CN111552931A - Method and system for adding shell of java code - Google Patents
Method and system for adding shell of java code Download PDFInfo
- Publication number
- CN111552931A CN111552931A CN202010360272.8A CN202010360272A CN111552931A CN 111552931 A CN111552931 A CN 111552931A CN 202010360272 A CN202010360272 A CN 202010360272A CN 111552931 A CN111552931 A CN 111552931A
- Authority
- CN
- China
- Prior art keywords
- code
- obfuscated
- java
- source
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 238000004422 calculation algorithm Methods 0.000 description 7
- 238000011161 development Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000002860 competitive effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a shell adding method of java codes, which comprises the following steps: carrying out code layering on the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated; compiling the code to be obfuscated through a compiling tool to obtain a compiled code; performing character replacement on the compiled code according to the confusion dictionary to generate a confusion code; acquiring a pre-generated key, and encrypting the obfuscated code by the key through an encryption rule to obtain an encrypted code; customizing a class loader in a load container according to the type of the encrypted code, the class loader comprising decryption rules for the encrypted code; and generating a jar packet by the decryption rule and the encrypted code to finish the encryption of the java source program code. The invention has the beneficial effects that: the security of the code is increased. In addition, the invention also relates to a block chain technology, and the decryption rule can be stored in the block chain node.
Description
Technical Field
The embodiment of the invention relates to the technical field of communication encryption, in particular to a shell adding method and system for java codes.
Technical Field
At present, the problem of intellectual property protection is increasingly highlighted nowadays when the internet technology is developed at a high speed. Software companies often have strong control power for internal source code security, and staff source code security awareness is standardized through means such as system, monitoring and auditing. However, for the bank type localized deployment project and the project of secondary development to the outsourcing company, how to prevent the user from obtaining the source code through decompilation and further infringe the intellectual property becomes an increasingly serious topic. Moreover, source code leakage can also increase enterprise research and development cost, reduce market competitive advantage and limit development of innovation capability.
In view of the cross-platform nature of java application code, many companies develop application software in the java language. The common practice for java application source code protection in the industry is code obfuscation, however, obfuscated code is only a replacement for key characters, and internal code logic can still be obtained through analysis, resulting in low code security.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and a system for adding a shell to java code, which enhance the security of the code.
In order to achieve the above object, an embodiment of the present invention provides a method for adding a shell to java code, including:
receiving a source code to be processed, and acquiring a code type of the source code to be processed, wherein the source code to be processed is a java source program code;
carrying out code layering on the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated;
compiling the code to be obfuscated through a compiling tool to obtain a compiled code;
performing character replacement on the compiled code according to the confusion dictionary to generate a confusion code;
acquiring a pre-generated key, and encrypting the obfuscated code by the key through an encryption rule to obtain an encrypted code;
customizing a class loader in a load container according to the type of the encrypted code, the class loader comprising decryption rules for the encrypted code;
and generating a jar packet by the decryption rule and the encrypted code to finish the encryption of the java source program code.
Further, the code layering of the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated includes:
dividing the code types into a main obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule;
and taking the source code to be processed corresponding to the obfuscated source code type and the secondary obfuscated source code type as the code to be obfuscated, wherein the source code to be processed corresponding to the non-obfuscated source code type is not obfuscated.
Further, the code to be obfuscated is a java source program code, and the storage mode is a first file format; the compiled code is java byte code, and the storage mode is a second file format;
the compiling the code to be obfuscated through the compiling tool to obtain the compiled code comprises:
and compiling the code to be obfuscated in the first file format by a compiling tool to obtain the compiled code in the second file format for loading by a class loader, wherein the class loader is a byte code class loader.
Further, customizing a class loader in a load container according to the type of the encrypted code, the class loader including decryption rules for the encrypted code, comprises:
generating the decryption rule corresponding to the decryption of the encrypted code, wherein the decryption rule is stored in a block chain;
in the load container, customizing a class loader according to the decryption rule and the type of the encrypted code.
Further, after generating the jar packet by the decryption rule and the encrypted code to complete the encryption of the java source program code, the method includes:
the class loader inherits the type of the encrypted code by overwriting a loadClass method so as to load the encrypted code;
and the class loader acquires the key according to a configuration file and decrypts the encrypted code according to the decryption rule and the key to obtain a compiled code.
Further, the obtaining a pre-generated key, and before encrypting the obfuscated code by the key to obtain an encrypted code, includes:
generating a key of the obfuscated code and writing the key into the configuration file;
and storing the configuration file into the loading container so that the class loader can obtain the key according to the configuration file and decrypt the encrypted code in the loading container.
In order to achieve the above object, an embodiment of the present invention further provides a shell adding system for java code, including:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a source code to be processed and acquiring the code type of the source code to be processed, and the source code to be processed is a java source program code;
the layering module is used for layering the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated;
the compiling module is used for compiling the code to be obfuscated through a compiling tool to obtain a compiled code;
the confusion module is used for performing character replacement on the compiled code according to the confusion dictionary to generate a confusion code;
the encryption module is used for acquiring a pre-generated key and encrypting the obfuscated code through the key to obtain an encrypted code;
the customization module is used for customizing a class loader in a loading container according to the type of the encrypted code, wherein the class loader comprises a decryption rule of the encrypted code;
and the generating module is used for generating a jar packet by the encryption rule and the encryption code so as to complete the encryption of the java source program code.
Further, the layering module is further configured to:
dividing the code types into a main obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule;
and taking the source code to be processed corresponding to the obfuscated source code type and the secondary obfuscated source code type as the code to be obfuscated, wherein the source code to be processed corresponding to the non-obfuscated source code type is not obfuscated.
To achieve the above object, an embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program that can run on the processor, and the computer program, when executed by the processor, implements the steps of the method for shelling java code as described above.
To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, in which a computer program is stored, where the computer program is executable by at least one processor, so as to cause the at least one processor to execute the steps of the method for shelling java code as described above.
According to the shell adding method and system for the java codes, provided by the embodiment of the invention, the source codes are mixed up, so that the risk that the source codes are decompiled and cracked is reduced; and the obfuscated code is encrypted to encrypt the source code for the second time, adding a shell mechanism. And the class loader ClassLoader is customized when the encryption code is run, and even if an attacker cracks the customized ClassLoader, the source code is confused, so that the cracking difficulty is increased. The mechanism is extremely low in code invasiveness, and can be widely applied to scenes of local deployment and secondary development output capacity.
Drawings
FIG. 1 is a flowchart of a first embodiment of a shell adding method for java code according to the present invention.
FIG. 2 is a flowchart of step S102 of a first embodiment of the method for adding the shell to the java code of the present invention.
FIG. 3 is a flowchart of step S109 of the first embodiment of the method for adding the shell to the java code of the present invention
FIG. 4 is a flowchart of step S110 of a first embodiment of the method for shelling java code according to the present invention.
Fig. 5 is a flowchart of step S113 of the first embodiment of the method for adding the shell to the java code according to the present invention.
FIG. 6 is a schematic diagram of program modules of a second embodiment of the java code shelling system of the present invention.
Fig. 7 is a schematic diagram of a hardware structure of a third embodiment of the computer apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Referring to fig. 1, a flowchart of the steps of a shell adding method for java code according to a first embodiment of the present invention is shown. It is to be understood that the flow charts in the embodiments of the present method are not intended to limit the order in which the steps are performed. The following description is made by way of example with the computer device 2 as the execution subject. The details are as follows.
Step S100, receiving a source code to be processed, and acquiring the code type of the source code to be processed, wherein the source code to be processed is a java source program code.
Specifically, the source code to be processed is a source code of a java program; the code types of the source code to be processed comprise interfaces, entity classes and core code classes.
And S102, layering the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated.
Specifically, the preset rule is an obfuscation rule, a user can customize the obfuscation rule, determine which types of source codes can be obfuscated, divide the source codes to be processed into source codes to be obfuscated and non-obfuscated source codes, extract core codes, and reserve source code output for interfaces and entity classes. The code types comprise a service realization code type, an interface type, a spi type and a serialization type, which are determined to be core codes, and which can be obfuscated through a preset rule.
Exemplarily, referring to fig. 2, the step S102 further includes:
step S1021, the code types are divided into a primary obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule.
Specifically, a proguard plug-in is introduced, and an obfuscation strategy is configured to obtain a code to be obfuscated. The obfuscation rules divide the code to be obfuscated into the main obfuscated source code: obfuscating names, attributes and method names of types corresponding to the main obfuscated source codes; secondary obfuscated source code: the names of the corresponding types of the secondary obfuscated source codes are not obfuscated, and the attributes and the method names of the corresponding types are selectively obfuscated; non-confusing objects: and the source code is not confused, and the exception can occur after the source code is confused, so that the source code is not confused. Obfuscation rules include, but are not limited to: all native methods are not confused; subclasses of certain classes cannot be confused because they are likely to be called externally; enumerated classes cannot be confused; serialized classes are not confused; the resource classes and their methods, cannot be confused; callback methods cannot be confused; keeping classes and members from being confused; the embedded classes cannot be confused; the classes and methods associated with processing reflections cannot be confused.
Step S1022, taking the source code to be processed corresponding to the obfuscated source code type and the secondary obfuscated source code type as the code to be obfuscated, and performing no obfuscation on the source code to be processed corresponding to the non-obfuscated source code type.
Specifically, the purpose of code layering is to support secondary development while protecting core code from leakage. The specific implementation method of code layering comprises the following steps: the service realization code stripping layer is subjected to confusion by a single module, and non-core codes such as interfaces, spi, serialization and the like are still output as source codes, so that secondary development and integration are facilitated.
And step S104, compiling the code to be obfuscated through a compiling tool to obtain a compiled code.
Illustratively, the code to be obfuscated is java source program code, and the storage mode is a first file format; the compiled code is java byte code, and the storage mode is a second file format; the step S104 further includes:
compiling the code to be obfuscated in the first file format through a compiling tool to obtain the compiled code in the second file format for loading by the class loader, wherein the class loader is a byte code loading container.
Specifically, the code to be obfuscated is java source program code, a first file format of a storage mode of the code to be obfuscated is a java file, the java file is converted into java byte code after being compiled by a java compiler, and a second file format of the storage mode is a class file, namely compiled code. And when the class loader loads the compiled code, acquiring the byte code of the class file for loading.
And step S106, performing character replacement on the compiled code according to the obfuscated dictionary to generate an obfuscated code.
Specifically, the obfuscated code file at this time includes obfuscated codes that can be compiled to run, the compiled codes are firstly subjected to character replacement according to an obfuscated dictionary to obtain obfuscated codes, and the obfuscated codes are stored in an obfuscated code file, wherein the obfuscated code file is a class file. proguard is a purely java-written obfuscation tool, and has two use modes of a client and a jar package. The program can be packaged into jar and then obfuscated by a tool, or a proguard plug-in can be imported into a maven project object model to obtain an obfuscated code file, so that source code is obfuscated.
Illustratively, character replacement of compiled code by a pre-configured obfuscated dictionary, even if decompiled, is an obfuscated special character. Before the confusion, a confusion dictionary must be configured, the confusion dictionary can be read when the compiled code is compiled, core code characters in the compiled code are replaced, and the replaced characters come from the confusion dictionary. And through the design of the obfuscated dictionary, the readability difficulty after obfuscation is enhanced.
Illustratively, before obfuscation, a configuration file is first defined: the method comprises the following steps that pro files are used as configuration files, jar files needing to be obfuscated (including codes to be obfuscated), jar files output after obfuscation, a java class library needing to be referred to for obfuscation and the like are configured in the files; when in confusion: downloading a proguard, decompressing and copying a proguard. jar file and a pro configuration file in a lib directory under a bin of a JAVA installation directory, if JAVA _ HOME (parent node) is set, or not copying under the directory, and then performing obfuscation by using the following command, assuming that the pro configuration file is named as myconfig.pro; and finally, verification is carried out: the jd-gui decompilation tool can be used to verify an obfuscated result, and the pre-obfuscated and post-obfuscated jar is dragged to the jd-gui tool, and then the source code is compared, and the post-obfuscated decompilation result is very different from the source code.
And step S108, acquiring a pre-generated key, and encrypting the obfuscated code through the key to obtain an encrypted code.
Specifically, the key is generated by a key generator provided by java, which provides the function of a symmetric key generator, supporting various algorithms. After the key is obtained, an independent encryption program for encrypting the compiled code is also provided, and the key is encrypted to the obfuscated code through the independent encryption program to obtain the encrypted code. The obfuscated code is encrypted using a 3DES encryption algorithm, also called Triple DES, which is a mode of the DES encryption algorithm that uses 3 keys of 56 bits to encrypt the obfuscated code three times. In brief, because of the enhancement of the computing power of the computer, the key of the original DES password is easy to crack violently, and 3DES is used to provide a relatively simple method for avoiding similar cracking by increasing the length of the DES key.
Exemplarily, referring to fig. 3, the step S108 further includes a step S109:
step S109A, generating a key of the obfuscated code, and writing the key into the configuration file.
Specifically, the key is written into the configuration file, and when the class loader loads the key, the key location is searched for according to the configuration file for decryption.
Step S109B, storing the configuration file in the loading container, so that the class loader obtains the key according to the configuration file in the loading container to decrypt the encrypted code.
Specifically, the configuration file is placed in a loading container, when a decryption instruction is received, a class loader is loaded, a key is obtained according to the configuration file, and the class loader decrypts the encrypted code by using the key.
Step S110, customizing a class loader in a loading container according to the type of the encrypted code, wherein the class loader comprises a decryption rule of the encrypted code.
Specifically, before decryption, for the Java virtual machine, an instance of a custom ClassLoader class (class loader) may be created for the web container (load container) and then explicitly required to load the type of additional encryption code. This forces the JVM (Java Virtual Machine) to associate the type class of the encrypted code to the custom ClassLoader. That is, the class loader is customized in the JVM, which includes all types of encrypted code.
Exemplarily, referring to fig. 4, the step S110 further includes:
step S110A, generating the decryption rule corresponding to the decryption of the encrypted code, where the decryption rule is stored in a block chain.
Specifically, when the encrypted code is encrypted, a corresponding encryption rule is set, and when the class loader loads the encrypted code, the encrypted code is decrypted through the decryption rule.
It is emphasized that the decryption rules may also be stored in a node of a blockchain in order to further ensure the privacy and security of the decryption rules.
Step S110B, in the loading container, customizing a class loader according to the decryption rule and the type of the encrypted code.
Specifically, the decryption rules are loaded into a class loader in the load container, which can perform the decryption process. When a decryption instruction is obtained, starting a decryption application, loading a class file to a memory by using a class loader to generate a byte array, wherein the binary byte is encrypted, and writing a decryption method according to an encryption rule to decrypt the byte array; and finally converting the byte array into a class object instance and returning.
And step S112, generating a jar packet by the decryption rule and the encrypted code so as to complete the encryption of the java source program code.
Specifically, the encryption rule and the encryption code are packaged to obtain a jar packet, the encryption processing of the running environment of the java source program code is completed, and the unlimited deployment of the application is prevented.
Exemplarily, referring to fig. 5, the step S112 is followed by a step S113:
step S113A, the class loader inherits the type of the encrypted code by overwriting the loadClass method to load the encrypted code.
Specifically, when the class loader loads the encrypted code, the key is obtained to decrypt the encrypted code, and then the class loader ClassLoader loads and analyzes the compiled code.
The method of overwriting the loadClass is to load the binary type of the name of the compiled code (namely the packet name of the jar packet), the loadClass method is realized by the class loader (namely the class loader), and the logic in the method of overwriting the loadClass is to realize the parental delegation mode. loadClass may also be called manually to let the ClassLoader load the class of obfuscated code. It can also be known from the loadClass implementation that if it is not desired to redefine the rules for loading classes, nor to have complex logic, and only to load the classes specified by itself (all types of obfuscated code) at runtime, then the code can be used directly for loading, where the code is: this may directly call the loadClass method of the ClassLoader to obtain the class object in the obfuscated code.
Step S113B, the class loader acquires the key according to the configuration file, and decrypts the encrypted code according to the decryption rule and the key to obtain the compiled code.
Specifically, the decryption rule is to decrypt the bytecode of the encrypted code, rewrite a class loader in a web container (load container) in the JVM, and load the encrypted class bytecode through a custom class loader to obtain the compiled code.
Example two
Continuing to refer to FIG. 6, a program module diagram of a second embodiment of the java code shelled system of the present invention is shown. In this embodiment, the java code shelling system 20 may include or be divided into one or more program modules, which are stored in a storage medium and executed by one or more processors to implement the present invention and implement the java code shelling method described above. The program modules referred to in the embodiments of the present invention refer to a series of computer program instruction segments that can perform specific functions, and are more suitable than the program itself for describing the execution process of the java code added system 20 in the storage medium. The following description will specifically describe the functions of the program modules of the present embodiment:
the receiving module 200 is configured to receive a source code to be processed, and acquire a code type of the source code to be processed, where the source code to be processed is a java source program code.
Specifically, the source code to be processed is a source code of a java program; the code types of the source code to be processed comprise interfaces, entity classes and core code classes.
And the layering module 202 is configured to perform code layering on the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated.
Specifically, the preset rule is an obfuscation rule, a user can customize the obfuscation rule, determine which types of source codes can be obfuscated, divide the source codes to be processed into source codes to be obfuscated and non-obfuscated source codes, extract core codes, and reserve source code output for interfaces and entity classes. The code types comprise a service realization code type, an interface type, a spi type and a serialization type, which are determined to be core codes, and which can be obfuscated through a preset rule.
Illustratively, the layering module 202 is further configured to:
and dividing the code types into a primary obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule.
Specifically, a proguard plug-in is introduced, and an obfuscation strategy is configured to obtain a code to be obfuscated. The obfuscation rules divide the code to be obfuscated into the main obfuscated source code: obfuscating names, attributes and method names of types corresponding to the main obfuscated source codes; secondary obfuscated source code: the names of the corresponding types of the secondary obfuscated source codes are not obfuscated, and the attributes and the method names of the corresponding types are selectively obfuscated; non-confusing objects: and the source code is not confused, and the exception can occur after the source code is confused, so that the source code is not confused. Obfuscation rules include, but are not limited to: all native methods are not confused; subclasses of certain classes cannot be confused because they are likely to be called externally; enumerated classes cannot be confused; serialized classes are not confused; the resource classes and their methods, cannot be confused; callback methods cannot be confused; keeping classes and members from being confused; the embedded classes cannot be confused; the classes and methods associated with processing reflections cannot be confused.
And taking the to-be-processed source code corresponding to the obfuscated source code type and the secondary obfuscated source code type as the to-be-obfuscated code to perform obfuscation, wherein the to-be-processed source code corresponding to the non-obfuscated source code type is not subjected to obfuscation.
Specifically, the purpose of code layering is to support secondary development while protecting core code from leakage. The specific implementation method of code layering comprises the following steps: the service realization code stripping layer is subjected to confusion by a single module, and non-core codes such as interfaces, spi, serialization and the like are still output as source codes, so that secondary development and integration are facilitated.
And the compiling module 204 is configured to compile the code to be obfuscated through a compiling tool to obtain a compiled code.
Illustratively, the code to be obfuscated is java source program code, and the storage mode is a first file format; the compiled code is java byte code, and the storage mode is a second file format; the step S104 further includes:
compiling the code to be obfuscated in the first file format through a compiling tool to obtain the compiled code in the second file format for loading by the class loader, wherein the class loader is a byte code loading container.
Specifically, the code to be obfuscated is java source program code, a first file format of a storage mode of the code to be obfuscated is a java file, the java file is converted into java byte code after being compiled by a java compiler, and a second file format of the storage mode is a class file, namely compiled code. And when the class loader loads the compiled code, acquiring the byte code of the class file for loading.
And the obfuscating module 206 is configured to perform character replacement on the compiled code according to an obfuscating dictionary to generate an obfuscated code.
Specifically, the obfuscated code file at this time includes obfuscated codes that can be compiled to run, the compiled codes are firstly subjected to character replacement according to an obfuscated dictionary to obtain obfuscated codes, and the obfuscated codes are stored in an obfuscated code file, wherein the obfuscated code file is a class file. proguard is a purely java-written obfuscation tool, and has two use modes of a client and a jar package. The program can be packaged into jar and then obfuscated by a tool, or a proguard plug-in can be imported into a maven project object model to obtain an obfuscated code file, so that source code is obfuscated.
Illustratively, character replacement of compiled code by a pre-configured obfuscated dictionary, even if decompiled, is an obfuscated special character. Before the confusion, a confusion dictionary must be configured, the confusion dictionary can be read when the compiled code is compiled, core code characters in the compiled code are replaced, and the replaced characters come from the confusion dictionary. And through the design of the obfuscated dictionary, the readability difficulty after obfuscation is enhanced.
Illustratively, before obfuscation, a configuration file is first defined: the method comprises the following steps that pro files are used as configuration files, jar files needing to be obfuscated (including codes to be obfuscated), jar files output after obfuscation, a java class library needing to be referred to for obfuscation and the like are configured in the files; when in confusion: downloading a proguard, decompressing and copying a proguard. jar file and a pro configuration file in a lib directory under a bin of a JAVA installation directory, if JAVA _ HOME (parent node) is set, or not copying under the directory, and then performing obfuscation by using the following command, assuming that the pro configuration file is named as myconfig.pro; and finally, verification is carried out: the jd-gui decompilation tool can be used to verify an obfuscated result, and the pre-obfuscated and post-obfuscated jar is dragged to the jd-gui tool, and then the source code is compared, and the post-obfuscated decompilation result is very different from the source code.
And the encryption module 208 is configured to obtain a pre-generated key, and encrypt the obfuscated code through the key to obtain an encrypted code.
Specifically, the key is generated by a key generator provided by java, which provides the function of a symmetric key generator, supporting various algorithms. After the key is obtained, an independent encryption program for encrypting the compiled code is also provided, and the key is encrypted to the obfuscated code through the independent encryption program to obtain the encrypted code. The obfuscated code is encrypted using a 3DES encryption algorithm, also called Triple DES, which is a mode of the DES encryption algorithm that uses 3 keys of 56 bits to encrypt the obfuscated code three times. In brief, because of the enhancement of the computing power of the computer, the key of the original DES password is easy to crack violently, and 3DES is used to provide a relatively simple method for avoiding similar cracking by increasing the length of the DES key.
A customizing module 210, configured to customize a class loader in a load container according to the type of the encrypted code, where the class loader includes a decryption rule of the encrypted code.
Specifically, before decryption, for the Java virtual machine, an instance of a custom ClassLoader class (class loader) may be created for the web container (load container) and then explicitly required to load the type of additional encryption code. This forces the JVM (Java Virtual Machine) to associate the type class of the encrypted code to the custom ClassLoader. That is, the class loader is customized in the JVM, which includes all types of encrypted code.
Illustratively, the customization module 210 is further configured to:
and generating the decryption rule corresponding to the decryption of the encrypted code, wherein the decryption rule is stored in a block chain.
Specifically, when the encrypted code is encrypted, a corresponding encryption rule is set, and when the class loader loads the encrypted code, the encrypted code is decrypted through the decryption rule.
In the load container, customizing a class loader according to the decryption rule and the type of the encrypted code.
Specifically, the decryption rules are loaded into a class loader in the load container, which can perform the decryption process. When a decryption instruction is obtained, starting a decryption application, loading a class file to a memory by using a class loader to generate a byte array, wherein the binary byte is encrypted, and writing a decryption method according to an encryption rule to decrypt the byte array; and finally converting the byte array into a class object instance and returning.
A generating module 212, configured to generate a jar packet from the encryption rule and the encryption code, so as to complete encryption of the java source program code.
Specifically, the encryption rule and the encryption code are packaged to obtain a jar packet, the encryption processing of the running environment of the java source program code is completed, and the unlimited deployment of the application is prevented.
EXAMPLE III
Fig. 7 is a schematic diagram of a hardware architecture of a computer device according to a third embodiment of the present invention. In the present embodiment, the computer device 2 is a device capable of automatically performing numerical calculation and/or information processing in accordance with a preset or stored instruction. The computer device 2 may be a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers), and the like. As shown in FIG. 7, the computer device 2 includes at least, but is not limited to, a memory 21, a processor 22, a network interface 23, and a shell system 20 of java code communicatively coupled to each other via a system bus. Wherein:
in this embodiment, the memory 21 includes at least one type of computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 21 may be an internal storage unit of the computer device 2, such as a hard disk or a memory of the computer device 2. In other embodiments, the memory 21 may also be an external storage device of the computer device 2, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like provided on the computer device 2. Of course, the memory 21 may also comprise both internal and external memory units of the computer device 2. In this embodiment, the memory 21 is generally used for storing an operating system installed on the computer device 2 and various application software, such as program codes of the shell system 20 of java code of the second embodiment. Further, the memory 21 may also be used to temporarily store various types of data that have been output or are to be output.
The network interface 23 may comprise a wireless network interface or a wired network interface, and the network interface 23 is generally used for establishing communication connection between the server 2 and other electronic devices. For example, the network interface 23 is used to connect the server 2 to an external terminal via a network, establish a data transmission channel and a communication connection between the server 2 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), a 4G network, a 5G network, Bluetooth (Bluetooth), Wi-Fi, and the like. It is noted that fig. 7 only shows the computer device 2 with components 20-23, but it is to be understood that not all shown components are required to be implemented, and that more or less components may be implemented instead.
In this embodiment, the java code shelled system 20 stored in the memory 21 can also be divided into one or more program modules, and the one or more program modules are stored in the memory 21 and executed by one or more processors (in this embodiment, the processor 22) to complete the present invention.
For example, fig. 6 shows a schematic diagram of program modules of an embodiment two of the shell system 20 for implementing java code, in which embodiment the shell system 20 for java code may be divided into a receiving module 200, a layering module 202, an obfuscation module 204, a compiling module 206, an encryption module 208, a customization module 210, and a generating module 212. Wherein, the program module referred to in the present invention refers to a series of computer program instruction segments capable of performing specific functions, which are more suitable than programs for describing the execution process of the java code added system 20 in the computer device 2. The specific functions of the program modules 200 and 212 have been described in detail in the second embodiment, and are not described herein again.
Example four
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer-readable storage medium of this embodiment is used for the shelling system 20 for storing java code, and when executed by the processor, implements the shelling method for java code of the first embodiment.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A shell adding method of java codes is characterized by comprising the following steps:
receiving a source code to be processed, and acquiring a code type of the source code to be processed, wherein the source code to be processed is a java source program code;
carrying out code layering on the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated;
compiling the code to be obfuscated through a compiling tool to obtain a compiled code;
performing character replacement on the compiled code according to the confusion dictionary to generate a confusion code;
acquiring a pre-generated key, and encrypting the obfuscated code by the key through an encryption rule to obtain an encrypted code;
customizing a class loader in a load container according to the type of the encrypted code, the class loader comprising decryption rules for the encrypted code;
and generating a jar packet by the decryption rule and the encrypted code to finish the encryption of the java source program code.
2. The method for shelling java code as claimed in claim 1, wherein said code layering the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated comprises:
dividing the code types into a main obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule;
and taking the source code to be processed corresponding to the obfuscated source code type and the secondary obfuscated source code type as the code to be obfuscated, wherein the source code to be processed corresponding to the non-obfuscated source code type is not obfuscated.
3. The method for shelling java code as claimed in claim 1, wherein said code to be obfuscated is java source program code and is stored in a first file format; the compiled code is java byte code, and the storage mode is a second file format;
the compiling the code to be obfuscated through the compiling tool to obtain the compiled code comprises:
and compiling the code to be obfuscated in the first file format by a compiling tool to obtain the compiled code in the second file format for loading by a class loader, wherein the class loader is a byte code class loader.
4. The java code shelling method as defined in claim 2, wherein said customizing a class loader in a load container according to the type of said encrypted code, said class loader including decryption rules for said encrypted code comprises:
generating the decryption rule corresponding to the decryption of the encrypted code, wherein the decryption rule is stored in a block chain;
in the load container, customizing a class loader according to the decryption rule and the type of the encrypted code.
5. The method for shelling java code as defined in claim 4, wherein after generating the decryption rule with the encrypted code into a jar packet to complete encryption of the java source program code, the method comprises:
the class loader inherits the type of the encrypted code by overwriting a loadClass method so as to load the encrypted code;
and the class loader acquires the key according to a configuration file and decrypts the encrypted code according to the decryption rule and the key to obtain a compiled code.
6. The method for shelling java code as claimed in claim 5, wherein said obtaining a pre-generated key and encrypting said obfuscated code with said key to obtain an encrypted code comprises:
generating a key of the obfuscated code and writing the key into the configuration file;
and storing the configuration file into the loading container so that the class loader can obtain the key according to the configuration file and decrypt the encrypted code in the loading container.
7. A java code shelling system, comprising:
the system comprises a receiving module, a processing module and a processing module, wherein the receiving module is used for receiving a source code to be processed and acquiring the code type of the source code to be processed, and the source code to be processed is a java source program code;
the layering module is used for layering the source code to be processed according to the code type and a preset rule to obtain a code to be obfuscated;
the compiling module is used for compiling the code to be obfuscated through a compiling tool to obtain a compiled code;
the confusion module is used for performing character replacement on the compiled code according to the confusion dictionary to generate a confusion code;
the encryption module is used for acquiring a pre-generated key and encrypting the obfuscated code through the key to obtain an encrypted code;
the customization module is used for customizing a class loader in a loading container according to the type of the encrypted code, wherein the class loader comprises a decryption rule of the encrypted code;
and the generating module is used for generating a jar packet by the encryption rule and the encryption code so as to complete the encryption of the java source program code.
8. The java code shelling system as defined in claim 7, wherein said layering module is further configured to:
dividing the code types into a main obfuscated source code type, a secondary obfuscated source code type and a non-obfuscated source code type according to a preset rule;
and taking the source code to be processed corresponding to the obfuscated source code type and the secondary obfuscated source code type as the code to be obfuscated, wherein the source code to be processed corresponding to the non-obfuscated source code type is not obfuscated.
9. A computer arrangement comprising a memory, a processor, a computer program stored on the memory operable on the processor, the computer program when executed by the processor implementing the steps of the method for shelling java code as claimed in any one of claims 1 to 6.
10. A computer-readable storage medium, having stored thereon a computer program executable by at least one processor to cause the at least one processor to perform the steps of the java code shelling method as claimed in any one of claims 1-6.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010360272.8A CN111552931A (en) | 2020-04-30 | 2020-04-30 | Method and system for adding shell of java code |
PCT/CN2020/111626 WO2021217980A1 (en) | 2020-04-30 | 2020-08-27 | Java code packing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010360272.8A CN111552931A (en) | 2020-04-30 | 2020-04-30 | Method and system for adding shell of java code |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111552931A true CN111552931A (en) | 2020-08-18 |
Family
ID=71999361
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010360272.8A Withdrawn CN111552931A (en) | 2020-04-30 | 2020-04-30 | Method and system for adding shell of java code |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN111552931A (en) |
WO (1) | WO2021217980A1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113094665A (en) * | 2021-04-09 | 2021-07-09 | 每日互动股份有限公司 | System for preventing java program from being decompiled |
CN113221077A (en) * | 2021-05-31 | 2021-08-06 | 平安科技(深圳)有限公司 | Class file encryption method and equipment based on spring container |
CN113238762A (en) * | 2021-05-10 | 2021-08-10 | 深圳前海微众银行股份有限公司 | Java application remote deployment method, device and equipment |
CN113282294A (en) * | 2021-05-19 | 2021-08-20 | 武汉极意网络科技有限公司 | Android platform-based Java character string confusion method and device |
CN113411384A (en) * | 2021-06-10 | 2021-09-17 | 华中科技大学 | System and method for privacy protection in data security sharing process of Internet of things |
CN113591041A (en) * | 2021-09-28 | 2021-11-02 | 环球数科集团有限公司 | Distributed coding system for preventing code injection or source code decompilation |
WO2021217980A1 (en) * | 2020-04-30 | 2021-11-04 | 平安科技(深圳)有限公司 | Java code packing method and system |
CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
CN113836498A (en) * | 2021-09-01 | 2021-12-24 | 浙江岩华文化科技有限公司 | Webpage source code obfuscation method and device, electronic device and storage medium |
CN114090965A (en) * | 2021-11-22 | 2022-02-25 | 全景智联(武汉)科技有限公司 | Java code obfuscation method, system, computer device and storage medium |
CN114254373A (en) * | 2022-03-01 | 2022-03-29 | 中国电力科学研究院有限公司 | Encryption transmission method, device and system |
CN115310115A (en) * | 2022-10-11 | 2022-11-08 | 东方合智数据科技(广东)有限责任公司 | Privatization deployment encryption method, device, equipment and storage medium |
CN115473702A (en) * | 2022-08-23 | 2022-12-13 | 广西电网有限责任公司电力科学研究院 | Content confusion method based on online interactive WEB dynamic defense |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114444028B (en) * | 2022-01-05 | 2024-01-12 | 苏州浪潮智能科技有限公司 | Method, device, computer equipment and storage medium for improving code security |
CN114722359B (en) * | 2022-04-08 | 2024-05-10 | 北京航天长城卫星导航科技有限公司 | Java source code protection method based on custom class loader |
CN117574334B (en) * | 2023-08-17 | 2024-05-28 | 广东工业大学 | Code confusion method and system combining MD5 and sequence-to-sequence model |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016139078A1 (en) * | 2015-03-02 | 2016-09-09 | Inventio Ag | Protecting a computer program against reverse engineering |
CN108664773B (en) * | 2018-04-26 | 2021-07-30 | 北京三快在线科技有限公司 | Method and device for protecting Java source code |
CN111552931A (en) * | 2020-04-30 | 2020-08-18 | 平安科技(深圳)有限公司 | Method and system for adding shell of java code |
-
2020
- 2020-04-30 CN CN202010360272.8A patent/CN111552931A/en not_active Withdrawn
- 2020-08-27 WO PCT/CN2020/111626 patent/WO2021217980A1/en active Application Filing
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021217980A1 (en) * | 2020-04-30 | 2021-11-04 | 平安科技(深圳)有限公司 | Java code packing method and system |
CN113094665A (en) * | 2021-04-09 | 2021-07-09 | 每日互动股份有限公司 | System for preventing java program from being decompiled |
CN113238762A (en) * | 2021-05-10 | 2021-08-10 | 深圳前海微众银行股份有限公司 | Java application remote deployment method, device and equipment |
CN113282294A (en) * | 2021-05-19 | 2021-08-20 | 武汉极意网络科技有限公司 | Android platform-based Java character string confusion method and device |
CN113221077A (en) * | 2021-05-31 | 2021-08-06 | 平安科技(深圳)有限公司 | Class file encryption method and equipment based on spring container |
CN113221077B (en) * | 2021-05-31 | 2023-11-14 | 平安科技(深圳)有限公司 | Class file encryption method and equipment based on spring container |
CN113411384B (en) * | 2021-06-10 | 2022-09-27 | 华中科技大学 | System and method for privacy protection in data security sharing process of Internet of things |
CN113411384A (en) * | 2021-06-10 | 2021-09-17 | 华中科技大学 | System and method for privacy protection in data security sharing process of Internet of things |
CN113656765A (en) * | 2021-08-17 | 2021-11-16 | 平安国际智慧城市科技股份有限公司 | Java program safety processing method and device, computer equipment and storage medium |
CN113836498A (en) * | 2021-09-01 | 2021-12-24 | 浙江岩华文化科技有限公司 | Webpage source code obfuscation method and device, electronic device and storage medium |
CN113591041B (en) * | 2021-09-28 | 2021-12-31 | 环球数科集团有限公司 | Distributed coding system for preventing code injection or source code decompilation |
CN113591041A (en) * | 2021-09-28 | 2021-11-02 | 环球数科集团有限公司 | Distributed coding system for preventing code injection or source code decompilation |
CN114090965A (en) * | 2021-11-22 | 2022-02-25 | 全景智联(武汉)科技有限公司 | Java code obfuscation method, system, computer device and storage medium |
CN114090965B (en) * | 2021-11-22 | 2024-05-17 | 全景智联(武汉)科技有限公司 | Java code confusion method, system, computer equipment and storage medium |
CN114254373A (en) * | 2022-03-01 | 2022-03-29 | 中国电力科学研究院有限公司 | Encryption transmission method, device and system |
CN114254373B (en) * | 2022-03-01 | 2022-07-08 | 中国电力科学研究院有限公司 | Encryption transmission method, device and system |
CN115473702A (en) * | 2022-08-23 | 2022-12-13 | 广西电网有限责任公司电力科学研究院 | Content confusion method based on online interactive WEB dynamic defense |
CN115310115A (en) * | 2022-10-11 | 2022-11-08 | 东方合智数据科技(广东)有限责任公司 | Privatization deployment encryption method, device, equipment and storage medium |
CN115310115B (en) * | 2022-10-11 | 2023-01-24 | 东方合智数据科技(广东)有限责任公司 | Privatization deployment encryption method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
WO2021217980A1 (en) | 2021-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111552931A (en) | Method and system for adding shell of java code | |
EP3038004A1 (en) | Method for providing security for common intermediate language-based program | |
CN112115429B (en) | Java class encryption and decryption method and computer readable storage medium | |
CN106295255B (en) | Application program reinforcing method and device | |
US20030236986A1 (en) | Protecting software from unauthorized use by converting source code modules to byte codes | |
CN110826031B (en) | Encryption method, device, computer equipment and storage medium | |
CN109784007B (en) | Byte code encryption method, byte code decryption method and terminal | |
CN111159662A (en) | Data processing method and device | |
CN109614772B (en) | Code conversion method and device based on application installation package file | |
CN108399319A (en) | Source code guard method, application server and computer readable storage medium | |
CN114547558B (en) | Authorization method, authorization control device, equipment and medium | |
CN108111622A (en) | A kind of method, apparatus and system for downloading whitepack library file | |
CN110619224A (en) | Data processing method and related device | |
CN111737718A (en) | Encryption and decryption method and device for jar packet, terminal equipment and storage medium | |
CN111259364B (en) | Method, device, equipment and storage medium for using national secret encryption card | |
CN110119601B (en) | Program reinforcing method and device based on application program installation package | |
CN109598105B (en) | Method and device for safely loading firmware by microcontroller, computer equipment and storage medium | |
CN111339558A (en) | Data encryption method, data decryption method, computer device and medium | |
CN111209572B (en) | Encryption and decryption-based safe startup method and system for Linux system | |
CN111104693A (en) | Android platform software data cracking method, terminal device and storage medium | |
CN110880965A (en) | Outgoing electronic document encryption method, system, terminal and storage medium | |
CN114329535A (en) | File encryption method and device, electronic equipment and computer readable medium | |
CN111460464B (en) | Data encryption and decryption method and device, electronic equipment and computer storage medium | |
CN115033870A (en) | Anti-malicious tampering code method and device based on big data cloud deployment | |
CN112363771B (en) | Application processing method and related product |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200818 |