CN112100582A - Method for protecting software distribution security by applying strong symmetric encryption - Google Patents
Method for protecting software distribution security by applying strong symmetric encryption Download PDFInfo
- Publication number
- CN112100582A CN112100582A CN202010999297.2A CN202010999297A CN112100582A CN 112100582 A CN112100582 A CN 112100582A CN 202010999297 A CN202010999297 A CN 202010999297A CN 112100582 A CN112100582 A CN 112100582A
- Authority
- CN
- China
- Prior art keywords
- encryption
- decryption
- software
- algorithm
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 46
- 230000006870 function Effects 0.000 claims abstract description 26
- 238000012795 verification Methods 0.000 claims abstract description 26
- 239000011159 matrix material Substances 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 10
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000009434 installation Methods 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 238000013519 translation Methods 0.000 claims description 3
- 230000006835 compression Effects 0.000 claims description 2
- 125000004122 cyclic group Chemical group 0.000 claims description 2
- 230000000694 effects Effects 0.000 abstract 1
- 230000001965 increasing effect Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000005336 cracking Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting software distribution safety by applying strong symmetric encryption, which is characterized by comprising the following steps: step 1: generating an encryption and decryption key based on the system time stamp by using a pseudo-random number generation algorithm; step 2: the encryption and decryption key, the encryption and decryption algorithm function, the dynamic random number and the identity verification algorithm are compiled in a C language form and integrated into an encryption and decryption dynamic library; and step 3: automatically generating a key according to the step 1, encrypting the software package by using the generated key, and the step 4: and sequentially calling an identity verification algorithm and an encryption and decryption algorithm function of the encryption and decryption dynamic library to verify the software installer. The disassembling is very difficult, the encryption and decryption module realizes multiple protection measures such as encryption, verification and confusion, and the effects of preventing the application from being decompiled and illegally authorized are achieved to the maximum extent.
Description
Technical Field
The invention relates to the field, in particular to a method for protecting software distribution safety by applying strong symmetric encryption.
Background
Dynamic languages are a category of high-level programming languages that have been widely used in the field of computer science. It is a type of language that can change its structure at runtime: for example, new functions, objects, and even code can be introduced, such as existing functions being allowed to be deleted or otherwise structurally changed. Currently, the main dynamic languages are: PHP, Ruby, Python, JavaScript, and the like. Large-scale web applications usually choose to write back-end applications using dynamic languages such as Java/Python, and when these back-end applications need to be deployed in other systems, an authorization mechanism needs to be developed accordingly.
The prior art mainly uses code obfuscation techniques to protect published applications. Code obfuscation, which is the act of transforming the code of a computer program into a functionally equivalent, but difficult to read and understand form, is generally chosen among the following methods: (1) rewriting the names of various elements in the code, such as variables, functions and classes, into meaningless names; (2) rewriting part of the logic in the code to become functionally equivalent, but in a more difficult-to-understand form, such as rewriting a for loop into a while loop, rewriting a loop into a recursion, reducing intermediate variables, etc.; (3) scrambling the code format, such as deleting spaces, squeezing lines of code into a single line, or breaking a line of code into multiple lines, etc.; (4) and adding a flower instruction, and making the disassembler go wrong through a specially constructed instruction so as to interfere with the performance of the decompilation work.
The program code after the code obfuscation processing is difficult to be decompiled, and even if the decompilation is successful, the true semantics of the program is difficult to obtain. The code confusion has obvious resistance to reverse engineering, increases the difficulty of reversely analyzing program source codes through disassembling and decompiling, and makes it difficult for crackers such as non-software developers and the like to master the logic and algorithm of the program. However, although this technique improves the confidentiality of the sequential logic to some extent, the confusion is only the substitution of character strings for names such as classes, methods, and variables, and the confidentiality is not unexpectedly high. Even, by using an anti-aliasing tool to crack, for example, the decompressed bytecode file of the software developed and released by Python language is pyc, the source code can be easily inversely compiled by an off-the-shelf tool uncomplex.
Symmetric encryption refers to an encryption mode in which the same key is used for encryption and decryption, and the process is as follows: the sender encrypts plaintext data into ciphertext by using the key and then sends the ciphertext out, and the receiver decrypts the ciphertext into plaintext by using the same key after receiving the ciphertext. The symmetric encryption has the advantages of small encryption calculation amount and high speed, and is suitable for scenes of encrypting a large amount of data. However, the existing symmetric encryption technology does not provide a protection measure for the key, that is, the security of the symmetric encryption key is a problem to be solved by software developers themselves. Patent 201810669993.X "a security method for enhancing Java distribution software based on JavaAgent and dll" provides encryption and decryption operations for applications through JavaAgent and dll dynamic link libraries under the condition of no invasion to the applications, so that the distribution security of the software is protected, but the following defects still exist: (1) the key is easy to analyze with tools, such as strings; (2) the cracker can directly call the dll dynamic link library to decrypt the file by writing the program by the cracker.
Therefore, there is currently no security method available in the art that can be adapted to protect software written in dynamic languages.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the defects of the prior art and provide a method for protecting software distribution safety by applying strong symmetric encryption.
The technical scheme of the invention is that a method for protecting software distribution safety by applying strong symmetric encryption comprises the following specific processes:
step 1: generating an encryption and decryption key based on the system time stamp using a pseudo-random number generation algorithm, comprising: step 1-1, using a pseudo-random number to generate a random character string with the length of 256 from the acquired current system time stamp; step 1-2: performing BASE64 encoding on the random character string obtained in the step 1-1, and hard-coding the encoded random character string in an encryption and decryption dynamic library; step 1-3: and (3) carrying out BASE64 decoding on the random character string obtained in the step 1-2, and carrying out the step 1-4: randomly selecting bytes from the result character string in the step 1-3, and executing exclusive or operation on the selected specific bytes and the random value; step 1-5: performing HASH conversion on the result character string obtained in the step 1-4 to obtain a final encryption and decryption key;
in particular, the steps 1-2 are specifically: after the random character string is converted into a binary byte code, 8 occupied bytes are converted into 6 occupied bytes, and the bytes are converted into a new character string according to the BASE64 format; the steps 1-1 to 1-2 are generated by using an OpenSSL tool in advance, and the steps 1-3 to 1-5 are built in and executed when the dynamic encryption and decryption library is encrypted.
Step 2: the encryption and decryption key, the encryption and decryption algorithm function, the dynamic random number and the identity verification algorithm are compiled in a C language form and integrated into an encryption and decryption dynamic library; the encryption and decryption algorithm function refers to an encryption and decryption algorithm used for encrypting and decrypting software release packets; the dynamic random number is a random character string generated by using a pseudo-random number generation algorithm, and the random character string is generated when an encryption and decryption dynamic library is constructed and is hard-coded into the encryption and decryption dynamic library; the random character string is distributed to a software release package calling party when the software package is distributed; the identity verification algorithm is an algorithm for simultaneously encrypting the system timestamp and the random character string;
and step 3: when the software package is distributed to a caller, automatically generating a secret key according to the step 1, encrypting the software package by using the generated secret key, and calculating encrypted ciphertext data to take at least 4 bytes as an integrity check code;
in particular, the step 3 specifically includes: step 3-1: decompressing the software package into a binary byte code file, calling an encryption dynamic library to obtain a key according to the steps 1-3-1-5, and transmitting the key serving as a parameter into an encryption algorithm function to form ciphertext data; step 3-2: calculating ciphertext data based on an SHA-256 algorithm, taking at least the first 4 bytes as an integrity check code of the encrypted file, and outputting the encrypted file including the integrity check code and the ciphertext data; packaging the encrypted files to form a final software distribution package, and deploying the final software distribution package in a production environment;
specifically, the step 3-1 encryption process introduces the obtained key as a parameter into the AES encryption function, and divides the byte-code file by a 4 × 4 byte matrix to perform encryption rounds, each encryption round including: performing XOR operation on each byte in each matrix and the key; replacing each byte by means of a look-up table; performing a cyclic shift for each row in the matrix;
and 4, step 4: when software installation starts, a system timestamp and an integrity check code are obtained, and an identity check algorithm and an encryption and decryption algorithm function of an encryption and decryption dynamic library are sequentially called to verify a software installer; after the verification is passed, calling a secret key to decrypt the file installation package, and then executing software installation;
specifically, in step 4, triggering decryption when software is started to be installed specifically includes: step 4-1: when the software installation is started, the software name is transmitted to an interpreter, and the interpreter downloads a corresponding software installation package according to the software name and calls a decryption dynamic library; the interpreter is used for reading the executable program in the software installation package and executing software installation; step 4-2: and (3) identity verification of a software installer: acquiring a system timestamp when software installation is started based on an identity acquisition and verification method, splicing the system timestamp with a dynamic random number pre-allocated to a software installer, and encrypting a spliced value through SHA-256 to form a verification value; acquiring a system time stamp when the decryption dynamic library is called, splicing the system time stamp with a dynamic random number which is arranged in the encryption and decryption dynamic library, and encrypting the system time stamp with an SHA-256 to form a check value; comparing the check value of the software installer with the check value generated by the decryption dynamic library, and continuing to execute the step 4-3 if the comparison is consistent and the identity check is passed; if the comparison is inconsistent, returning to illegal calling; step 4-3: decryption and verification: the interpreter reads at least the first 4 bytes of the ciphertext data of the software installation package to compare with the integrity check code in the software installation package, and if the two bytes are consistent, decryption is executed; if not, stopping decryption; step 4-4: decrypting the ciphertext data into plaintext data: transmitting the key as a parameter into a decryption algorithm function, acquiring plaintext data, transmitting the plaintext data into an interpreter, and finishing code translation and execution of a software installation and operation instruction by the interpreter;
in particular, during the step 4-1 software starting triggering interpreter work, software is started through a command line, and the name of the software compression package is transmitted to the interpreter. The interpreter modifies the reading logic in advance and controls the interpreter to call the encryption and decryption dynamics and then execute software installation. In the step 4-4, the key is used as a parameter and is transmitted into an AES decryption function, the byte code file is divided by a 4 x 4 byte matrix to execute decryption circulation, and each decryption circulation is reversely executed according to the encryption step in the step 3-1.
The method has the advantages that the decryption process is realized based on the C language dynamic library module, the key is stored in the dynamic library, the C language is the characteristic of a compiling language, so that the anti-compilation is very difficult, in addition, the encryption and decryption module realizes multiple protection measures such as encryption, verification, confusion and the like, and the application is prevented from being subjected to the anti-compilation and illegal authorization to the greatest extent.
Different from the traditional code obfuscation technology, the innovation of the scheme provides a solution for protecting the software release safety by adopting a form of calling a C language dynamic library by a dynamic language. Meanwhile, the reverse and cracking difficulty is increased by using a public and self-defined multiple encryption algorithm.
Drawings
FIG. 1 is a flowchart of a method for protecting software distribution security by applying strong symmetric encryption according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system for protecting software distribution security by applying strong symmetric encryption according to an embodiment of the present invention.
Detailed Description
The invention will be further described with reference to the drawings and the exemplary embodiments:
fig. 2 is a diagram of a system structure for protecting software distribution security by applying strong symmetric encryption, which specifically includes an encryption dynamic library, a decryption dynamic library, and an interpreter, wherein a secret key is embedded in the encryption dynamic library;
the encryption dynamic library is used for encrypting the software installation package, and a secret key is obtained through calling to encrypt the software installation package;
the decryption dynamic library is used for decrypting the software installation package, and a secret key is obtained through calling to decrypt the software installation package;
the interpreter is used for translating and allowing executable programs in the package to be issued and comprises a Java JVM virtual machine and a Python interpreter; the interpreter calls the decryption dynamic library before reading the software installation package, and the decryption dynamic library converts the ciphertext data into plaintext data and then transfers the plaintext data to the interpreter to interpret and execute the software installation code.
As shown in fig. 1, a method for protecting software distribution security by applying strong symmetric encryption specifically includes a key generation method, a key encryption method, and a key decryption method;
step 1: generating an encryption and decryption key based on the system time stamp:
step 1-1, generating a random character string with a length of 256 from a system time stamp by using a pseudo-random number generation algorithm through an openssl tool, and increasing the security intensity by setting the 256 characters;
step 1-2: after the random character string is converted into a binary byte code, 8 occupied bytes are converted into 6 occupied bytes, and the bytes are converted into a new character string according to the BASE64 format; the encoded random character string is hard-coded in an encryption and decryption dynamic library;
step 1-3: performing BASE64 decoding on the random character string obtained in the step 1-2, randomly selecting bytes from the random character string, and performing exclusive OR operation on the selected bytes and the distributed random value;
step 1-4: and performing HASH conversion on the result character string obtained in the step 1-3 to obtain a final encryption and decryption key.
The steps 1-3 to 1-4 are executed when the encryption and decryption dynamic library executes an encryption process, hard coding is directly embedded in a source code in a plaintext, and the dynamic library obtained after compiling is possibly taken by a cracker in a character string form, but the safety is not influenced, and the cracker takes the result of the step 2 and cannot directly take the final encryption and decryption key of the step 1-5.
Step 2: the encryption and decryption key, the encryption and decryption algorithm function, the dynamic random number and the identity verification algorithm are compiled in a C language form and integrated into an encryption and decryption dynamic library; the encryption and decryption algorithm function refers to an encryption and decryption algorithm used for encrypting and decrypting software release packets; the dynamic random number is a random character string generated by using a pseudo-random number generation algorithm, and the random character string is generated when an encryption and decryption dynamic library is constructed and is hard-coded into the encryption and decryption dynamic library; the random character string is distributed to a software release package calling party when the software package is distributed; the identity verification algorithm is an algorithm for simultaneously encrypting the system timestamp and the random character string; the decryption process is realized based on the C language dynamic library module, the key is stored in the dynamic library, the C language is the characteristic of a compiling language, so that the difficulty of anti-compilation is high, in addition, the encryption and decryption module realizes multiple protection measures such as encryption, verification, confusion and the like, and the application is prevented from being decompiled and illegally authorized to the maximum extent.
And step 3: when the software package is distributed to a caller, generating a secret key according to the step 1, and encrypting the software package by using the secret key, wherein the specific process comprises the following steps: step 3-1: decompressing the software package into a binary byte code file, calling an encryption dynamic library to obtain a key according to the step 1, transmitting the key serving as a parameter into an AES encryption function, dividing the byte code file by a 4 x 4 byte matrix to execute encryption circulation, and forming ciphertext data; step 3-2: calculating ciphertext data based on an SHA-256 algorithm, taking at least the first 4 bytes as an integrity check code of the encrypted file, and outputting the encrypted file including the integrity check code and the ciphertext data; packaging the encrypted files to form a final software distribution package, and deploying the final software distribution package in a production environment;
and 4, step 4: when software starts to be installed, the software triggers and calls a secret key to decrypt and then executes installation; the specific process comprises the following steps:
step 4-1: when software installation is started, the software name is transmitted to an interpreter, and the interpreter modifies the reading logic in advance to call an encryption and decryption dynamic library and then read a file; the interpreter downloads a corresponding software installation package according to the software name and calls a decryption dynamic library; the interpreter is used for reading the executable program in the software installation package and executing software installation;
taking a Python interpreter as an example, modifying a read file logic in a Py _ Main function of a source code modules/main.c file of a Python executable program, converting the read logic into a read file and calling a logic for decrypting a dynamic library and returning a plaintext; modifying a find _ module function of a source code Python/import.c file of a Python executable program, modifying read source code file logic therein, converting the read logic into a read file and calling a logic for decrypting a dynamic library and returning a plaintext; modifying the source code Modules/main.c of the Python executable program, and forbidding the option of generating pyc; the Python executable program's source code Modules/python.c is modified, removing the processing of pythondontwrite bytecode environment variables.
Step 4-2: and (3) identity verification of a software installer: acquiring a system timestamp when software installation is started based on an identity acquisition and verification method, splicing the system timestamp with a dynamic random number pre-allocated to a software installer, and encrypting a spliced value through SHA-256 to form a verification value; acquiring a system time stamp when the decryption dynamic library is called, splicing the system time stamp with a dynamic random number which is arranged in the encryption and decryption dynamic library, and encrypting the system time stamp with an SHA-256 to form a check value; comparing the check value of the software installer with the check value generated by the decryption dynamic library, and continuing to execute the step 4-3 if the comparison is consistent and the identity check is passed; if the comparison is inconsistent, returning to illegal calling;
step 4-3: decryption and verification: the interpreter reads at least the first 4 bytes of the ciphertext data of the software installation package to compare with the integrity check code in the software installation package, and if the two bytes are consistent, decryption is executed; if not, stopping decryption;
step 4-4: decrypting the ciphertext data into plaintext data: transmitting a key as a parameter into a decryption algorithm function, dividing a byte code file by a 4 multiplied by 4 byte matrix to execute an encryption and decryption cycle, reversely executing the decryption cycle according to an encryption step each time, transmitting the obtained plaintext data into an interpreter, and finishing the execution of a code translation and software installation operation instruction by the interpreter;
the solution for protecting the safety of software release is realized by adopting a dynamic language to call a C language dynamic library. Meanwhile, the reverse and cracking difficulty is increased by using a public and self-defined multiple encryption algorithm.
The method has the advantages that the decryption process is realized based on the C language dynamic library module, the key is stored in the dynamic library, the C language is the characteristic of a compiling language, so that the anti-compilation is very difficult, in addition, the encryption and decryption module realizes multiple protection measures such as encryption, verification, confusion and the like, and the application is prevented from being subjected to the anti-compilation and illegal authorization to the greatest extent.
Different from the traditional code obfuscation technology, the innovation of the scheme provides a solution for protecting the software release safety by adopting a form of calling a C language dynamic library by a dynamic language. Meanwhile, the reverse and cracking difficulty is increased by using a public and self-defined multiple encryption algorithm.
The above embodiments do not limit the present invention in any way, and all other modifications and applications that can be made to the above embodiments in equivalent ways are within the scope of the present invention.
Claims (6)
1. A method for protecting software distribution security by applying strong symmetric encryption is characterized by comprising the following specific steps:
step 1: generating an encryption and decryption key based on the system time stamp using a pseudo-random number generation algorithm, comprising:
step 1-1, using a pseudo-random number to generate a random character string with the length of 256 from the acquired current system time stamp;
step 1-2: carrying out BASE64 encoding on the random character string obtained in the step 1-1, and carrying out hard encoding on the encoded random character string in an encryption and decryption dynamic library;
step 1-3: carrying out BASE64 decoding on the random character string obtained in the step 1-2;
step 1-4: randomly selecting bytes from the result character string in the step 1-3, and executing exclusive or operation on the selected specific bytes and the random value;
step 1-5: performing HASH conversion on the result character string obtained in the step 1-4 to obtain a final encryption and decryption key;
step 2: the encryption and decryption key, the encryption and decryption algorithm function, the dynamic random number and the identity verification algorithm are compiled in a C language form and integrated into an encryption and decryption dynamic library; the encryption and decryption algorithm function refers to an encryption and decryption algorithm used for encrypting and decrypting software release packets; the dynamic random number is a random character string generated by using a pseudo-random number generation algorithm, and the random character string is generated when an encryption and decryption dynamic library is constructed and is hard-coded into the encryption and decryption dynamic library; the random character string is distributed to a software release package calling party when the software package is distributed; the identity verification algorithm is an algorithm for simultaneously encrypting the system timestamp and the random character string;
and step 3: when the software package is distributed to a caller, automatically generating a secret key according to the step 1, encrypting the software package by using the generated secret key, and calculating encrypted ciphertext data to take at least 4 bytes as an integrity check code;
and 4, step 4: when software installation is started, a system timestamp and an integrity check code are obtained, and an identity check algorithm and an encryption and decryption algorithm function of an encryption and decryption dynamic library are sequentially called to verify a software installer; and calling the key to decrypt the file installation package after the verification is passed, and then executing software installation.
2. The method for protecting software distribution security by applying strong symmetric encryption according to claim 1, wherein the steps 1-2 are specifically as follows: after the random character string is converted into a binary byte code, 8 occupied bytes are converted into 6 occupied bytes, and the bytes are converted into a new character string according to the BASE64 format;
the steps 1-1 to 1-2 are generated by using an OpenSSL tool, and the steps 1-3 to 1-5 are built in an encryption/decryption dynamic library and executed during encryption.
3. The method for protecting software distribution security by applying strong symmetric encryption according to claim 2, wherein the step 3 specifically comprises:
step 3-1: decompressing the software package into a binary byte code file, calling an encryption dynamic library to obtain a key according to the steps 1-3 to 1-5, and transmitting the key serving as a parameter into an encryption algorithm function to form ciphertext data;
step 3-2: calculating ciphertext data based on an SHA-256 algorithm, taking at least the first 4 bytes as an integrity check code of the encrypted file, and outputting the encrypted file finally, wherein the encrypted file comprises the integrity check code and the ciphertext data; and packaging the encrypted files to form a final software distribution package, and deploying the final software distribution package in a production environment.
4. The method for securing software distribution by applying strong symmetric encryption according to claim 3, wherein in step 3-1, the encryption algorithm function is an AES encryption function, and the byte-code file is divided by a 4 x 4 byte matrix to perform encryption rounds, each encryption round comprising: performing XOR operation on each byte in each matrix and the key; replacing each byte by means of a look-up table; each row in the matrix performs a cyclic shift.
5. The method for protecting software distribution security by applying strong symmetric encryption according to claim 4, wherein in the step 4, triggering decryption when software is started to be installed specifically comprises:
step 4-1: when the software installation is started, the software name is transmitted to an interpreter, and the interpreter downloads a corresponding software installation package according to the software name and calls a decryption dynamic library; the interpreter is used for reading the executable program in the software installation package and executing software installation;
step 4-2: and (3) identity verification of a software installer: acquiring a system timestamp when software installation is started based on an identity acquisition and verification method, splicing the system timestamp with a dynamic random number pre-allocated to a software installer, and encrypting a spliced value through SHA-256 to form a verification value; acquiring a system time stamp when the decryption dynamic library is called, splicing the system time stamp with a dynamic random number which is arranged in the encryption and decryption dynamic library, and encrypting the system time stamp with an SHA-256 to form a check value; comparing the check value of the software installer with the check value generated by the decryption dynamic library, and continuing to execute the step 4-3 if the comparison is consistent and the identity check is passed; if the comparison is inconsistent, returning to illegal calling;
step 4-3: decryption and verification: the interpreter reads at least the first 4 bytes of the ciphertext data of the software installation package to compare with the integrity check code in the software installation package, and if the two bytes are consistent, decryption is executed; if not, stopping decryption;
step 4-4: decrypting the ciphertext data into plaintext data: and transmitting the key serving as a parameter into a decryption algorithm function, acquiring plaintext data, transmitting the plaintext data into an interpreter, and finishing code translation and execution of a software installation and operation instruction by the interpreter.
6. The method for protecting software distribution security by applying strong symmetric encryption according to claim 5, wherein in the step 4-1 software starting triggering interpreter process, software is started through a command line, and the name of a software compression package is transmitted to an interpreter; the interpreter modifies the reading logic in advance and controls the interpreter to call the encryption and decryption dynamics and then execute software installation; in the step 4-4, the key is used as a parameter and is transmitted into an AES decryption function, the byte code file is divided by a 4 x 4 byte matrix to execute decryption circulation, and each decryption circulation is reversely executed according to the encryption step in the step 3-1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010999297.2A CN112100582B (en) | 2020-09-22 | 2020-09-22 | Method for protecting software distribution safety by applying strong symmetric encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010999297.2A CN112100582B (en) | 2020-09-22 | 2020-09-22 | Method for protecting software distribution safety by applying strong symmetric encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112100582A true CN112100582A (en) | 2020-12-18 |
| CN112100582B CN112100582B (en) | 2023-06-16 |
Family
ID=73756450
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010999297.2A Active CN112100582B (en) | 2020-09-22 | 2020-09-22 | Method for protecting software distribution safety by applying strong symmetric encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112100582B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110866226A (en) * | 2019-11-15 | 2020-03-06 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN113591089A (en) * | 2021-08-12 | 2021-11-02 | 上海观安信息技术股份有限公司 | Data confusion encryption method |
| CN115277112A (en) * | 2022-07-07 | 2022-11-01 | 海南视联通信技术有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN116089983A (en) * | 2023-02-23 | 2023-05-09 | 北京微步在线科技有限公司 | Reinforcing compiling method and device for py file |
| CN116382740A (en) * | 2023-04-10 | 2023-07-04 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107025390A (en) * | 2017-04-26 | 2017-08-08 | 北京洋浦伟业科技发展有限公司 | The reinforcement means and device of software installation bag |
| CN107122632A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The encryption method and device of software installation bag |
| CN107122634A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The method for reinforcing and protecting and device of software installation bag |
| US20180248692A1 (en) * | 2017-02-27 | 2018-08-30 | Cord3 Innovation Inc. | One-to-many symmetric cryptographic system and method |
| WO2018152618A1 (en) * | 2017-02-27 | 2018-08-30 | Cord3 Innovation Inc. | Symmetric cryptographic method and system and applications thereof |
-
2020
- 2020-09-22 CN CN202010999297.2A patent/CN112100582B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180248692A1 (en) * | 2017-02-27 | 2018-08-30 | Cord3 Innovation Inc. | One-to-many symmetric cryptographic system and method |
| WO2018152618A1 (en) * | 2017-02-27 | 2018-08-30 | Cord3 Innovation Inc. | Symmetric cryptographic method and system and applications thereof |
| CN107025390A (en) * | 2017-04-26 | 2017-08-08 | 北京洋浦伟业科技发展有限公司 | The reinforcement means and device of software installation bag |
| CN107122632A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The encryption method and device of software installation bag |
| CN107122634A (en) * | 2017-04-26 | 2017-09-01 | 北京洋浦伟业科技发展有限公司 | The method for reinforcing and protecting and device of software installation bag |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110866226A (en) * | 2019-11-15 | 2020-03-06 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN110866226B (en) * | 2019-11-15 | 2022-05-24 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN113591089A (en) * | 2021-08-12 | 2021-11-02 | 上海观安信息技术股份有限公司 | Data confusion encryption method |
| CN113591089B (en) * | 2021-08-12 | 2024-06-11 | 上海观安信息技术股份有限公司 | Data confusion encryption method |
| CN115277112A (en) * | 2022-07-07 | 2022-11-01 | 海南视联通信技术有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN116089983A (en) * | 2023-02-23 | 2023-05-09 | 北京微步在线科技有限公司 | Reinforcing compiling method and device for py file |
| CN116089983B (en) * | 2023-02-23 | 2024-03-26 | 北京微步在线科技有限公司 | Reinforcing compiling method and device for py file |
| CN116382740A (en) * | 2023-04-10 | 2023-07-04 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
| CN116382740B (en) * | 2023-04-10 | 2023-11-14 | 广州锦高信息科技有限公司 | Automatic upgrade release system and method for application software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112100582B (en) | 2023-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112100582B (en) | Method for protecting software distribution safety by applying strong symmetric encryption | |
| KR101490047B1 (en) | Apparatus for tamper protection of application code based on self modification and method thereof | |
| KR101350390B1 (en) | A apparatus for code obfuscation and method thereof | |
| KR101560131B1 (en) | System and method for defining programmable processing steps applied when protecting the data | |
| KR101328012B1 (en) | Apparatus for tamper protection of application code and method thereof | |
| US8381307B2 (en) | Method for protecting a converted applet (CAP) file including encrypting the CAP file | |
| US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
| KR101216995B1 (en) | A code encryption and decryption device against reverse engineering based on indexed table and the method thereof | |
| US20220019425A1 (en) | Hot updating method of script file package and hot updating device of script file package | |
| CN102236757A (en) | Software protection method and system applicable to Android system | |
| CN101957903A (en) | Method and device for protecting class files | |
| KR20140029562A (en) | Encryption method for preventing decompile of andriod application | |
| CN111475824A (en) | Data access method, device, equipment and storage medium | |
| CN102576391A (en) | Software license embedded in shell code | |
| CN104298932A (en) | Method and device for calling SO file | |
| CN111639306A (en) | Offline software authorization method, device, equipment and storage medium | |
| CN106548046B (en) | Device and method for protecting code | |
| CN105812146A (en) | MD5-based two-way encryption data protection method | |
| CN104200137A (en) | Method for guaranteeing self-security of JAVA program | |
| CN110096851B (en) | Byte code encryption method and system | |
| CN115967485A (en) | Encryption and decryption system based on quantum key | |
| CN107257282A (en) | A kind of full bag encryption method of code based on RC4 algorithms | |
| CN114722359B (en) | Java source code protection method based on custom class loader | |
| Maskur et al. | Implementation of obfuscation technique on PHP source code | |
| CN114357391A (en) | Data encryption and decryption method and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |