CN112115428A - Obfuscation method and apparatus of code file, electronic device and storage medium - Google Patents
Obfuscation method and apparatus of code file, electronic device and storage medium Download PDFInfo
- Publication number
- CN112115428A CN112115428A CN202010820864.3A CN202010820864A CN112115428A CN 112115428 A CN112115428 A CN 112115428A CN 202010820864 A CN202010820864 A CN 202010820864A CN 112115428 A CN112115428 A CN 112115428A
- Authority
- CN
- China
- Prior art keywords
- file
- parameter
- node
- syntax tree
- parameter value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 230000006870 function Effects 0.000 claims description 225
- 230000014509 gene expression Effects 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 238000005336 cracking Methods 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 6
- 238000013515 script Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The embodiment of the invention provides a code file obfuscation method, a code file obfuscation device, electronic equipment and a storage medium, wherein the method comprises the following steps: determining operator nodes and operand nodes according to the first syntax tree; creating a basic function file according to the node contents corresponding to the operator nodes and the operand nodes; creating a proxy function file according to the node content and the basic function file corresponding to the operand node; and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining the obfuscated code file according to the second syntax tree. The embodiment of the invention provides a code file confusion method, electronic equipment and a storage medium, wherein the execution function of an operator and an operand is realized by a basic function by identifying the operator node and the operand node in a syntax tree, and the operator is mapped to the basic function by the proxy function proxy operator function, so that the confusion of the operator and the operand can be realized, and the reverse difficulty in cracking the code file is increased.
Description
Technical Field
The invention relates to the technical field of machine learning and video analysis, in particular to a method and a device for obfuscating a code file, electronic equipment and a storage medium.
Background
With the vigorous development of internet technology, WEB applications are popular with many users such as mobile phones, PCs, smart homes, and the like. However, due to the limitation of WEB development, the JavaScript script in the WEB page H5 is disclosed on the WEB application front-end browser. An attacker can easily acquire and tamper with the code, great potential safety hazard is brought to a website, and privacy and interests of users are damaged. Therefore, a reinforcing technique for protecting the security of script codes becomes important, wherein the obfuscation technique transforms the original script codes into a technique which has the same operation function as the original script codes but is difficult to read, thereby greatly increasing the difficulty of crackers.
The existing JavaScript code protection technology is divided into two types: firstly, code encryption is carried out on JavaScript to achieve a protection effect, and the essence of the protection effect is encryption. And secondly, obfuscating the JavaScript code data flow (constant, variable, function name and the like).
Whether the encryption is carried out with codes or the data flow such as variables or constants is confused, the code logic can be easily reversed according to the operators.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a code file obfuscation method and device, electronic equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a method for obfuscating a code file, including:
acquiring a first syntax tree corresponding to a source code file, and determining an operator node and an operand node belonging to the operator node according to the first syntax tree;
creating a basic function file according to the respective node contents corresponding to the operator node and the operand node;
creating an agent function file according to the node content corresponding to the operand node and the basic function file;
and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining an obfuscated code file corresponding to the source code file according to the second syntax tree.
Further, the modifying the first syntax tree according to the proxy function file to obtain a second syntax tree includes:
and converting the proxy function file into a syntax tree for updating, and replacing operator nodes and operand nodes belonging to the operator nodes in the first syntax tree by the syntax tree for updating to obtain a second syntax tree.
Further, creating a proxy function file according to the node content corresponding to the operand node and the basic function file, including:
configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function calling;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function calling;
determining a first parameter value according to the node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
Further, the first configuration information includes:
the number of function levels of the proxy function file;
the parameter list number of the proxy function file;
distributing the number of parameters to each level of the proxy function file;
correspondingly, the determining a file frame of the proxy function file according to the first configuration information includes:
and generating a function call code line according to the function level number, the parameter list number and the parameter number distributed to each level of the proxy function file to obtain a file frame of the proxy function file.
Further, the second configuration information includes:
the position of a first parameter value corresponding to an operand node in the parameter list;
the number of second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
a third parameter value of the same type as the first parameter value and a position of the third parameter value in the parameter list;
correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
Further, the second configuration information further includes an operation type configured in each level; accordingly, the method further comprises:
determining a random operation parameter from a first parameter value, a second parameter value and a third parameter value in a parameter list, generating a confusion expression according to an operation type and the random operation parameter, and placing the confusion expression in the file frame.
Further, the second configuration information further includes a closure type; correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and enabling the parameters of the parameter list between adjacent layers to have the same parameters according to the closure type, and obtaining the proxy function file.
Further, the second configuration information further includes a redundancy parameter, and accordingly, the method further includes:
inserting redundant parameters into a parameter list of the last level of the proxy function file, making conditional branches according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branches.
In a second aspect, an embodiment of the present invention provides an obfuscating apparatus for a code file, including:
the obtaining module is used for obtaining a first syntax tree corresponding to a source code file and determining an operator node and an operand node belonging to the operator node according to the first syntax tree;
a first creating module, configured to create a base function file according to respective node contents corresponding to the operator node and the operand node;
a second creating module, configured to create a proxy function file according to the node content corresponding to the operand node and the basic function file;
and the generating module is used for modifying the first syntax tree according to the proxy function file to obtain a second syntax tree and obtaining an obfuscated code file corresponding to the source code file according to the second syntax tree.
In a third aspect, an embodiment of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the obfuscation method for code files described above when executing the program.
In a fourth aspect, embodiments of the present invention provide a non-transitory readable storage medium, on which a computer program is stored, which when executed by a processor, implements the steps of the obfuscation method of the code file described in any one of the above.
The embodiment of the invention provides a code file confusion method, electronic equipment and a storage medium, wherein the execution function of an operator and an operand is realized by a basic function by identifying the operator node and the operand node in a syntax tree, and the operator is mapped to the basic function by the proxy function proxy operator function, so that the confusion of the operator and the operand can be realized, and the reverse difficulty in cracking the code file is increased.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart of an obfuscation method of a code file according to an embodiment of the present invention;
FIG. 2 is a diagram of a syntax tree node according to an embodiment of the present invention;
FIG. 3 is a representation of a base function file provided by an embodiment of the present invention;
FIG. 4 is a representation of a proxy function file provided by an embodiment of the present invention;
FIG. 5 is a representation of another proxy function file provided by an embodiment of the present invention;
FIG. 6 is a display diagram of a code file before and after obfuscation provided by an embodiment of the invention;
FIG. 7 is a node diagram of a first syntax tree according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of an obfuscator for a code file according to an embodiment of the present invention;
fig. 9 is a schematic physical structure diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow chart illustrating an obfuscation method for a code file according to an embodiment of the present invention, and referring to fig. 1, the method includes:
s11, acquiring a first syntax tree corresponding to the source code file, and determining an operator node and an operand node belonging to the operator node according to the first syntax tree;
s12, creating a basic function file according to the respective node contents corresponding to the operator node and the operand node;
s13, creating a proxy function file according to the node content corresponding to the operand node and the basic function file;
and S14, modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining the confusion code file corresponding to the source code file according to the second syntax tree.
With respect to steps S11-S14, it should be noted that in an embodiment of the present invention, the method is intended to obfuscate the source code file from an operator perspective. Operators need to be fetched from the source code file. Here, the source code file may be parsed using an Abstract Syntax Tree (AST) to obtain a corresponding syntax tree, i.e., a first syntax tree. The first syntax tree is then traversed to determine operator nodes and operand nodes belonging to the operator nodes in the first syntax tree, the operand nodes being left and right nodes of the operator nodes. As shown in fig. 2, the "/+ -" four operator nodes and the left and right nodes are selected for obfuscation. Referring to fig. 2, the nodes on the parsed syntax tree are: 1/1,4*2,1+3,8-2. For example, 1+3 can be parsed into a syntax tree with the left node being 1, the middle node being the operator "+", and the right node being 3.
And equivalently realizing the execution function of the operator on the operand by using the basic function file according to the respective corresponding node contents of the operator node and the operand node. Here, the node contents are the type or value that the node represents.
For example, 1/1, 4 × 2, 1+3, 8-2 in fig. 2, and fig. 3 shows the corresponding basis functions, where the 1+3 corresponding basis function in the syntax tree is nW80: function (z, Y) { return z + Y; }. The two are functionally equivalent. Here, z is the left node and Y is the right node.
In order to achieve the purpose of obfuscating the source code file, a proxy function file needs to be created, and a mapping relationship between the proxy function file and the base function file is established, where the mapping relationship can reflect obfuscation of the source code file. Therefore, the mapping relation is realized by creating a proxy function file according to the node content corresponding to the operand node and the basic function file.
For example, proxy function sxZa 91: (z, Y) { return nW80 (z, Y) }, which may implement the mapping process of operators and their left and right values to the base function. Fig. 4 and 5 are specific code lines of the proxy function file, and fig. 6 is a display diagram of the code file before and after obfuscation.
And modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and processing the second syntax tree by adopting an Abstract Syntax Tree (AST) to obtain an obfuscated code file.
In this regard, it should be noted that, since the above basis function is obtained based on the node content, that is, the basis function file is equivalent to the node content. Therefore, the corresponding node content can be obtained according to the proxy function file in a reverse mode. I.e. the first syntax tree is modified according to the proxy function file. The contents of the nodes of the first syntax tree are modified, i.e. a second syntax tree is obtained. The second syntax tree is then processed using an Abstract Syntax Tree (AST) to obtain an obfuscated code file.
According to the code file confusion method provided by the embodiment of the invention, the execution functions of the operational characters and the operational operands are realized by the basic function by identifying the operational character nodes and the operational operand nodes in the syntax tree, and then the operational characters are mapped on the basic function by the agent function, so that the confusion of the operational characters and the operational operands can be realized, and the reverse difficulty in cracking the code file is increased.
In a further embodiment of the method according to the above embodiment, the process of modifying the first syntax tree according to the proxy function file to obtain the second syntax tree is explained as follows:
and converting the proxy function file into a syntax tree for updating, and replacing the operator nodes and the operand nodes belonging to the operator nodes in the first syntax tree by the syntax tree for updating to obtain a second syntax tree.
Fig. 7 is a schematic diagram illustrating a structure of a first syntax tree in an embodiment, in fig. 6, an operator node is BinaryExpression, and other operand nodes belonging to the operator node, including left and right value nodes, are located below the operator node.
And analyzing the proxy function file by adopting an Abstract Syntax Tree (AST) to obtain a syntax tree for updating. The updating syntax tree is a syntax tree for modifying the first syntax tree. The syntax tree is used for updating to replace the operator node BinaryExpression and the lower operand node belonging to the operator node in fig. 7. After the replacement, a second syntax tree is obtained.
And after the second syntax tree is obtained, restoring the second syntax tree into an obfuscated code file by adopting an Abstract Syntax Tree (AST).
In a further embodiment of the method according to the above embodiment, the explanation is mainly given according to the node content corresponding to the operand node and the process of creating the proxy function file from the basic function file, which is specifically as follows:
configuring first configuration information and second configuration information of the proxy function file;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function calling;
determining a first parameter value according to the node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information to obtain a proxy function file.
In contrast, it should be noted that creating a proxy function requires configuring corresponding configuration information. The configuration information can define the structural framework of the function and define the parameters of the function call.
In an embodiment of the present invention, the configuration information includes first configuration information and second configuration information. The first configuration information is used to define a structural framework, i.e., a file framework, of the proxy function file. The file frame contains a list of parameters for the function call. The second configuration information is used to define parameters of the function call.
Since the mapping relationship between the proxy function file and the basic function file is embodied, parameter values equivalent to operands of the basic function file are required for this purpose. Therefore, the first parameter value is determined according to the node content corresponding to the operand node, and the second parameter value is determined according to the basic function file. Here, the first parameter value may be a variable value of an operand, for example, 1 or 3 of 1+ 3. The second parameter value may comprise a function name of the basis function.
And placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information, so that a proxy function file can be obtained.
In this embodiment, the creation of the proxy function is limited by the configuration information, and a proxy function file that establishes a mapping relationship with the basic function file is implemented.
In a further embodiment of the method in the above embodiment, a process of determining a file frame of a proxy function file according to the first configuration information is mainly explained, which is specifically as follows:
the first configuration information includes:
number of function levels (> 1) of the proxy function file;
the parameter list number of the agent function file is greater than 2;
the number of parameters (1 or more) is distributed to each level of the proxy function file.
And generating a function call code line according to the function level number, the parameter list number and the parameter number distributed to each level of the proxy function file, and obtaining a file frame of the proxy function file. Since the proxy function is represented by code, the overall file frame corresponds to a line of code.
For example, a proxy function o0o01llo. sxzaa 91('PW68') (0) (0,8,3, 'PW68') (1,0, 'nW80',8) equivalent to 1+ 3. It can be seen that the number of function levels is 4, the number of parameter lists is 4, and the number of parameters allocated to each level is 1, 4, and 4, respectively.
In the embodiment of the invention, the number of each layer of the proxy function, the number of the parameter lists and the parameter purpose are controllable and adjustable, and the diversity of the confusion scheme can be realized.
In a further embodiment of the method in the above embodiment, a process of obtaining a proxy function file by placing the first parameter value and the second parameter value in a parameter list in a file frame according to the second configuration information is mainly explained, which is specifically as follows:
the second configuration information includes:
the position of a first parameter value corresponding to the operand node in the parameter list;
the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
a third parameter value of the same type as the first parameter value and a location of the third parameter value in the parameter list.
And placing the first parameter value in a parameter list in the file frame according to the position of the first parameter value corresponding to the operand node in the parameter list.
And placing the second parameter values in the parameter list in the file frame according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list.
And placing the third parameter value in the parameter list in the file frame according to the position of the third parameter value in the parameter list.
For example, a proxy function o0o01llo. sxzaa 91('PW68') (0) (0,8,3, 'PW68') (1,0, 'nW80',8) equivalent to 1+ 3. Values 1 and 3 (first parameter values) of the left and right nodes are placed in the hierarchical parameter list, second parameter values 'PW68' and 'nW80' (i.e., base function names) are placed in the hierarchical parameter list, and third parameter values (e.g., 0, 8) are placed in the hierarchical parameter list.
In the embodiment of the invention, by limiting the positions of the parameter values in the parameter list, the diversity confusion of the positions of the operand corresponding to the parameter values in the list can be realized.
In a further embodiment of the above embodiment method, the second configuration information further includes an operation type configured in each level, and for this purpose, a random operation parameter is determined from the first parameter value, the second parameter value, and the third parameter value in the parameter list, an obfuscated expression is generated from the operation type and the random operation parameter, and the obfuscated expression is placed in the file frame.
Note that, here, the operation type includes a comma operator, a valuation operator, and the like in the code field. Take comma operator as an example. The comma operator means that in C language, a plurality of expressions can be separated by commas, wherein values of the expressions separated by commas are respectively settled.
Referring to fig. 5, random operation parameters t and Z are determined from the parameter lists (R), (D), (t, Z, u, D), (L, e, D, R), and the obfuscated expression is determined according to the comma operator and the random operation parameters: return V9$ t ═ Z, U79 ═ t, t ═ 1. The expression formed by the comma operator, in which four expressions separated by commas are contained, is used for code obfuscation in this embodiment.
The expression is arranged in a file frame of the whole proxy function and is used for realizing the transformation of parameters in the calculation process and improving the numerical confusion in the function execution process.
In a further embodiment of the method according to the previous embodiment, the second configuration information further includes a closure type, and for this purpose, the first parameter value is placed in the parameter list according to a position of the first parameter value corresponding to the operand node in the parameter list, and the second parameter value is placed in the parameter list according to a number of the second parameter values corresponding to the basis function file and a position of the second parameter value in the parameter list; placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list; and enabling the parameters of the parameter list between adjacent layers to have the same parameters according to the closure type, and obtaining the proxy function file.
It should be noted that the configuration of the closure type is equivalent to making the proxy function have a closure property, which is a calling feature of the function. In this embodiment, it can be understood that after the closure characteristics are configured, in the process of configuring the parameters in the parameter list, the parameters in the parameter list are made to meet the requirements of the closure characteristics.
Referring to FIG. 4, function (O, G), function (W, G), function (G, W), function (O, W). The parameters in the parameter lists of each level are repeated, so that the parameters in the levels can be reused, and a cracker can only debug parameter exchange step by step and cannot be confused by scripts.
Referring to FIG. 5, function (R), function (D), function (t, Z, u, D), function (L, e, D, r). Wherein there are no overlapping portions of parameters between the parameter lists of function (R), function (D).
In a further embodiment of the method of the above embodiment, the second configuration information further includes a redundant parameter, and for this purpose, the redundant parameter is inserted into a parameter list of a last level of the proxy function file, a conditional branch is made according to the redundant parameter, and a return value outlet corresponding to the operator node is determined according to the conditional branch.
It should be noted that, since the proxy function involves multiple operators, it is necessary to control the return value outlets of the operator nodes. Referring to FIG. 5, comparing the value of K64 with the redundancy parameter 10 and the value of p93 with the redundancy parameter 10, making two conditional branches, determining the return values corresponding to the operator nodes according to the conditional branches, and implementing the control of the return outlets of the multiple operators
In a further embodiment of the method according to the above embodiment, the number of operators proxied by the proxy function may be increased, so that the operators are repeated, the return outlets of operators with the same function as the proxy function are no longer unique, and the proxy function has a dynamic confusion effect. For example, the pool of functions for proxy operators is growing, such as: 1+3, 2+4, the operation "+" will no longer have a unique return branch path, and any equally functioning basis function can be returned. For an attacker, the proxy function debugging result of the same obfuscated code is as follows: different debugging functions are different at different times, and the reverse cost of an attacker is greatly increased.
According to the code file confusion method provided by the embodiment of the invention, the execution functions of the operational characters and the operational operands are realized by the basic function by identifying the operational character nodes and the operational operand nodes in the syntax tree, and then the operational characters are mapped on the basic function by the agent function, so that the confusion of the operational characters and the operational operands can be realized, and the reverse difficulty in cracking the code file is increased.
Fig. 8 is a schematic structural diagram illustrating an obfuscating apparatus for a code file according to an embodiment of the present invention, and referring to fig. 8, the apparatus includes an obtaining module 81, a first creating module 82, a second creating module 83, and a generating module 84, where:
an obtaining module 81, configured to obtain a first syntax tree corresponding to a source code file, and determine an operator node and an operand node belonging to the operator node according to the first syntax tree;
a first creating module 82, configured to create a base function file according to respective node contents corresponding to the operator node and the operand node;
a second creating module 83, configured to create a proxy function file according to the node content corresponding to the operand node and the basic function file;
and the generating module 84 is configured to modify the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtain an obfuscated code file corresponding to the source code file according to the second syntax tree.
In a further embodiment of the apparatus in the foregoing embodiment, the second creating module, in the process of creating the proxy function file according to the node content corresponding to the operand node and the basic function file, is specifically configured to:
configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function calling;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function calling;
determining a first parameter value according to the node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
In a further embodiment of the apparatus of the above embodiment, the first configuration information includes:
the number of function levels of the proxy function file;
the parameter list number of the proxy function file;
distributing the number of parameters to each level of the proxy function file;
correspondingly, in the process of determining the file frame of the proxy function file according to the first configuration information, the second creation module is specifically configured to:
and generating a function call code line according to the function level number, the parameter list number and the parameter number distributed to each level of the proxy function file to obtain a file frame of the proxy function file.
In a further embodiment of the apparatus of the above embodiment, the second configuration information includes:
the position of a first parameter value corresponding to an operand node in the parameter list;
the number of second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
a third parameter value of the same type as the first parameter value and a position of the third parameter value in the parameter list;
correspondingly, the second creating module is specifically configured to, in the process of obtaining the proxy function file by placing the first parameter value and the second parameter value in the parameter list in the file frame according to the second configuration information:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
In a further embodiment of the apparatus of the above embodiments, the second configuration information further includes an operation type configured in each hierarchy; accordingly, the second creation module is further configured to: determining a random operation parameter from a first parameter value, a second parameter value and a third parameter value in a parameter list, generating a confusion expression according to an operation type and the random operation parameter, and placing the confusion expression in the file frame.
In a further embodiment of the apparatus of the above embodiment, the second configuration information further includes a closure type; the second creation module is further to:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and enabling the parameters of the parameter list between adjacent layers to have the same parameters according to the closure type, and obtaining the proxy function file.
In a further embodiment of the apparatus in the foregoing embodiment, the second configuration information further includes a redundancy parameter, and the second creating module is further configured to: inserting redundant parameters into a parameter list of the last level of the proxy function file, making conditional branches according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branches.
Since the system according to the embodiment of the present invention has the same principle as the method according to the above embodiment, further details are not described herein for further explanation.
It should be noted that, in the embodiment of the present invention, the relevant functional module may be implemented by a hardware processor (hardware processor).
The obfuscation device for the code file provided by the embodiment of the invention realizes the execution function of the operational characters and the operational operands by using the basic function by identifying the operational character nodes and the operational operand nodes in the syntax tree, and maps the operational characters and the operational operands onto the basic function by using the agent function agent operational character function, so that the obfuscation of the operational characters and the operational operands can be realized, and the reverse difficulty of cracking the code file is increased.
Fig. 9 illustrates a physical structure diagram of an electronic device, and as shown in fig. 9, the electronic device may include: a processor (processor)91, a communication Interface (Communications Interface)92, a memory (memory)93 and a communication bus 94, wherein the processor 91, the communication Interface 92 and the memory 93 complete communication with each other through the communication bus 94. The processor 91 may call logic instructions in the memory 93 to perform the following method: acquiring a first syntax tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first syntax tree, creating a basic function file according to node contents corresponding to the operator node and the operand node and creating a proxy function file according to the node contents corresponding to the operand node and the basic function file; and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining the obfuscated code file corresponding to the source code file according to the second syntax tree.
Furthermore, the logic instructions in the memory 93 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Further, an embodiment of the present invention discloses a computer program product, the computer program product comprising a computer program stored on a non-transitory readable storage medium, the computer program comprising program instructions, which when executed by a computer, the computer is capable of performing the method provided by the above-mentioned method embodiments, for example, including: acquiring a first syntax tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first syntax tree, creating a basic function file according to node contents corresponding to the operator node and the operand node and creating a proxy function file according to the node contents corresponding to the operand node and the basic function file; and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining the obfuscated code file corresponding to the source code file according to the second syntax tree.
In another aspect, an embodiment of the present invention further provides a non-transitory readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to perform the method provided by the foregoing embodiments, for example, including: acquiring a first syntax tree corresponding to a source code file, determining an operator node and an operand node belonging to the operator node according to the first syntax tree, creating a basic function file according to node contents corresponding to the operator node and the operand node and creating a proxy function file according to the node contents corresponding to the operand node and the basic function file; and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining the obfuscated code file corresponding to the source code file according to the second syntax tree.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a readable storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (11)
1. A method of obfuscating a code file, comprising:
acquiring a first syntax tree corresponding to a source code file, and determining an operator node and an operand node belonging to the operator node according to the first syntax tree;
creating a basic function file according to the respective node contents corresponding to the operator node and the operand node;
creating an agent function file according to the node content corresponding to the operand node and the basic function file;
and modifying the first syntax tree according to the proxy function file to obtain a second syntax tree, and obtaining an obfuscated code file corresponding to the source code file according to the second syntax tree.
2. A method for obfuscating a code file according to claim 1, wherein modifying the first syntax tree according to the proxy function file to obtain a second syntax tree comprises:
and converting the proxy function file into a syntax tree for updating, and replacing operator nodes and operand nodes belonging to the operator nodes in the first syntax tree by the syntax tree for updating to obtain a second syntax tree.
3. A method for obfuscating a code file according to claim 1, wherein creating a proxy function file from node contents corresponding to the operand nodes and the base function file includes:
configuring first configuration information and second configuration information of a proxy function file, wherein the first configuration information is used for limiting a structural framework of a function, and the second configuration information is used for limiting parameters of function calling;
determining a file frame of the proxy function file according to the first configuration information, wherein the file frame comprises a parameter list for function calling;
determining a first parameter value according to the node content corresponding to the operand node, and determining a second parameter value according to the basic function file;
and placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file.
4. A method of obfuscating a code file according to claim 3, wherein the first configuration information includes:
the number of function levels of the proxy function file;
the parameter list number of the proxy function file;
distributing the number of parameters to each level of the proxy function file;
correspondingly, the determining a file frame of the proxy function file according to the first configuration information includes:
and generating a function call code line according to the function level number, the parameter list number and the parameter number distributed to each level of the proxy function file to obtain a file frame of the proxy function file.
5. A method of obfuscating a code file according to claim 3 or 4, wherein the second configuration information includes:
the position of a first parameter value corresponding to an operand node in the parameter list;
the number of second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
a third parameter value of the same type as the first parameter value and a position of the third parameter value in the parameter list;
correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
and placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list.
6. A method of obfuscating a code file according to claim 5, wherein the second configuration information further includes a type of operation configured in each level; accordingly, the method further comprises:
determining a random operation parameter from a first parameter value, a second parameter value and a third parameter value in a parameter list, generating a confusion expression according to an operation type and the random operation parameter, and placing the confusion expression in the file frame.
7. A method of obfuscating a code file according to claim 6, wherein the second configuration information further includes a closure type; correspondingly, the step of placing the first parameter value and the second parameter value in a parameter list in the file frame according to the second configuration information to obtain a proxy function file includes:
placing a first parameter value in a parameter list according to the position of the first parameter value corresponding to the operand node in the parameter list;
placing the second parameter values in the parameter list according to the number of the second parameter values corresponding to the basic function file and the positions of the second parameter values in the parameter list;
placing the third parameter value in the parameter list according to the position of the third parameter value in the parameter list;
and enabling the parameters of the parameter list between adjacent layers to have the same parameters according to the closure type, and obtaining the proxy function file.
8. A method of obfuscating a code file according to claim 7, wherein the second configuration information further includes redundancy parameters, and accordingly the method further includes:
inserting redundant parameters into a parameter list of the last level of the proxy function file, making conditional branches according to the redundant parameters, and determining a return value outlet corresponding to the operator node according to the conditional branches.
9. An apparatus for obfuscating a code file, comprising:
the obtaining module is used for obtaining a first syntax tree corresponding to a source code file and determining an operator node and an operand node belonging to the operator node according to the first syntax tree;
a first creating module, configured to create a base function file according to respective node contents corresponding to the operator node and the operand node;
a second creating module, configured to create a proxy function file according to the node content corresponding to the operand node and the basic function file;
and the generating module is used for modifying the first syntax tree according to the proxy function file to obtain a second syntax tree and obtaining an obfuscated code file corresponding to the source code file according to the second syntax tree.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the obfuscation method of a code file according to any one of claims 1 to 8 when executing the program.
11. A non-transitory readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of a method of obfuscating a code file according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820864.3A CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010820864.3A CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112115428A true CN112115428A (en) | 2020-12-22 |
| CN112115428B CN112115428B (en) | 2024-04-09 |
Family
ID=73804676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010820864.3A Active CN112115428B (en) | 2020-08-14 | 2020-08-14 | Code file confusion method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112115428B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296783A (en) * | 2021-05-14 | 2021-08-24 | 北京奇艺世纪科技有限公司 | Code processing method and device, electronic equipment, storage medium and product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678961A (en) * | 2013-11-07 | 2014-03-26 | 北京深思数盾科技有限公司 | Code dynamic generating method |
| CN110502897A (en) * | 2018-05-16 | 2019-11-26 | 南京大学 | A kind of identification of webpage malicious JavaScript code and antialiasing method based on hybrid analysis |
| CN110569628A (en) * | 2019-09-09 | 2019-12-13 | 北京智游网安科技有限公司 | Code obfuscation method and device, computer device and storage medium |
| KR102096017B1 (en) * | 2018-11-29 | 2020-04-01 | 중앙대학교 산학협력단 | Method and system for predicting software bugs by embedding source code based on an abstract syntax tree |
-
2020
- 2020-08-14 CN CN202010820864.3A patent/CN112115428B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678961A (en) * | 2013-11-07 | 2014-03-26 | 北京深思数盾科技有限公司 | Code dynamic generating method |
| CN110502897A (en) * | 2018-05-16 | 2019-11-26 | 南京大学 | A kind of identification of webpage malicious JavaScript code and antialiasing method based on hybrid analysis |
| KR102096017B1 (en) * | 2018-11-29 | 2020-04-01 | 중앙대학교 산학협력단 | Method and system for predicting software bugs by embedding source code based on an abstract syntax tree |
| CN110569628A (en) * | 2019-09-09 | 2019-12-13 | 北京智游网安科技有限公司 | Code obfuscation method and device, computer device and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113296783A (en) * | 2021-05-14 | 2021-08-24 | 北京奇艺世纪科技有限公司 | Code processing method and device, electronic equipment, storage medium and product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112115428B (en) | 2024-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102107872B1 (en) | Compiler based obfuscation | |
| CN108769081B (en) | Method and device for detecting XSS attack and computer readable storage medium | |
| JP2010507165A (en) | Detect security vulnerabilities in source code | |
| CN105117621A (en) | Control flow flattening for code obfuscation | |
| WO2014049504A1 (en) | Detecting malicious advertisements using source code analysis | |
| CN112115427A (en) | Code obfuscation method, device, electronic device and storage medium | |
| US11531763B1 (en) | Automated code generation using analysis of design diagrams | |
| CN112115428B (en) | Code file confusion method, device, electronic equipment and storage medium | |
| CN111753302A (en) | Method and device for detecting code bugs, computer readable medium and electronic equipment | |
| CN114443171A (en) | Configurable service platform and configurable service implementation method | |
| CN106845270A (en) | A kind of seamless browsing method and device | |
| CN114266336B (en) | Method for processing artificial intelligent model, and method and device for processing data | |
| Chan et al. | Integrating security design into the software development process for e‐commerce systems | |
| Ebach et al. | Assumption 2: opaque to intuition? | |
| Rathee et al. | Reusability in multimedia softwares using structural and lexical dependencies | |
| CN114996708B (en) | Method and device for studying and judging fraud-related mobile phone application, electronic equipment and storage medium | |
| CN113703734A (en) | Applet generation method and device, electronic equipment and storage medium | |
| CN110597516B (en) | Confusion method and device for plug-in code, electronic equipment and storage medium | |
| CN114238273A (en) | Database management method, device, equipment and storage medium | |
| EP3745287B1 (en) | Protection of a software application | |
| CN111428209B (en) | Application program confusion method, device and storage medium | |
| Boussabbeh et al. | Formal proofs of termination detection for local computations by refinement-based compositions | |
| Badouel et al. | A grammatical approach to data-centric case management in a distributed collaborative environment | |
| CN113946804B (en) | Source code obfuscation method and device | |
| Jillepalli | HiFiPol: Browser-securing the web browsing ecosystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |