CN112668004B - LLVM-based function verification method and related device - Google Patents
LLVM-based function verification method and related device Download PDFInfo
- Publication number
- CN112668004B CN112668004B CN201910982787.9A CN201910982787A CN112668004B CN 112668004 B CN112668004 B CN 112668004B CN 201910982787 A CN201910982787 A CN 201910982787A CN 112668004 B CN112668004 B CN 112668004B
- Authority
- CN
- China
- Prior art keywords
- function
- current
- calling
- current function
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Stored Programmes (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the application discloses a function verification method based on an LLVM (Linked virtual machine) and a related device, which are used for improving the complexity of a verification algorithm and improving the threshold of hacker cracking. The method in the embodiment of the application comprises the following steps: compiling a function list; after reloading the runOnfunction, acquiring the name of the current function, and judging whether the current function is contained in the function list or not, wherein the runOnfunction is used for inserting a check factor into the function; if yes, recording the memory starting address and the memory ending address of the current function, inserting a first calling function and a second calling function into the tail of the current function, obtaining a target verification result for verifying the current function through the first calling function when the tail of the current function is executed, and encrypting the target verification result through the second calling function to obtain an encrypted verification result; and uploading the encryption check result to the server so that the server judges whether the current function is modified according to the encryption check result.
Description
Technical Field
The present application relates to the field of network platforms, and in particular, to a function verification method and related apparatus for LLVM.
Background
With the increasing popularity and development of networks, application programs have become more diversified and multifunctional. It will be appreciated that it is important for applications, particularly profitable applications, that the integrity of their functional code is not modified. However, in reality, some hackers may implement some "plug-in" functions by modifying the code of the application, for example, modifying the determination logic for determining whether the client is the VIP, so as to have the VIP function without purchasing the VIP.
In the prior art, the verification is performed by writing a separate verification code. That is, the server issues the address and the length of the check code, and the check of all the codes is performed by using the independent check code. However, in the prior art, all code checking functions are in one function, checking of all codes is bypassed if a hacker modifies the checking codes, and since the checking algorithms of all codes are the same, the checking security is low, and the hacker can easily learn the checking principle. Therefore, how to improve the security of verification is a problem that needs to be solved urgently at present.
Disclosure of Invention
The embodiment of the application provides a function verification method and a related device based on a bottom layer virtual machine LLVM (Link level virtual machine), which are used for improving the complexity of a verification algorithm and improving the threshold of hacker cracking.
A first aspect of an embodiment of the present application provides a method for obfuscating data, including: compiling a function list, wherein the function list comprises names of all function functions and check factor complexity corresponding to the function functions, the function functions are functions needing to be checked by inserting check factors, and the check factor complexity corresponding to the function functions is positively correlated with the importance of the function functions; after reloading a runOnfunction, acquiring the name of a current function, and judging whether the current function is contained in the function list, wherein the runOnfunction is used for inserting the check factor into the function; if yes, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail of the current function, wherein the first calling function is used for calling the function of the target check factor corresponding to the current function, the input parameters of the first calling function comprise the memory starting address and the memory ending address of the current function, and the second calling function is used for calling the function of the encryption check result; when the current function is executed to the tail part of the current function, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encrypted verification result; and uploading the encryption verification result to a server, so that the server judges whether the current function is modified according to the encryption verification result.
In a possible embodiment, the obtaining the name of the current function and determining whether the current function is included in the function list includes: acquiring the name of the current function by calling a function getname (); defining an iterator, and searching whether the name of the current function is contained in the functional function list through the iterator; if the name of the current function is contained in the function list, acquiring the complexity of a target check factor corresponding to the current function; and if the name of the current function is not contained in the function list, returning prompt information, wherein the prompt information is used for prompting that the check factor is not inserted into the current function.
In a possible embodiment, the recording the memory start address and the memory end address of the current function includes: obtaining a first code block curr of the current function by calling a function begin () and obtaining a last code block curr1 of the current function in reverse by calling a function cbbegin (); creating a variable startaddress for recording the initial address of the memory and a variable endaddress for recording the end address of the memory; and inserting the variable startaddress into the initial position of the code block curr by calling a function insertfront (), and inserting the variable endaddress into the end position of the code block curr1, wherein the initial position of the code block curr is the memory initial address of the current function, and the end position of the code block curr1 is the memory end address of the current function.
In a possible embodiment, said inserting a first calling function and a second calling function at the tail of said current function comprises: constructing the first calling function and the second calling function by functions including: the first calling function is constructed by calling a first creation interface Binaryoperator (Create ()), and input parameters of the first creation interface Binaryoperator (Create () comprise the target check factor, the memory start address of the current function and the memory end address of the current function; the second calling function is constructed by calling a second creation interface Binaryoperator:: Create (), and input parameters of the second creation interface Binaryoperator:: Create () comprise an encryption function and the target verification result; and sequentially inserting the first calling function and the second calling function into the tail part of the current function by calling function insert ().
In a possible embodiment, the obtaining, by the first calling function, a target verification result for verifying the current function includes: determining the current function according to the memory starting address and the memory ending address of the current function in the first calling function; determining the complexity of a target check factor corresponding to the name of the current function in the function list; randomly selecting a check factor as the target check factor from a check factor set with the complexity of the target check factor; and verifying the current function according to the target verification factor to obtain the target verification result.
In a possible embodiment, the verifying the current function according to the target verification factor to obtain the target verification result includes: when the complexity of the target verification factor of the current function is 1, the number of target algorithms corresponding to the target verification factor is 1, and the current function is calculated according to the target algorithms to obtain a target verification result; when the complexity of the target verification factor of the current function is N, the number of target algorithms corresponding to the target verification factor is N, the current function is calculated according to the N target algorithms to obtain N results, the N results are added to obtain the target verification result, and N is an integer greater than 1.
In a possible embodiment, the encrypting the target verification result by the second calling function to obtain an encrypted verification result includes: encrypting the target verification result according to an encryption function, the encryption function comprising at least one logical algorithm, the logical algorithm including but not limited to one or more of the following algorithms: an addition algorithm, a subtraction algorithm, an exclusive or algorithm, a left shift operation, and a right shift operation.
A second aspect of an embodiment of the present application provides a verification apparatus, including: the device comprises a compiling unit, a verification unit and a verification unit, wherein the compiling unit is used for compiling a function list, the function list comprises names of all function functions and verification factor complexity corresponding to the function functions, the function functions are functions needing to be verified by inserting verification factors, and the verification factor complexity corresponding to the function functions is positively correlated with the importance of the function functions; the judging unit is used for acquiring the name of a current function after reloading a runOnFunction, and judging whether the current function is contained in the function list or not, wherein the runOnFunction is used for inserting the check factor into the function; an inserting unit, configured to record a memory start address and a memory end address of the current function if the current function is a target function, and insert a first call function and a second call function at a tail of the current function, where the first call function is used to call a function of a target verification factor corresponding to the current function, an input parameter of the first call function includes the memory start address and the memory end address of the current function, and the second call function is used to call a function of an encryption verification result; the verification unit is used for obtaining a target verification result for verifying the current function through the first calling function when the current function is executed to the tail part of the current function, and encrypting the target verification result through the second calling function to obtain an encrypted verification result; and the transceiving unit is used for uploading the encryption verification result to a server so that the server judges whether the current function is modified according to the encryption verification result.
A third aspect of the present application provides an electronic device, which includes a memory and a processor, and is characterized in that the processor is configured to implement the steps of the LLVM-based function verification method according to any one of the first aspect described above when executing a computer management class program stored in the memory.
A fourth aspect of the present application provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to perform the method of the above-described aspects.
A fifth aspect of the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the above-described aspects.
According to the technical scheme, the embodiment of the application has the following advantages: compiling a function list, wherein the function list comprises names of the function functions and check factor complexity corresponding to the function functions, the function functions are functions needing to be checked by inserting check factors, and the check factor complexity corresponding to the function functions is positively correlated with the importance of the function functions; after reloading the runOnfunction, acquiring the name of the current function, and judging whether the current function is contained in the function list or not, wherein the runOnfunction is used for inserting a check factor into the function; if so, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail of the current function, wherein the first calling function is used for calling the function of the target verification factor corresponding to the current function, the input parameters of the first calling function comprise the memory starting address and the memory ending address of the current function, and the second calling function is used for calling the function of the encryption verification result; when the tail of the current function is executed, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encryption verification result; and uploading the encryption check result to the server so that the server judges whether the current function is modified according to the encryption check result. In the embodiment of the application, the verification factor is inserted into the function based on the LLVM compiler framework, the function code of the program is compiled by the LLVM, and different verification algorithms and a plurality of random encryption algorithms are combined, so that the calculation result of the whole verification factor is changed after each compiling, the complexity of the verification algorithm is improved, and the hacker cracking threshold is improved.
Drawings
Fig. 1 is a flowchart of a LLVM-based function verification method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a possible verification apparatus provided in an embodiment of the present application;
fig. 3 is a schematic diagram of a hardware structure of a possible electronic device according to an embodiment of the present disclosure;
fig. 4 is a schematic hardware structure diagram of a possible computer-readable storage medium according to an embodiment of the present disclosure.
Detailed Description
The embodiment of the application provides a function verification method and a related device based on an LLVM (Linked virtual machine), which are used for improving the complexity of a verification algorithm and improving the threshold of hacker cracking.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a flowchart of a function verification method based on LLVM according to an embodiment of the present application includes:
101. compiling a configuration file of the verification factor;
it should be noted that, the embodiment of the present application may verify all function functions of the whole program, and since there may be hundreds of thousands of functions of a program, the more the functions are verified, the more the functions affect the performance of the program, and some functions are not important, in order to improve the verification efficiency, it is necessary to configure which function functions need to be verified. Meanwhile, the complexity of each function is different from the realized function, a more high-strength check factor is needed for the core function, a general check factor is needed for the general function, and different check factors can be realized for different function functions through the configuration.
In the embodiment of the application, a json format can be adopted to write the configuration file of the verification factor. The specific configuration is as follows:
[{“name”:“function1”,“complexity”,“1”},
{“name”:“function2”,“complexity”,“2”},
{“name”:“function3”,“complexity”,“5”},]
in this embodiment, the complexity of the check factor corresponding to each function is positively correlated with the importance of each function, that is, the higher the complexity of the check factor corresponding to the function is, the more important the kernel of the function is. Similarly, "name" in function2 "is used to indicate that the function2 needs to insert the check factor," complexity ", and" 2 "indicates that the complexity of the check factor is 2, which is not described herein again.
In this embodiment, different check factor complexities are selected according to the importance degree of each function, and program developers are clear of all the function functions, and the program developers can fill in configuration files of the check factors. Therefore, the configuration file of the verification factor is designed through the jason format, so that program developers can read the configuration file conveniently, and the readability of the configuration file is improved.
102. Writing a configuration file of a reading program and creating a function list;
in order to verify the function of the program, firstly, a configuration file for reading the program needs to be written, and a function list is created, wherein the function list comprises the name of each function and the complexity of the verification factor corresponding to each function, and the function is a function which needs to be checked by inserting the verification factor. Therefore, it can be determined from the function list which functions need to insert the check factor and the complexity of the check factor which needs to be inserted. Since the configuration file of the verification factor is a json file, a json tool class is used to read the configuration file.
Firstly, defining a file reading object ifs, wherein a specific function is defined as an ifstream ifs; then, calling a function if.open () to read an open configuration file, wherein a specific function is defined as if.open ("config.json"); then, a Json object Json root is defined, and a specific function is defined as Json:: Value Json root; the object is then used to parse the json file, including: creating an object for analyzing Json, wherein a specific function is defined as Json:: Reader jsonReader; and then resolving the whole json file into json root through a function json reader. And after reading the configuration file of the json format of the check factor, traversing all items of the json file.
Firstly, a structure for storing function information needs to be created so as to facilitate subsequent access, and meanwhile, as the functions of a program are very many, when whether a function needs to be inserted with a check factor is read, a large amount of search work exists, and the more the functions of the program are, the more the time needed for searching is, so as to improve the efficiency, the embodiment can use a stl map container for storage, so that the search speed is accelerated, firstly, a function list funcmap is defined, a key value of the funcmap uses a string type for storing a function name, a value uses an int type for storing a corresponding check factor complexity, and then, a loop is written for traversing json configuration items, including firstly, acquiring first data of a first json item, acquiring the function name of the first data and the corresponding check factor complexity, then, moving to next data, and reading one item of a configuration file every time, insert () is inserted into funcmap through the function funcmap, and finally funcmap stores all the function names and corresponding check factor complexities that need to be inserted with check factors. The specific function is implemented as follows:
Map<string,int>funcmap;
for(auto it=jsonRoot.begin();it!=jsonRoot.end();it++){
auto sit=it->begin();
String func_name=sit.value;
sit++;
Int complexity=sit.value;
funcmap.insert(make_pair<string,int>(func_name,complexity));
}
103. after reloading the runOnfunction function, acquiring the name of the current function, and judging whether the current function is contained in the function list;
in order to insert check factors into all functions, a class inherited from a functional pass needs to be written. An InsertCheck class inherited from functional pass is written, and specific function implementation comprises the following steps: class InsertCheck, whose core Function is to override such a virtual pool runOnfunction (Function & F) { } so as to be able to operate on each Function, i.e., the Function runOnfunction () is a pure imaginary Function with a value of pool type data returned and is a constant Function. After reloading the function runOnFunction (), the name of the current function is acquired and it is determined whether the current function is included in the function list. Specifically, the name of the current function is acquired by calling a function getname (); after the name of the current function is obtained, whether the name of the current function is included in a function list is searched, and an iterator is defined; searching whether the name of the current function is contained in the function list or not through an iterator, and if the name of the current function is contained in the function list, acquiring the complexity of a target check factor corresponding to the current function; and if the name of the current function is not contained in the function list, returning prompt information, wherein the prompt information is used for prompting that the check factor is not inserted into the current function. The specific function is implemented as follows:
String functionname=F->getname();
Map<string,int>::iterator itr;
itr=funcmap.find(functionname);
If(itr==funcmap.end()){
Return;
}
Int complexity=itr.second;
104. if so, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail part of the current function;
and if the name of the current function is contained in the function list, recording the memory starting address and the memory ending address of the current function. The method specifically comprises the following steps: obtaining a first code block curr of the current function by calling a function begin (), BasicBlock curr ═ F- > begin (), and obtaining a last code block curr1 of the current function in reverse by calling a function cbbegin (), BasicBlock curr1 ═ F- > cbbegin (); creating a variable startaddress for recording a memory starting address, and a variable endaddress for recording a memory ending address, wherein the variable startaddress is Uint64startaddress which is this, and the variable endaddress is Uint64endaddress which is this; the variable startaddress is inserted into the starting position, Curr- > insertfront (startaddress), of the code block Curr1 by calling the function insertfront (), and the variable endaddress is inserted into the ending position, Curr- > insertfront (endaddress), of the code block Curr, the starting position of the code block Curr is the memory starting address of the current function, and the ending position of the code block Curr1 is the memory ending address of the current function.
After determining and recording the memory start address and the memory end address of the current function, inserting a first calling function and a second calling function at the tail of the current function, wherein the first calling function is used for calling the function of the target verification factor corresponding to the current function, the input parameters of the first calling function comprise the memory start address and the memory end address of the current function, and the second calling function is used for calling the function of the encryption verification result. The method specifically comprises the following steps: the specific function implementation can be as follows:
BinaryOperator*op=BinaryOperator::Create(Instruction::CallFunc,“check”,startaddress,endaddress);
BinaryOperator*op2=BinaryOperator::Create(Instruction::CallFunc,“encrypt”,result);
the method comprises the following steps that op represents a first calling function, check is used for representing a target check factor, startaddress represents a memory starting address of a current function, and endaddress represents a memory ending address of the current function; op2 represents a second calling function, encrypt represents an encryption function, and result represents a target verification result;
after the first calling function and the second calling function are created, the first calling function and the second calling function are sequentially inserted into the tail part of the current function by calling function insert (), and the specific function implementation comprises the following steps: curr- > insert < op >; curr- > insert < op2>, where op represents a first call function and op2 represents a second call function.
105. When the tail of the current function is executed, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encryption verification result;
when the current function is executed to the tail part, the target verification result for verifying the current function is verified through the first calling function, and the method comprises the following steps: determining a current function according to a memory starting address and a memory ending address of the current function in the first calling function; determining the complexity of a target check factor corresponding to the name of the current function in a functional function list; randomly selecting a check factor as a target check factor from a check factor set with the complexity of all target check factors; and verifying the current function according to the target verification factor to obtain a target verification result.
It should be noted that, in the embodiment of the present application, the check factors corresponding to different function functions are different, in order to improve the security threshold, the check factors may be selected randomly or according to a certain algorithm when the LLVM compiles the code, and the check factors with different complexities may be designed, the check factor with the greater complexity may consume more computing resources, and the check factor with the simpler complexity may be used for the non-core function. Therefore, a hacker needs to analyze each verification algorithm once, and the difficulty of cracking the verification factor by the hacker is improved.
In the embodiment of the application, for the writing of the verification factor, existing open sources can be used, some algorithms can be customized, and the algorithms can be overlapped and improved, so that the calculation result of the traditional algorithm is different from the verification factor written in the embodiment. Therefore, verifying the current function according to the target verification factor to obtain the target verification result may include: if the complexity of the target verification factor of the current function is 1, calculating the current function according to the target algorithm to obtain a target verification result, wherein the number of target algorithms corresponding to the target verification factor is 1; and if the complexity of the target verification factor of the current function is N, the number of target algorithms corresponding to the target verification factor is N, the current function is calculated according to the N target algorithms to obtain N results, the N results are added to obtain a target verification result, and N is an integer greater than 1. For ease of understanding, the following will be exemplified:
for example, when the complexity of the target verification factor is 1, the following may be specifically mentioned:
Void check1_1(uint64start,uint64len,uint8*result){
result=CRC32.check(start,len);}
wherein, check1_1 is a target check factor with a check algorithm of 1 and a check factor complexity of 1, the parameter start represents the memory start position of the current function, len represents the length of the current function, and result represents the target check result, and the check algorithm is a CRC32 algorithm.
When the complexity of the target verification factor is 2, specifically, the method may include:
Void check2_2(uint64start,uint64len,uint8*result){
result1=CRC32.check(start,len);
result2=Aphash(start,len);
result=result1+result2;}
wherein, check2_2 is a target check factor with check algorithm of 2 and check factor complexity of 2, parameter start represents the memory start position of the current function, len represents the length of the current function, result1 represents the result obtained according to the CRC32 algorithm, result2 represents the result obtained according to the Aphash algorithm, and result represents the target check result, and the check algorithm is CRC32 algorithm.
Similarly, when the complexity of the target verification factor is 2, the following specific examples may be:
Void check3_3(uint64start,uint64len,uint8*result){
result1=sha.check(start,len);
result2=RSHash(start,len/2);
result3=JSHash(start+len/2,len-len/2);
result=result1+result2+result3;}
the check3_3 is a target check factor with a check algorithm of 3 and a check factor complexity of 3, the parameter start represents a memory start position of a current function, the len represents a length of the current function, the result obtained according to the sha check algorithm is represented by result1, the result obtained according to the RSHash algorithm is represented by result2, the result obtained according to the JSHash algorithm is represented by result3, and the result represents a target check result.
In summary, through different combinations and overlays, multiple check factors with different complexities can be written, and it can be understood that one check factor complexity can correspond to multiple check factors, that is, in the embodiment of the present application, the check factor complexities of different check factors may be the same or different, and are not limited herein specifically. Therefore, after the target check factor complexity of the current function is determined, one check factor may be randomly selected as the target check factor from a check factor set whose complexity is the target check factor complexity, or a specific algorithm may be adopted to select the target check factor from the check factor set, for example, n check factors in the check factor set are sequentially numbered, a random number M is generated by a random number generator, and a complementation formula P ═ M% n is used to take the P +1 th check factor in the check factor set as the target check factor. Therefore, the selection manner of the target verification factor is not limited herein.
After the target verification result is obtained according to the target verification factor, the target verification result generated by the verification factor may be further encrypted by using a lightweight basic encryption algorithm in this embodiment, so that the target verification result is changed. In addition, in the embodiment, the verification factor is automatically inserted into the function based on the LLVM, so that the LLVM is used to insert the verification factor each time the program is compiled, and after the verification factor algorithm is designed, some simple random encryption algorithms can be generated to further calculate the target verification result, so that the final target verification result is changed in each compiling, and thus the threshold for cracking the algorithm can be further improved. Namely, the second call function encrypts the target verification result to obtain an encrypted verification result, and the method specifically includes: encrypting the target verification result according to an encryption function, wherein the encryption function comprises at least one logic algorithm, and the logic algorithm comprises but is not limited to one or more of the following algorithms: an addition algorithm, a subtraction algorithm, an exclusive or algorithm, a left shift operation, and a right shift operation. For ease of understanding, the following will be exemplified:
1. performing an addition algorithm on the target verification result through a function AddData (), namely adding an add value to the target verification result:
uint8_t AddData(uint8_t pData,uint8_t add){
return a+b;
}
wherein pData represents a target verification result.
2. And (3) performing a subtraction algorithm on the target verification result through a function SubData (), namely subtracting an add value from the target verification result:
uint8_t SubData(uint8_t pData,uint8_t add){
return a-b;
}
wherein pData represents a target verification result.
3. Performing exclusive-or operation on the target verification result through a function XorData (), namely performing exclusive-or operation on the target verification result by using an add value:
uint8_t XorData(uint8_t pData,uint8_t add){
return a xor b;
}
wherein pData represents a target verification result.
4. And left shifting the target verification result by a function LeftData (), namely left shifting the target verification result by an add value:
uint8_t LeftData(uint8_t pData,uint8_t add){
return a<<b;
}
wherein pData represents a target verification result.
5. The target verification result is right-shifted by the function RightData (), i.e. the target verification result is right-shifted by an add value:
uint8_t RightData(uint8_t pData,uint8_t add){
return a>>b;
}
wherein pData represents a target verification result.
After the basic operation unit is arranged, the combination and arrangement can be selected at will, so that the encryption of the target verification result is realized.
For example, the encryption algorithm 1 obtained after random permutation may be as follows:
Void Encrypt001_1(uint8_t*pData,uint8_t*pKey,uint32_t pDataLen){
For(int i=0;i<pDataLen;i++)
{
XorData(pData[i],pKey[i]);
LeftData(pData[i],pKey[i]);
AddData(pData[i],pKey[i]);
AddData(pData[i],pKey[i]);
SubData(pData[i],pKey[i]);
LeftData(pData[i],pKey[i]);
}
wherein Encrypt001_1 represents the encryption algorithm 1, the last 1 represents the complexity 1, similar Encrypt001_2 represents the encryption algorithm 2, the last 2 represents the complexity 2, and the like, and the higher the complexity is, the more computation instructions are included. It should be noted that, in this embodiment, the basic operation units may be increased at will, and the more the basic operation units are, the more complicated the basic operation units are, the more sets of algorithms may be generated correspondingly.
Therefore, the target verification result is encrypted through the encryption algorithm obtained through the combination, and the encryption verification result is obtained. In this embodiment, a random encryption algorithm is used to further calculate the target verification result, so that the final target verification result is changed in each compiling, and the threshold for cracking the algorithm can be further improved.
106. And uploading the encryption check result to the server so that the server judges whether the current function is modified according to the encryption check result.
And after the target verification result is encrypted to obtain an encryption verification result, the encryption verification result is uploaded to the server, so that the server can verify whether the detection result reported by the client is correct, and the server can judge whether the client has a code modification behavior. Since the purpose of this embodiment is to verify the code, it is not necessary to provide a decryption algorithm, and only the target verification result needs to be further encrypted so that the result is inconsistent with the original algorithm, and each compilation will result in a change of the result. Therefore, when the server determines that the current function is not consistent with the original algorithm according to the encryption verification result, the current function is determined to be not modified, namely the client does not have the action of modifying the code.
In the embodiment of the present application, the advantage of generating the interference function based on the LLVM is that the original function is not polluted, and more development languages can be supported, and it is not necessary to know what the development languages are, and the compatibility and the space in which the operation can be performed are larger. Therefore, by inserting the check factor into the function based on the LLVM compiler framework, the function code of the program is compiled by the LLVM, and different check algorithms and a plurality of random encryption algorithms are combined, so that the calculation result of the whole check factor is changed after each compiling, the complexity of the check algorithm is improved, and the cracking threshold of a hacker is improved.
The embodiments of the present application are described above from the perspective of a function verification method based on LLVM, and the embodiments of the present application are described below from the perspective of a verification device.
Referring to fig. 2, fig. 2 is a schematic diagram of an embodiment of a possible verification apparatus provided in an embodiment of the present application, where the verification apparatus specifically includes:
the compiling unit 201 is configured to compile a function list, where the function list includes names of the function functions and check factor complexities corresponding to the function functions, the function functions are functions that need to be checked by inserting check factors, and the check factor complexities corresponding to the function functions are positively correlated to the importance of the function functions;
a determining unit 202, configured to obtain a name of a current function after reloading a runon function, and determine whether the current function is included in the function list, where the runon function is used to insert the check factor into the function;
an inserting unit 203, configured to record a memory start address and a memory end address of the current function if the current function is a cryptographic function, and insert a first call function and a second call function at a tail of the current function, where the first call function is used to call a function of a target verification factor corresponding to the current function, an input parameter of the first call function includes the memory start address and the memory end address of the current function, and the second call function is used to call a function of a cryptographic verification result;
a verification unit 204, configured to obtain a target verification result for verifying the current function through the first call function when the current function is executed to the tail of the current function, and encrypt the target verification result through the second call function to obtain an encrypted verification result;
a transceiving unit 205, configured to upload the encryption verification result to a server, so that the server determines whether the current function is modified according to the encryption verification result.
Referring to fig. 3, fig. 3 is a schematic view of an embodiment of an electronic device according to an embodiment of the present disclosure.
As shown in fig. 3, the embodiment of the present application provides an electronic device, which includes a memory 310, a processor 320, and a computer program 311 stored in the memory 320 and executable on the processor 320, where the processor 320 executes the computer program 311 to implement the following steps: compiling a function list, wherein the function list comprises names of all function functions and check factor complexity corresponding to the function functions, the function functions are functions needing to be checked by inserting check factors, and the check factor complexity corresponding to the function functions is positively correlated with the importance of the function functions; after reloading a runOnfunction, acquiring the name of a current function, and judging whether the current function is contained in the function list, wherein the runOnfunction is used for inserting the check factor into the function; if yes, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail of the current function, wherein the first calling function is used for calling the function of the target verification factor corresponding to the current function, the input parameters of the first calling function comprise the memory starting address and the memory ending address of the current function, and the second calling function is used for calling the function of the encryption verification result; when the current function is executed to the tail part of the current function, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encrypted verification result; and uploading the encryption verification result to a server, so that the server judges whether the current function is modified according to the encryption verification result.
Since the electronic device described in this embodiment is a device used for implementing one of the verification apparatuses in this embodiment, based on the method described in this embodiment, a person skilled in the art can understand the specific implementation manner of the electronic device of this embodiment and various variations thereof, so that how to implement the method in this embodiment by the electronic device is not described in detail herein, and as long as the person skilled in the art implements the device used for implementing the method in this embodiment, the device falls within the scope of the present application.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating an embodiment of a computer-readable storage medium according to the present application.
As shown in fig. 4, the present embodiment provides a computer-readable storage medium 400, on which a computer program 411 is stored, the computer program 411 implementing the following steps when executed by a processor: compiling a function list, wherein the function list comprises names of all function functions and check factor complexity corresponding to the function functions, the function functions are functions needing to be checked by inserting check factors, and the check factor complexity corresponding to the function functions is positively correlated with the importance of the function functions; after reloading the runOnFunction, acquiring the name of the current function, and judging whether the current function is contained in the function list, wherein the runOnFunction is used for inserting the check factor into the function; if yes, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail of the current function, wherein the first calling function is used for calling the function of the target verification factor corresponding to the current function, the input parameters of the first calling function comprise the memory starting address and the memory ending address of the current function, and the second calling function is used for calling the function of the encryption verification result; when the current function is executed to the tail part of the current function, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encrypted verification result; and uploading the encryption verification result to a server, so that the server judges whether the current function is modified according to the encryption verification result.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the present application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include such modifications and variations.
Claims (10)
1. A function verification method based on a bottom layer virtual machine LLVM is characterized by comprising the following steps:
compiling a function list, wherein the function list comprises names of all function functions and check factor complexity corresponding to the function functions, the function functions are functions needing to be checked by inserting check factors, and the check factor complexity corresponding to the function functions is positively correlated with the importance of the function functions;
after reloading a runOnfunction, acquiring the name of a current function, and judging whether the current function is contained in the function list, wherein the runOnfunction is used for inserting the check factor into the function;
if yes, recording the memory starting address and the memory ending address of the current function, and inserting a first calling function and a second calling function into the tail of the current function, wherein the first calling function is used for calling the function of the target verification factor corresponding to the current function, the input parameters of the first calling function comprise the memory starting address and the memory ending address of the current function, and the second calling function is used for calling the function of the encryption verification result;
when the current function is executed to the tail part of the current function, a target verification result for verifying the current function is obtained through the first calling function, and the target verification result is encrypted through the second calling function to obtain an encrypted verification result;
and uploading the encryption check result to a server so that the server judges whether the current function is modified according to the encryption check result.
2. The method of claim 1, wherein the obtaining the name of the current function and determining whether the current function is included in the list of function comprises:
acquiring the name of the current function by calling a function getname ();
defining an iterator, and searching whether the name of the current function is contained in the functional function list through the iterator;
if the name of the current function is contained in the function list, acquiring the complexity of a target check factor corresponding to the current function;
and if the name of the current function is not contained in the function list, returning prompt information, wherein the prompt information is used for prompting that the check factor is not inserted into the current function.
3. The method of claim 1, wherein the recording the memory start address and the memory end address of the current function comprises:
obtaining a first code block curr of the current function by calling a function begin () and obtaining a last code block curr1 of the current function in reverse by calling a function cbbegin ();
creating a variable startaddress for recording the initial address of the memory and a variable endaddress for recording the end address of the memory;
and inserting the variable startaddress into the initial position of the code block curr by calling a function insertfront (), and inserting the variable endaddress into the end position of the code block curr1, wherein the initial position of the code block curr is the memory initial address of the current function, and the end position of the code block curr1 is the memory end address of the current function.
4. The method of claim 3, wherein inserting the first calling function and the second calling function at the tail of the current function comprises:
the first calling function is constructed by calling a first creation interface Binaryoperator (Create ()), and input parameters of the first creation interface Binaryoperator (Create () comprise the target check factor, the memory start address of the current function and the memory end address of the current function;
the second calling function is constructed by calling a second creation interface Binaryoperator:: Create (), and input parameters of the second creation interface Binaryoperator:: Create () comprise an encryption function and the target verification result;
and sequentially inserting the first calling function and the second calling function into the tail part of the current function by calling function insert ().
5. The method of claim 1, wherein obtaining a target verification result for verifying the current function through the first calling function comprises:
determining the current function according to the memory starting address and the memory ending address of the current function in the first calling function;
determining the complexity of a target check factor corresponding to the name of the current function in the function list;
randomly selecting a check factor as the target check factor from a check factor set with the complexity of the target check factor;
and verifying the current function according to the target verification factor to obtain the target verification result.
6. The method of claim 5, wherein the verifying the current function according to the target verification factor to obtain the target verification result comprises:
when the complexity of the target verification factor of the current function is 1, the number of target algorithms corresponding to the target verification factor is 1, and the current function is calculated according to the target algorithms to obtain a target verification result;
when the complexity of the target verification factor of the current function is N, the number of target algorithms corresponding to the target verification factor is N, the current function is calculated according to the N target algorithms to obtain N results, the N results are added to obtain the target verification result, and N is an integer greater than 1.
7. The method of claim 1, wherein encrypting the target verification result through the second calling function to obtain an encrypted verification result comprises:
encrypting the target verification result according to an encryption function, the encryption function comprising at least one logical algorithm, the logical algorithm including but not limited to one or more of the following algorithms: an addition algorithm, a subtraction algorithm, an exclusive or algorithm, a left shift operation, and a right shift operation.
8. A verification apparatus, comprising:
the device comprises a compiling unit, a verification unit and a verification unit, wherein the compiling unit is used for compiling a function list, the function list comprises names of all function functions and verification factor complexity corresponding to the function functions, the function functions are functions needing to be verified by inserting verification factors, and the verification factor complexity corresponding to the function functions is positively correlated with the importance of the function functions;
the judging unit is used for acquiring the name of a current function after reloading a runOnFunction, and judging whether the current function is contained in the function list or not, wherein the runOnFunction is used for inserting the check factor into the function;
an inserting unit, configured to record a memory start address and a memory end address of the current function if the current function is a target function, and insert a first call function and a second call function at a tail of the current function, where the first call function is used to call a function of a target verification factor corresponding to the current function, an input parameter of the first call function includes the memory start address and the memory end address of the current function, and the second call function is used to call a function of an encryption verification result;
the verification unit is used for obtaining a target verification result for verifying the current function through the first calling function when the current function is executed to the tail part of the current function, and encrypting the target verification result through the second calling function to obtain an encrypted verification result;
and the transceiving unit is used for uploading the encryption verification result to a server so that the server judges whether the current function is modified according to the encryption verification result.
9. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any of claims 1-7.
10. A computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910982787.9A CN112668004B (en) | 2019-10-16 | 2019-10-16 | LLVM-based function verification method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910982787.9A CN112668004B (en) | 2019-10-16 | 2019-10-16 | LLVM-based function verification method and related device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112668004A CN112668004A (en) | 2021-04-16 |
| CN112668004B true CN112668004B (en) | 2022-06-21 |
Family
ID=75400293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910982787.9A Active CN112668004B (en) | 2019-10-16 | 2019-10-16 | LLVM-based function verification method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112668004B (en) |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6996712B1 (en) * | 1999-02-18 | 2006-02-07 | Sun Microsystems, Inc. | Data authentication system employing encrypted integrity blocks |
| CN106022107A (en) * | 2015-10-30 | 2016-10-12 | 北京中电华大电子设计有限责任公司 | Method and system for protecting program execution integrity |
| CN106295258A (en) * | 2016-08-04 | 2017-01-04 | 南京大学 | To the shadow stack implementation method controlling stream integrity protection after multithreading |
| CN106462677A (en) * | 2014-03-31 | 2017-02-22 | 爱迪德技术有限公司 | Optimizing and protecting software |
| CN106548049A (en) * | 2016-12-09 | 2017-03-29 | 武汉斗鱼网络科技有限公司 | A kind of code process method and apparatus |
| CN106960138A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | The method of calibration and device of virtual machine instructions, system |
| CN106960140A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | Virtual machine instructions obscure method and device, virtual machine protection system |
| CN107038353A (en) * | 2017-03-28 | 2017-08-11 | 武汉斗鱼网络科技有限公司 | The verification guard method of software program and system |
| CN107196761A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method of core function in protection application program |
| CN107194250A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | The integrity checking method and device of internal storage code |
| CN108351938A (en) * | 2015-10-29 | 2018-07-31 | 惠普发展公司,有限责任合伙企业 | The safety value that verification is calculated for a part for program code |
| CN108509773A (en) * | 2018-02-12 | 2018-09-07 | 北京梆梆安全科技有限公司 | A kind of source code reinforcement means and device |
| CN109313551A (en) * | 2016-06-21 | 2019-02-05 | 超威半导体公司 | Fingerprint recognition is carried out to redundant threads using the transcode that compiler is inserted into |
| CN109313677A (en) * | 2016-05-09 | 2019-02-05 | 艾锐势有限责任公司 | Method and apparatus for the executable verifying of dynamic |
| CN109453522A (en) * | 2018-11-09 | 2019-03-12 | 火烈鸟网络(广州)股份有限公司 | Game running safety detection method and device, storage medium, electronic equipment |
| CN109492392A (en) * | 2017-09-12 | 2019-03-19 | 武汉斗鱼网络科技有限公司 | A kind of detection method and system of core function |
| CN109643345A (en) * | 2016-09-27 | 2019-04-16 | 英特尔公司 | Technology for certainty code flow integrity protection |
| CN109858204A (en) * | 2019-01-03 | 2019-06-07 | 武汉极意网络科技有限公司 | A kind of program code guard method and device based on LLVM |
| CN110325994A (en) * | 2017-02-27 | 2019-10-11 | 华为国际有限公司 | Enhance the device and method of the control stream integrality of software application |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4770425B2 (en) * | 2005-11-24 | 2011-09-14 | 富士ゼロックス株式会社 | Program, method and apparatus for creating protected execution program |
| US7841010B2 (en) * | 2007-01-08 | 2010-11-23 | Apple Inc. | Software or other information integrity verification using variable block length and selection |
-
2019
- 2019-10-16 CN CN201910982787.9A patent/CN112668004B/en active Active
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6996712B1 (en) * | 1999-02-18 | 2006-02-07 | Sun Microsystems, Inc. | Data authentication system employing encrypted integrity blocks |
| CN106462677A (en) * | 2014-03-31 | 2017-02-22 | 爱迪德技术有限公司 | Optimizing and protecting software |
| CN108351938A (en) * | 2015-10-29 | 2018-07-31 | 惠普发展公司,有限责任合伙企业 | The safety value that verification is calculated for a part for program code |
| CN106022107A (en) * | 2015-10-30 | 2016-10-12 | 北京中电华大电子设计有限责任公司 | Method and system for protecting program execution integrity |
| CN106960138A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | The method of calibration and device of virtual machine instructions, system |
| CN106960140A (en) * | 2016-01-08 | 2017-07-18 | 阿里巴巴集团控股有限公司 | Virtual machine instructions obscure method and device, virtual machine protection system |
| CN109313677A (en) * | 2016-05-09 | 2019-02-05 | 艾锐势有限责任公司 | Method and apparatus for the executable verifying of dynamic |
| CN109313551A (en) * | 2016-06-21 | 2019-02-05 | 超威半导体公司 | Fingerprint recognition is carried out to redundant threads using the transcode that compiler is inserted into |
| CN106295258A (en) * | 2016-08-04 | 2017-01-04 | 南京大学 | To the shadow stack implementation method controlling stream integrity protection after multithreading |
| CN109643345A (en) * | 2016-09-27 | 2019-04-16 | 英特尔公司 | Technology for certainty code flow integrity protection |
| CN106548049A (en) * | 2016-12-09 | 2017-03-29 | 武汉斗鱼网络科技有限公司 | A kind of code process method and apparatus |
| CN110325994A (en) * | 2017-02-27 | 2019-10-11 | 华为国际有限公司 | Enhance the device and method of the control stream integrality of software application |
| CN107038353A (en) * | 2017-03-28 | 2017-08-11 | 武汉斗鱼网络科技有限公司 | The verification guard method of software program and system |
| CN107194250A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | The integrity checking method and device of internal storage code |
| CN107196761A (en) * | 2017-03-31 | 2017-09-22 | 武汉斗鱼网络科技有限公司 | A kind of method of core function in protection application program |
| CN109492392A (en) * | 2017-09-12 | 2019-03-19 | 武汉斗鱼网络科技有限公司 | A kind of detection method and system of core function |
| CN108509773A (en) * | 2018-02-12 | 2018-09-07 | 北京梆梆安全科技有限公司 | A kind of source code reinforcement means and device |
| CN109453522A (en) * | 2018-11-09 | 2019-03-12 | 火烈鸟网络(广州)股份有限公司 | Game running safety detection method and device, storage medium, electronic equipment |
| CN109858204A (en) * | 2019-01-03 | 2019-06-07 | 武汉极意网络科技有限公司 | A kind of program code guard method and device based on LLVM |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112668004A (en) | 2021-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hegedűs | Towards analyzing the complexity landscape of solidity based ethereum smart contracts | |
| KR102608500B1 (en) | Blockchain Compiler | |
| Feist et al. | Statically detecting use after free on binary code | |
| Bastani et al. | Specification inference using context-free language reachability | |
| BE1023400B1 (en) | A BUILD SYSTEM | |
| Wang et al. | Verification of implementations of cryptographic hash functions | |
| JP6904043B2 (en) | Input discovery for unknown program binaries | |
| Bastani et al. | Active learning of points-to specifications | |
| Heule et al. | Mimic: Computing models for opaque code | |
| CN111819542A (en) | Compiling apparatus and method | |
| Hansen et al. | Quantitative evaluation of attack defense trees using stochastic timed automata | |
| Zhang et al. | A hybrid symbolic execution assisted fuzzing method | |
| CN116361810A (en) | Intelligent contract vulnerability detection method based on symbol execution | |
| Li et al. | Detecting standard violation errors in smart contracts | |
| Karande et al. | BCD: Decomposing binary code into components using graph-based clustering | |
| König et al. | Towards the verification of attributed graph transformation systems | |
| CN112668004B (en) | LLVM-based function verification method and related device | |
| Menguy et al. | Ai-based blackbox code deobfuscation: Understand, improve and mitigate | |
| Vu et al. | A method for automated test data generation from sequence diagrams and object constraint language | |
| Letychevskyi et al. | Algebraic virtual machine project | |
| He | Modeling and analyzing smart contracts using predicate transition nets | |
| Buchwald et al. | Compiler optimization: A case for the transformation tool contest | |
| Biondi et al. | Comparative analysis of leakage tools on scalable case studies | |
| CN110032832B (en) | Web application processing method and device | |
| Moore | Stateman: using metafunctions to manage large terms representing machine states |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |