CN113094667A - System for preventing java program from being decompiled - Google Patents
System for preventing java program from being decompiled Download PDFInfo
- Publication number
- CN113094667A CN113094667A CN202110383682.9A CN202110383682A CN113094667A CN 113094667 A CN113094667 A CN 113094667A CN 202110383682 A CN202110383682 A CN 202110383682A CN 113094667 A CN113094667 A CN 113094667A
- Authority
- CN
- China
- Prior art keywords
- target
- file
- preset
- java
- instruction set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004590 computer program Methods 0.000 claims abstract description 17
- 238000006243 chemical reaction Methods 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 56
- 101100446506 Mus musculus Fgf3 gene Proteins 0.000 claims description 27
- 238000000034 method Methods 0.000 claims description 25
- 101000767160 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) Intracellular protein transport protein USO1 Proteins 0.000 claims description 23
- 101000661600 Homo sapiens Steryl-sulfatase Proteins 0.000 claims description 8
- 102100038021 Steryl-sulfatase Human genes 0.000 claims description 8
- 238000012163 sequencing technique Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 6
- 238000005336 cracking Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The invention relates to a system for preventing a java program from being decompiled, which comprises a preset DAlvik instruction set, a processor and a memory for storing the computer program, wherein when the computer program is executed by the processor, the step A1 is realized, and all target code segments are obtained from java byte codes to be processed; step A2, converting each target code segment into a corresponding target dex bytecode; a3, converting each target dex byte code into a target instruction set and data corresponding to each target instruction based on a preset DAlvik instruction set, and generating a first executable file; step A4, dynamically generating a target interpreter in an SO file based on the conversion relation between all target dex byte codes and data corresponding to each target instruction in a target instruction set; step A5, all target code segments in the java byte code to be processed are nulled, corresponding association marks are added, the preprocessed java byte code is obtained, and the preprocessed java byte code is converted into a reinforced dex file. The invention can prevent the java program from being decompiled and improve the safety of the java program.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a system for preventing a java program from being decompiled.
Background
With the rapid development of android technology, a large number of android applications have been developed, which are usually written based on the Java language. Java is a cross-platform and interpreted language, a Java compiling tool compiles Java source codes into Java byte code files, and a Java virtual machine is responsible for interpreting and executing the Java byte code files. The Java byte code file reserves method names and variable names, and the variables and methods are accessed through the names, and the symbols often carry a lot of semantic information. Therefore, the application program written based on java can be easily decompiled, and java source codes are obtained. Therefore, in order to improve the security of the java program and prevent the java program from being decompiled, how to provide a technology for preventing the java program from being decompiled is a technical problem to be urgently solved.
Disclosure of Invention
The invention aims to provide a system for preventing a java program from being decompiled, which can prevent the java program from being decompiled and improve the safety of the java program.
According to a first aspect of the present invention, there is provided a system for preventing a java program from being decompiled, including a preset DAlvik instruction set corresponding to each kind of DAlvik instructions, a processor and a memory storing a computer program, where each preset DAlvik instruction set includes a plurality of DAlvik instructions and an instruction id corresponding to each DAlvik instruction, the instruction id of the DAlvik instruction in each preset instruction set is obtained by disordering and ordering the DAlvik instruction ids in the original DAlvik instruction set corresponding to the DAlvik instruction category, the instruction id of the DAlvik in each preset instruction set is different from the DAlvik instruction id corresponding to the original DAlvik instruction set, and when the computer program is executed by the processor, the following steps are implemented:
a1, acquiring all target code segments from java byte codes to be processed;
step A2, converting each target code segment into a corresponding target dex bytecode;
step A3, converting each target dex bytecode into a target instruction set which can be executed by the preset DAlvik instruction set and data corresponding to each target instruction in the target instruction set based on the preset DAlvik instruction set corresponding to all classes of DAlvik instructions, and generating a first executable file based on the target instruction set corresponding to all target dex bytecode and the data corresponding to each target instruction in the target instruction set;
step A4, dynamically generating a target interpreter in an SO file based on the conversion relation between all target dex byte codes and data corresponding to each target instruction in a corresponding target instruction set;
step A5, emptying all target code segments in the java bytecode to be processed, adding corresponding association marks to each code segment to obtain preprocessed java bytecode, converting the preprocessed java bytecode into a reinforced dex file, wherein the association marks are used as start marks of a target interpreter and used for associating data corresponding to a target instruction set corresponding to the association marks and data corresponding to each target instruction in the target instruction set from the first executable file.
Compared with the prior art, the invention has obvious advantages and beneficial effects. By means of the technical scheme, the name provided by the invention can achieve considerable technical progress and practicability, has industrial wide utilization value and at least has the following advantages:
the method can increase the difficulty of decompilation of the java program, effectively prevent the java program from being decompilated and improve the safety of the java program.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical means of the present invention more clearly understood, the present invention may be implemented in accordance with the content of the description, and in order to make the above and other objects, features, and advantages of the present invention more clearly understood, the following preferred embodiments are described in detail with reference to the accompanying drawings.
Drawings
FIG. 1 is a flowchart illustrating a process of preventing a java program from being decompiled according to a first embodiment of the present invention;
FIG. 2 is a flowchart illustrating a process of preventing a java program from being decompiled according to a second embodiment of the present invention;
FIG. 3 is a flowchart illustrating a process of preventing a java program from being decompiled according to a third embodiment of the present invention;
fig. 4 is a flowchart illustrating a process of preventing a java program from being decompiled according to a fourth embodiment of the present invention.
Detailed Description
To further explain the technical means and effects of the present invention adopted to achieve the predetermined objects, the following detailed description of a named embodiment and its effects according to the present invention will be made with reference to the accompanying drawings and preferred embodiments.
In the process of Android program development, a java source code is usually written first, then the java source code is compiled into a java byte code, the java byte code is stored in a class file, and then the java byte code is compiled into a dex file, wherein the dex file is an executable file of an Android system and contains all operation instructions and runtime data of an application program. If the difficulty of decompiling the java program is increased and the java program is prevented from being decompiled, the embodiment of the present invention provides a system for preventing the java program from being decompiled, which may perform decompiling processing on the dex file at any one or more of the above stages, and it should be noted that "the system" in the embodiment of the present invention refers to "a system for preventing the java program from being decompiled". According to the invention, the system can be physically implemented as one server or as a server group comprising a plurality of servers. Those skilled in the art will appreciate that parameters such as the model and specification of the server do not affect the scope of the present invention.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. A process may be terminated when its operations are completed, but may have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc. The following is illustrated by several examples:
the first embodiment,
The embodiment provides a system for preventing a java program from being decompiled, which comprises a preset DAlvik instruction set corresponding to each type of DAlvik instruction, a processor and a memory for storing a computer program, wherein each preset DAlvik instruction set comprises a plurality of DAlvik instructions and an instruction id corresponding to each DAlvik instruction, the instruction id of the DAlvik instruction in each preset instruction set is obtained by disordering and sequencing the DAlvik instruction ids in an original DAlvik instruction set corresponding to the type of the DAlvik instruction, and the instruction id of the DAlvik in each preset DAlvik instruction set is different from the DAlvik instruction id corresponding to the original DAlvik instruction set. It should be noted that DAlvik is the name of a virtual machine for the Android platform, and the original DAlvik instruction set refers to the original DAlvik instruction set in the DAlvik virtual machine. When executed by a processor, as shown in fig. 1, the following steps are implemented:
a1, acquiring all target code segments from java byte codes to be processed;
as an example, the java bytecode to be processed is a bytecode in a class file corresponding to the android APK or the SDK to be processed.
Step A2, converting each target code segment into a corresponding target dex bytecode;
step A3, converting each target dex bytecode into a target instruction set which can be executed by the preset DAlvik instruction set and data corresponding to each target instruction in the target instruction set based on the preset DAlvik instruction set corresponding to all kinds of DAlvik instructions, and generating a first executable file based on the target instruction set corresponding to all target dex bytecode and the data corresponding to each target instruction in the target instruction set, wherein the first executable file is a binary file;
step A4, dynamically generating a target interpreter in an SO file based on the conversion relation between all target dex byte codes and data corresponding to each target instruction in a corresponding target instruction set, wherein a SO file in Android is a dynamic link library, is a binary file and is one of ELF (executable and Linking Format) files, and the target interpreter is dynamically generated in the SO file, SO that the normal operation of a part corresponding to a target code segment subjected to decompilation prevention processing can be guaranteed;
step A5, emptying all target code segments in the java bytecode to be processed, adding corresponding association marks to each code segment to obtain preprocessed java bytecode, converting the preprocessed java bytecode into a reinforced dex file, wherein the association marks are used as start marks of a target interpreter and used for associating data corresponding to a target instruction set corresponding to the association marks and data corresponding to each target instruction in the target instruction set from the first executable file. The association flag may be specifically set as a JNI (Java Native Interface) flag.
As an embodiment, in the process of executing the reinforced dex file, the following steps are implemented:
step a6, when the position of the association flag is reached, starting the target interpreter, and sequentially acquiring each target instruction in the target instruction set corresponding to the association flag and data corresponding to each target instruction from the first executable file based on the association flag, and loading the target instruction and the data into the memory for execution until the instruction in the target instruction set corresponding to the association flag is executed.
It can be understood that, each time one association flag is executed, the target interpreter is started until the execution of the instruction in the target instruction set corresponding to the association flag is completed. Other non-object code parts are directly executed according to the original execution flow, so that the normal operation of the java program after decompilation processing can be guaranteed.
As an example, all target code segments can be obtained from the java bytecode to be processed by the following two embodiments:
a first target code segment acquisition mode,
The system further comprises a preset first target function list, fields of the first target function list comprise names of target functions and starting addresses corresponding to the target functions, and the a1 comprises:
step A11, traversing the java bytecode to be processed based on the first target function list;
step a12, obtaining a target code segment corresponding to each first target function list based on the start address corresponding to each target function.
A second target code segment acquisition mode,
The system further comprises a preset second target function list, the fields of the second target function list comprise the names of target functions, and the a1 comprises:
step A101, in the process of compiling java byte codes to be reinforced, detecting the java byte codes to be reinforced in real time based on the second target function list, and when codes corresponding to target functions compiled in the second target function list are detected, adding preset annotation marks to the initial positions corresponding to the target functions;
step A102, scanning the java bytecode to be reinforced, and acquiring a code segment corresponding to the target function with the annotation mark as a starting position as the target code segment.
As an example, the first executable file, the SO file, and the hardened dex file may be stored by the following two embodiments.
The storage mode is one,
When the computer program is executed by the processor, the step a71 is further implemented, and the first executable file, the SO file and the reinforced dex file are respectively stored in an android APK or an SDK file to be processed. The first executable file, the SO file and the reinforced dex file are stored independently, only one first executable file needs to be stored, different versions of CPU architectures can be supported, and code compatibility is improved.
The second storage mode,
When the computer program is executed by the processor, the step A701 is further realized, the first executable file is stored into the SO file, the SO file and the reinforced dex file are respectively stored into an android APK or an SDK file to be processed, the first executable file is directly stored into the SO file, a file does not need to be additionally built for the first executable file, a target interpreter of the SO file can conveniently call the first executable file, and the code execution efficiency is improved.
In the first embodiment, all target code segments are converted into a first executable file which can be executed by a customized preset DAlvik instruction set based on the customized preset DAlvik instruction set, an SO file matched with the customized preset DAlvik instruction set is generated at the same time, a target interpreter is configured in the SO file, all target code segments are nulled, an association mark is added, a java program which is prevented from being decompiled is obtained based on the SO file, and in the running process, when the java program runs to the association mark, the target interpreter is called based on the association mark to load corresponding instructions and data in the first executable file for execution, SO that the java program which is prevented from being decompiled can be executed in a journey. Because the original target code segment is emptied and the code segment is converted based on the self-defined preset DAlvik instruction set, the java source code cannot be obtained based on the java program which is prevented from being subjected to decompilation processing, and the safety of the java program is improved.
Example II,
The embodiment provides a system for preventing a java program from being decompiled, which includes a preset ELF header information list, a terminal model list, a processor and a memory storing a computer program, wherein the ELF header information list stores a plurality of ELF header information to be erased, the terminal model list stores a plurality of preset terminal model information, and when the computer program is executed by the processor, as shown in fig. 2, the following steps are implemented:
b1, analyzing the ELF file to be processed to obtain the file header information of the ELF file to be processed;
step B2, erasing one or more ELF header information to be erased in the file header information of the ELF file to be processed to obtain an ELF file to be run;
when there are a plurality of ELF header information to be erased, the combinations of the plurality of ELF header information to be erased are selected.
Step B3, traversing the terminal machine type list, sequentially loading the ELF files to be operated into the android system corresponding to each preset terminal machine type information, judging whether the ELF files can be operated or not, and executing step B4 if the ELF files can be operated in the android systems corresponding to all the preset terminal machine type information;
step B4, calling a preset decompiling tool to identify an ELF file to be operated in the android system corresponding to each piece of preset terminal model information, if all identification fails, determining the currently erased ELF header information to be erased as target information, and executing the steps B2-B4 in a circulating manner until all target information is determined to generate a target information list;
by performing steps B2-B4 in a loop, all erasable ELF header information can be obtained individually, and a plurality of combinations of ELF header information can be obtained.
Step B5, selecting one target information from the target information list, erasing the target information in the ELF file header information of the ELF file to be processed, and generating the ELF reinforced file.
As an example, in step B5, the target information including the largest number of ELF header information to be erased is selected from the target information list for erasing, so as to increase the difficulty of decompilation and improve the security of the java program.
As an example, the predetermined decompilation tool may be a decompilation tool such as an IDA decompiler.
The ELF file header comprises description information, a dynamic link table and other information, and by erasing part of ELF header information, normal operation of the ELF file is not influenced, and decompilation software cannot open the ELF file, so that decompilation failure is caused, and java source codes cannot be acquired. The android systems of different models may be different, and therefore, in the second embodiment, an ELF header information list is established, the ELF header information is erased one by one, whether the erased ELF header information can operate in the operating environment corresponding to each preset terminal model information is judged, if yes, the information can be continuously judged to be recognized by the preset decompiler, and if the recognition fails, the currently erased ELF header information is determined to be erasable target information, and the target information is erased, so that the final information-erased ELF file can still normally operate, the finally obtained java program can normally operate, and meanwhile, the preset decompiler cannot acquire the source code from the finally obtained java program, and the safety of the java program is improved.
Example III,
The embodiment provides a system for preventing a java program from being decompiled, which comprises a preset encryption function, an encryption key, a decryption key and a decryption function, a processor and a memory storing a computer program, wherein when the computer program is executed by the processor, as shown in fig. 3, the following steps are realized:
step C1, monitoring whether the compiler compiles all the java source codes to be processed into corresponding first java byte codes, and if the compilation is finished, executing step C2;
step C2, scanning the first java byte code, if a constant character string is scanned, calling the encryption function and the encryption key to encrypt the scanned constant character string to obtain a corresponding encrypted character string;
and step C3, replacing the scanned constant character string with the call of the decryption function, and setting the call parameter corresponding to the decryption function as the encryption character string corresponding to the constant character string.
As an embodiment, the system further includes a Gradle plug-in, the Gradle plug-in is configured with a preset callback function, and the preset encryption function, encryption key, decryption key and decryption function, the Gradle is an item automation construction open source tool based on the concepts of Apache Ant and Apache Maven, the Gradle includes a set of API, and the Gradle plug-in can be obtained by configuring the API. The step C1 monitors whether the compiler compiles all java source codes to be processed into corresponding first java bytecode based on the Gradle, and if the compilation is completed, the Gradle plug-in is called by using the preset callback function to execute the step C2. And step C2, scanning the first java bytecode by using the Gradle plug-in, and if a constant character string is scanned, calling the encryption function and the encryption key to encrypt the scanned constant character string to obtain a corresponding encrypted character string. And step C3, replacing the scanned constant character string with the decryption function by using the Gradle plug-in, and setting the call parameter corresponding to the decryption function as the encrypted character string corresponding to the constant character string. The preset encryption function, encryption key, decryption key and decryption function are directly configured in the Gradle plug-in unit, and the steps C1-C3 are directly executed based on the Gradle and the calling Gradle plug-in unit, so that the processing efficiency is improved.
As an example, in step C2, the invoking the encryption function and the encryption key to encrypt the scanned constant string to obtain a corresponding encrypted string includes:
step C21, converting the scanned constant character string into a btye array, calling the encryption function to encrypt the btye array, and obtaining an encrypted btye array;
and C22, encoding the encrypted btye array to obtain an encrypted character string of the base64 or the base 128.
It is understood that the process of executing the call of the decryption function is the decryption process corresponding to C11-C12, and is not described herein again.
As an example, the encryption function is an encryption function such as AES, and the decryption function is a decryption function such as AES with good decryption performance.
As an example, the computer program, when executed by a processor, further implements the steps of:
step C41, the preset decryption key is segmented into a plurality of decryption key segments;
for example, the decryption key is a 16-bit decryption key, which may be divided into 4 segments.
Step C42, storing the multiple sections of decryption key sections in a class file corresponding to the first java bytecode in a scattered manner;
step C43, setting a key segment id for each decryption key segment, and establishing a key segment storage table based on the key segment id of each decryption key segment and the corresponding storage address, wherein the key segment storage table comprises a plurality of key segment records, and the field of each key segment record comprises the key segment id and the storage address;
and step C44, dispersedly storing the records of the key segment storage table in a class file corresponding to the first java bytecode.
In the embodiment, through the steps C1 to C3, the constant character string of the first java bytecode is completely converted into the call of the decryption function, the call parameter is set to the encrypted character string corresponding to the constant character string, and confusion of the constant character string is realized, so that in the execution process, the decryption function calls the encrypted character string corresponding to the constant character string, obtains the decryption key and only decrypts, and ensures that the code is normally executed but cannot obtain the constant character string, and obtains the scrambled code after decompilation, so that the source code of the java program cannot be obtained through decompilation, and the security of the java program is improved. In addition, the decryption key and the key segment record are stored dispersedly through the steps C41-C44, so that the difficulty of decompiling the java program is further improved, and the safety of the java program is further improved.
Example four,
The embodiment provides a system for preventing a java program from being decompiled, which comprises a DEX analysis and editing program, an ARSC file analysis and editing program, an obfuscated file name generation program, a processor and a memory, wherein the DEX analysis and editing program is preset, the ARSC file analysis and editing program is stored in the memory, and the processor is used for generating a obfuscated file name. When executed by a processor, as shown in fig. 4, the following steps are implemented:
step D1, acquiring a resources.arsc file in the APK file to be processed, calling a DEX analysis and editing program to acquire R package name information from the resources.arsc file, and calling an ARSC file analysis and editing program to acquire a resource list from the resources.arsc file;
the resource and arsc file refers to a mapping list file of resource IDs and actual resources, generated by Packaging some resources or resource indexes in a compiling resource by an aapt (android Asset Packaging tool), and is referred to as a resource list file for short, and the file records data in the form of binary data. The R package name information refers to the package name information of R.
Step D2, acquiring an R.java file from the APK file to be processed based on the R package name information, analyzing the R.java file, and acquiring a first resource information table, wherein a field of the first resource information table comprises a variable name and an int value, the variable name represents the name of the field in a code, and the int value represents a resource id;
step D3, calling the ARSC file analysis and editing program to analyze the resources and ARSC file, and acquiring a second resource information table, wherein the field of the second resource information table comprises a resource ID and a resource character string or a resource file path character string corresponding to the resource ID;
the resource string is a string actually used by a developer in a program in a resources.
Step D4, calling the confusion file name generation program to generate a corresponding target confusion file name for each resource file path character string in the second resource information table;
step D5, obtaining an RES directory corresponding to the APK file to be processed, retrieving the RES directory corresponding to the APK file to be processed based on each resource file path character string in the second resource information table, and obtaining all target RES directories corresponding to the obtained resource file path character strings in the second resource information table;
and D6, traversing the second resource information table, the target RES directory, the APK file to be processed and the R.java file, and modifying all resource file path character strings into corresponding target path character strings.
As an example, the system further includes a preset alphabet, where the preset alphabet includes a-z26 letters, which are randomly scrambled to obtain an alphabet list, where the letters in the alphabet list are numbered from 0 to 25, the obfuscated file name generation program is provided with two integer numbers int1 and int2, the int1 and int2 represent a resource file path character string ID to be obfuscated currently, the int1 and int2 are configured to be 26-ary numbers, decimal numbers corresponding to initial values of int1 and int2 are 0, a base directory name and a preset delimiter are set, the longest digits of int1 and int2 are set to be 4, and the maximum 10-ary number corresponding to int1 or int2 is 26^4-1 ═ 456975.
As an example, the step D4 includes:
d41, calling the confusion file name generation program, acquiring decimal numbers corresponding to the current int1 and int2, and acquiring a current int1 number character corresponding to the current int1 and a current int2 number character corresponding to the current int2 according to the serial numbers of the letters arranged in the preset alphabet;
d42, combining the basic directory name, the preset separator, the current int1 character, the preset separator and the current int2 character in sequence to generate a current confusion character string;
step D43, modifying the character strings except the suffix name in the current resource file path character string to be obfuscated into the current obfuscating character string, and keeping the suffix name unchanged to obtain a target obfuscating file name corresponding to the current resource file path character string to be obfuscated;
and D44, judging whether the current int2 is smaller than 456976, if so, adding 1 to the current int2, returning to the step D41, otherwise, adding 1 to the current int1, resetting 0 to the current int2, and returning to the step D41 until the target obfuscated file names of all resource file path character strings in the second resource information table are obtained.
As an example, the base directory name is "/r", the preset separator is "/", if the obfuscated file name generation program is called for the first time, at this time int1 and int2 are both 0, the 0 character and the 0 character are obtained according to the serial numbers arranged in the preset alphabet, and the generated current obfuscated character string is "/r" + "/" +0 character. And for another example, the path character string of the current resource file to be obfuscated is/res/drawable/ic _ launcher. png- >, and the corresponding target obfuscated file name is/r/a/b.png can be obtained through the steps D41-D44, so that the cracking difficulty of the java program is increased, and the volume of the APK file can be reduced.
The embodiment changes the path character string of the resource file into the name of the target obfuscated file, realizes obfuscation of the resource file, increases the difficulty of cracking the java program, and reduces the volume of the APK file, and because all the path character strings of the resource file in the second resource information table, the target RES directory, the APK file to be processed and the R.java file are synchronously changed, the code execution process is not influenced, but the difficulty of cracking the java program is increased, the source code cannot be directly obtained through decompilation, and the safety of the java program is improved.
The first to fourth embodiments are respectively used for performing decompilation processing on a java program from an aspect, and based on the combination of the two embodiments, a higher effect of preventing decompilation can be obtained, which is specifically described by the following embodiments, for details not disclosed in the following embodiments, please refer to technical details in the first to fourth embodiments:
example V,
On the basis of the first embodiment, the to-be-processed APK file is generated based on the first executable file, the SO file, and the reinforced dex file, and the to-be-processed APK file is combined with the fourth embodiment, that is, the to-be-processed APK file acquired on the basis of the fourth embodiment is subjected to resource file confusion through the fourth embodiment, SO that source codes of the java program are prevented from being decompiled, the security of the java program is further improved, and technical details the same as those of the first embodiment and the fourth embodiment are not repeated herein.
Example six,
The SO file is one of ELF files, and therefore, in the first embodiment, the SO file including the target interpreter is generated, and therefore, the SO file in the first embodiment may be used as the ELF file in the second embodiment to perform the erasing process of the ELF file header, that is, the ELF file to be processed in the second embodiment is defined as the SO file obtained based on all the categories of the preset DAlvik instruction set. Meanwhile, the object code is reinforced based on the embodiment, and the first embodiment and the second embodiment are combined to prevent the source code of the java program from being decompiled, so that the safety of the java program is further improved. The technical details that are the same as those of the first embodiment and the second embodiment are not described herein again.
Example seven,
On the basis of the third embodiment, the first java bytecode processed in the third embodiment through the step C1 to the step C3 may be used as a java bytecode to be processed, the call of the decryption function after the constant string replacement is used as a target code, and the flow in the first embodiment is further executed, so that the decryption function after the constant string replacement is further reinforced, and the third embodiment and the first embodiment are combined to prevent the source code of the java program from being decompiled, thereby further improving the security of the java program. The technical details that are the same as those of the third embodiment and the first embodiment are not described herein again.
Example eight,
Before the resource file confusion is performed in the fourth embodiment, the constant character string of the first java bytecode may be firstly confused in the third embodiment, so that the resource file and the constant character string of the first java bytecode are doubly confused. The technical details that are the same as those of the third embodiment and the fourth embodiment are not described herein again.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. A system for preventing java programs from being decompiled,
the system comprises a preset DAlvik instruction set corresponding to each type of DAlvik instruction, a processor and a memory for storing a computer program, wherein each preset DAlvik instruction set comprises a plurality of DAlvik instructions and an instruction id corresponding to each DAlvik instruction, the instruction id of the DAlvik instruction in each preset instruction set is obtained by disordering and sequencing the DAlvik instruction ids in an original DAlvik instruction set corresponding to the DAlvik instruction type, the instruction id of the DAlvik in each preset DAlvik instruction set is different from the DAlvik instruction id corresponding to the original DAlvik instruction set, and when the computer program is executed by the processor, the following steps are realized:
a1, acquiring all target code segments from java byte codes to be processed;
step A2, converting each target code segment into a corresponding target dex bytecode;
step A3, converting each target dex bytecode into a target instruction set which can be executed by the preset DAlvik instruction set and data corresponding to each target instruction in the target instruction set based on the preset DAlvik instruction set corresponding to all classes of DAlvik instructions, and generating a first executable file based on the target instruction set corresponding to all target dex bytecode and the data corresponding to each target instruction in the target instruction set;
step A4, dynamically generating a target interpreter in an SO file based on the conversion relation between all target dex byte codes and data corresponding to each target instruction in a corresponding target instruction set;
step A5, emptying all target code segments in the java bytecode to be processed, adding corresponding association marks to each code segment to obtain preprocessed java bytecode, converting the preprocessed java bytecode into a reinforced dex file, wherein the association marks are used as start marks of a target interpreter and used for associating data corresponding to a target instruction set corresponding to the association marks and data corresponding to each target instruction in the target instruction set from the first executable file.
2. The system of claim 1,
in the process of executing the consolidated dex file, the following steps are implemented:
step a6, when the position of the association flag is reached, starting the target interpreter, and sequentially acquiring each target instruction in the target instruction set corresponding to the association flag and data corresponding to each target instruction from the first executable file based on the association flag, and loading the target instruction and the data into the memory for execution until the instruction in the target instruction set corresponding to the association flag is executed.
3. The system according to claim 1 or 2, wherein the java bytecode to be processed is a bytecode in a class file corresponding to the android APK or SDK to be processed, and the like.
4. The system according to claim 1 or 2,
the system further comprises a preset first target function list, fields of the first target function list comprise names of target functions and starting addresses corresponding to the target functions, and the a1 comprises:
step A11, traversing the java bytecode to be processed based on the first target function list;
step a12, obtaining a target code segment corresponding to each first target function list based on the start address corresponding to each target function.
5. The system according to claim 1 or 2,
the system further comprises a preset second target function list, the fields of the second target function list comprise the names of target functions, and the a1 comprises:
step A101, in the process of compiling java byte codes to be reinforced, detecting the java byte codes to be reinforced in real time based on the second target function list, and when codes corresponding to target functions compiled in the second target function list are detected, adding preset annotation marks to the initial positions corresponding to the target functions;
step A102, scanning the java bytecode to be reinforced, and acquiring a code segment corresponding to the target function with the annotation mark as a starting position as the target code segment.
6. The system according to claim 1 or 2,
when the computer program is executed by the processor, the step a71 is further implemented, and the first executable file, the SO file and the reinforced dex file are respectively stored in an android APK or an SDK file to be processed.
7. The system according to claim 1 or 2,
when the computer program is executed by the processor, step a701 is further implemented, the first executable file is stored into the SO file, and the SO file and the ruggedized dex file are respectively stored into files to be processed, such as an android APK or an SDK.
8. The system according to claim 1 or 2,
the system also comprises a preset DEX analysis and editing program and an ARSC file analysis and editing program, and a confusion file name generation program, and when the computer program is executed by the processor, the following steps are realized:
step D1, generating an APK file to be processed based on the first executable file, the SO file and the reinforced DEX file, acquiring a resources.
Step D2, acquiring an R.java file from the APK file to be processed based on the R package name information, analyzing the R.java file, and acquiring a first resource information table, wherein a field of the first resource information table comprises a variable name and an int value, the variable name represents the name of the field in a code, and the int value represents a resource id;
step D3, calling the ARSC file analysis and editing program to analyze the resources and ARSC file, and acquiring a second resource information table, wherein the field of the second resource information table comprises a resource ID and a resource character string or a resource file path character string corresponding to the resource ID;
step D4, calling the confusion file name generation program to generate a corresponding target confusion file name for each resource file path character string in the second resource information table;
step D5, obtaining an RES directory corresponding to the APK file to be processed, retrieving the RES directory corresponding to the APK file to be processed based on each resource file path character string in the second resource information table, and obtaining all target RES directories corresponding to the obtained resource file path character strings in the second resource information table;
and D6, traversing the second resource information table, the target RES directory, the APK file to be processed and the R.java file, and modifying all resource file path character strings into corresponding target path character strings.
9. The system of claim 8,
the system further comprises a preset alphabet list, wherein the preset alphabet list comprises letters a-z26 which are randomly disordered to obtain an alphabet list, the letters in the alphabet list are numbered from 0 to 25, two integer numbers int1 and int2 are arranged in the confusion file name generation program, int1 and int2 represent the ID of the current resource file path character string to be confused, int1 and int2 are configured to be 26-system numbers, decimal numbers corresponding to initial values of int1 and int2 are 0, a basic directory name and a preset separator are arranged, the longest digits of int1 and int2 are set to be 4, and the maximum 10-system number corresponding to int1 or int2 is 26^4-1 ═ 456975;
the step D4 includes:
d41, calling the confusion file name generation program, acquiring decimal numbers corresponding to the current int1 and int2, and acquiring a current int1 number character corresponding to the current int1 and a current int2 number character corresponding to the current int2 according to the serial numbers of the letters arranged in the preset alphabet;
d42, combining the basic directory name, the preset separator, the current int1 character, the preset separator and the current int2 character in sequence to generate a current confusion character string;
step D43, modifying the character strings except the suffix name in the current resource file path character string to be obfuscated into the current obfuscating character string, and keeping the suffix name unchanged to obtain a target obfuscating file name corresponding to the current resource file path character string to be obfuscated;
and D44, judging whether the current int2 is smaller than 456976, if so, adding 1 to the current int2, returning to the step D41, otherwise, adding 1 to the current int1, resetting 0 to the current int2, and returning to the step D41 until the target obfuscated file names of all resource file path character strings in the second resource information table are obtained.
10. The system of claim 9,
the base directory name is "/r", and the preset delimiter is "/".
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110383682.9A CN113094667B (en) | 2021-04-09 | 2021-04-09 | System for preventing java program from being decompiled |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110383682.9A CN113094667B (en) | 2021-04-09 | 2021-04-09 | System for preventing java program from being decompiled |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113094667A true CN113094667A (en) | 2021-07-09 |
| CN113094667B CN113094667B (en) | 2022-04-29 |
Family
ID=76675667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110383682.9A Active CN113094667B (en) | 2021-04-09 | 2021-04-09 | System for preventing java program from being decompiled |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113094667B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114780195A (en) * | 2022-04-29 | 2022-07-22 | 济南浪潮数据技术有限公司 | Operation visualization method, device, equipment and storage medium |
| CN115686525A (en) * | 2022-09-09 | 2023-02-03 | 上海和今信息科技有限公司 | Code processing method and device |
| CN115935302A (en) * | 2022-12-13 | 2023-04-07 | 深圳市探鸽智能科技有限公司 | Android installation package generation method and device |
| CN117008971A (en) * | 2023-09-27 | 2023-11-07 | 北京中电华大电子设计有限责任公司 | Conversion method and device of WebAsssembly instruction set |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9762385B1 (en) * | 2015-07-20 | 2017-09-12 | Trend Micro Incorporated | Protection of program code of apps of mobile computing devices |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN108985017A (en) * | 2018-09-26 | 2018-12-11 | 北京京东金融科技控股有限公司 | The reinforcement means and device of application program |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
-
2021
- 2021-04-09 CN CN202110383682.9A patent/CN113094667B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9762385B1 (en) * | 2015-07-20 | 2017-09-12 | Trend Micro Incorporated | Protection of program code of apps of mobile computing devices |
| CN107729725A (en) * | 2017-10-09 | 2018-02-23 | 南京南瑞集团公司 | A kind of Android applications hardened system and method based on virtual machine instructions modification |
| CN108985017A (en) * | 2018-09-26 | 2018-12-11 | 北京京东金融科技控股有限公司 | The reinforcement means and device of application program |
| CN110232262A (en) * | 2019-06-17 | 2019-09-13 | 中金金融认证中心有限公司 | A kind of reinforcement means and system of Android application |
Non-Patent Citations (2)
| Title |
|---|
| 彭守镇: "Android APP加固方案的研究", 《软件工程》 * |
| 李胜广等: "安卓APK代码安全保护技术研究", 《警察技术》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114780195A (en) * | 2022-04-29 | 2022-07-22 | 济南浪潮数据技术有限公司 | Operation visualization method, device, equipment and storage medium |
| CN114780195B (en) * | 2022-04-29 | 2024-02-13 | 济南浪潮数据技术有限公司 | Operation visualization method, device, equipment and storage medium |
| CN115686525A (en) * | 2022-09-09 | 2023-02-03 | 上海和今信息科技有限公司 | Code processing method and device |
| CN115935302A (en) * | 2022-12-13 | 2023-04-07 | 深圳市探鸽智能科技有限公司 | Android installation package generation method and device |
| CN115935302B (en) * | 2022-12-13 | 2023-09-15 | 深圳市探鸽智能科技有限公司 | Android installation package generation method and device |
| CN117008971A (en) * | 2023-09-27 | 2023-11-07 | 北京中电华大电子设计有限责任公司 | Conversion method and device of WebAsssembly instruction set |
| CN117008971B (en) * | 2023-09-27 | 2023-12-29 | 北京中电华大电子设计有限责任公司 | Conversion method and device of WebAsssembly instruction set |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113094667B (en) | 2022-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113094667B (en) | System for preventing java program from being decompiled | |
| CN108733988B (en) | Method for protecting executable program on android platform | |
| CN108932406B (en) | Virtualization software protection method and device | |
| US7707631B2 (en) | Device and method for processing a program code | |
| US5960197A (en) | Compiler dispatch function for object-oriented C | |
| WO2016135729A1 (en) | A method to identify known compilers functions, libraries and objects inside files and data items containing an executable code | |
| CN110825386B (en) | Code compiling method and device and storage medium | |
| CN109271789B (en) | Malicious process detection method and device, electronic equipment and storage medium | |
| WO2018102767A1 (en) | Obfuscating source code sent, from a server computer, to a browser on a client computer | |
| KR101875225B1 (en) | Process, computer program, and device for security of intermediate code of programming for the execution thereof by a virtual machine | |
| US8479177B2 (en) | Attribute based method redirection | |
| CN113094665B (en) | System for preventing java program from being decompiled | |
| CN113094664B (en) | System for preventing android application program from being decompiled | |
| CN112052433A (en) | Virtual protection method, terminal and storage medium for Jar file | |
| CN113704706B (en) | Code reinforcement method and device | |
| CN106933642B (en) | Application program processing method and processing device | |
| JP5496792B2 (en) | Code conversion program, method and system | |
| CN113094666B (en) | System for preventing java program from being decompiled | |
| Alam et al. | Droidclone: Attack of the android malware clones-a step towards stopping them | |
| CN111782239A (en) | Software packaging and source code version information acquisition method, device and storage medium | |
| CN108733990B (en) | Block chain-based file protection method and terminal equipment | |
| CN113849781B (en) | Go language source code confusion method, system, terminal and storage medium | |
| CN115756480A (en) | Android application reinforcement method, system and equipment | |
| CN112114809B (en) | Program code safety protection method, device and storage medium | |
| CN114816436A (en) | Source code analysis device based on disassembling |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |