codes participating in code confusion and the codes not participating in code confusion can be distinguished more conveniently, so that the probability of error occurrence in code confusion is reduced.
Description
Technical Field
The present disclosure relates to the field of information processing, and in particular, to a code obfuscation method, apparatus, and storage medium.
Background
With the rapid development of software-related technologies, the dependence of people on applications in life and work is also improved, and the security awareness of applications is also enhanced. After the application is released, the application is easily decompiled to expose the source code, so that the information carried by the application becomes unsafe. At this time, it is necessary to perform Code obfuscation (Obfuscated Code) processing on the Code related to the relevant application program, and convert the Code in the application program into a Code that is difficult to read and understand by some rule, so as to protect the Code. In the existing application program code obfuscation processing, because different file types need different configuration modes, errors often occur in code obfuscation, and the obfuscation processing efficiency is low.
Disclosure of Invention
The present disclosure provides a code obfuscation method, apparatus, and storage medium.
According to a first aspect of embodiments of the present disclosure, there is provided a code obfuscation method, including:
obtaining an confusion rule file and an anti-confusion file;
according to the call of the anti-aliasing file, determining a first part which does not participate in code aliasing and a second part which participates in code aliasing in the code to be obfuscated;
code obfuscating the second portion according to obfuscation rules contained in the obfuscation rule file.
Optionally, the determining, according to the call to the anti-obfuscation file, a first portion of the code to be obfuscated that does not participate in code obfuscation and a second portion of the code to participate in code obfuscation includes:
and according to the position of the calling statement for calling the anti-confusion file in the code to be confused, taking the code with a preset position relation with the calling statement as the first part, and taking the code without the preset position relation with the calling statement as the second part.
Optionally, the, according to a position of a calling statement for calling the confusion prevention file in the code to be obfuscated, taking a code having a predetermined position relationship with the calling statement as the first part, and taking a code not having a predetermined position relationship with the calling statement as the second part, includes:
determining the position of the calling statement of the anti-confusion file in the file of the code to be confused;
determining a code defining N lines behind the position of the calling statement as the first part, wherein N is a positive integer;
and determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
Optionally, the method further comprises:
adding code objects of different classes in the first portion to different queues; wherein the code objects of the same type are stored in the same queue;
and encrypting the code objects contained in each queue.
Optionally, the method further comprises:
acquiring a first identifier before encryption and a second identifier after encryption of the code object contained in the first part;
replacing the first identifier in the reference information of the second part with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
Optionally, the code object included in the first part includes: a class file;
the method further comprises the following steps:
inserting a code block that prevents reverse parsing in the class file included in the first portion.
Optionally, the code object included in the first part includes: class files, method objects, and/or attribute objects;
adding different classes of code objects in the first portion to different queues includes at least one of:
adding the class files contained in the first portion to a class queue;
adding the method object contained in the first portion to a method queue;
adding the attribute object contained in the first portion to an attribute queue.
According to a second aspect of embodiments of the present disclosure, there is provided a code obfuscation apparatus, including:
an obtaining unit for obtaining an obfuscating rule file and an obfuscating prevention file;
the determining unit is used for determining a first part which does not participate in code obfuscation and a second part which participates in code obfuscation in the code to be obfuscated according to the calling of the anti-obfuscation file;
and the processing unit is used for performing code obfuscation on the second part according to obfuscating rules contained in the obfuscating rule file.
Optionally, the determining unit includes:
and the determining subunit is used for taking the code with a preset position relation with the calling statement as the first part and taking the code without the preset position relation with the calling statement as the second part according to the position of the calling statement for calling the anti-confusion file in the code to be confused.
Optionally, the determining subunit includes:
the position determining unit is used for determining the position of the calling statement of the confusion prevention file in the file of the code to be confused;
a first part determining unit, configured to determine, as the first part, a code defining N lines located after the position where the calling declaration is located, where N is a positive integer;
and the second part determining unit is used for determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
Optionally, the apparatus further comprises:
a storage unit for adding code objects of different classes in the first portion to different queues; wherein the code objects of the same type are stored in the same queue;
and the encryption unit is used for encrypting the code objects contained in the queues.
Optionally, the apparatus further comprises:
an identifier acquiring unit, configured to acquire a first identifier before encryption and a second identifier after encryption of the code object included in the first portion;
a replacing unit, configured to replace the first identifier in the reference information of the second portion with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
Optionally, the code object included in the first part includes: a class file;
the device further comprises:
an inserting unit, configured to insert a code block for preventing reverse parsing in the class file included in the first portion.
Optionally, the code object included in the first part includes: class files, method objects, and/or attribute objects;
the storage unit comprises at least one of the following components:
the first storage unit is used for adding the class files contained in the first part into a class queue;
a second storage unit, configured to add the method object included in the first portion to a method queue;
and the third storage unit is used for adding the attribute object contained in the first part into an attribute queue.
According to a third aspect of embodiments of the present disclosure, there is provided a code obfuscation apparatus including:
a processor;
a memory for storing executable instructions;
wherein the processor is configured to: the method of any of the above first aspects is implemented when executable instructions stored in the memory are executed.
According to a fourth aspect of embodiments of the present disclosure, there is provided a non-transitory computer-readable storage medium having instructions which, when executed by a processor of a code obfuscation apparatus, enable the code obfuscation apparatus to perform the method of any one of the first aspects described above.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
because the obfuscation rule based on the obfuscation rule file directly performs obfuscation on all codes to be obfuscated, and various problems may occur when executing the codes, the embodiment of the disclosure divides the codes to be obfuscated into a first part not participating in code obfuscation and a second part participating in code obfuscation by calling or not calling the obfuscation preventing file on the basis of the obtained obfuscation rule file and the obfuscation preventing file, and performs processing on the second part of the codes to be obfuscated only through the obfuscation rule. Therefore, by dividing the code to be obfuscated, an obfuscating mode is not executed on a part of the code, so that the obfuscating success rate and the obfuscating accuracy of the code can be improved. And moreover, since the codes to be obfuscated can be known directly through the calling processing of the obfuscation-preventing file, the operation is simple, the learning cost of obfuscating configuration of developers is reduced, and the obfuscation processing efficiency is also improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a first flowchart illustrating a method of code obfuscation according to an example embodiment.
FIG. 2 is a flowchart II illustrating a method of code obfuscation according to an example embodiment.
FIG. 3 is a flow chart of a code obfuscation method, such as the call assertion @ previous fusion.
FIG. 4 is a flowchart illustration of a code obfuscation method, in accordance with an example embodiment.
FIG. 5 illustrates a flow diagram five of a method of code obfuscation according to an example embodiment.
FIG. 6 is a block diagram illustrating a code obfuscation apparatus according to an example embodiment.
FIG. 7 is a block diagram illustrating a code obfuscation apparatus according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
In the process of code confusion, if project engineering is large, various problems are likely to occur when confusion is carried out through confusion rule files uniformly, and the problems need to be analyzed and eliminated one by one. Although some documents may be described in the official website or in the use description as to how they are used in code obfuscation, it is preferable that code obfuscation is not performed in order not to cause errors for documents that do not describe how to perform code obfuscation. The non-confusion of the files can be realized by setting a rule at present, but various problems still occur in the actual implementation.
For example, system components, resource classes, enumerations, etc. are not excluded by rules; the class of the packaging interface is forgotten to be eliminated, so that the data transmitted by the server cannot be acquired, and the data is not normally displayed when the application program runs. Reflection technology is used in some file packages, and at the moment, errors can be generated if called classes are mixed even if the file packages are not mixed; in this case, the error class needs to be located through the log, and the confusion of the class is eliminated. In addition, a complete path needs to be configured in the android integrated development tool, and once the path or the name is mixed up, the file cannot be found. Moreover, the confusion by using the confusion rule file has the disadvantages of poor flexibility, absolute path requirement, inconvenience in expansion and the like, the configuration under the confusion rule file is required each time, the redundancy is too much, and if part of classes under one file packet do not need to be confused, a pile of confusion codes is caused.
In order to improve the correctness of code obfuscation and reduce the workload of configuration operation, the embodiment of the present disclosure provides a code obfuscation method, and fig. 1 is a flow chart one of the code obfuscation method shown according to an exemplary embodiment, and as shown in fig. 1, the method includes the following steps.
102, determining a first part which does not participate in code obfuscation and a second part which participates in code obfuscation in the code to be obfuscated according to the call of the anti-obfuscation file;
and 103, performing code obfuscation on the second part according to obfuscating rules contained in the obfuscating rule file.
It should be noted that the code obfuscation is an action of converting the code in the application program into code that is difficult to read and understand according to a certain rule, and an Application Package (APK) is difficult to reverse engineer through the code obfuscation process, which greatly increases the cost of decompilation.
The confusion rule file is a file used for executing code confusion in an Android integrated development tool (Android Studio), and comprises a plurality of confusion rules. When code obfuscation is required to be carried out on the file, configuration is carried out in the obfuscation rule file, and therefore obfuscation processing is carried out on codes in project engineering through obfuscation rules. The project herein refers to a collection of all files included in the development application.
The confusion rule file is a file preset in an android integrated development tool, namely the confusion rule file contains preset configuration information for executing code confusion. Because the android integrated development tool can automatically perform code obfuscation when packaging the APK, the obfuscation rule file can be directly obtained from a system file of the android integrated development tool.
The anti-aliasing file refers to an execution file which does not obfuscate code. The confusion prevention file can be written before the development of the project engineering and then added into the project engineering. As such, the obtaining of the confusion prevention file may be obtained upon detecting its addition to the project.
Since a project contains many different types of files, for example, tool class files (configuration files) and program class files; the program class file is used for supporting the running of the application program. The code to be obfuscated here refers to the code contained in the program class file in the project engineering. The program class file may refer to a file suffixed with jar.
Since there is a problem in that many file executions perform obfuscation directly through an obfuscation rule file, it is necessary to perform no obfuscation in this portion to reduce the occurrence of errors. In the disclosed embodiments, the un-obfuscated processing of code is achieved by preventing obfuscating files. Specifically, the first portion that does not participate in code obfuscation may be determined from a call to the anti-obfuscation file. That is, the part where the confusion prevention file is called is the first part that does not participate in code confusion; the portion that is not called to prevent obfuscation is the second portion that needs to participate in code obfuscation. Therefore, whether the confusion prevention file is called or not is judged, so that the method can distinguish the code confusion participation from the code confusion non-participation, and is simple to operate and well understood.
The calling of the confusion prevention file can be realized by adding annotation, namely calling the confusion prevention file in an annotation mode. In android development, the annotation is a statement that is prefixed by a predetermined symbol and used for interpreting a code action, and the predetermined symbol contains @, that is, a statement beginning with @ is an annotation statement. Thus, the call to the anti-aliasing file is to add a note containing the file name of the anti-aliasing file to the target location, where the note is to be added, and in the embodiment of the present disclosure, the target location may be a line before the definition of the code.
Here, the participating code obfuscation means: code obfuscation, namely obfuscation based directly on obfuscation rules of an obfuscation rule file, automatically performed by the participating android integrated development tools when packaging the APK. Correspondingly, the non-participation in code obfuscation means that: and code obfuscation automatically executed by the android integrated development tool when packaging the APK is not involved.
Therefore, on the basis of the acquired obfuscation rule file and the obfuscation prevention file, the obfuscation prevention file is called or not, the code to be obfuscated is divided into the first part which does not participate in code obfuscation and the second part which participates in code obfuscation in a simpler and more convenient manner, so that the code (the first part) which is directly used for executing code obfuscation through the obfuscation rule and is easy to generate errors is separated, only the second part in the code to be obfuscated through the obfuscation rule is processed, and the correctness of code obfuscation is improved. And moreover, since the codes to be obfuscated can be known directly through the calling processing of the obfuscation-preventing file, the operation is simple, the learning cost of obfuscating configuration of developers is reduced, and the obfuscation processing efficiency is also improved.
The calling of the confusion prevention file comprises:
and determining whether the confusion prevention file is called according to whether the calling statement of the confusion prevention file is contained in the code to be confused.
In the embodiment of the disclosure, when it is determined that the code to be obfuscated includes the call statement for the anti-obfuscation file, it is determined that the anti-obfuscation file is called.
In some embodiments, the determining, according to the call to the anti-obfuscation file, a first portion of the code to be obfuscated that does not participate in code obfuscation and a second portion that participates in code obfuscation includes:
and according to the position of the calling statement for calling the anti-confusion file in the code to be confused, taking the code with a preset position relation with the calling statement as the first part, and taking the code without the preset position relation with the calling statement as the second part.
Here, the call declaration means a statement for explaining the execution of a call to the confusion prevention file.
In the disclosed embodiment, the call declaration is presented in an annotated manner. That is, the call declaration includes: the predetermined symbol @ and the file name of the file to be prevented from being confused. In particular, the call statement is prefixed by the predetermined symbol @ plus a file name to prevent obfuscation of the file. For example, if the filename of the confusion prevention file is: preventfusion, the call is declared @ Prevent fusion. If the file name of the confusion prevention file is: and A, the calling statement is @ A.
When some part of code in a file in a project does not participate in code obfuscation, the anti-obfuscation file is called at a target position, and the anti-obfuscation file is presented in the form of annotation. Then, knowing that the portion of the anti-aliasing file was called and the portion of the anti-aliasing file was not called, the first portion and the second portion can be determined.
In practical application, each program class file in the project contains a plurality of codes, and adding annotations to any one of the program class files realizes the division of the codes in the program class files. It can be determined which of the divided codes is the first part and which is the second part by noting where the code is located. For example, if an annotation @ a is added to the a program class file, then one part of the code in the a program class file is the first part and the remaining part is the second part.
In this embodiment of the present disclosure, the predetermined position relationship with the calling declaration means: located in front of said first portion not participating in code obfuscation; that is, when a call statement exists in front of a part of code, the code in the part of code that is within a preset number of lines from the call statement is the first part that does not participate in code obfuscation. The preset line number refers to a line number of a code included in the definition of the code object. Correspondingly, the fact that the calling statement does not have the preset position relation means that: at other places, such as behind, said first part not participating in code obfuscation.
Therefore, only according to the position of the calling statement for calling the anti-confusion file in the code to be confused, the code with the preset position relation with the calling statement can be determined as the first part not participating in code confusion, and the code without the preset position relation with the calling statement is determined as the second part participating in code confusion.
In some embodiments, fig. 2 is a second flowchart of a code obfuscation method according to an exemplary embodiment, and as shown in fig. 2, according to a location of a call declaration in the code to be obfuscated, where the call declaration calls the anti-obfuscating file, a code having a predetermined position relationship with the call declaration is taken as the first part, and a code not having a predetermined position relationship with the call declaration is taken as the second part, where the method includes:
and 1023, determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
Here, the determining the position of the calling statement of the anti-obfuscation file in the file of the code to be obfuscated includes: determining a keyword in the calling statement; and processing the keywords through a query function, and determining the position of the calling statement in the file of the code to be obfuscated. The key of the calling declaration may be the file name of the confusion prevention file, or may be directly the whole character string contained in the calling declaration, such as @ a. The query function is used for searching out the specified character string. As one example, the query function may be a LIKE () function.
It should be noted that a program class file in a project may contain a plurality of code objects, and the code in the program class file is generally regarded as being composed of definitions and declarations of the respective code objects. The code object includes: class files, method objects, and/or property objects. The definition refers to a brief description of the essential features of the code, and is used for giving a functional definition; for example, public void sum (int a, int b) { … } represents a definition of a method. The declaration is to inform the program of the type and name of the code object. Thus, the code defining the line N after the position of the call statement is determined as the first part, and may be considered to be the code defining the line N included in the definition of the code object adjacent to the call statement after the position of the call statement is determined as the first part.
The code of the N lines refers to: calling the code contained in the definition of the code object immediately after the position of the declaration; for example, if a call declaration @ a is added to the line before the definition of the sum method, the code of the N lines refers to all the codes included in the definition of the sum method. N is the number of lines of code included in the definition of the code object immediately after the position where the call declaration is located, for example, if there are 3 lines of code in the definition of sum method described above, N is 3. Here, the code contained in the code object after the position of the call declaration refers to the first part that does not participate in code obfuscation.
The code of the N + M lines refers to the code after the definition of the code object immediately after the position of the calling declaration, and the part of code belongs to a second part participating in code obfuscation; similarly, the code preceding the location of the call statement is also the second part of the code to participate in code obfuscation.
As an example, assume that the invocation declaration is @ A, the code object is sum (), and the definition of the code object is: publicoid sum (int a, int b) { … }, in the embodiment of the present disclosure, a defined location relationship between a call statement and a code object is that the call statement is located at a line before a definition of the code object:
@A
public void sum(int a,int b){
…
}
then, the N lines where the definition of sum () is located are the first part not participating in code obfuscation; the N + M lines are lines after the definition of sum (), and refer to lines after } in the above example. The code of line N + M and/or the code before @ a is the second part to participate in code obfuscation.
Thus, after determining the position of the calling statement for preventing the obfuscated file in the file of the code to be obfuscated, the code included in the definition of the code in the lines after the position is determined as the first part not participating in the code obfuscation, and the code existing in other positions is determined as the second part participating in the code obfuscation. Because the division is clear, the method can clearly know which codes participate in the confusion and which codes do not participate in the confusion, and provides convenience for the subsequent processing of the two types of codes.
Furthermore, due to the division determined based on the definition of the code, the method is easy to understand, so that a developer can simply know that the code in the definition corresponding to the code object immediately after the calling statement does not participate in the first part of code obfuscation, and the learning cost of obfuscated configuration of the developer is reduced.
It should be noted that, since the confusion prevention file is called by way of annotation, the confusion configuration of the class file, method or attribute to which the call declaration has been added in the project engineering can be associated only by configuring the confusion prevention file in the confusion rule file. Therefore, the workload of confusion configuration is reduced, and an implementation basis is provided for improving the efficiency.
As described above, the first part of the code to be obfuscated is not involved in code obfuscation. In practical applications, the first part not participating in code obfuscation may be considered as: the obfuscation rules based on the obfuscation rule file directly execute code that handles error-prone code. The method for directly executing the error-prone code based on the obfuscating rule of the obfuscating rule file can determine the error-prone code according to empirical values, namely, counting obfuscating results of directly executing obfuscating based on the obfuscating rule file in the android integrated development tool, and determining the type of the error-prone code; this portion of the error prone code is set as the first portion that does not participate in code obfuscation. For example, if an error occurs when the obfuscation rule contained in the obfuscation rule file directly performs obfuscation on the resource class, the obfuscation prevention file may be called in the resource class to implement that obfuscation is not performed on the resource class when code obfuscation is performed.
Correspondingly, the second part of the code obfuscation involved may be considered as: code that is less prone to errors based on obfuscating rules of an obfuscation rules file.
Fig. 3 is a flow chart of a code obfuscation method, for example, the call statement is @ previous fusion, as shown in fig. 3, an obfuscation-preventing file for preventing code obfuscation is written first, and when it is added to the project engineering, for 3 different types of code objects: class files, methods or properties, if these 3 types of code objects do not participate in code obfuscation, then add a call declaration in the previous line of the 3 types of code objects that defines the code: @ previous fusion, so that only the item of the Confusion prevention file needs to be configured in the Confusion rule file and is not confused, and the part of the project engineering, to which the call statement is added, can not be confused.
In some embodiments, fig. 4 is a flow chart diagram four illustrating a method of code obfuscation according to an example embodiment, as shown in fig. 4, the method further comprising:
Since the first portion is not involved in code obfuscation, there is a possibility of being exposed by decompilation, and in order to protect the code, a separate encryption process is performed on the first portion in the disclosed embodiment. In this way, the security of the code in the project engineering can be guaranteed due to the encryption of the first part and the confusion of the second part.
In some embodiments, the method further comprises:
step 105, adding code objects of different categories in the first part into different queues; wherein the code objects of the same type are stored in the same queue.
As described above, the code object includes: the first part may contain all or part of the 3 classes. The queue is a linear table, and the deletion operation is performed at the front end of the linear table, and the insertion operation is performed at the back end of the linear table.
In some embodiments, said encrypting said first portion comprises:
and encrypting the code objects contained in each queue.
Here, the encrypting may include: and encrypting the names and storage paths of the code objects contained in the queues. The Encryption may be implemented by an Advanced Encryption Standard (AES), such as AES256, or a Secure Hash Algorithm (SHA), such as HA 256.
When the code is reversely analyzed, only the encrypted reference path and reference relationship can be obtained, but the reference relationship and the reverse code object file path are not corresponding, so that the protection of the program code execution logic is obtained.
In some embodiments, the adding different classes of code objects in the first portion to different queues includes at least one of:
adding the class files contained in the first portion to a class queue;
adding the method object contained in the first portion to a method queue;
adding the attribute object contained in the first portion to an attribute queue.
Before adding code objects of different classes in the first portion to different queues, the class of the code objects contained in the first portion needs to be determined. After the category of the code object contained in the first part is acquired, different queues are set for the code object according to different categories, so that the code objects of the same type are stored in the same queue. Thus, all class files in the first part are in the same queue, all method objects in the first part are in the same queue, and all attribute objects in the first part are in the same queue.
In the embodiment of the present disclosure, different code objects are processed separately according to different categories due to different usages and different definition manners, so that errors possibly existing in subsequent encryption processing can be reduced, and the correctness of the code processing in the embodiment of the present disclosure is further enhanced.
It should be noted that, when the code is decrypted during execution, the name and storage path of the code object before encryption in the queue can be obtained.
In some embodiments, the method further comprises:
step 106, obtaining a first identifier before encryption and a second identifier after encryption of the code object contained in the first part;
step 107, replacing the first identifier in the reference information of the second part with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
In the embodiment of the present disclosure, the code object in the first part is added to different queues for encryption according to different categories of the code object, and for each code object, there exists a first identifier before encryption and a second identifier after encryption. After the code object is encrypted in each queue, the first identifier before the code is encrypted and the second identifier after the code is encrypted can be obtained directly by detecting the name of the code object.
The reference relationship refers to a calling relationship between the second part and the code object when the code object contained in the first part is contained in the second part; the reference relationship is used to specify a call to the code object. The reference path refers to a path generated by searching the code object when the code object is to be referred; the reference path is used to find the code object.
In the embodiment of the disclosure, for the whole project engineering, only the first part is encrypted, and the second part is executed code obfuscation, so that the name and the storage path of the code object of the first part are changed after encryption due to different implementation principles of code obfuscation and encryption.
In order to solve this problem, in the embodiment of the present disclosure, after the encryption of the code object included in the first portion is completed, the first identifier in the reference information of the second portion is replaced with the second identifier, so that a reference error caused by the encryption of the name and the storage path of the code object of the first portion can be reduced.
In some embodiments, the first portion comprises a code object comprising: a class file.
The class file herein refers to a file with class as suffix.
Based on the class file, the method further comprises:
inserting a code block that prevents reverse parsing in the class file included in the first portion.
Here, an alternative example of the code block for preventing reverse parsing is as follows:
private static final char[]wJ=“0123456789abcdef”.toCharArray();
public static String imsi=“204046330839890”;
public static String p=“0”;
public static String keyword ═ telephone;
public static String translate Keyword=“%E7%94%B5%E8%AF%9D”。
in the embodiment of the present disclosure, in order to protect the code, in addition to performing obfuscation or encryption on the code in the project engineering, a code block for preventing reverse parsing may be inserted into the class file. The code block can utilize the vulnerability of the reverse tool to make the reverse tool crash, so that the reverse tool cannot work normally, and the purpose of protecting the code is achieved.
Fig. 5 is a flowchart of a code obfuscation method according to an exemplary embodiment, and as shown in fig. 5, an anti-obfuscated file is obtained first, all class files, methods, and attributes that call the anti-obfuscated file are traversed, and the class files, methods, and attributes are added to different queues to obtain a class queue, a method queue, and an attribute queue. Encrypting the class files, methods and attributes in the class queues, method queues and attribute queues to obtain a first identifier and a second identifier which are contained in the first part and are before encryption of the code object, and replacing the first identifier in the reference information of the second part with the second identifier. Meanwhile, a class file is searched in the class queue, and a code block for preventing reverse analysis is inserted into the class file. When the program is executed, the first part is decrypted to obtain the original reference information.
Therefore, on the basis of the acquired confusion rule file and the confusion prevention file, the method can divide the code to be confused into the first part which does not participate in the code confusion and the second part which participates in the code confusion in a simpler and more convenient way by means of calling or not calling the confusion prevention file, so that the code (the first part) which is easy to generate errors by directly executing the code confusion through the confusion rule is separated, only the second part in the code to be confused through the confusion rule is executed and processed, the correctness of the code confusion is improved, meanwhile, in order to protect the code which does not participate in the code confusion of the first part, the code of the first part is encrypted, and the safety of the code in the whole project engineering is improved.
In order to improve the correctness of code obfuscation and reduce the workload of configuration operation, the embodiment of the present disclosure further provides a code obfuscating apparatus, and fig. 6 is a block diagram illustrating a code obfuscating apparatus according to an exemplary embodiment. Referring to fig. 6, a code obfuscation apparatus 600 includes:
an obtaining unit 601, configured to obtain an obfuscation rule file and an anti-obfuscation file;
a determining unit 602, configured to determine, according to the call to the anti-obfuscating file, a first portion of the code to be obfuscated that does not participate in code obfuscation and a second portion of the code to participate in code obfuscation;
a processing unit 603, configured to perform code obfuscation on the second portion according to an obfuscation rule included in the obfuscation rule file.
In some embodiments, the determining unit includes:
and the determining subunit is used for taking the code with a preset position relation with the calling statement as the first part and taking the code without the preset position relation with the calling statement as the second part according to the position of the calling statement for calling the anti-confusion file in the code to be confused.
In some embodiments, the determining subunit includes:
the position determining unit is used for determining the position of the calling statement of the confusion prevention file in the file of the code to be confused;
a first part determining unit, configured to determine, as the first part, a code defining N lines located after the position where the calling declaration is located, where N is a positive integer;
and the second part determining unit is used for determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
In some embodiments, the apparatus further comprises:
a storage unit for adding code objects of different classes in the first portion to different queues; wherein the code objects of the same type are stored in the same queue;
and the encryption unit is used for encrypting the code objects contained in the queues.
In some embodiments, the apparatus further comprises:
an identifier acquiring unit, configured to acquire a first identifier before encryption and a second identifier after encryption of the code object included in the first portion;
a replacing unit, configured to replace the first identifier in the reference information of the second portion with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
In some embodiments, the first portion comprises a code object comprising: a class file;
the device further comprises:
an inserting unit, configured to insert a code block for preventing reverse parsing in the class file included in the first portion.
In some embodiments, the first portion comprises a code object comprising: class files, method objects, and/or attribute objects;
the storage unit comprises at least one of the following components:
the first storage unit is used for adding the class files contained in the first part into a class queue;
a second storage unit, configured to add the method object included in the first portion to a method queue;
and the third storage unit is used for adding the attribute object contained in the first part into an attribute queue.
Therefore, on the basis of the acquired confusion rule file and the confusion prevention file, the method can divide the code to be confused into the first part which does not participate in the code confusion and the second part which participates in the code confusion in a simpler and more convenient way by means of calling or not calling the confusion prevention file, so that the code (the first part) which is easy to generate errors by directly executing the code confusion through the confusion rule is separated, only the second part in the code to be confused through the confusion rule is executed and processed, the correctness of the code confusion is improved, meanwhile, in order to protect the code which does not participate in the code confusion of the first part, the code of the first part is encrypted, and the safety of the code in the whole project engineering is improved.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 7 is a block diagram illustrating a code obfuscation apparatus 1800, according to an example embodiment. For example, the apparatus 1800 may be a mobile phone, computer, digital broadcast terminal, messaging device, game console, tablet device, medical device, fitness device, personal digital assistant, and so forth.
Referring to fig. 7, apparatus 1800 may include one or more of the following components: a processing component 1802, a memory 1804, a power component 1806, a multimedia component 1808, an audio component 1810, an input/output (I/O) interface 1812, a sensor component 1814, and a communications component 1816.
The processing component 1802 generally controls the overall operation of the device 1800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1802 may include one or more processors 1820 to execute instructions to perform all or part of the steps of the methods described above. Further, the processing component 1802 may also include one or more modules that facilitate interaction between the processing component 1802 and other components. For example, the processing component 1802 can include a multimedia module to facilitate interaction between the multimedia component 1808 and the processing component 1802.
The memory 1804 is configured to store various types of data to support operation at the apparatus 1800. Examples of such data include instructions for any application or method operating on the device 1800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 1804 may be implemented by any type or combination of volatile or non-volatile storage devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The multimedia component 1808 includes a screen that provides an output interface between the device 1800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 1808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 1800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and/or rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
I/O interface 1812 provides an interface between processing component 1802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor component 1814 includes one or more sensors for providing various aspects of state assessment for the apparatus 1800. For example, the sensor assembly 1814 can detect an open/closed state of the device 1800, the relative positioning of components such as a display and keypad of the device 1800, the sensor assembly 1814 can also detect a change in position of the device 1800 or a component of the device 1800, the presence or absence of user contact with the device 1800, orientation or acceleration/deceleration of the device 1800, and a change in temperature of the device 1800. The sensor assembly 1814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 1814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 1814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 1816 is configured to facilitate communications between the apparatus 1800 and other devices in a wired or wireless manner. The device 1800 may access a wireless network based on a communication standard, such as WiFi, 2G, or 3G, or a combination thereof. In an exemplary embodiment, the communication component 1816 receives a broadcast signal or broadcast associated information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 1816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, or other technologies.
In an exemplary embodiment, the apparatus 1800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, there is also provided a non-transitory computer-readable storage medium including instructions, for example, comprising: the memory 1804 stores executable instructions that are executable by the processor 1820 of the device 1800 to perform the methods described above. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
A non-transitory computer readable storage medium having instructions therein which, when executed by a processor of a code obfuscation apparatus, enable the code obfuscation apparatus to perform the code obfuscation method described above. The code obfuscation method includes:
obtaining an confusion rule file and an anti-confusion file;
according to the call of the anti-aliasing file, determining a first part which does not participate in code aliasing and a second part which participates in code aliasing in the code to be obfuscated;
code obfuscating the second portion according to obfuscation rules contained in the obfuscation rule file.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (16)
1. A code obfuscation method, comprising:
obtaining an confusion rule file and an anti-confusion file;
according to the call of the anti-aliasing file, determining a first part which does not participate in code aliasing and a second part which participates in code aliasing in the code to be obfuscated;
code obfuscating the second portion according to obfuscation rules contained in the obfuscation rule file.
2. The method of claim 1, wherein determining a first portion of the code to be obfuscated that does not participate in code obfuscation and a second portion that participates in code obfuscation based on the call to the anti-obfuscation file comprises:
and according to the position of the calling statement for calling the anti-confusion file in the code to be confused, taking the code with a preset position relation with the calling statement as the first part, and taking the code without the preset position relation with the calling statement as the second part.
3. The method according to claim 2, wherein the taking a code having a predetermined position relationship with the calling declaration as the first part and a code having no predetermined position relationship with the calling declaration as the second part according to a position of a calling declaration calling the confusion prevention file in the code to be obfuscated comprises:
determining the position of the calling statement of the anti-confusion file in the file of the code to be confused;
determining a code defining N lines behind the position of the calling statement as the first part, wherein N is a positive integer;
and determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
4. The method of claim 1, further comprising:
adding code objects of different classes in the first portion to different queues; wherein the code objects of the same type are stored in the same queue;
and encrypting the code objects contained in each queue.
5. The method of claim 4, further comprising:
acquiring a first identifier before encryption and a second identifier after encryption of the code object contained in the first part;
replacing the first identifier in the reference information of the second part with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
6. The method of claim 4, wherein the first portion comprises a code object comprising: a class file;
the method further comprises the following steps:
inserting a code block that prevents reverse parsing in the class file included in the first portion.
7. The method of claim 4, wherein the first portion comprises a code object comprising: class files, method objects, and/or attribute objects;
adding different classes of code objects in the first portion to different queues includes at least one of:
adding the class files contained in the first portion to a class queue;
adding the method object contained in the first portion to a method queue;
adding the attribute object contained in the first portion to an attribute queue.
8. A code obfuscation apparatus, comprising:
an obtaining unit for obtaining an obfuscating rule file and an obfuscating prevention file;
the determining unit is used for determining a first part which does not participate in code obfuscation and a second part which participates in code obfuscation in the code to be obfuscated according to the calling of the anti-obfuscation file;
and the processing unit is used for performing code obfuscation on the second part according to obfuscating rules contained in the obfuscating rule file.
9. The apparatus of claim 8, wherein the determining unit comprises:
and the determining subunit is used for taking the code with a preset position relation with the calling statement as the first part and taking the code without the preset position relation with the calling statement as the second part according to the position of the calling statement for calling the anti-confusion file in the code to be confused.
10. The apparatus of claim 9, wherein the determining the sub-unit comprises:
the position determining unit is used for determining the position of the calling statement of the confusion prevention file in the file of the code to be confused;
a first part determining unit, configured to determine, as the first part, a code defining N lines located after the position where the calling declaration is located, where N is a positive integer;
and the second part determining unit is used for determining the code defining the N + M lines before the position of the calling statement and/or after the position of the calling statement as the second part, wherein M is a positive integer.
11. The apparatus of claim 8, further comprising:
a storage unit for adding code objects of different classes in the first portion to different queues; wherein the code objects of the same type are stored in the same queue;
and the encryption unit is used for encrypting the code objects contained in the queues.
12. The apparatus of claim 11, further comprising:
an identifier acquiring unit, configured to acquire a first identifier before encryption and a second identifier after encryption of the code object included in the first portion;
a replacing unit, configured to replace the first identifier in the reference information of the second portion with the second identifier; wherein the reference information includes: reference relationships and/or reference paths.
13. The apparatus of claim 11, wherein the first portion comprises a code object comprising: a class file;
the device further comprises:
an inserting unit, configured to insert a code block for preventing reverse parsing in the class file included in the first portion.
14. The apparatus of claim 11, wherein the first portion comprises a code object comprising: class files, method objects, and/or attribute objects;
the storage unit comprises at least one of the following components:
the first storage unit is used for adding the class files contained in the first part into a class queue;
a second storage unit, configured to add the method object included in the first portion to a method queue;
and the third storage unit is used for adding the attribute object contained in the first part into an attribute queue.
15. A code obfuscation apparatus, comprising:
a processor;
a memory for storing executable instructions;
wherein the processor is configured to: the method of any one of claims 1 to 7 when executed by executable instructions stored in the memory.
16. A non-transitory computer readable storage medium having instructions therein which, when executed by a processor of a code obfuscation device, enable the code obfuscation device to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010125783.1A CN111274556A (en) | 2020-02-27 | 2020-02-27 | Code obfuscation method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010125783.1A CN111274556A (en) | 2020-02-27 | 2020-02-27 | Code obfuscation method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111274556A true CN111274556A (en) | 2020-06-12 |
Family
ID=70997430
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010125783.1A Pending CN111274556A (en) | 2020-02-27 | 2020-02-27 | Code obfuscation method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111274556A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111708543A (en) * | 2020-08-19 | 2020-09-25 | 杭州冒险元素网络技术有限公司 | Method for reducing repetition degree of Android project codes |
| CN113742661A (en) * | 2021-09-07 | 2021-12-03 | 北京闲徕互娱网络科技有限公司 | unity code security protection method and computer readable medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104992083A (en) * | 2015-07-09 | 2015-10-21 | 广州视源电子科技股份有限公司 | Code obfuscation method and system for application |
| CN107203707A (en) * | 2016-03-16 | 2017-09-26 | 阿里巴巴集团控股有限公司 | It is a kind of to realize the method and system that program code is obscured |
| CN109241707A (en) * | 2018-08-09 | 2019-01-18 | 北京邮电大学 | Application program obscures method, apparatus and server |
| CN109492354A (en) * | 2018-10-23 | 2019-03-19 | 海南新软软件有限公司 | A kind of method, apparatus and system of obfuscated codes |
| CN110135129A (en) * | 2019-04-12 | 2019-08-16 | 平安科技(深圳)有限公司 | Code segment protection method, device, computer equipment and storage medium |
-
2020
- 2020-02-27 CN CN202010125783.1A patent/CN111274556A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104992083A (en) * | 2015-07-09 | 2015-10-21 | 广州视源电子科技股份有限公司 | Code obfuscation method and system for application |
| CN107203707A (en) * | 2016-03-16 | 2017-09-26 | 阿里巴巴集团控股有限公司 | It is a kind of to realize the method and system that program code is obscured |
| CN109241707A (en) * | 2018-08-09 | 2019-01-18 | 北京邮电大学 | Application program obscures method, apparatus and server |
| CN109492354A (en) * | 2018-10-23 | 2019-03-19 | 海南新软软件有限公司 | A kind of method, apparatus and system of obfuscated codes |
| CN110135129A (en) * | 2019-04-12 | 2019-08-16 | 平安科技(深圳)有限公司 | Code segment protection method, device, computer equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111708543A (en) * | 2020-08-19 | 2020-09-25 | 杭州冒险元素网络技术有限公司 | Method for reducing repetition degree of Android project codes |
| CN111708543B (en) * | 2020-08-19 | 2021-04-06 | 杭州冒险元素网络技术有限公司 | Method for reducing repetition degree of Android project codes |
| CN113742661A (en) * | 2021-09-07 | 2021-12-03 | 北京闲徕互娱网络科技有限公司 | unity code security protection method and computer readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3772700A1 (en) | Method and device for encrypting model of neural network, and storage medium | |
| CN111258590B (en) | Code execution method and device for code execution | |
| CN107766701B (en) | Electronic equipment, dynamic library file protection method and device | |
| CN111240694B (en) | Application detection method, application detection device and storage medium | |
| CN111274556A (en) | Code obfuscation method, device and storage medium | |
| CN108900553B (en) | Communication method, device and computer readable storage medium | |
| CN111736816B (en) | Compiling and linking method and device and compiling and linking device | |
| CN117193944A (en) | Application running environment generation method and device, server and storage device | |
| CN113468606A (en) | Application program access method and electronic equipment | |
| KR20140044962A (en) | Lock releasing method of electronic device, apparatus thereof, and medium storing program source thereof | |
| CN106712960B (en) | Processing method and device of verification code information | |
| CN112287380B (en) | Data processing method and device and data processing device | |
| CN112860625A (en) | Data acquisition method, data storage method, device, equipment and storage medium | |
| CN107526683B (en) | Method and device for detecting functional redundancy of application program and storage medium | |
| CN109933357B (en) | Application program upgrading method and device | |
| CN107193622B (en) | Code compiling processing method and device and terminal | |
| Pranoto et al. | Android smartphone remote monitoring application using sms service | |
| CN112148296B (en) | Compiling and running method and device and compiling and running device | |
| CN114020694B (en) | Header file address acquisition method and device, electronic equipment and storage medium | |
| CN116361838B (en) | Data processing method, device and system and readable storage medium | |
| CN111736852B (en) | Compiling and linking method and device and compiling and linking device | |
| CN111695158B (en) | Operation method and device | |
| CN111240735B (en) | Application packaging method, application packaging device and storage medium | |
| CN108536427B (en) | Compiling method and device of application program | |
| CN114661273A (en) | Front-end construction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |