CN112231651A - Method for preventing decompiling and tampering copyright authorization - Google Patents
Method for preventing decompiling and tampering copyright authorization Download PDFInfo
- Publication number
- CN112231651A CN112231651A CN202011154157.1A CN202011154157A CN112231651A CN 112231651 A CN112231651 A CN 112231651A CN 202011154157 A CN202011154157 A CN 202011154157A CN 112231651 A CN112231651 A CN 112231651A
- Authority
- CN
- China
- Prior art keywords
- file
- value
- core
- database
- tampering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000013475 authorization Methods 0.000 title claims abstract description 27
- 238000012544 monitoring process Methods 0.000 claims description 6
- 239000012467 final product Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 5
- 239000000047 product Substances 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000003203 everyday effect Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for preventing decompiling and tampering copyright authorization, which belongs to the technical field of cloud security management, and is characterized in that a core code registration file is generated based on the MD5 value of the file, and the information of the core code registration file is stored in a database; and decrypting the MD5 value of the encrypted core file stored in the database, and then comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file to judge whether the core file of the copyright module is modified. The invention can upgrade the copyright management module of the cloud security management system, avoids the core code of the system from being decompiled and falsified the copyright authorization, and realizes more effective control on the copyright of the system.
Description
Technical Field
The invention relates to the technical field of cloud security management, in particular to a method for preventing decompiling and tampering copyright authorization.
Background
Reverse engineering of computer software (also called computer software recovery engineering) refers to performing "Reverse analysis and research" on target programs (such as executable programs) of other software to derive design elements such as ideas, principles, structures, algorithms, processing procedures, operation methods and the like used by software products of other people, and source codes may be derived under certain specific conditions. Decompiling is used as a reference when software is developed by the user or is directly used in a software product of the user.
However, the decompilation code can easily obtain the source code of a certain file in the project, and if the code of the copyright authorization module in the project is decompilated, a certain source file or even the whole project file is further modified or replaced, so that the purpose of bypassing the copyright authorization module is achieved, and the phenomenon can bring great loss to enterprises which are dedicated to research and development.
Disclosure of Invention
The technical task of the invention is to provide a method for preventing decompilation and tampering of copyright authorization, which can upgrade a copyright management module of a cloud security management system, avoid core codes of the system from being decompilated and tampered with the copyright authorization and realize more effective control of the copyright of the system.
A method for preventing decompiling and tampering copyright authorization comprises the steps of generating a core code registration file based on an MD5 value of a file, and storing information of the core code registration file to a database;
and decrypting the MD5 value of the encrypted core file stored in the database, and then comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file to judge whether the core file of the copyright module is modified.
The method avoids the core code of the system from being decompiled and tampered with copyright authorization, guarantees the copyright management module of the system on the optimized cloud security management system, and achieves the purpose that the system effectively controls the copyright and legal use of a user;
the design for preventing decompiling and tampering authorization developed by the method fully considers the safety, high performance, reliability, maintainability, transportability, expandability and the like of the system.
Preferably, the core code registration file is generated based on the MD5 value of the file, that is, the MD5 value of the core code file of the server hardware information, the system information, and the copyright validity date and copyright module collected when the registration file is generated is encrypted by a private key respectively based on the MD5 value of the file.
Preferably, the encryption is RSA algorithm encryption. The RSA algorithm is based on the very simple number theory fact that it is easy to multiply two large prime numbers, but it is extremely difficult to factorize its product, so the product can be disclosed as a cryptographic key.
Preferably, the encrypted code file MD5 value ciphertext is uploaded to the server separately in the form of JSON or file and saved to the database.
Further, the encryption core file MD5 value stored in the database is added to the timed polling task of the system for decryption, and monitoring is achieved. And decrypting the MD5 value at a fixed time every day, comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file, and judging whether the core file of the copyright module is modified so as to achieve the purpose of detection.
Preferably, the method is implemented as follows:
1) and generating a core code registration file,
when a user installs software, generating registration information according to the MD5 value of a computer server installed by the user for the core file code of the copyright module in a project, and writing the registration information into a file to form a core code registration file;
2) and the data base is stored,
after the software product is installed, the page submits the uploaded core code registration file, and the file information is stored in a database;
3) and then the monitoring is carried out to obtain the final product,
and decrypting the encrypted core file MD5 value stored in the database by adopting a daily timing polling mode, and comparing the encrypted core file MD5 value with the encrypted core file MD5 value by acquiring the system operation core file MD5 value.
Further, comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file, and if the obtained MD5 value of the system core file is NULL or NULL, judging that the core file of the copyright module is removed and bypassed; and if the comparison result of the value of the core file MD5 decrypted by the database is different from the value of the obtained system operation core file MD5, determining that the core file of the copyright module is modified and bypasses the verification.
Preferably, the core code registration file is generated, and the registration information is subjected to Base64 encoding to form the core code registration file.
The invention also claims a device for preventing decompiling and tampering copyright authorization, which comprises: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is used for calling the machine readable program and executing the method.
The invention also claims a computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the above-described method.
Compared with the prior art, the method for preventing decompiling and tampering copyright authorization has the following advantages that:
the method can effectively prevent others from invading the copyright of the enterprise and maintain the legal rights and interests of the enterprise;
the method helps enterprises to improve copyright awareness and avoid infringing copyrights of other people in scientific research, development, production and operation activities, and can make reasonable dispute for the enterprises once infringing cases are involved;
the copyright management and management work is facilitated, the copyright can bring income to enterprises, the copyright industry is the power of economic development, huge wealth is reserved in the copyright, and the copyright can bring huge income to the enterprises as intangible assets of the enterprises.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a method for preventing decompiling and tampering copyright authorization.
Detailed Description
The present invention will be described in further detail with reference to specific embodiments in order to make the technical field better understand the scheme of the present invention. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
MD5 Message Digest Algorithm (english: MD5 Message-Digest Algorithm), a widely used cryptographic hash function, can generate a 128-bit (16-byte) hash value (hash value) to ensure the integrity of the Message transmission. MD5 was designed by the american cryptologist ronard-li-vister (Ronald Linn Rivest) and was published in 1992 as a replacement for the MD4 algorithm. The programming of this set of algorithms is specified in the RFC1321 standard. After 1996 the algorithm proved to have weaknesses that could be broken, and experts generally recommend changing to other algorithms, such as SHA-2, for data that require a high degree of security. In 2004, the MD5 algorithm was proven to be unable to prevent collisions (collision) and is therefore not suitable for security authentication, such as SSL public key authentication or digital signature.
The embodiment of the invention provides a method for preventing decompiling and tampering copyright authorization, which comprises the steps of generating a core code registration file based on an MD5 value of a file, and storing information of the core code registration file to a database;
and decrypting the MD5 value of the encrypted core file stored in the database, and then comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file to judge whether the core file of the copyright module is modified.
The file-based MD5 value generates a core code registration file, that is, the MD5 value of the file-based MD5 value of the core code file of the server hardware information, system information, and copyright validity date and copyright module collected when the registration file is generated are respectively encrypted by a private key.
The encryption is an RSA algorithm encryption. The RSA algorithm is based on the very simple number theory fact that it is easy to multiply two large prime numbers, but it is extremely difficult to factorize its product, so the product can be disclosed as a cryptographic key.
And the encrypted code file MD5 value ciphertext is uploaded to the server separately in the form of JSON or file and stored in the database.
And then, the timed polling task of the system is added to decrypt the MD5 value of the encrypted core file stored in the database, and the MD5 value obtained by decryption is compared with the MD5 value of the file obtained by the system, so that monitoring is realized.
And decrypting the MD5 value at a fixed time every day, comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file, and judging whether the core file of the copyright module is modified so as to achieve the purpose of detection.
The method comprises the following concrete implementation processes:
1) and generating a core code registration file,
when a user installs software, generating registration information according to the MD5 value of a copyright module core file code in a project by a computer server installed by the user, writing the registration information into a file, performing Base64 coding on the registration information, and finally forming a core code registration file;
2) and the data base is stored,
after the software product is installed, the page submits the uploaded core code registration file, and the file information is stored in a database;
3) and then the monitoring is carried out to obtain the final product,
decrypting the encrypted core file MD5 value stored in the database by adopting a mode of regularly polling 01 point in the morning every day, and comparing the encrypted core file MD5 value with the encrypted core file MD5 value by acquiring the system operation core file MD5 value:
if the acquired system core file MD5 value is NULL or NULL, judging that the copyright module core file is removed and bypassed;
and if the comparison result of the value of the core file MD5 decrypted by the database is different from the value of the obtained system operation core file MD5, determining that the core file of the copyright module is modified and bypasses the verification.
The method can avoid the core code of the system from being decompiled and tampered with copyright authorization, and guarantee the copyright management module of the system on the optimized cloud security management system, so that the system can effectively control the copyright and legal use of the user;
the design for preventing decompiling and tampering authorization developed by the method fully considers the safety, high performance, reliability, maintainability, transportability, expandability and the like of the system.
The invention also claims a device for preventing decompiling and tampering copyright authorization, which comprises: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine-readable program to execute the method for preventing decompiling and tampering copyright authorization in the foregoing embodiments.
An embodiment of the present invention further provides a computer-readable medium, where a computer instruction is stored on the computer-readable medium, and when the computer instruction is executed by a processor, the computer instruction causes the processor to execute the method for preventing decompiling and tampering copyright authorization in the foregoing embodiment of the present invention. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
While the invention has been shown and described in detail in the drawings and in the preferred embodiments, it is not intended to limit the invention to the embodiments disclosed, and it will be apparent to those skilled in the art that various combinations of the code auditing means in the various embodiments described above may be used to obtain further embodiments of the invention, which are also within the scope of the invention.
Claims (10)
1. A method for preventing decompiling and tampering copyright authorization is characterized in that a core code registration file is generated based on the MD5 value of a file, and the information of the core code registration file is stored in a database;
and decrypting the MD5 value of the encrypted core file stored in the database, and then comparing the MD5 value obtained by decryption with the MD5 value of the system operation core file to judge whether the core file of the copyright module is modified.
2. The method of claim 1, wherein the core code registration file is generated based on the MD5 value of the file, i.e. the server hardware information, the system information, and the MD5 value of the copyright module core code file collected when the registration file is generated are respectively encrypted by a private key based on the MD5 value of the file.
3. The method of claim 2, wherein the encryption is RSA algorithm encryption.
4. The method for preventing decompilation and tampering with copyright authorization as claimed in claim 2, wherein the encrypted code file MD5 value ciphertext is uploaded to the server separately in JSON or file form and saved to the database.
5. The method for preventing decompilation tampering copyright authorization as claimed in claim 1, wherein the monitoring is implemented by adding decryption to the value of the encrypted core file MD5 stored in the database to the timed polling task of the system.
6. The method for preventing decompiling and tampering copyright authorization as claimed in claim 1, wherein the method is implemented as follows:
1) and generating a core code registration file,
when a user installs software, generating registration information according to the MD5 value of a computer server installed by the user for the core file code of the copyright module in a project, and writing the registration information into a file to form a core code registration file;
2) and the data base is stored,
after the software product is installed, the page submits the uploaded core code registration file, and the file information is stored in a database;
3) and then the monitoring is carried out to obtain the final product,
and decrypting the encrypted core file MD5 value stored in the database by adopting a daily timing polling mode, and comparing the encrypted core file MD5 value with the encrypted core file MD5 value by acquiring the system operation core file MD5 value.
7. The method according to claim 1, 5 or 6, wherein the decrypted MD5 value is compared with the system kernel file MD5 value, and if the obtained system kernel file MD5 value is NULL or NULL, it is determined that the copyright module kernel file is removed and bypassed; and if the comparison result of the value of the core file MD5 decrypted by the database is different from the value of the obtained system operation core file MD5, determining that the core file of the copyright module is modified and bypasses the verification.
8. The method for preventing decompiling and tampering copyright authorization as claimed in claim 6, wherein the core code registration file is generated, and the registration information is Base64 encoded to form the core code registration file.
9. An apparatus for preventing decompilation tampering with copyright authorization, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1 to 8.
10. A computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154157.1A CN112231651A (en) | 2020-10-26 | 2020-10-26 | Method for preventing decompiling and tampering copyright authorization |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011154157.1A CN112231651A (en) | 2020-10-26 | 2020-10-26 | Method for preventing decompiling and tampering copyright authorization |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231651A true CN112231651A (en) | 2021-01-15 |
Family
ID=74109978
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011154157.1A Pending CN112231651A (en) | 2020-10-26 | 2020-10-26 | Method for preventing decompiling and tampering copyright authorization |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231651A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
| CN117909939A (en) * | 2024-03-19 | 2024-04-19 | 麒麟软件有限公司 | Code text content-based code protection method and compiler text lock |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN107133499A (en) * | 2017-05-10 | 2017-09-05 | 百望电子发票数据服务有限公司 | A kind of software copyright protecting method, client, service end and system |
| CN109194625A (en) * | 2018-08-10 | 2019-01-11 | 厦门市美亚柏科信息股份有限公司 | A kind of client application guard method, device and storage medium based on cloud server |
| CN109981283A (en) * | 2019-02-28 | 2019-07-05 | 西安理工大学 | Android platform message-driven core code integrity detection system and method |
| CN110138733A (en) * | 2019-04-03 | 2019-08-16 | 华南理工大学 | Object storage system based on block chain is credible to deposit card and access right control method |
-
2020
- 2020-10-26 CN CN202011154157.1A patent/CN112231651A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065072A (en) * | 2011-10-21 | 2013-04-24 | 北京大学 | Method and device to improve Java software jailbreak difficulty and copyright verification method |
| CN107133499A (en) * | 2017-05-10 | 2017-09-05 | 百望电子发票数据服务有限公司 | A kind of software copyright protecting method, client, service end and system |
| CN109194625A (en) * | 2018-08-10 | 2019-01-11 | 厦门市美亚柏科信息股份有限公司 | A kind of client application guard method, device and storage medium based on cloud server |
| CN109981283A (en) * | 2019-02-28 | 2019-07-05 | 西安理工大学 | Android platform message-driven core code integrity detection system and method |
| CN110138733A (en) * | 2019-04-03 | 2019-08-16 | 华南理工大学 | Object storage system based on block chain is credible to deposit card and access right control method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113676473A (en) * | 2021-08-19 | 2021-11-19 | 中国电信股份有限公司 | Network service safety protection device, method and storage medium |
| CN117909939A (en) * | 2024-03-19 | 2024-04-19 | 麒麟软件有限公司 | Code text content-based code protection method and compiler text lock |
| CN117909939B (en) * | 2024-03-19 | 2024-06-07 | 麒麟软件有限公司 | Code text content-based code protection method and compiler text lock |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8533859B2 (en) | System and method for software protection and secure software distribution | |
| CN106571951B (en) | Audit log obtaining method, system and device | |
| US11979505B2 (en) | File acquisition method and device based on two-dimensional code and two-dimensional code generating method | |
| CN108737171B (en) | Method and system for managing cloud service cluster | |
| JP2007028014A (en) | Digital signature program, digital signature system, digital signature method and signature verification method | |
| JP2007028015A (en) | Program, system and method for time stamp verification, and time stamp generation request method | |
| CN111859415A (en) | Neural network model encryption system and method | |
| CN105099705A (en) | Safety communication method and system based on USB protocol | |
| CN112231651A (en) | Method for preventing decompiling and tampering copyright authorization | |
| CN104123488A (en) | Method and device for verifying application program | |
| CN108270574B (en) | Safe loading method and device for white list library file | |
| CN111585995B (en) | Secure wind control information transmission and processing method and device, computer equipment and storage medium | |
| CN112685786A (en) | Financial data encryption and decryption method, system, equipment and storage medium | |
| CN116662957A (en) | Identity authentication method, identity authentication device, computer readable storage medium and computer equipment | |
| CN114785514A (en) | Method and system for authorizing application permission of industrial Internet of things terminal | |
| CN102750479A (en) | Method and system for layered software copyright protection | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file | |
| CN112000933B (en) | Application software activation method and device, electronic equipment and storage medium | |
| CN112383577A (en) | Authorization method, device, system, equipment and storage medium | |
| WO2018033017A1 (en) | Terminal state conversion method and system for credit granting | |
| CN111600701A (en) | Private key storage method and device based on block chain and storage medium | |
| CN115913571A (en) | File encryption and decryption method and device, and digital copyright protection system | |
| KR100734600B1 (en) | Method of system authentication and security enforcement using self-integrity checking based on the tamper-proof H/W | |
| KR101415786B1 (en) | A Hybrid Design system and method of Online Execution Class and Encryption-based Copyright Protection for Android Apps | |
| CN102739656A (en) | Method and system for controlling type and scale of non-host node |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210115 |
|
| RJ01 | Rejection of invention patent application after publication |