CN112306553A - Processing method and device for extended information in installation package file and electronic equipment - Google Patents

Processing method and device for extended information in installation package file and electronic equipment Download PDF

Info

Publication number
CN112306553A
CN112306553A CN201910687720.2A CN201910687720A CN112306553A CN 112306553 A CN112306553 A CN 112306553A CN 201910687720 A CN201910687720 A CN 201910687720A CN 112306553 A CN112306553 A CN 112306553A
Authority
CN
China
Prior art keywords
file
installation package
data block
metadata field
file structure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910687720.2A
Other languages
Chinese (zh)
Inventor
冯铮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201910687720.2A priority Critical patent/CN112306553A/en
Publication of CN112306553A publication Critical patent/CN112306553A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/73Program documentation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Library & Information Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a processing method and device for extended information in an installation package file, electronic equipment and a storage medium; the method comprises the following steps: acquiring a file structure of an installation package file; packaging the extended information to be added in the file structure to obtain a data block; detecting a digital signature mode adopted by a file structure of the installation package file; according to the digital signature mode adopted by the file structure, positioning the position between a file data field and a file metadata field in the file structure; inserting the data block at the located position; and modifying the starting offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block. By the method and the device, information expansion can be performed in the installation package file.

Description

Processing method and device for extended information in installation package file and electronic equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing extension information in an installation package file, an electronic device, and a storage medium.
Background
With the rapid development of wireless internet technologies and intelligent terminals, mobile operating systems, such as android systems, have been widely applied to various electronic devices, such as mobile phones and tablet computers, and can provide rich application programs for users to download and use.
The installation package file of the mobile operating system has the characteristics of small volume, convenience in installation, wide distribution channel, simple distribution mode and the like, but due to the limitation of a signature mechanism of the installation package file and a specific packaging mechanism of the installation package file, extension information cannot be flexibly inserted into the installation package file at will, so that the efficiency is lower when the existing installation package file is subjected to information extension.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing extended information in an installation package file, electronic equipment and a storage medium, which can optimize the processing process of the extended information in the installation package file, thereby ensuring the normal reading and writing of the extended information.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a method for processing extended information in an installation package file, which comprises the following steps:
acquiring a file structure of an installation package file;
packaging the extended information to be added in the file structure to obtain a data block;
detecting a digital signature mode adopted by a file structure of the installation package file;
according to the digital signature mode adopted by the file structure, positioning the position between a file data field and a file metadata field in the file structure;
inserting the data block at the located position;
and modifying the starting offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
An embodiment of the present invention provides a device for processing extended information in an installation package file, including:
the acquisition module is used for acquiring a file structure of the installation package file;
the encapsulation module is used for encapsulating the extended information to be added in the file structure to obtain a data block;
the detection module is used for detecting a digital signature mode adopted by the file structure of the installation package file;
the positioning module is used for positioning the position between a file data field and a file metadata field in the file structure according to the digital signature mode adopted by the file structure;
an insertion module for inserting the data block at the located position;
and the modification module is used for modifying the initial offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
In the above scheme, the encapsulation module is further configured to generate a data block length identifier representing the length of the extended information, a data block identity identifier representing the identifier of the extended information, and a data block positioning identifier for positioning the extended information; and packaging the extended information to be added, the data block length identifier, the data block identity identifier and the data block positioning identifier to obtain the data block.
In the above scheme, the detection module is further configured to read a start offset of the file metadata field from the directory metadata field located at the tail of the installation package file, and locate a position of the file metadata field in the installation package file according to the start offset; when a signature data segment is inquired at a position before the file metadata field, determining to adopt a digital signature mode based on all bytes of the installation package file; and when the signature data segment is not inquired at the position before the file metadata field, determining to adopt a digital signature mode based on the item content in the installation package file.
In the above scheme, the locating module is further configured to locate a signature data segment in the file structure and locate an end position of a sequence segment in the signature data segment as a position to insert the data block when the file structure adopts a digital signature manner based on all bytes of the installation package file; wherein a location of the signature data segment in the file structure is between the file data field and the file metadata field.
In the foregoing solution, the location module is further configured to, when the file structure adopts a digital signature manner based on entry content in the installation package file, read a start offset of the file metadata field recorded in the directory metadata field; and according to the starting offset of the file metadata field, positioning the starting position of the file metadata field in the file structure as the position for inserting the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
In the above solution, the apparatus for processing extended information in an installation package file further includes a modified length module, configured to insert the data block at the located position when the file structure adopts a digital signature manner based on all bytes of the installation package file; and modifying the values of the length marks at two ends in the signature data segment, wherein the values of the length marks at two ends are used for positioning the position of the inserted data block.
In the above scheme, the apparatus for processing extended information in an installation package file further includes a reading module, configured to locate, in an installation process of the installation package file, a position of a data block between the file data field and the file metadata field in the file structure according to a digital signature manner adopted by the file structure; reading the data block at the position of the located data block; analyzing the read data block to obtain the extended information and verifying the extended information; and transmitting the extension information which passes the verification to a server so as to enable the server to execute processing corresponding to the extension information.
In the foregoing solution, the reading module is further configured to, when the file structure adopts a digital signature manner based on all bytes of the installation package file, locate, in the file structure, an end position of a sequence segment in a signature data segment as a position of the data block, where the position of the signature data segment in the file structure is between the file data field and the file metadata field; when the file structure adopts a digital signature mode based on entry content in the installation package file, positioning the initial position of the file metadata field in the file structure according to the initial offset of the file metadata field recorded in the directory metadata field to be used as the position of the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
An embodiment of the present invention provides an electronic device, including:
a memory for storing executable instructions;
and the processor is used for realizing the processing method of the extended information in the installation package file provided by the embodiment of the invention when the executable instruction stored in the memory is executed.
The embodiment of the invention provides a storage medium, which stores executable instructions and is used for causing a processor to execute so as to realize the processing method of the extended information in the installation package file provided by the embodiment of the invention.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention realizes flexible information expansion in the installation package file by utilizing the characteristic that the position information of the position of the inserted data block can be ignored rather than the error exit, and ensures that the signature verification can be successful regardless of the digital signature mode used in the installation process of the installation package file by combining the initial offset of the metadata field of the modified file, thereby ensuring that the installation package file can be installed.
Drawings
Fig. 1 is an alternative architecture diagram of a processing system for installing extended information in a package file according to an embodiment of the present invention;
FIG. 2 is an alternative schematic diagram of an electronic device according to an embodiment of the invention;
fig. 3 is an optional flowchart illustrating a processing method of extended information in an installation package file according to an embodiment of the present invention;
FIG. 4 is a diagram of an alternative packaging format for a data block provided by an embodiment of the present invention;
FIG. 5 is an alternative file structure diagram of a zip file provided by an embodiment of the present invention;
fig. 6 is a schematic diagram of an alternative file structure of an installation package file signed by using V2 according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of an alternative location for data block insertion when the installation package file is signed with V2, provided by an embodiment of the present invention;
FIG. 8 is a schematic diagram of an alternative location for data block insertion when the installation package file is signed with V1, provided by an embodiment of the present invention;
fig. 9 is an alternative flowchart illustrating a processing method of extended information in an installation package file according to an embodiment of the present invention;
fig. 10 is an alternative flowchart illustrating a processing method of extended information in an installation package file according to an embodiment of the present invention;
fig. 11 is an alternative flowchart illustrating a processing method of extended information in an installation package file according to an embodiment of the present invention;
fig. 12 is an optional flowchart illustrating a method for processing extension information in an installation package file according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail with reference to the accompanying drawings, the described embodiments should not be construed as limiting the present invention, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" may be the same subset or different subsets of all possible embodiments, and may be combined with each other without conflict.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing embodiments of the invention only and is not intended to be limiting of the invention.
Before further detailed description of the embodiments of the present invention, terms and expressions mentioned in the embodiments of the present invention are explained, and the terms and expressions mentioned in the embodiments of the present invention are applied to the following explanations.
1) The installation package file, i.e. the software installation package, includes all files of the software installation, such as executable programs and dependent library files. The files of the installation package are used for being copied to a file system of an operating system, and all files of the software can be released to the electronic equipment by running the installation package, so that the work of modifying a registry, modifying system settings and the like is completed.
2) Extended information, information that needs to be additionally inserted in the installation package file, the specific content of the information depending on
3) The digital signature mode is characterized in that the digital signature is an encrypted character string in the installation package, and can be used for identifying the application developer in the digital signature mode and determining that the installation package is indeed issued by the application developer; it can also be used to verify the integrity of the installation package.
4) And the data block is obtained by packaging the extended information in a specific packaging mode.
5) The file structure, namely the file structure of the installation package file, includes: a file data field, a file metadata field, and a directory metadata field. The file data field is used for storing original data of various files in the source code file directory; the file metadata field is used for storing metadata of a file and recording a file name, length marks before and after compression, initial offset of a local file header and the like; the directory metadata field is used for storing metadata of a directory and is used for recording the number of entries of the directory, file annotation content length identification, file annotation content and the like.
The following describes an exemplary application of the processing method for the extended information in the installation package file provided by the embodiment of the present invention, and the processing method for the extended information in the installation package file provided by the embodiment of the present invention may be implemented by a server alone, or may be implemented by a terminal and a server in a cooperative manner. The terminal can be a laptop computer, a tablet computer, a desktop computer, a set-top box, a mobile device (e.g., a mobile phone, a portable music player, a personal digital assistant, a dedicated messaging device, a portable gaming device), and the like.
Next, an exemplary application of the processing method for the extension information in the installation package file will be described by taking a terminal and a server as an example. Referring to fig. 1, fig. 1 is a schematic diagram of an optional architecture of a processing system 100 for processing extended information in an installation package file according to an embodiment of the present invention, where a processing method for processing extended information in an installation package file may be implemented through the following processes: firstly, the server 200 acquires an installation package file without added extension information, and adds the extension information after encapsulation processing at a specific position in an installation package file structure; then, the terminal 400 acquires the installation package added with the extension information through the network 300, and reads and analyzes the extension information at a specific position in the file structure of the installation package through an installation program of a terminal operating system; then, the terminal 400 sends the analyzed extended information to the server 200 through the network 300; finally, the server 200 issues the corresponding service information to the terminal 400 according to the received extended information.
The extension information may be identification information or function information, but is not limited to the above two kinds of information. When the extension information is identification information, the terminal 400 may report the identification information that passes the verification to the server 200, and the server 200 may provide different service information according to the reported identification information and send the service information to the terminal 400. When the extension information is the function information, the terminal 400 may report the function information that passes the verification to the server 200, and the server 200 may provide resource information corresponding to different functions according to the reported function information and send the resource information to the terminal 400.
The embodiment of the invention realizes flexible information expansion in the installation package file by utilizing the characteristic that the installation program of the operating system can ignore the position information of the position of the inserted data block instead of reporting an error and quitting, and ensures that the signature can be successfully verified in the installation process of the installation package file by combining the initial offset of the metadata field of the modified file, thereby ensuring that the installation package file can be installed.
Next, a structure of an electronic device provided in an embodiment of the present invention is described, where the electronic device provided in an embodiment of the present invention may be the terminal or the server described above, referring to fig. 2, fig. 2 is an optional structural schematic diagram of an electronic device 500 provided in an embodiment of the present invention, where the electronic device 500 shown in fig. 2 includes: at least one processor 560, memory 550, at least one network interface 520, and a user interface 530. The various components in the electronic device 500 are coupled together by a bus system 540. It is understood that the bus system 540 is used to enable communications among the components. The bus system 540 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 540 in fig. 2.
The Processor 560 may be an integrated circuit chip having Signal processing capabilities, such as a general purpose Processor, a Digital Signal Processor (DSP), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like, wherein the general purpose Processor may be a microprocessor or any conventional Processor, or the like.
The user interface 530 includes one or more output devices 531 enabling presentation of media content, including one or more speakers and/or one or more visual display screens. The user interface 530 also includes one or more input devices 532, including user interface components to facilitate user input, such as a keyboard, mouse, microphone, touch screen display, camera, other input buttons and controls.
The memory 550 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard disk drives, optical disk drives, and the like. Memory 450 optionally includes one or more storage devices physically located remotely from processor 560.
The memory 550 may comprise volatile memory or nonvolatile memory, and may also comprise both volatile and nonvolatile memory. The nonvolatile Memory may be a Read Only Memory (ROM), and the volatile Memory may be a Random Access Memory (RAM). The memory 550 described in connection with embodiments of the invention is intended to comprise any suitable type of memory.
In some embodiments, memory 550 can store data to support various operations, examples of which include programs, modules, and data structures, or subsets or supersets thereof, as exemplified below.
An operating system 551 including system programs for processing various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks;
a network communication module 552 for communicating to other computing devices via one or more (wired or wireless) network interfaces 520, exemplary network interfaces 520 including: bluetooth, wireless compatibility authentication (WiFi), and Universal Serial Bus (USB), etc.;
a presentation module 553 for enabling presentation of information (e.g., user interfaces for operating peripherals and displaying content and information) via one or more output devices 431 (e.g., display screens, speakers, etc.) associated with user interface 430;
an input processing module 554 to detect one or more user inputs or interactions from one of the one or more input devices 532 and to translate the detected inputs or interactions.
In some embodiments, the processing device for the extended information in the installation package file provided by the embodiments of the present invention may be implemented in software, and fig. 2 shows a processing device 555 for the extended information in the installation package file stored in the memory 550, which may be software in the form of programs and plug-ins, and includes the following software modules: the obtaining module 5551, the encapsulating module 5552, the detecting module 5553, the positioning module 5554, the inserting module 5555 and the modifying module 5556 may be logic functional modules, and thus may be arbitrarily combined or further separated according to the implemented functions. The functions of the respective modules will be explained below.
In other embodiments, the processing Device for the extended information in the installation package file provided by the embodiments of the present invention may be implemented in hardware, and as an example, the processing Device for the extended information in the installation package file provided by the embodiments of the present invention may be a processor in the form of a hardware decoding processor, which is programmed to execute the processing method for the extended information in the installation package file provided by the embodiments of the present invention, for example, the processor in the form of the hardware decoding processor may employ one or more Application Specific Integrated Circuits (ASICs), DSPs, Programmable Logic Devices (PLDs), Complex Programmable Logic Devices (CPLDs), Field Programmable Gate Arrays (FPGAs), or other electronic components.
The method for processing the extension information in the installation package file provided by the embodiment of the present invention will be described with reference to the above exemplary applications and implementations of the terminal and the server.
Referring to fig. 3, fig. 3 is an optional flowchart of a processing method for extended information in an installation package file according to an embodiment of the present invention, and will be specifically described with reference to the steps shown in fig. 3.
In step S101, the server digitally signs and packages the compiled and converted source code file to obtain an installation package file.
In the embodiment of the invention, the digital signature modes are divided into at least 2 types:
the signature content is added based on the digital signature mode of the entry content in the installation package file, namely, the content in the file data field and the file metadata field in the file structure of the installation package is modified.
The digital signature mode based on all bytes of the installation package file is that signature content is directly inserted between a file data field and a file metadata field in the installation package file structure, and the content in the file data field and the file metadata field does not need to be modified.
Taking an installation Package file (Android Package, APK) under an Android platform as an example, the APK file has two common digital signature modes, which are respectively: a primary version (V1) signature and a secondary version (V2) signature, wherein the V1 signature is a digital signature mode based on the content of the item in the installation package file. The V2 signature is a digital signature based on all bytes of the installation package file.
In step S102, the server performs encapsulation processing on the extended information to be added in the installation package file structure to obtain a data block.
In some embodiments, the server generates, according to the extended information to be added, a data block length identifier representing the length of the extended information, a data block identity identifier representing the identifier of the extended information, and a data block positioning identifier used for positioning the extended information, and performs encapsulation processing on the extended information to be added, the data block length identifier, the data block identity identifier, and the data block positioning identifier to obtain a data block.
By way of example, referring to fig. 4, fig. 4 is an alternative encapsulation format diagram of a data block (also referred to as a live block herein) provided by the embodiment of the present invention, and the extended information to be added may be encapsulated into the data block according to an order of a data block length identifier (live size), a data block identity identifier (live id), extended information to be added, a data block length identifier (live size), and a data block location identifier (live map), where the live size is 8 bytes, the live id is 4 bytes, the live map is 16 bytes, and the number of bytes of the extended information to be added is determined according to the length of the extended information to be added, and may be any value.
The extended information is encapsulated into the data block in a specific encapsulation mode, so that the extended information added in the installation package file is not easy to tamper, and the integrity of the installation package is ensured.
In step S103, the server detects a digital signature scheme used for installing the file structure of the package file.
In some embodiments, the file structure of the installation package file includes: a file data field, a file metadata field, and a directory metadata field. The file data field is used for storing original data of various files in the source code file directory; the file metadata field is used for storing metadata of a file and recording a file name, length marks before and after compression, initial offset of a local file header and the like; the directory metadata field is used for storing metadata of a directory and is used for recording the number of entries of the directory, file annotation content length identification, file annotation content and the like.
By way of example, taking an APK file as an example, the APK file is a compressed file in a zip format (hereinafter referred to as a zip file). Referring to fig. 5, fig. 5 is an alternative file structure diagram of a zip file provided in an embodiment of the present invention, where the file structure of the zip file includes:
an entry content field, which corresponds to a file data field, and which may be in the form of a list, each record in the list containing: file name, length identification before and after compression, compressed data and the like;
the central directory field, which is equivalent to a file metadata field, may be used to store various metadata of the directory, and may be in the form of a list, where each record in the list includes: file name, length mark before and after compression, initial offset of local file header, etc.; the starting offset of the local file header is used for positioning the compressed data in the item content segment;
a central directory end field, corresponding to a directory metadata field, comprising: the number of entries of the directory, the file annotation content length identifier (comment size), the start offset of the central directory field, the file annotation content (comment), etc.
Referring to fig. 6, fig. 6 is a schematic diagram of an alternative file structure of an APK file signed using V2 according to an embodiment of the present invention. When the APK file adopts a V2 signature mode, a V2 signature segment is inserted between an entry content field and a central directory field in an APK file structure, wherein the V2 signature segment sequentially consists of a V2 length identifier (V2size), a V2 sequence segment (V2ID-VALUE sequence), a V2 length identifier (V2size) and a V2 location identifier (V2magic), wherein the V2size is 8 bytes in length, and the V2magic is 16 bytes in length.
In some embodiments, the server reads a start offset of the file metadata field from a directory metadata field located at the tail of the installation package file, and locates the position of the file metadata field in the installation package file according to the start offset; when a signature data segment is inquired at a position in front of a file metadata field, determining to adopt a digital signature mode based on all bytes of an installation package file; when the signature data segment is not inquired in the position before the file metadata field, the digital signature mode based on the item content in the installation package file is determined to be adopted.
Taking an APK file as an example, the server reads a central directory start offset from a central directory end field in the APK file, and determines the position of the central directory field according to the central directory start offset; when a V2 signature segment is inquired at a position before the central directory field, determining that the APK file adopts a V2 signature mode; when the V2 signature segment is not queried at a position before the central directory field, it is determined that the APK file adopts the V1 signature mode.
In step S104, the server locates a position between the file data field and the file metadata field in the file structure according to the digital signature method adopted for installing the package file structure, and inserts the data block at the located position.
In some embodiments, when the installation package file structure adopts a digital signature mode based on all bytes of the installation package file, the signature data segment is positioned in the file structure, and the end position of the sequence segment in the signature data segment is positioned as the position of the inserted data block, wherein the position of the signature data segment in the file structure is between the file data field and the file metadata field.
By way of example, referring to fig. 7, fig. 7 is a schematic diagram of an optional location of data block insertion when the APK file adopts a V2 signature, and when the APK file adopts a V2 signature mode, the data block may be inserted at a location of the end of the V2ID-VALUE sequence in the V2 signature segment. Since V2size is 8 bytes long and V2magic is 16 bytes long, it can also be said that a data block is inserted at a position 24 bytes long before the end of the signature segment of V2.
When the installation package file structure adopts a digital signature mode based on all bytes of the installation package file, and a data block encapsulated with extension information is inserted into the tail position of a sequence segment in a signature data segment, an installation program of an operating system can identify the position as position information and ignore the position information, so that the installation package file can be continuously installed, and the situation that the installation program is wrongly reported and quitted due to the fact that data blocks are inserted into other positions is avoided. And the installation program verifies all byte data of the installation package file, ignores the ending position of the sequence segment in the signature data segment, does not verify the inserted data block, but verifies the signature of the original data of the installation package file, and ensures that the signature can pass through verification.
In other embodiments, when the file structure adopts a digital signature mode based on the content of an entry in the installation package file, the starting offset of the file metadata field recorded in the directory metadata field is read; and positioning the starting position of the file metadata field in the file structure according to the starting offset of the file metadata field to be used as the position of the inserted data block, wherein the position of the file metadata field in the file structure is behind the file data field.
By way of example, referring to fig. 8, fig. 8 is a schematic diagram of an optional location of data block insertion when an APK file adopts a V1 signature, where when the APK file adopts a V1 signature, a central directory start offset in an end field of a central directory is first read, then a start location of the central directory field is located according to the central directory start offset, and finally a data block is inserted at the start location of the central directory field.
When the file structure adopts a digital signature mode based on the entry content in the installation package file, because the installation program of the operating system performs signature verification on the file data field, when the installation package file is installed, the file metadata field can be correctly found by modifying the offset of the starting address, and then the file data field is positioned, so that the signature verification is performed, and the situations that the file metadata field cannot be accurately positioned due to the fact that a data block is inserted, and then the file data field cannot be accurately positioned, so that signature verification fails and the installation package fails are avoided.
In step S106, the server modifies the start offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
In some embodiments, the byte length of the data block depends on the byte length of the extension information to be added, and after the data block is inserted into the installation package file, the location of the file metadata field may change according to the byte length of the data block, so that the start offset of the file metadata field recorded in the directory metadata field needs to be modified. So that when the installation package added with the extension information is read, the position of the file metadata field can be located by reading the initial offset of the modified file metadata field.
In step S107, the server uploads the installation package file into which the data block is inserted to the software repository.
In some embodiments, referring to fig. 9, fig. 9 is an optional flowchart of a processing method for the extended information in the installation package file according to an embodiment of the present invention, and based on fig. 3, after step S107, the method may further include:
in step S108, the terminal downloads the installation package file from the software repository.
In step S109, the terminal starts an installation process of the installation package file, and acquires a file structure of the installation package file.
In step S110, the terminal determines a digital signature scheme used for installing the package file according to the file structure.
In step S111, the terminal locates the position of the data block between the file data field and the file metadata field in the file structure according to the digital signature scheme adopted by the installation package file.
In some embodiments, the terminal reads the initial offset of the file metadata field from the directory metadata field at the tail of the installation package file, and locates the position of the file metadata field in the installation package file according to the initial offset; when a signature data segment is inquired at a position in front of a file metadata field, determining to adopt a digital signature mode based on all bytes of an installation package file; when the signature data segment is not inquired in the position before the file metadata field, the digital signature mode based on the item content in the installation package file is determined to be adopted.
In some embodiments, when the installation package file structure adopts a digital signature mode based on all bytes of the installation package file, the end position of the sequence segment in the signature data segment is positioned in the file structure as the position of the data block, wherein the position of the signature data segment in the file structure is between the file data field and the file metadata field.
By way of example, referring to fig. 7, when the APK file assumes the V2 signature mode, the data block is at the end of the V2 sequence segment in the V2 signature segment. Since the length of V2size is 8 bytes and the length of V2magic is 16 bytes, the data block may be expressed as a position 24 bytes before the end of the signature segment of V2.
In other embodiments, when the installation package file structure adopts a digital signature manner based on the entry content in the installation package file, the start offset of the file metadata field recorded in the directory metadata field is queried, the start position of the file metadata field in the file structure is located according to the start offset of the file metadata field, and the start position of the file metadata field is located to be the position of the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
As an example, referring to fig. 8, when the APK file adopts the V1 signature mode, the central directory start offset in the central directory end field is first read, and then the start position of the central directory field is located according to the central directory start offset, where the data block is located before the start position of the central directory field.
In step S112, the terminal reads the data block at the position of the located data block, and analyzes the extended information from the read data block and performs verification.
As an example, referring to fig. 7 and 8, taking an APK file as an example, the terminal reads a live block after encapsulation processing from a position where the live block is located in an APK file structure, and parses the live block into extended information and verifies the extended information, where the verification method may be to verify data of the live id, the live magic, and the front and back end live size, when the data in the live id and the live magic are successfully matched and the data of the front and back end live size are consistent, it indicates that verification passes, that is, the APK file signature verification succeeds, and the APK file may be normally installed and used.
In step S113, the terminal transmits the extension information that passes the verification to the server.
In some embodiments, the terminal may report the extension information that passes the verification to the server, so that the server performs processing corresponding to the extension information, where the extension information may be identification information or function information, but is not limited to the above two.
As an example, when the extension information is identification information, the terminal may report the identification information that passes the verification to the server, and the server provides different service information according to the reported identification information and sends the different service information to the terminal.
As an example, when the extension information is function information, the terminal may report the function information passing the verification to the server, and the server may provide different function resources according to the reported function information and send the different function resources to the terminal.
Referring to fig. 10, fig. 10 is an optional flowchart of a processing method for extended information in an installation package file according to an embodiment of the present invention, and fig. 10 shows that step S105 may be further included after step S104, which will be described with reference to the steps.
In step S105, when the file structure adopts a digital signature method based on all bytes of the installation package file, the server inserts the data block at the located position, and modifies the value of the length identifier at both ends in the signature data segment, wherein the value in the length identifier is used for locating the position of the inserted data block.
In some embodiments, when the file structure adopts a digital signature manner based on all bytes of the installation package file, the server inserts the data block at the located position, and the overall length of the data block depends on the length of the extension information to be added, so that the values of the length identifiers at the two ends of the data segment need to be modified according to the length of the extension information to be added, wherein the value of the length identifier can be used for locating the position of the inserted data block.
For example, referring to fig. 7, when the APK file adopts the V2 signature mode, after the server inserts the live block in the V2 signature segment, the value of V2size at both ends in the V2 signature segment may be modified according to the byte length of the extension information to be added in the live block, so that the server or the terminal may locate the live block in the APK file.
Fig. 11 is an optional flowchart of a processing method for extended information in an installation package file according to an embodiment of the present invention, which will be described with reference to the steps shown in fig. 11, where an execution subject of the steps shown in fig. 11 is a server.
In step S201, the server encapsulates the information that needs to be expanded into data blocks (live blocks) in a standard format.
In step S202, the server first searches the location of the central directory field, then searches the V2 signature segment before the central directory field, and jumps to step S204 if the V2 signature segment is found; if the V2 signature segment is not found, the process jumps to step S203.
In step S203, if the V2 signature segment is not found, indicating that the V1 signature mode is adopted in the APK file, the server inserts the live block at the start position of the central directory field.
In step S204, if the V2 signature segment is found to indicate that the V2 signature mode is adopted in the APK file, the server locates the position of the end of the V2ID-VALUE sequence in the V2 signature segment and inserts a live block (or expresses that the live block is inserted by the server at the position 24 bytes in front of the end of the V2 signature segment), and modifies the VALUEs of the V2size at both ends in the V2 signature segment.
In step S205, the server modifies the central directory start offset in the central directory end field according to the length of the data block.
Next, an embodiment provided by the present invention is described when the execution subject is a terminal, fig. 12 is an optional flowchart of a processing method for the extended information in the installation package file provided by the embodiment of the present invention, and the steps shown in fig. 12 will be described in detail.
In step S301, the terminal first searches for the location of the central directory field, then searches for the V2 signature segment before the central directory field, and jumps to step S303 if the V2 signature segment is found; if the V2 signature segment is not found, then the process jumps to step S302.
In step S302, if the V2 signature segment is not found, which indicates that the APK file adopts the V1 signature mode, the terminal reads the live block at the start position of the central directory field.
In step S303, if the V2 signature segment is found to indicate that the V2 signature manner is adopted in the APK file, the terminal locates the end of the V2ID-VALUE sequence in the V2 signature segment and reads out the live block (or the terminal locates the position 24 bytes before the end of the V2 signature segment and reads out the live block).
In step S304, the terminal parses the read live block into extended information and checks the extended information.
In step S305, the terminal transmits the extension information to the server.
In step S306, if the live block analysis check read out in step S304 fails, the terminal ends the flow directly.
Continuing with the exemplary structure of the processing device 555 for processing the extended information in the installation package file provided by the embodiment of the present invention implemented as a software module, in some embodiments, as shown in fig. 2, the software module stored in the display processing device 555 in the memory 550 may include: an acquisition module 5551, a packaging module 5552, a detection module 5553, a positioning module 5554, an insertion module 5555, and a modification module 5556.
The acquisition module is used for acquiring a file structure of the installation package file;
the encapsulation module is used for encapsulating the extended information to be added in the file structure to obtain a data block;
the detection module is used for detecting a digital signature mode adopted by the file structure of the installation package file;
the positioning module is used for positioning the position between a file data field and a file metadata field in the file structure according to the digital signature mode adopted by the file structure;
an insertion module for inserting the data block at the located position;
and the modification module is used for modifying the initial offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
In some embodiments, the encapsulation module is further configured to generate a data block length identifier representing the length of the extension information, a data block identity identifier representing the identifier of the extension information, and a data block location identifier for locating the extension information; and packaging the extended information to be added, the data block length identifier, the data block identity identifier and the data block positioning identifier to obtain the data block.
In some embodiments, the detection module is further configured to read a start offset of the file metadata field from the directory metadata field located at the tail of the installation package file, and locate a position of the file metadata field in the installation package file according to the start offset; when a signature data segment is inquired at a position before the file metadata field, determining to adopt a digital signature mode based on all bytes of the installation package file; and when the signature data segment is not inquired at the position before the file metadata field, determining to adopt a digital signature mode based on the item content in the installation package file.
In some embodiments, the locating module is further configured to locate a signature data segment in the file structure and locate an end position of a sequence segment in the signature data segment as a position to insert the data block when the file structure adopts a digital signature manner based on all bytes of the installation package file; wherein a location of the signature data segment in the file structure is between the file data field and the file metadata field.
In some embodiments, the location module is further configured to, when the file structure adopts a digital signature manner based on the content of an entry in the installation package file, read a start offset of the file metadata field recorded in the directory metadata field; and according to the starting offset of the file metadata field, positioning the starting position of the file metadata field in the file structure as the position for inserting the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
In some embodiments, the processing apparatus for processing extended information in an installation package file further includes a modified length module, configured to insert the data block at the located position when the file structure adopts a digital signature manner based on all bytes of the installation package file; and modifying the values of the length marks at two ends in the signature data segment, wherein the values of the length marks at two ends are used for positioning the position of the inserted data block.
In some embodiments, the apparatus for processing extended information in an installation package file further includes a reading module, configured to locate, in an installation process of the installation package file, a position of a data block between the file data field and the file metadata field in the file structure according to a digital signature manner adopted by the file structure; reading the data block at the position of the located data block; analyzing the read data block to obtain the extended information and verifying the extended information; and transmitting the extension information which passes the verification to a server so as to enable the server to execute processing corresponding to the extension information.
In some embodiments, the reading module is further configured to locate, as the location of the data block, an end position of a sequence segment in a signature data segment in the file structure when the file structure adopts a digital signature manner based on all bytes of the installation package file, where the location of the signature data segment in the file structure is between the file data field and the file metadata field; when the file structure adopts a digital signature mode based on entry content in the installation package file, positioning the initial position of the file metadata field in the file structure according to the initial offset of the file metadata field recorded in the directory metadata field to be used as the position of the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
Embodiments of the present invention provide a storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform a method provided by embodiments of the present invention, for example, the method shown in fig. 3.
In some embodiments, the storage medium may be memory such as FRAM, ROM, PROM, EPROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; or may be various devices including one or any combination of the above memories.
In some embodiments, executable instructions may be written in any form of programming language (including compiled or interpreted languages), in the form of programs, software modules, scripts or code, and may be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
By way of example, executable instructions may, but need not, correspond to files in a file system, and may be stored in a portion of a file that holds other programs or data, e.g., in one or more scripts in an HTML document, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub-programs, or portions of code).
By way of example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices at one site or distributed across multiple sites and interconnected by a communication network.
When the related art implants the extension information in the installation package file, the original file structure of the installation package file is changed, so that the file in the installation package file cannot be read out, and meanwhile, the digital signature verification fails, and due to the security policy of the operating system, the subsequent installation process cannot be performed.
In view of the above problems, the present invention provides the above embodiments by researching and testing the file structure of the installation package file, and the embodiments provided by the present invention can not only solve the above technical problems, but also have the following beneficial effects:
1) when a data block carrying extended information is inserted into the tail position of the sequence segment in the signature data segment, the installation program of the operating system can identify the position of the tail position as position information and ignore the position information, and the installation program of the operating system can identify the position as the position information and ignore the position information, so that the installation package file can be continuously installed, and the situation that the installation program is mistakenly logged out due to the fact that the data block is inserted into other positions is avoided. And the installation program verifies all byte data of the installation package file, ignores the ending position of the sequence segment in the signature data segment, does not verify the inserted data block, but verifies the signature of the original data of the installation package file, and ensures that the signature can pass through verification.
2) When a data block bearing extension information is inserted into the initial position of the central directory field, because the installation program of the operating system carries out signature verification on the file data field, when the installation package file is installed, the file metadata field can be correctly found by modifying the offset of the initial address, and then the file data field is positioned, so that the signature verification is carried out, and the situations that the accurate file metadata field cannot be positioned due to the fact that the data block is inserted, and then the file data field cannot be accurately positioned, so that signature verification fails and the installation package is not installed are avoided.
3) The packaging format of the extended information is unified, and the position of the data block inserted with the packaged extended information is hidden, so that a third party is not easy to read and tamper the extended information.
4) The extension information can be self-defined, and the installation package can be conveniently extended.
5) And the method is compatible with a V1 signature mode and a V2 signature mode of an android system, so that the use process of the installation package is safer.
The above description is only an example of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.

Claims (10)

1. A processing method for extended information in an installation package file is characterized by comprising the following steps:
acquiring a file structure of an installation package file;
packaging the extended information to be added in the file structure to obtain a data block;
detecting a digital signature mode adopted by a file structure of the installation package file;
according to the digital signature mode adopted by the file structure, positioning the position between a file data field and a file metadata field in the file structure;
inserting the data block at the located position;
and modifying the starting offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
2. The method according to claim 1, wherein the encapsulating the extended information to be added in the file structure to obtain a data block comprises:
generating a data block length identifier representing the length of the extended information, a data block identity identifier representing the identifier of the extended information, and a data block positioning identifier for positioning the extended information;
and packaging the extended information to be added, the data block length identifier, the data block identity identifier and the data block positioning identifier to obtain the data block.
3. The method according to claim 1, wherein the detecting a digital signature manner adopted by the file structure of the installation package file comprises:
reading the initial offset of the file metadata field from the directory metadata field at the tail part of the installation package file, and positioning the position of the file metadata field in the installation package file according to the initial offset;
when a signature data segment is inquired at a position before the file metadata field, determining to adopt a digital signature mode based on all bytes of the installation package file;
and when the signature data segment is not inquired at the position before the file metadata field, determining to adopt a digital signature mode based on the item content in the installation package file.
4. The method according to claim 1, wherein locating a position between a file data field and a file metadata field in the file structure according to a digital signature scheme adopted by the file structure comprises:
when the file structure employs a digital signature based on all bytes of the installation package file,
locating a signature data segment in the file structure, and locating the tail end position of a sequence segment in the signature data segment as a position for inserting the data block;
wherein a location of the signature data segment in the file structure is between the file data field and the file metadata field.
5. The method according to claim 1, wherein locating a position between a file data field and a file metadata field in the file structure according to a digital signature scheme adopted by the file structure comprises:
when the file structure adopts a digital signature mode based on the entry content in the installation package file, reading the initial offset of the file metadata field recorded in the directory metadata field;
and according to the starting offset of the file metadata field, positioning the starting position of the file metadata field in the file structure as the position for inserting the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
6. The method of claim 1, further comprising:
when the file structure adopts a digital signature mode based on all bytes of the installation package file, inserting the data block at the positioned position;
and modifying the values of the length marks at two ends in the signature data segment, wherein the values of the length marks at two ends are used for positioning the position of the inserted data block.
7. The method of claim 1, further comprising:
during the installation of the installation package file,
according to the digital signature mode adopted by the file structure, positioning the position of a data block between the file data field and the file metadata field in the file structure;
reading the data block at the position of the located data block;
analyzing the read data block to obtain the extended information and verifying the extended information;
and transmitting the extension information which passes the verification to a server so as to enable the server to execute processing corresponding to the extension information.
8. The method according to claim 7, wherein locating the position of the data block between the file data field and the file metadata field in the file structure according to the digital signature adopted by the file structure comprises:
when the file structure adopts a digital signature mode based on all bytes of the installation package file, locating the tail position of a sequence segment in a signature data segment in the file structure to be used as the position of the data block, wherein the position of the signature data segment in the file structure is between the file data field and the file metadata field;
when the file structure adopts a digital signature mode based on entry content in the installation package file, positioning the initial position of the file metadata field in the file structure according to the initial offset of the file metadata field recorded in the directory metadata field to be used as the position of the data block, wherein the position of the file metadata field in the file structure is behind the file data field.
9. An apparatus for processing extended information in an installation package file, comprising:
the acquisition module is used for acquiring a file structure of the installation package file;
the encapsulation module is used for encapsulating the extended information to be added in the file structure to obtain a data block;
the detection module is used for detecting a digital signature mode adopted by the file structure of the installation package file;
the positioning module is used for positioning the position between a file data field and a file metadata field in the file structure according to the digital signature mode adopted by the file structure;
an insertion module for inserting the data block at the located position;
and the modification module is used for modifying the initial offset of the file metadata field recorded in the directory metadata field in the file structure according to the length of the data block.
10. An electronic device, comprising:
a memory for storing executable instructions;
a processor, configured to implement the processing method for the extended information in the installation package file according to any one of claims 1 to 8 when executing the executable instructions stored in the memory.
CN201910687720.2A 2019-07-29 2019-07-29 Processing method and device for extended information in installation package file and electronic equipment Pending CN112306553A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910687720.2A CN112306553A (en) 2019-07-29 2019-07-29 Processing method and device for extended information in installation package file and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910687720.2A CN112306553A (en) 2019-07-29 2019-07-29 Processing method and device for extended information in installation package file and electronic equipment

Publications (1)

Publication Number Publication Date
CN112306553A true CN112306553A (en) 2021-02-02

Family

ID=74329934

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910687720.2A Pending CN112306553A (en) 2019-07-29 2019-07-29 Processing method and device for extended information in installation package file and electronic equipment

Country Status (1)

Country Link
CN (1) CN112306553A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014206046A1 (en) * 2013-06-25 2014-12-31 Tencent Technology (Shenzhen) Company Limited A method, equipment and system of incremental update
WO2017193640A1 (en) * 2016-05-07 2017-11-16 腾讯科技(深圳)有限公司 Application updating method and device
CN108196851A (en) * 2017-12-28 2018-06-22 腾讯科技(深圳)有限公司 Using dissemination method and device
CN108280341A (en) * 2016-12-30 2018-07-13 腾讯科技(深圳)有限公司 Channel number addition, installation kit method of calibration and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014206046A1 (en) * 2013-06-25 2014-12-31 Tencent Technology (Shenzhen) Company Limited A method, equipment and system of incremental update
WO2017193640A1 (en) * 2016-05-07 2017-11-16 腾讯科技(深圳)有限公司 Application updating method and device
CN108280341A (en) * 2016-12-30 2018-07-13 腾讯科技(深圳)有限公司 Channel number addition, installation kit method of calibration and device
CN108196851A (en) * 2017-12-28 2018-06-22 腾讯科技(深圳)有限公司 Using dissemination method and device

Similar Documents

Publication Publication Date Title
CN105262627B (en) Firmware upgrading method, device and system
CN106484612B (en) The system and method tested and reported for equipment compatibility
CN102455912B (en) Expand during operation
CN102667717A (en) A method, apparatuses and a system for compilation
CN107301343B (en) Safety data processing method and device and electronic equipment
CN103646044A (en) Mobile terminal identification method and device
CN104137057A (en) Generating and caching software code
CN111061643B (en) SDK cluster compatibility detection method and device, electronic equipment and storage medium
WO2019071891A1 (en) Code coverage analysis method and application server
CN111740948B (en) Data packet issuing method, dynamic updating method, device, equipment and medium
CN110737589A (en) automatic point burying method, device, medium and electronic equipment
WO2017020459A1 (en) Method and apparatus for configuring plugin package for host
WO2021169124A1 (en) Method and apparatus for installing software package to target host, and computer device
CN104036194A (en) Vulnerability detection method and device for revealing private data in application program
CN108197469B (en) Method and device for verifying application program, storage medium and electronic equipment
CN106709281B (en) Patch granting and acquisition methods, device
CN105760761A (en) Software behavior analyzing method and device
CN105389180B (en) A kind of USB port configurableization method based on Android platform
CN114398673A (en) Application compliance detection method and device, storage medium and electronic equipment
CN113778897A (en) Automatic test method, device, equipment and storage medium of interface
CN112306553A (en) Processing method and device for extended information in installation package file and electronic equipment
CN104063306A (en) Automatic login method, device and system in intelligent terminal software testing
CN110737588A (en) automatic point burying method, device, medium and electronic equipment
CN116166907A (en) Method and device for developing Web application by using WebAsssembly and service page compiling technology
CN110826074A (en) Application vulnerability detection method and device and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination