CN115688058A - Code obfuscation method, apparatus, device and medium - Google Patents

Code obfuscation method, apparatus, device and medium Download PDF

Info

Publication number
CN115688058A
CN115688058A CN202211036815.6A CN202211036815A CN115688058A CN 115688058 A CN115688058 A CN 115688058A CN 202211036815 A CN202211036815 A CN 202211036815A CN 115688058 A CN115688058 A CN 115688058A
Authority
CN
China
Prior art keywords
code
obfuscation
obfuscating
class
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211036815.6A
Other languages
Chinese (zh)
Inventor
王雪霏
旷亚和
姜城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202211036815.6A priority Critical patent/CN115688058A/en
Publication of CN115688058A publication Critical patent/CN115688058A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The disclosure provides a code obfuscation method, and relates to the field of information security. The method comprises the following steps: classifying elements in the code content to be obfuscated to obtain N classification results, wherein the N classification results comprise at least one of a numerical class, a composite class and other classes, and the other classes comprise at least one of a character class, a character string class and a Boolean class; matching a corresponding code obfuscating strategy for each element according to a corresponding relation and a classification result of each element, wherein the corresponding relation comprises a corresponding relation between each classification result and at least one code obfuscating strategy, and the at least one code obfuscating strategy comprises at least one of a time obfuscating strategy, a memory obfuscating strategy and a file obfuscating strategy; and code obfuscating each element according to the matched code obfuscation strategy. The present disclosure also provides a code obfuscation apparatus, device, storage medium and program product.

Description

Code obfuscation method, apparatus, device and medium
Technical Field
The present disclosure relates to the field of information security, and more particularly, to a code obfuscation method, apparatus, device, medium, and program product.
Background
Code obfuscation (Code fusion) is used as a Code protection technology, and can effectively prevent attackers from acquiring program internal sensitive information or program vulnerabilities by using methods such as reverse analysis and the like. The basic idea is to convert the code of a computer program into a functionally equivalent, but formally more difficult to read and understand, obfuscated code.
Code obfuscation may be used for both program source code and intermediate code into which the program is compiled. The existing code obfuscation strategy usually adopts a disordered code format, and the names of various elements in the code, such as variables, functions and classes, are rewritten into meaningless names, a for loop is rewritten into a while loop, a loop is rewritten into a recursion, intermediate variables are simplified, and the like, so that the difficulty in decompilation is increased.
Disclosure of Invention
In carrying out the inventive concepts of the present disclosure, the inventors discovered: the existing code obfuscation strategy is easily identified by the existing anti-obfuscation tool, so that the program call flow is identified, and the protection effect is poor.
In view of the foregoing, the present disclosure provides a code obfuscation method, apparatus, device, medium, and program product that makes it difficult for an anti-obfuscation tool to identify, thereby protecting code integrity and confidentiality.
One aspect of the disclosed embodiments provides a code obfuscation method, including: classifying elements in the code content to be obfuscated to obtain N classification results, wherein the N classification results comprise at least one of a numerical class, a composite class and other classes, the other classes comprise at least one of a character class, a character string class and a Boolean class, and N is an integer greater than or equal to 1; matching a corresponding code obfuscating strategy for each element according to a corresponding relation and a classification result of each element, wherein the corresponding relation comprises a corresponding relation between each classification result and at least one code obfuscating strategy, and the at least one code obfuscating strategy comprises at least one of a time obfuscating strategy, a memory obfuscating strategy and a file obfuscating strategy; and code obfuscating each element according to the matched code obfuscation strategy.
According to an embodiment of the present disclosure, the first element is any element in the content of the code to be obfuscated, and if the first element is a composite class, before the matching of the corresponding code obfuscation policy for each element, the method further includes: resolving the first element to obtain M sub-elements, wherein M is an integer greater than or equal to 1; and classifying the M sub-elements to obtain a classification result of each sub-element, wherein the classification result of each sub-element comprises at least one of a numerical class, a composite class and other classes.
According to an embodiment of the present disclosure, the second element is any element in the content of the code to be obfuscated, and if the second element is a numerical class, the method further includes: the matching of the corresponding code obfuscation policy for each of the elements includes: matching the time-obfuscating policy for the second element; the code obfuscating each of the elements according to the matched code obfuscation policy comprises: determining a sleep time or a delay time according to the value of the second element; code obfuscating the second element according to the sleep time or delay time.
According to an embodiment of the present disclosure, the code obfuscating the second element according to the sleep time or delay time includes: acquiring a first current time; acquiring a second current time after sleeping or delaying for a preset time; representing the second element according to a difference between the first current time and the second current time.
According to an embodiment of the present disclosure, the third element is any one of the elements in the content of the code to be obfuscated, and if the third element is a numerical class, the third element is: the matching of the corresponding code obfuscation policy for each of the elements includes: matching the memory obfuscation policy to the third element; the code obfuscating each of the elements according to the matched code obfuscation policy comprises: determining the memory read operation or write operation of a preset number of times according to the value of the third element; and performing code obfuscation on the third element according to the memory read operation or write operation of the preset times.
According to an embodiment of the present disclosure, a fourth element is any element in the content of the code to be obfuscated, if the fourth element is associated with a control flow statement, where: the matching of the corresponding code obfuscation policy for each of the elements includes: matching the fourth element with the file confusion strategy, wherein the fourth element is any one of a numerical class, a composite class and other classes; the code obfuscating each of the elements according to the matched code obfuscation policy comprises: storing the fourth element and/or the value of the fourth element in a file; code obfuscation is performed according to the fourth element and/or a position index of the value of the fourth element in the file.
According to an embodiment of the present disclosure, after writing the fourth element and/or the value of the fourth element to the file, the method further comprises: and encrypting the file and/or the position index in the file.
Another aspect of the disclosed embodiments provides a code obfuscation apparatus, including: the type determining module is used for classifying elements in the code content to be obfuscated to obtain N classification results, wherein the N classification results comprise at least one of a numerical class, a composite class and other classes, the other classes comprise at least one of a character class, a character string class and a Boolean class, and N is an integer greater than or equal to 1; the strategy matching module is used for matching a corresponding code obfuscation strategy for each element according to a corresponding relation and a classification result of each element, wherein the corresponding relation comprises a corresponding relation between each classification result and at least one code obfuscation strategy, and the at least one code obfuscation strategy comprises at least one of a time obfuscation strategy, a memory obfuscation strategy and a file obfuscation strategy; and the obfuscation processing module is used for performing code obfuscation on each element according to the matched code obfuscation strategy.
The code obfuscation device comprises modules for performing the steps of the code obfuscation method as any one of the above.
Another aspect of the disclosed embodiments provides an electronic device, including: one or more processors; a storage device to store one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method as described above.
Another aspect of the embodiments of the present disclosure also provides a computer-readable storage medium having executable instructions stored thereon, which when executed by a processor, cause the processor to perform the method as described above.
Yet another aspect of the disclosed embodiments provides a computer program product comprising a computer program that when executed by a processor implements the method as described above.
One or more of the above embodiments have the following advantageous effects: according to different data types of each element in the content of the code to be obfuscated, different code obfuscating strategies are matched, and the matched code obfuscating strategies are used for code obfuscating each element, so that a more flexible and efficient code protection effect is achieved. Different obfuscation means can be adopted for different data types in the code through one or more novel obfuscation strategies in a time obfuscation strategy, a memory obfuscation strategy and a file obfuscation strategy, original call flow of the program is obscured, anti-obfuscation difficulty is increased, call flow tracking analysis cannot be conducted on the program through tools or software, and safety level of the obfuscated code is effectively improved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram for code obfuscation according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow diagram of a code obfuscation method according to an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow diagram of a time obfuscation policy according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow diagram for code obfuscating a second element, in accordance with an embodiment of the disclosure;
FIG. 5 schematically illustrates a flow diagram of a memory obfuscation policy according to an embodiment of the disclosure;
FIG. 6 schematically illustrates a flow diagram of a file obfuscation policy according to an embodiment of the present disclosure;
FIG. 7 schematically illustrates a flow diagram of a code obfuscation method according to another embodiment of the present disclosure;
FIG. 8 schematically illustrates a flow diagram of a code obfuscation method according to another embodiment of the present disclosure;
fig. 9 schematically shows a flow chart of a correspondence relationship according to an embodiment of the present disclosure;
FIG. 10 schematically illustrates a block diagram of a code obfuscation apparatus according to an embodiment of the present disclosure; and
FIG. 11 schematically illustrates a block diagram of an electronic device suitable for implementing a code obfuscation method according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "A, B and at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Fig. 1 schematically illustrates an application scenario diagram of code obfuscation according to an embodiment of the present disclosure.
As shown in fig. 1, the application scenario 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. Network 104 is the medium used to provide communication links between terminal devices 101, 102, 103 and server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the code obfuscation method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the code obfuscation apparatus provided by the disclosed embodiments may be generally disposed in the server 105. The code obfuscation method provided by the embodiments of the present disclosure may also be performed by a server or a cluster of servers different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the code obfuscation apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The code obfuscation method of the embodiment of the present disclosure will be described in detail below through fig. 2 to 9 based on the scenario described in fig. 1.
FIG. 2 schematically shows a flow diagram of a code obfuscation method according to an embodiment of the disclosure.
As shown in fig. 2, the code obfuscation method of this embodiment includes operations S210 to S230.
In operation S210, elements in the code content to be obfuscated are classified to obtain N classification results, where the N classification results include at least one of a numeric class, a composite class, and other classes, the other classes include at least one of a character class, a character string class, and a boolean class, and N is an integer greater than or equal to 1.
Illustratively, the code includes computer language instructions written by a programmer in a programming language supported by the development tool. Elements may include independent symbols, values, variables, constants, letters, classes, functions or methods, etc. in each line of code.
For example, variables, constant elements, and/or variables in the code may be classified into numeric types, and at least one of a character class, a character string class, and a boolean class may be classified into other classes. A composite class element may include multiple sub-elements such as a numerical class, other classes, and other composite classes. A compound class may refer to a type of data, including, for example, a key-value group, a structure or an array, etc.
In operation S220, a corresponding code obfuscation policy is matched for each element according to a corresponding relationship and a classification result of each element, where the corresponding relationship includes a corresponding relationship between each classification result and at least one code obfuscation policy, and the at least one code obfuscation policy includes at least one of a time obfuscation policy, a memory obfuscation policy, and a file obfuscation policy.
For example, the correspondence relationship may be preset, that is, each classification result corresponds to at least one code obfuscation policy. Time obfuscation policies hide the variable value transfer process by converting elements (e.g., variables, constant values) in the program code to program sleep or latency times. The memory obfuscating strategy carries out memory read/write operation for a certain number of times according to the value of the variable/constant to be obfuscated, and replaces the original variable/constant value with the number of times of the memory operation to realize code obfuscation. The file obfuscation strategy is to store the elements related to the control flow in the program codes into an independent file after processing, perform code obfuscation according to the position indexes of the elements and/or the values of the elements in the file, and read the corresponding contents of the file to execute the program when calling.
In operation S230, code obfuscation is performed on each element according to the matched code obfuscation policy.
Illustratively, according to the classification result of each element, code obfuscation is performed from matching to a code obfuscation policy in the corresponding relation. From the final obfuscation result, it may be obtained by using a plurality of obfuscation strategies, further increasing the difficulty of decompilation.
According to the embodiment of the disclosure, different code obfuscation strategies are matched according to different data types of each element in the content of the code to be obfuscated, and the matched code obfuscation strategies are used for code obfuscation of each element, so that a more flexible and efficient code protection effect is achieved. Different obfuscation means can be adopted for different data types in the code through one or more obfuscation strategies of a time obfuscation strategy, a memory obfuscation strategy and a file obfuscation strategy, original call flow of the program is blurred, anti-obfuscation difficulty is increased, call flow tracking analysis cannot be carried out on the program through tools or software, and safety level of the obfuscated code is effectively improved.
Fig. 3 schematically illustrates a flow diagram of a time obfuscation policy according to an embodiment of the present disclosure.
The second element is any element in the content of the code to be obfuscated, and if the second element is a numerical class, as shown in fig. 3, the numerical class code obfuscation of this embodiment includes operations S310 to S330. Operation S310 is one embodiment of operation S220, and operations S320 and S330 are one embodiment of operation S230.
In operation S310, a time obfuscation policy is matched for the second element.
In operation S320, a sleep time or a delay time is determined according to the value of the second element.
Since the second element is a numerical class, which may be a variable or a constant, the value or constant of the variable may be characterized by time. Sleep time may be obtained by a sleep instruction sleep that may cause program execution to pause or hibernate for a period of time. The delay time may be obtained by delaying an instruction that causes the program to execute to the second element by a predetermined time.
In operation S330, the second element is code-obfuscated according to the sleep time or the delay time.
Illustratively, for statements in the code, such as conditional statements if (a < 3), which contain assignments, conditional branches, etc. of numeric variables/constants, in order to hide the second element a, so that the anti-aliasing tool cannot identify the program flow related to a, a time-based context-free intermediate equivalent representation is introduced for the position with the variable a instead of a, i.e. the value of the variable a is represented by sleep time or delay time.
According to the embodiment of the disclosure, the variable value transfer process is hidden by converting the variable/constant value in the program code into the program sleep and delay time, the identification difficulty of the variable value transfer is increased, and the vulnerability of the program is protected.
FIG. 4 schematically shows a flow diagram for code obfuscation of a second element according to an embodiment of the disclosure.
As shown in fig. 4, code obfuscating the second element according to the sleep time or the delay time in operation S330 includes operations S410 to S430.
In operation S410, a first current time is acquired.
In operation S420, after sleeping or delaying for a predetermined time, a second current time is acquired.
In operation S430, a second element is represented according to a difference value between the first current time and the second current time.
Illustratively, the code to be obfuscated is as follows:
if(a<3)
{do something}
else
{do other things}
the obfuscated pseudo-code is as follows:
int beginTime=getDate();
sleep (a); sleep for a seconds.
int endTime=getDate();
if(endTime-beginTime<3)
{do something}
else
{do other things}
Referring to the obfuscated pseudo code, getDate () is used to obtain the current time, beginTime being the start time, i.e., the first current time. endTime is the end time, i.e., the second current time. if (endTime-beginnTime < 3) is used to characterize if (a < 3). Specifically, the current time t is acquired first 1 Then sleep or delay a seconds (where a denotes the a variable value, i.e. 2 seconds if a = 2), then acquire the current time t again 2 At this time, the value of a can be used (t) 2 -t 1 ) Indicating that the conditional statement changed to if (t) 2 -t 1 < 3), the transmission process of a is successfully hidden, and the purpose of confusion is achieved.
FIG. 5 schematically illustrates a flow diagram of a memory obfuscation policy according to an embodiment of the disclosure.
The third element is any element in the content of the code to be obfuscated, and if the third element is a numerical class, as shown in fig. 5, the code obfuscation of this embodiment includes operations S510 to S530. Operation S510 is one of the embodiments of operation S220, and operations S520 and S530 are one of the embodiments of operation S230.
In operation S510, a memory obfuscation policy is matched for the third element.
In operation S520, a predetermined number of memory read operations or write operations are determined according to the value of the third element.
In operation S530, code obfuscation is performed on the third element according to a predetermined number of memory read operations or write operations.
Illustratively, the basic idea of the memory obfuscation policy of this embodiment is to perform a certain number of memory read/write operations according to the value of the variable/constant (i.e., the third element) to be obfuscated, and replace the original variable/constant value with the number of memory operations in the code, thereby implementing code obfuscation.
The predetermined number of times may be the same as or different from the value of the third element, and the value of the third element is processed. For example, when the value of the third element is small, if a =2, the predetermined number is also 2, that is, two memory operations are performed, and the number of the memory operations is taken to replace a. When the value of the third element is larger, an algorithm can be designed to reduce the number of reading/writing times, and the original value of the third element can be recovered by the same algorithm when the algorithm is called. If the read-write times are a/2, the original value is restored by multiplying the read-write times by 2 during calling. For another example, a may be subjected to a modulo operation, reduced by a predetermined number of times, and then called to obtain the original value of the third element in reverse according to the modulo process (for example only).
Illustratively, the code to be obfuscated is as follows:
if(a<3)
{do something}
else
{do other things}
the obfuscated pseudo-code is as follows:
Figure BDA0003817544640000101
referring to the obfuscated pseudo code, if a has a value of 2, two memory operations are implemented by tmp.add ("0") and tmp.add ("1"), and the number of reads/writes is represented by tmp.size (), instead of a, for obfuscation purposes. Since tmp.size () is 2, the same effect as the original code can be achieved at the call runtime. When tmp.size () is not equal to a, the original value of a may be obtained reversely according to the content of the above-mentioned reduction times, which is not described herein.
According to the embodiment of the disclosure, compared with explicit calling, the program understanding difficulty is increased and the analysis tool is prevented from cracking through the memory confusion strategy.
FIG. 6 schematically shows a flow diagram of a file obfuscation policy according to an embodiment of the disclosure.
The fourth element is any element in the content of the code to be obfuscated, and if the fourth element is associated with a control flow statement, as shown in fig. 6, the code obfuscation of this embodiment includes operations S610 to S630. Operation S610 is one of the embodiments of operation S220, and operations S620 and S630 are one of the embodiments of operation S230.
In operation S610, a file obfuscation policy is matched for the fourth element.
Illustratively, the fourth element may be any one of a numeric class, a compound class, and other classes, in other words, whether the fourth element is a numeric class or a compound class, or other classes, may match the file obfuscation policy.
The control flow statement is a flow control statement, and can control selection, circulation, turning, returning and the like of a program flow. The fourth element included in association with the control flow statement is an element in the control flow statement.
In some embodiments, the operation S210 of classifying the elements in the code content to be obfuscated includes: whether or not a control flow statement is associated may be classified first and then sub-classified as a numeric class, a compound class, or other class. File obfuscation policies may be directly matched to each element in the control flow statement.
In operation S620, the fourth element and/or a value of the fourth element is stored in a file;
if the fourth element is a constant or a variable, the constant or the variable may be stored in a file, and if the fourth element is a function/method name or a class name, the fourth element may be stored in a file. If the fourth element is a compound class, the fourth element can be further analyzed and classified and stored in a file.
In operation S630, code obfuscation is performed according to the fourth element and/or a position index of the value of the fourth element in the file.
According to the embodiment of the disclosure, a program is traversed, and each element in a control flow statement in program code (i.e. code content to be obfuscated) is recorded in a file in the form of key-value, where key is a position index (e.g. line number, each value is stored as a line) of a storage element in the file, value is a storage element or a specific value, and in the code, the storage element or the real value is replaced by an index value in the file, so as to implement code obfuscation. The position index may be determined in storage order, randomly, or by the position of the element in the program code.
Illustratively, the code to be obfuscated is as follows:
if(a<3)
{do something}
else
{do other things}
the obfuscated pseudo-code is as follows:
Figure BDA0003817544640000121
referring to the obfuscated pseudo code, key is line1, value is the value of a in the file, and its position is in the first line. And (4) performing code obfuscation by using line1 instead of a, and reading a from the file according to the line1 when calling. And similarly, the real code operation can be read from the file according to the position index.
On the basis, the file can be subjected to security processing (such as internal network and hierarchical authority access) to improve the cracking difficulty.
In some embodiments, after writing the fourth element and/or the value of the fourth element to the file, the method may further include: and encrypting the file and/or the position index in the file.
Illustratively, the encryption of the file and/or the location index is accomplished using an encryption algorithm, such as a symmetric IDEA algorithm, an asymmetric RSA algorithm, or an irreversible AES algorithm. The same encryption algorithm may be used for different position indexes, or different encryption algorithm corresponding relationships may be preset for position indexes of different elements, or position indexes corresponding to different types of elements, for example, when the type is a numerical type, a composite type, or other types, one encryption algorithm is configured for each type, and when the type is a service type, for example, in a transaction service code, one encryption algorithm is configured for an element in a code block for which a signature is verified, and another encryption algorithm is configured for an element in a code block for which a payment is made. For example, when each element is stored in a file, a position index is allocated to each element to assign a key, then the key is encrypted, and finally the position of the key-value of the element in the file is disturbed. In this case, even if the key in the file before encryption is line1 and the value is a and is located in the first line, the key may not be in the first line after the scramble, but the key is line1 after encryption. When the program runs, the file is decrypted, and the real code is read out from the file according to the position index.
According to the embodiment of the disclosure, the security level of the code is further improved by carrying out encryption processing on the file and/or the position index in the file, and the program cracking difficulty is increased.
FIG. 7 schematically shows a flow diagram of a code obfuscation method according to another embodiment of the present disclosure.
The first element is any element in the content of the code to be obfuscated, and if the first element is a composite class, before matching the corresponding code obfuscating policy for each element, as shown in fig. 7, the code obfuscating method of this embodiment includes operations S210 to S230 and operations S710 to S720. The operations S210 to S230 can refer to the foregoing contents, and are not described herein again.
In operation S710, the first element is parsed to obtain M sub-elements, where M is an integer greater than or equal to 1.
Taking the first element as an array (combination of multiple key-value pairs) of key-value pairs, for example, the payment status in the payment process defines multiple values according to the stage of the business process where it is located: start, pay-and-end. The Key Value of the first element may be a payment identifier, and the Value may be a plurality of enumerated Key-Value values corresponding to the beginning, the middle, and the end of the payment.
In operation S720, the M sub-elements are classified to obtain a classification result of each sub-element, where the classification result of each sub-element includes at least one of a numerical class, a composite class, and other classes.
In this case, each Key-Value corresponding to the start, the payment neutralization, and the end is obtained by parsing, and a specific Value thereof is classified. Wherein a sub-element may include each Key or each Value.
Referring to fig. 7, elements in operations S220 and S230 include an element for which the first classification in operation S210 is directed and a sub-element in operation S710.
According to the embodiment of the disclosure, the code obfuscation is performed after the composite element is analyzed, so that the code obfuscation granularity is further refined, the code obfuscation complexity is increased, and the cracking difficulty is improved.
It should be noted that any two of the first element, the second element, the third element and the fourth element in the present disclosure may be the same or different, and they are merely referred to elements for easy understanding and are meant to be limitations of the present disclosure.
In other embodiments, the compound class element may not be parsed, such as by encrypting the name of the compound class element or by code obfuscation using a file obfuscation policy.
Fig. 8 schematically illustrates a flow diagram of a code obfuscation method according to another embodiment of the present disclosure. Fig. 9 schematically shows a flowchart of a correspondence relationship according to an embodiment of the present disclosure.
As shown in fig. 8, the code obfuscation method of this embodiment includes operations S810 to S840.
In operation S810, a package of code to be obfuscated is uploaded to an obfuscation server by a user.
In operation S820, the user sets a code block to be protected in the code packet to be obfuscated and characteristics corresponding to the code block, and divides the data type.
Illustratively, a user may set all codes to be obfuscated, or may set a part of code blocks therein to be obfuscated as the contents of the codes to be obfuscated. The code block features may include features of the code block that are functional in a transaction, such as payment functions in a transaction.
In operation S830, different obfuscation techniques are selected to perform obfuscation on the code block to be protected according to the obtained characteristics of the code block and the data type.
For example, part of sensitive elements in the code block may be determined as the content of the code to be obfuscated according to the characteristics of the code block, for example, the code block corresponding to the payment function performs obfuscation processing on sensitive elements such as a card number, a password, or a user stream.
According to the embodiment of the disclosure, the time confusion policy or the memory confusion policy can form a corresponding relation with the numerical value class element, and the file confusion policy can form a corresponding relation with any one element of the numerical value class, the composite class and the other classes. Referring to fig. 9, for example, the numerical class may correspond to a time obfuscation policy, a memory obfuscation policy, and a file obfuscation policy, the child elements after the composite class is analyzed may be processed according to the three obfuscation policies in fig. 9 according to the classification result, and the other classes may correspond to file obfuscation policies.
In operation S840, after all the code blocks are processed, a final obfuscated code packet (i.e., an obfuscated result) is output. Specifically, according to the matched code obfuscation strategy, obfuscating and transforming variables/constants in the code block, and outputting a final obfuscation result.
According to the embodiment of the disclosure, different obfuscation means are adopted for different data types in the code through various obfuscation strategies, and the original call flow of the program is obfuscated, so that the call flow tracking analysis cannot be performed on the program through tools or software, and the security level of the obfuscated code is effectively improved.
Based on the code obfuscation method, the disclosure also provides a code obfuscation device. The apparatus will be described in detail below with reference to fig. 10.
Fig. 10 schematically shows a block diagram of a code obfuscation apparatus according to an embodiment of the present disclosure.
As shown in fig. 10, the code obfuscation apparatus 1000 of this embodiment includes a type determination module 1010, a policy matching module 1020, and an obfuscation processing module 1030.
The type determining module 1010 may perform operation S210, configured to classify elements in the code content to be obfuscated, to obtain N classification results, where the N classification results include at least one of a numeric class, a composite class, and other classes, the other classes include at least one of a character class, a character string class, and a boolean class, and N is an integer greater than or equal to 1.
Illustratively, the type determining module 1010 is configured to divide variables/constants in the code into a numeric value type, a character/character string/boolean type, and a composite type according to characteristics of the program code itself, and from the perspective of each type, each element forms a numeric value type variable/constant set, a character/character string/boolean type variable/constant set, and a composite type variable/constant set.
According to an embodiment of the present disclosure, the type determining module 1010 may further perform operations S710 to S720, which are not described herein.
The policy matching module 1020 may perform operation S220 for matching a corresponding code obfuscation policy for each element according to a correspondence relationship and a classification result of each element, where the correspondence relationship includes a correspondence relationship between each classification result and at least one code obfuscation policy, and the at least one code obfuscation policy includes at least one of a time obfuscation policy, a memory obfuscation policy, and a file obfuscation policy.
The obfuscation processing module 1030 may perform operation S230 for code obfuscating each element according to the matched code obfuscation policy.
According to an embodiment of the present disclosure, the policy matching module 1020 may perform operation S310, and the obfuscation processing module 1030 may include a time-based obfuscation policy unit, where the time-based obfuscation policy unit is configured to perform operations S320 to S330, and operations S410 to S430, which are not described herein again.
According to an embodiment of the present disclosure, the policy matching module 1020 may perform operation S510, and the obfuscation processing module 1030 may include a memory-based obfuscation policy unit, which may perform operation S520, which is not described herein.
According to an embodiment of the present disclosure, the policy matching module 1020 may perform operation S610, and the obfuscation processing module 1030 may include a file-based obfuscation policy unit, which may perform operations S620 to S630, which are not described herein.
According to embodiments of the present disclosure, a file-based obfuscation policy unit may store elements and/or values of elements related to control flow in a file, code obfuscate using their location indexes in the file, and encrypt the file and/or the location indexes in the file.
According to an embodiment of the present disclosure, the code obfuscating apparatus 1000 may include an obfuscation policy configuration module configured to pre-configure one or more obfuscation policies and a correspondence between the classification result and the obfuscation policy, where the module is responsible for selecting a most appropriate obfuscation policy for the protected program code according to the classification result. For example, for numeric type variables/constants, a time-based obfuscation strategy is used or a memory-based obfuscation strategy is used. For compound type variables/constants, a corresponding obfuscation policy is used according to the basic type (numeric or character/string/boolean type) contained in the compound type variable.
It should be noted that the code obfuscation apparatus 1000 includes modules for respectively executing the steps of any one of the embodiments described in fig. 2 to 9. The implementation, solved technical problems, realized functions, and achieved technical effects of each module, unit, sub-unit, etc. in the apparatus part embodiment are respectively the same as or similar to the implementation, solved technical problems, realized functions, and achieved technical effects of each corresponding step in the method part embodiment, and are not described herein again.
According to an embodiment of the present disclosure, any plurality of the type determining module 1010, the policy matching module 1020, and the confusion processing module 1030 may be combined into one module to be implemented, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module.
According to an embodiment of the present disclosure, at least one of the type determination module 1010, the policy matching module 1020, and the obfuscation processing module 1030 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware. Alternatively, at least one of the type determination module 1010, the policy matching module 1020 and the obfuscation processing module 1030 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.
FIG. 11 schematically illustrates a block diagram of an electronic device suitable for implementing a code obfuscation method according to an embodiment of the disclosure.
As shown in fig. 11, an electronic device 1100 according to an embodiment of the present disclosure includes a processor 1101, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.
In the RAM1103, various programs and data necessary for the operation of the electronic device 1100 are stored. The processor 1101, the ROM 1102, and the RAM1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or the RAM 1103. It is to be noted that the programs may also be stored in one or more memories other than the ROM 1102 and the RAM 1103. The processor 1101 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to embodiments of the present disclosure, electronic device 1100 may also include an input, output (I, O) interface 1105, with input, output (I, O) interface 1105 also connected to bus 1104. The electronic device 1100 may also include one or more of the following components connected to the I, O interface 1105: an input section 1106 including a keyboard, mouse, etc. Including an output portion 1107 such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, as well as a speaker and the like. A storage section 1108 including a hard disk and the like. And a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. The driver 1110 is also connected to I, O interface 1105 as needed. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be embodied in the devices, apparatuses, and systems described in the above embodiments. Or the device can exist independently without being assembled into the equipment, the device and the system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 1102 and/or the RAM1103 and/or one or more memories other than the ROM 1102 and the RAM1103 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated by the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system, apparatus of the embodiments of the present disclosure when executed by the processor 1101. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal over a network medium, distributed, and downloaded and installed via the communication portion 1109 and/or installed from the removable media 1111. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The computer program, when executed by the processor 1101, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using a high level procedural and/or object oriented programming language, and/or assembly, machine language. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations or, or combinations of, the features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (11)

1. A code obfuscation method comprising:
classifying elements in the code content to be obfuscated to obtain N classification results, wherein the N classification results comprise at least one of a numerical class, a composite class and other classes, the other classes comprise at least one of a character class, a character string class and a Boolean class, and N is an integer greater than or equal to 1;
matching a corresponding code obfuscating strategy for each element according to a corresponding relation and a classification result of each element, wherein the corresponding relation comprises a corresponding relation between each classification result and at least one code obfuscating strategy, and the at least one code obfuscating strategy comprises at least one of a time obfuscating strategy, a memory obfuscating strategy and a file obfuscating strategy;
and code obfuscating each element according to the matched code obfuscation strategy.
2. The method of claim 1, wherein a first element is any element in the code content to be obfuscated, and if the first element is a composite class, before the matching of the corresponding code obfuscation policy for each of the elements, the method further comprises:
resolving the first element to obtain M sub-elements, wherein M is an integer greater than or equal to 1;
and classifying the M sub-elements to obtain a classification result of each sub-element, wherein the classification result of each sub-element comprises at least one of a numerical class, a composite class and other classes.
3. The method of claim 1, wherein the second element is any element in the code content to be obfuscated, if the second element is a numerical class, wherein:
the matching of the corresponding code obfuscation policy for each of the elements includes: matching the time-obfuscating policy for the second element;
the code obfuscating each of the elements according to the matched code obfuscation policy comprises:
determining a sleep time or a delay time according to the value of the second element;
code obfuscating the second element according to the sleep time or delay time.
4. The method of claim 3, wherein the code obfuscating the second element according to the sleep time or delay time comprises:
acquiring a first current time;
acquiring a second current time after sleeping or delaying for a preset time;
representing the second element according to a difference between the first current time and the second current time.
5. The method according to claim 1, wherein the third element is any one of the elements in the code content to be obfuscated, if the third element is a numerical class, wherein:
the matching of the corresponding code obfuscation policy for each of the elements includes: matching the memory obfuscation policy to the third element;
the code obfuscating each of the elements according to the matched code obfuscation policy comprises:
determining the memory read operation or write operation of a preset number of times according to the value of the third element;
and performing code obfuscation on the third element according to the memory read operation or write operation of the preset times.
6. The method of claim 1, wherein a fourth element is any element in the code content to be obfuscated if the fourth element is associated with a control flow statement, wherein:
the matching of the corresponding code obfuscation policy for each of the elements includes: matching the fourth element with the file confusion strategy, wherein the fourth element is any one of a numerical class, a composite class and other classes;
the code obfuscating each of the elements according to the matched code obfuscation policy comprises:
storing the fourth element and/or the value of the fourth element in a file;
code obfuscation is performed according to the fourth element and/or a position index of the value of the fourth element in the file.
7. The method of claim 6, wherein after writing the fourth element and/or the value of the fourth element to the file, the method further comprises:
and encrypting the file and/or the position index in the file.
8. A code obfuscation device comprising:
the type determining module is used for classifying elements in the code content to be obfuscated to obtain N classification results, wherein the N classification results comprise at least one of a numerical class, a composite class and other classes, the other classes comprise at least one of a character class, a character string class and a Boolean class, and N is an integer greater than or equal to 1;
the policy matching module is used for matching a corresponding code obfuscating policy for each element according to a corresponding relationship and a classification result of each element, wherein the corresponding relationship comprises a corresponding relationship between each classification result and at least one code obfuscating policy, and the at least one code obfuscating policy comprises at least one of a time obfuscating policy, a memory obfuscating policy and a file obfuscating policy;
and the obfuscation processing module is used for performing code obfuscation on each element according to the matched code obfuscation strategy.
9. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method recited in any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 7.
CN202211036815.6A 2022-08-26 2022-08-26 Code obfuscation method, apparatus, device and medium Pending CN115688058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211036815.6A CN115688058A (en) 2022-08-26 2022-08-26 Code obfuscation method, apparatus, device and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211036815.6A CN115688058A (en) 2022-08-26 2022-08-26 Code obfuscation method, apparatus, device and medium

Publications (1)

Publication Number Publication Date
CN115688058A true CN115688058A (en) 2023-02-03

Family

ID=85061038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211036815.6A Pending CN115688058A (en) 2022-08-26 2022-08-26 Code obfuscation method, apparatus, device and medium

Country Status (1)

Country Link
CN (1) CN115688058A (en)

Similar Documents

Publication Publication Date Title
US11303432B2 (en) Label-based double key encryption
JP6545136B2 (en) System and method for encrypted transmission of web pages
Lee et al. {πBox}: A Platform for {Privacy-Preserving} Apps
US11741264B2 (en) Security systems and methods for social networking
US10699023B1 (en) Encryption profiles for encrypting user-submitted data
US11676011B2 (en) Private transfer learning
US11416633B2 (en) Secure, multi-level access to obfuscated data for analytics
US8638935B2 (en) System and method for key space division and sub-key derivation for mixed media digital rights management content
US11582266B2 (en) Method and system for protecting privacy of users in session recordings
CN111163094B (en) Network attack detection method, network attack detection device, electronic device, and medium
CN111163095A (en) Network attack analysis method, network attack analysis device, computing device, and medium
US10049222B1 (en) Establishing application trust levels using taint propagation
CN113282959A (en) Service data processing method and device and electronic equipment
US20150363605A1 (en) Recognizably protecting electronic files
CN112805698A (en) Rendering content protected by multiple DRMs
CN114756833A (en) Code obfuscation method, apparatus, device, medium, and program product
CN115688058A (en) Code obfuscation method, apparatus, device and medium
US11539521B2 (en) Context based secure communication
KR102258638B1 (en) Systems and methods to block JavaScript-based web automation attacks and sniffing
KR102324802B1 (en) Systems and methods for encryption of content request data
CN113095806A (en) Work order processing method and device, electronic equipment and computer readable storage medium
CN112434327A (en) Information protection method and device and electronic equipment
CN110851754A (en) Webpage access method and system, computer system and computer readable storage medium
US9858423B2 (en) Application modification based on a security vulnerability
US11765147B1 (en) System and method for use of filters within a cryptographic process

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination