CN115017542A - Method and system for encrypting and protecting computer file - Google Patents

Method and system for encrypting and protecting computer file Download PDF

Info

Publication number
CN115017542A
CN115017542A CN202210635586.3A CN202210635586A CN115017542A CN 115017542 A CN115017542 A CN 115017542A CN 202210635586 A CN202210635586 A CN 202210635586A CN 115017542 A CN115017542 A CN 115017542A
Authority
CN
China
Prior art keywords
file
key
target file
target
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210635586.3A
Other languages
Chinese (zh)
Inventor
刘志坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210635586.3A priority Critical patent/CN115017542A/en
Publication of CN115017542A publication Critical patent/CN115017542A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

The invention provides a method and a system for protecting file encryption of a computer, and relates to the technical field of information security. The method comprises the following steps: and acquiring the target file, and searching whether a source file attribute record set and a first key exist in the target file. If the file exists, performing unshelling processing on the target file based on the first key, randomly generating a second key, and performing encryption processing on data of the target file based on the second key to obtain a first file; and if the first file does not exist, randomly generating a second key, and encrypting the data of the target file based on the second key to obtain the first file. And finally, simultaneously outputting the decryption program, the ciphertext piece data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program. The scheme provided by the invention is used for encrypting the file, not only has high encryption strength, but also has wide application range of encryption processing, and can realize the decryption of the file without additionally installing a decryption program.

Description

Method and system for encrypting and protecting computer file
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for protecting file encryption of a computer.
Background
With the rapid development of mobile communication technology, the work and life of people are closely related to the intelligent terminal. The user uploads or downloads file data by using the terminal to realize functions of data storage and/or information interaction and the like. Therefore, in order to ensure the security of the document, various effective encryption and decryption techniques have been developed.
In the prior art, in order to prevent the file from being illegally stolen, an output-free protection mode of the file is achieved by closing effective outlets of a computer, such as a U disk, an optical disk, a network and the like, but the file is not protected. Correspondingly, when the file is transferred, the transfer efficiency of the U disk and the optical disk is low, and once the U disk, the optical disk or the account number and the like are stolen, the file is leaked, and the security is low. Therefore, it is an urgent issue to encrypt the file itself to ensure the security of the file.
Disclosure of Invention
The invention aims to provide a method and a system for protecting a computer file in an encryption manner, which can realize the encryption processing of files in any format and improve the safety of the files.
The embodiment of the invention is realized by the following steps:
in a first aspect, an embodiment of the present application provides a method for protecting a computer file from encryption, which includes the following steps:
acquiring a target file, and searching whether a source file attribute record set and a first key exist in the target file;
if the file exists, the target file is subjected to shelling processing based on the first secret key, a second secret key is randomly generated, and data of the target file is subjected to encryption processing based on the second secret key to obtain a first file;
if the target file does not exist, a second secret key is randomly generated, and data of the target file are encrypted based on the second secret key to obtain a first file;
and simultaneously outputting the decryption program, the encrypted file data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
In some embodiments of the present invention, the shelling process specifically includes:
detecting the shell of the target file based on the Ollyclce;
searching a cut-in port for the target file after the shell detection processing;
capturing a memory mapping file of a target file;
and sequentially shelling the target file according to the shell strength based on the cut-in and the memory mapping file.
In some embodiments of the present invention, the shelling process specifically includes:
acquiring all abnormal numbers of the target file based on the Ollyclce;
reloading the target file and staying before the last exception;
for memory break points under the code segment of the Ollyclce, the target file is stopped at the last abnormal position;
and correcting the mapping size of the target file to obtain the target file after shelling.
In some embodiments of the present invention, the step of randomly generating the second key and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of the target file to obtain a first file.
In some embodiments of the present invention, the step of randomly generating the second key and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
dividing data of a target file into a plurality of file blocks;
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of all the file blocks in sequence, and obtaining the first file according to all the obtained encrypted file blocks.
In some embodiments of the present invention, the step of randomly generating the second key, and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
converting the data of the target file into a binary file;
carrying out base64 coding processing on the binary file to obtain a coded file;
and acquiring a second key by using a random algorithm, encrypting the encoded file based on the second key, and performing MD5 algorithm processing on the encrypted encoded file to obtain a first file.
In some embodiments of the invention, the above
The step of performing MD5 algorithm processing on the encrypted encoded file specifically includes:
carrying out disorder processing on the encrypted coding file;
inserting a random character string into a preset position of the encoded file after disorder processing to obtain a salt-added encoded file;
and performing MD5 algorithm processing on the salted code file.
In a second aspect, an embodiment of the present application provides a system for protecting a computer file from encryption, including:
the file acquisition module is used for acquiring a target file and searching whether a source file attribute record set and a first key exist in the target file;
the shelling processing module is used for shelling the target file based on the first key if the target file exists, randomly generating a second key, and encrypting the data of the target file based on the second key to obtain a first file;
the encryption processing module is used for randomly generating a second key if the first key does not exist, and encrypting the data of the target file based on the second key to obtain a first file;
and the file generation module is used for simultaneously outputting the decryption program, the ciphertext piece data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory for storing one or more programs; a processor. The one or more programs, when executed by the processor, implement the method as described in any of the first aspects above.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the method as described in any one of the above first aspects.
Compared with the prior art, the embodiment of the invention has at least the following advantages or beneficial effects:
in the prior art, similarly, Word documents are encrypted by Word software or files are encrypted by compressed software, corresponding programs are required to be installed, and then the files can be decrypted. In the scheme provided by the invention, the decryption program, namely a small section of decryption code corresponding to the encryption processing, is directly output to the tail end of the first file, and then the second file with the decryption program is obtained, so that the encryption program can be encrypted without downloading and installing a specific application program as in the method for encrypting the file in the prior art. In addition, in the scheme provided by the invention, any type of document can be encrypted and protected, the situation that the downloaded and installed application program can only encrypt the document which can be processed in the prior art, the similar Word software can only encrypt the Word document, the encryption capability is limited, the encryption level is low, and the document can be easily cracked is avoided. In a word, the scheme provided by the embodiment of the invention is used for encrypting the file, so that the encryption strength is high, the file is not easy to crack, the encryption processing is not limited by the size and the type of the file, the encryption processing has wide application range, in addition, the file can be decrypted without additionally installing a decryption program, and the transmission and the use of the file data are greatly facilitated.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 is a flow chart of an embodiment of a method for protecting a computer file from encryption according to the present invention;
FIG. 2 is a flowchart illustrating the shelling process according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating the shelling process according to another embodiment of the present invention;
FIG. 4 is a block diagram of an embodiment of a system for cryptographically protecting a computer file according to the present invention;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present invention.
Icon: 1. a file acquisition module; 2. a hulling processing module; 3. an encryption processing module; 4. a file generation module; 5. a memory; 6. a processor; 7. a communication interface.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Some embodiments of the present application will be described in detail below with reference to the accompanying drawings. The embodiments described below and the individual features of the embodiments can be combined with one another without conflict.
Examples
Referring to fig. 1, the method for protecting the file encryption of the computer includes the following steps:
step S101, obtaining a target file and searching whether a source file attribute record set and a first key exist in the target file.
In the above steps, by searching whether the source file attribute record set and the first key exist in the target file, it can be known whether the target file is encrypted by the method or is subjected to shell processing by another method according to the source file attribute record set and the first key, so that repeated encryption processing on the target file can be avoided. And after the shelling processing is carried out on the encrypted data, the encrypted data can be subjected to shelling processing, so that the encrypted data can be conveniently encrypted subsequently.
Illustratively, the search source file attribute record set and the first key are searched from the end of the target file, so that the required information can be quickly searched.
And S102, if the file exists, performing unshelling processing on the target file based on the first key, randomly generating a second key, and performing encryption processing on the data of the target file based on the second key to obtain the first file.
In the above steps, the full name of the added shell is executable program resource compression, which is similar to the effect of WINZIP, but the compressed file can be operated independently. As the name implies, shell adding is to add a shell to an item, but here is the target file. As with the seeds in nature, there is a layer of shells that need to be removed to view the contents of the shell in order to protect themselves. For example, a common way of adding a shell is to implant a code at one end in a binary file, preferentially obtain the control right of the file during operation, and then give the control right back to the original code of the file, so as to hide the true OEP (entry point, to some extent, to prevent the file from being cracked) of the file. The shell processing of the file can play a certain protection role for procedural files, but is not applicable to the files such as texts commonly used by us and cannot protect the cultural and literature contents in the files. In addition, the unshelling processing is to remove the added shell outside the file to obtain the original text data inside, and then encrypt the original text data to obtain the encrypted first file.
For example, the file can be subjected to shelling processing design by adopting the principles of a single-step tracking method, an ESP (electronic stability program) law determining method, a memory mirroring method, an analog tracking method and the like.
Referring to fig. 2, the shelling process specifically includes:
and step S201, detecting the shell of the target file based on the Ollyclce.
In the above steps, since the target file may have undergone various shelling processes, we need to know which shelling processes the target file has undergone in order to accurately remove the shell of the target file. Therefore, the shell detection processing is performed on the target file through the Ollylce, so that the shell penetrated by the target file can be known.
And S202, searching an incision for the target file after the shell detection processing.
In the above steps, the shelling of the target file is performed by hiding the entry of the target file (or using a false entry), and the shelling of the target file can be completed by finding the true entry of the target file.
For example, the real cut-in can be found more quickly by finding the push (push) and pop (pop) of the target file and then finding the cut-in of the target file in the vicinity of the push (push) and pop (pop) of the target file. Where PUSHAD represents the entry point of the target file and POPAD represents the exit point of the file.
In step S203, the memory mapping file of the target file is captured.
In the above steps, the memory mapping is a mapping from a file to a memory, and how to store the target file in the memory of the system kernel can be known by acquiring and analyzing the memory mapping file, so that the subsequent processing of the system kernel is facilitated.
And S204, sequentially shelling the target file according to the shell strength based on the cut-in and the memory mapping file.
In the above steps, the target file is sequentially subjected to shelling processing according to the strength of the shells, so that the target file can be subjected to shelling processing in a standardized manner, and the accurate reliability of the shelling processing result is ensured.
Referring to fig. 3, the shelling process specifically includes:
and S301, acquiring all the abnormal numbers of the target file based on the Ollyclce.
In the above steps, it is considered that the target file may trigger numerous anomalies during the self-decompression process. The inventor finds that the cut-in is mostly near the last abnormal position, so if the position of the last abnormal position of the target file can be located, the position near the last abnormal position of the target file can be emphatically detected, and the position of the cut-in can be quickly found, thereby realizing the subsequent shelling processing.
Exemplarily, the breakpoint setting of the Ollylce can be cleared before all the abnormal numbers of the target file are obtained, so that a more accurate abnormal number can be obtained, the accuracy of obtaining abnormal detection can be effectively improved, and the detection efficiency can be improved.
Step S302, the target file is reloaded and stops before the last exception.
And S303, stopping the target file at the last abnormal position for the memory breakpoint under the code segment of the Ollyclce.
In the above steps, the target file is reloaded, so that the target file stays before the last exception, and then the target file is terminated at the last exception through the memory breakpoint in the code segment of the Ollylce. That is, the entry found near the last exception of the target file is the real entry.
And step S304, correcting the mapping size of the target file to obtain the target file after shelling.
In the above steps, considering that an abnormal assembly code exists in the target file, the target file is deleted and analyzed by using the oval after the target file is terminated at the last abnormal position, so that the image size of the target file is corrected, and the target file which is accurate and pure in data is obtained finally.
Illustratively, when the image size of the target file is corrected, the invalid pointer can be deleted through inputting the table information based on the function of the target file, so that the purity of the target file can be further optimized.
And S103, if the first file does not exist, randomly generating a second key, and encrypting the data of the target file based on the second key to obtain the first file.
In the above steps, when the source file attribute record set and the first key do not exist in the target file, it can be determined that the obtained target file is not encrypted by the method or is not shelled by another method. Therefore, the encrypted first file can be obtained by acquiring a randomly generated second key and then encrypting the target file through the second key.
The second key may be generated randomly, illustratively by a random function of the system.
Referring to fig. 1, the step of randomly generating the second key and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of the target file to obtain a first file.
In the above steps, a unique number that is not reused can be obtained by obtaining the number of seconds of the current system time, and then a unique second key that is not reused can be obtained by processing the data to a certain extent. That is, it will be effective to ensure that the second key generated by the above steps will be a number that will not be reused. The principle of the XOR algorithm is as follows: when one number A and another number B are subjected to XOR operation, another number C is generated, and if C and B are subjected to XOR operation, C is restored to A. That is, the first file is obtained by performing an XOR (exclusive or operation) on the second key and the data of the target file, and then the first file and the second key may be subjected to an XOR operation and restored to the original target file.
For example, a fixed data processing may be added to the number of seconds of the acquired current system time, so as to obtain the second key.
Referring to fig. 1, the step of randomly generating the second key and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
dividing data of a target file into a plurality of file blocks;
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of all the file blocks in sequence, and obtaining the first file according to all the obtained encrypted file blocks.
In the above step, the data of the target file is divided into a plurality of blocks, and all the divided file blocks are subjected to XOR algorithm processing with the second secret key in sequence, so that the encryption effect of the target file is better, and the security of the target file can be effectively enhanced.
For example, when generating the second key, the second number of the acquired current system time may be multiplied by a fixed number by simple addition and subtraction, and then the second key that is not duplicated may be obtained. In addition, when the target file is partitioned, a positive integer in a certain range can be generated through a random number generation function, and then the target file is partitioned into file partitions of random positive integer parts, so that the randomness of file encryption can be further increased, and the encryption effect of the target file is further increased. For example, positive integers in the range of 5 to 10 can be randomly generated, so that the encryption effect of the target file can be further enhanced without wasting too much operation memory. Of course, the number of the partitioned parts in different ranges can be selected according to actual needs.
Referring to fig. 1, the step of randomly generating the second key and encrypting the data of the target file based on the second key to obtain the first file specifically includes:
step S401, converting the data of the target file into a binary file.
In the above steps, it is considered that the target file may be various data, for example, different types of files such as a video file, an audio file, or a text file may be possible. Therefore, the target files can be unified to the same type (converted into binary files), and therefore the target files can be conveniently processed.
And step S402, carrying out base64 encoding processing on the binary file to obtain an encoded file.
In the above steps, by performing base64 encoding processing on the binary file, the binary data contained in any binary file can be encoded into a text file that can be represented by only 64 characters, which facilitates subsequent encryption encoding. And the binary file coded by the base64 can be subjected to inverse operation subsequently to obtain the original binary file, and then the inverse operation is carried out to obtain the original target file. That is, after the target file is subjected to the above processing and the subsequent encryption processing, the original target file with complete content can be obtained through inverse operation, and information contained in the file cannot be lost.
It should be noted that the step of performing base64 encoding processing on the binary file may specifically include: firstly, grouping every three bits of the binary file into one group (less than three bits are supplemented by 0 after the three bits are added), and splitting the binary file into a plurality of groups according to 6 bits of each group; unifying the 0 supplement of less than 8 bits after 6 bits of secondary preparation; converting the binary system after 0 complementing into a 10-system; and taking base64 codes corresponding to the decimal system out of the base64 code table to obtain a code file. For example, when base64 encoding corresponding to decimal is performed to extract decimal from the base64 encoding table, if the original binary file length is not a multiple of 3 and 1 and input data remain, 2 "═ s" may be added after the encoding result, and if 2 input data remain, 1 "═ s" may be added after the encoding result.
And S403, acquiring a second key by using a random algorithm, encrypting the encoded file based on the second key, and performing MD5 algorithm processing on the encrypted encoded file to obtain a first file.
In the above steps, the encoded file is encrypted by the second key, so that the encrypted encoded file is obtained, and then the MD5 algorithm processing is performed on the encrypted encoded file, so that the complete consistency of subsequent file information transmission can be effectively ensured. The first file includes the file processed from the encoded file and the MD5 value calculated from the MD 5. Because of the irreversibility of the MD5 algorithm, the original code cannot be obtained through the MD5 value, that is, the encrypted code file cannot be obtained through decryption, and therefore data cannot be effectively guaranteed not to be decrypted. When the first file is processed subsequently, whether the first file is passive or not can be known by inquiring the state of the MD5, so that the behavior states of tampering and the like possibly existing in the first file can be known in time, and a user can conveniently and timely perform security check on the corresponding file. The method can also perform a certain digital signature function, that is, after the document is initially processed by the MD5 algorithm, the summary information generated by the MD5 algorithm can be recorded, and then the document is regenerated again, the summary information of the document and the summary information are compared, if the two summary information are the same, the two are the same document.
Referring to fig. 1, the step of performing MD5 algorithm processing on the encrypted encoded file specifically includes:
carrying out disorder processing on the encrypted coding file;
inserting a random character string into a preset position of the encoded file after disorder processing to obtain a salt-added encoded file;
and performing MD5 algorithm processing on the salted code file.
In the above steps, the encoded file after the encryption processing is firstly subjected to disorder processing, then the salt processing is performed (the random character string is inserted into the preset position of the encoded file after the disorder processing), and finally the MD5 algorithm processing is performed on the encoded file, so that the difficulty of breaking the MD5 algorithm can be increased. That is, the encryption strength of the MD5 algorithm can be further improved, so that the MD5 algorithm can be more effectively used for verifying whether data has been passive or not and enhancing the effect of the digital signature.
For example, the MD5 algorithm processing can be performed for multiple times when the salt-added coded file is subjected to the MD5 algorithm processing, so that the difficulty of cracking is further enhanced.
And S104, simultaneously outputting the decryption program, the encrypted file data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
In the above step, the decryption program is an attachment of the encryption program, by which the file data processed by the above encryption method will be decrypted; the encrypted file data is file attribute data obtained by subjecting the target file to the above-described encryption processing, and includes information such as a file name, a size, and a second key of the target file. The second file with the decryption program is obtained through output, the decryption program, the ciphertext piece data and the file attribute information record set can be simultaneously output to the tail end of the file of the first file, and therefore corresponding data can be directly obtained from the tail end of the file when the file is conveniently identified and searched in the follow-up process, and the method is simple and fast. It should be noted that, in the prior art, similarly, encrypting a Word document by Word software or encrypting a file by compression software requires installing a corresponding program, and then decrypting the file. In the scheme provided by the invention, the decryption program, namely a small section of decryption code corresponding to the previous encryption processing, is directly output to the end of the first file, and then the second file with the decryption program is obtained, so that the encryption program can be encrypted without installing and downloading a specific application program as in the method for encrypting the file in the prior art. In addition, in the scheme provided by the invention, any type of document can be encrypted and protected, the situation that the downloaded and installed application program can only encrypt the document which can be processed in the prior art, the similar Word software can only encrypt the Word document, the encryption capability is limited, the encryption level is low, and the document can be easily cracked is avoided. In a word, the scheme provided in the implementation of the invention is used for encrypting the file, so that the encryption strength is high, the file is not easy to crack, the encryption processing is not limited by the size and the type of the file, the encryption processing has wide application range, in addition, the file can be decrypted without additionally installing a decryption program, and the transmission and the use of the file data are greatly facilitated.
Based on the same inventive concept, referring to fig. 4, the present invention further provides a system for protecting file encryption of a computer, comprising:
the file acquisition module 1 is used for acquiring a target file and searching whether a source file attribute record set and a first key exist in the target file;
the shelling processing module 2 is configured to, if the target file exists, shell the target file based on the first key, randomly generate a second key, and encrypt data of the target file based on the second key to obtain a first file;
the encryption processing module 3 is used for randomly generating a second key if the first key does not exist, and encrypting the data of the target file based on the second key to obtain a first file;
and the file generation module 4 is used for simultaneously outputting the decryption program, the ciphertext piece data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
For a specific implementation process of the system, please refer to a method for protecting file encryption of a computer provided in the embodiments of the present application, which is not described herein again.
Referring to fig. 5, fig. 5 is a block diagram of an electronic device according to an embodiment of the present invention. The electronic device comprises a memory 5, a processor 6 and a communication interface 7, the memory 5, the processor 6 and the communication interface 7 being electrically connected to each other, directly or indirectly, to enable transmission or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 5 may be used for storing software programs and modules, such as program instructions/modules corresponding to the encryption protection system for computer files provided in the embodiments of the present application, and the processor 6 executes the software programs and modules stored in the memory 5, thereby executing various functional applications and data processing. The communication interface 7 may be used for communication of signaling or data with other node devices.
The Memory 5 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 6 may be an integrated circuit chip having signal processing capabilities. The Processor 6 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
It will be appreciated that the configuration shown in fig. 5 is merely illustrative and that the electronic device may include more or fewer components than shown in fig. 5 or have a different configuration than shown in fig. 5. The components shown in fig. 5 may be implemented in hardware, software, or a combination thereof.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist alone, or two or more modules may be integrated to form an independent part.
The above-described functions, if implemented in the form of software functional modules and sold or used as a separate product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (10)

1. A method for protecting the file encryption of a computer is characterized by comprising the following steps:
acquiring a target file, and searching whether a source file attribute record set and a first key exist in the target file;
if the file exists, the target file is subjected to shelling processing based on the first secret key, a second secret key is randomly generated, and data of the target file is subjected to encryption processing based on the second secret key to obtain a first file;
if the target file does not exist, a second secret key is randomly generated, and data of the target file are encrypted based on the second secret key to obtain a first file;
and simultaneously outputting the decryption program, the encrypted file data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
2. The method for protecting the file encryption of the computer according to claim 1, wherein the de-shelling process comprises:
detecting the shell of the target file based on the Ollyclce;
searching a cut-in port for the target file after the shell detection processing;
capturing a memory mapping file of a target file;
and sequentially shelling the target file according to the shell strength based on the cut-in and the memory mapping file.
3. The method for cryptographically protecting a computer file as recited in claim 1, wherein said step of de-shelling comprises:
acquiring all abnormal numbers of the target file based on the Ollyclce;
reloading the target file and staying before the last exception;
for memory break points under the code segment of the Ollyclce, the target file is stopped at the last abnormal position;
and correcting the mapping size of the target file to obtain the target file after shelling.
4. The method for protecting file encryption of a computer according to claim 1, wherein the step of randomly generating a second key and encrypting data of the target file based on the second key to obtain the first file specifically comprises:
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of the target file to obtain a first file.
5. The method for protecting file encryption of a computer according to claim 1, wherein the step of randomly generating a second key and encrypting data of the target file based on the second key to obtain the first file specifically comprises:
dividing data of a target file into a plurality of file blocks;
acquiring and generating a second key based on the second of the current system time;
and carrying out XOR algorithm processing on the second key and the data of all the file blocks in sequence, and obtaining the first file according to all the obtained encrypted file blocks.
6. The method for protecting file encryption of a computer according to claim 1, wherein the step of randomly generating a second key and encrypting data of the target file based on the second key to obtain the first file specifically comprises:
converting the data of the target file into a binary file;
carrying out base64 coding processing on the binary file to obtain a coded file;
and acquiring a second key by using a random algorithm, encrypting the encoded file based on the second key, and performing MD5 algorithm processing on the encrypted encoded file to obtain a first file.
7. The method for protecting the file encryption of the computer according to claim 6, wherein the step of performing the MD5 algorithm processing on the encrypted encoded file specifically includes:
carrying out disorder processing on the encrypted coding file;
inserting a random character string into a preset position of the encoded file after disorder processing to obtain a salt-added encoded file;
and performing MD5 algorithm processing on the salted code file.
8. A system for cryptographically protecting a computer file, comprising:
the file acquisition module is used for acquiring a target file and searching whether a source file attribute record set and a first key exist in the target file;
the shelling processing module is used for shelling the target file based on the first key if the target file exists, randomly generating a second key, and encrypting the data of the target file based on the second key to obtain a first file;
the encryption processing module is used for randomly generating a second key if the first key does not exist, and encrypting the data of the target file based on the second key to obtain a first file;
and the file generation module is used for simultaneously outputting the decryption program, the ciphertext piece data and the file attribute information record set to the tail end of the first file based on encryption processing to obtain a second file with the decryption program.
9. An electronic device, comprising:
a memory for storing one or more programs;
a processor;
the one or more programs, when executed by the processor, implement the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202210635586.3A 2022-06-06 2022-06-06 Method and system for encrypting and protecting computer file Withdrawn CN115017542A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210635586.3A CN115017542A (en) 2022-06-06 2022-06-06 Method and system for encrypting and protecting computer file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210635586.3A CN115017542A (en) 2022-06-06 2022-06-06 Method and system for encrypting and protecting computer file

Publications (1)

Publication Number Publication Date
CN115017542A true CN115017542A (en) 2022-09-06

Family

ID=83072592

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210635586.3A Withdrawn CN115017542A (en) 2022-06-06 2022-06-06 Method and system for encrypting and protecting computer file

Country Status (1)

Country Link
CN (1) CN115017542A (en)

Similar Documents

Publication Publication Date Title
US8850583B1 (en) Intrusion detection using secure signatures
US10586026B2 (en) Simple obfuscation of text data in binary files
US20120317421A1 (en) Fingerprinting Executable Code
CN103530535A (en) Shell adding and removing method for Android platform application program protection
CN109241484B (en) Method and equipment for sending webpage data based on encryption technology
CN107077540B (en) Method and system for providing cloud-based application security services
JP6120961B2 (en) Generation and verification of alternative data with a specific format
CN112001376B (en) Fingerprint identification method, device, equipment and storage medium based on open source component
US11907379B2 (en) Creating a secure searchable path by hashing each component of the path
CN112437060B (en) Data transmission method and device, computer equipment and storage medium
US7599492B1 (en) Fast cryptographic key recovery system and method
CN108431819B (en) Method and system for protecting client access to service of DRM agent of video player
US8700918B2 (en) Data masking
CN110135154B (en) Injection attack detection system and method for application program
CN108537010A (en) AES (advanced encryption standard) algorithm-based Android application Native shell encryption method
CN109145639B (en) File encryption method, file decryption method and file encryption device
CN113177193A (en) Watermark adding method, watermark verifying method and terminal equipment
CN107169370A (en) The encryption method and encryption device of executable file
CN115567212A (en) File processing method and device, computer equipment and computer readable storage medium
CN114547653B (en) Encryption method, decryption method, device, equipment and medium for development environment
CN114422209B (en) Data processing method, device and storage medium
CN115017542A (en) Method and system for encrypting and protecting computer file
CN115935299A (en) Authorization control method, device, computer equipment and storage medium
KR102083415B1 (en) Apparatus and method for decrypting encrypted files
CN111291387B (en) File protection method and file processing system thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220906