CN115994370A - Software encryption processing method, device, equipment and medium - Google Patents
Software encryption processing method, device, equipment and medium Download PDFInfo
- Publication number
- CN115994370A CN115994370A CN202310043218.4A CN202310043218A CN115994370A CN 115994370 A CN115994370 A CN 115994370A CN 202310043218 A CN202310043218 A CN 202310043218A CN 115994370 A CN115994370 A CN 115994370A
- Authority
- CN
- China
- Prior art keywords
- area data
- target
- data
- executable file
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 17
- 230000006870 function Effects 0.000 claims description 59
- 238000000034 method Methods 0.000 claims description 42
- 230000008569 process Effects 0.000 claims description 12
- 230000011218 segmentation Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 6
- 230000009471 action Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application discloses a software encryption processing method, device, equipment and medium, comprising the following steps: the embedded device can acquire the encrypted executable file subjected to encryption processing, and the data in the embedded device is prevented from being easily leaked. When the target area data of the encryption executable file is called, the target address range where the target area data is located can be determined based on the address information of the encryption executable file, wherein the target area data is processed by an encryption algorithm. The target area data of the target address range is decrypted to the target RAM area based on an encryption algorithm. That is, the encryption processing can be performed on the data with higher security in the embedded device software, so that the security of the software is improved. When the embedded device executes the encrypted data, the encrypted data can be decrypted to the RAM area, and the data can be prevented from being stolen according to the volatility of the data in the RAM area, so that the safety of software is improved.
Description
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a software encryption processing method, device, apparatus, and medium.
Background
With the popularization of internet technology, the means of network attack are increasing, and network security is also a focus of attention. The same security problems are faced in embedded devices as well. For program codes running in the embedded device, if the program is leaked due to attack by other personnel, the other personnel can grasp the logic of the program running and a plurality of important data (such as encryption and decryption keys) to perform illegal operations to obtain economic benefit. Especially for some consumer electronic products with lower cost, because of the limitations of the cost, development period and other conditions, the available safety protection conditions are very limited, and some products have few safety protection mechanisms, so that the software program is more easily attacked and leaked.
Disclosure of Invention
In view of this, the present application provides a method, apparatus, device and medium for encrypting software of an embedded system, so as to improve the security of the software of the embedded device.
In a first aspect, the present application provides a software encryption processing method, where the method is applied to an embedded device, and the method includes:
acquiring an encrypted executable file subjected to encryption processing;
when target area data of the encryption executable file is called, determining a target address range where the target area data is located based on address information of the encryption executable file, wherein the target area data is processed by an encryption algorithm;
decrypting target area data of the target address range into a target RAM area based on the encryption algorithm, wherein the target RAM area corresponds to the target area.
In one possible implementation, the method further includes:
and after a preset time interval, clearing the data of the target RAM area.
In one possible implementation manner, when the embedded device is a chip, the obtaining the encrypted executable file after the encryption processing includes:
acquiring an initial executable file, wherein the initial executable file is obtained by compiling a program to be processed by a processor, the initial executable file comprises first area data and second area data, and the security level of the second area data is higher than that of the first area data;
when the initial executable file is downloaded, judging whether the downloaded data is second area data or not based on a bootstrap program of the chip, if so, carrying out encryption processing on the second area data based on the encryption algorithm to obtain third area data, and downloading the third area data; and if not, downloading the first area data, wherein the third area data corresponds to the target area data.
In one possible implementation manner, the acquiring process of the initial executable file includes:
the processor determines fourth area data and fifth area data of the to-be-processed program according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data;
the processor performs segmentation processing on the program to be processed based on a redirection configuration file;
and the processor performs compiling processing on the segmented program to be processed to acquire the initial executable file, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data.
In one possible implementation manner, when the fifth area data includes a plurality of functions, the processor is further configured to generate a function table corresponding to the plurality of functions according to a second address range of the fifth area data, where the function table includes names and address information corresponding to the plurality of functions, and the address information indicates addresses stored in the embedded device by the plurality of functions.
In one possible implementation manner, when the target area data of the encrypted executable is called, determining, based on the address information of the encrypted executable, a target address range where the target area data is located includes:
and calling the function table, and determining the address information of the target function in the function table based on the name of the target function.
In one possible implementation manner, the process of acquiring the encrypted executable file includes:
the method comprises the steps that a processor determines fourth area data and fifth area data of a program to be processed according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data;
the processor performs segmentation processing on the program to be processed based on a redirection configuration file;
the processor compiles the segmented program to be processed to obtain an initial executable file, wherein the initial executable file comprises first area data and second area data, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data;
the processor performs encryption processing on the second area data based on the encryption algorithm to obtain the encryption executable file; the processor sends the encrypted executable to the embedded device so that the embedded device downloads the encrypted executable.
In a second aspect, the present application provides a software encryption processing apparatus, the apparatus being applied to an embedded device, the apparatus comprising:
the acquisition unit is used for acquiring the encrypted executable file subjected to encryption processing;
the determining unit is used for determining a target address range where the target area data is located based on the address information of the encryption executable file when the target area data of the encryption executable file is called, wherein the target area data is processed by an encryption algorithm;
and the decryption unit is used for decrypting the target area data of the target address range to a target RAM area based on the encryption algorithm, wherein the target RAM area corresponds to the target area.
In a third aspect, the present application provides a software encryption processing apparatus, the apparatus including: a memory and a processor;
the memory is used for storing related program codes;
the processor is configured to invoke the program code to execute the software encryption processing method according to any implementation manner of the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium, where the computer readable storage medium is configured to store a computer program, where the computer program is configured to execute the software encryption processing method according to any implementation manner of the first aspect.
From this, this application has following beneficial effect:
in the above implementation manner of the present application, in order to improve the security of software in the embedded device, an encrypted executable file that is encrypted may be obtained, so as to prevent data in the embedded device from being easily revealed. When the embedded device executes the encryption executable file, if the target area data of the encryption executable file is called, the target address range where the target area data of the encryption executable file is located can be determined firstly based on the address information of the encryption executable file, wherein the target area data is processed by an encryption algorithm. The target area data of the target address range is then decrypted to a target RAM area based on the encryption algorithm, the target RAM area corresponding to the target area. The non-target area data in the encryption executable file can be directly called. By the software encryption processing method, encryption processing can be performed on data with higher security in the embedded equipment software, so that the security of the software is improved. When the embedded device executes the encrypted data, the encrypted data can be decrypted to the RAM area, and the data can be prevented from being stolen according to the volatility of the data in the RAM area, so that the safety of software is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments provided in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
Fig. 1 is a flowchart of a software encryption processing method provided in an embodiment of the present application;
FIG. 2 is a schematic diagram of a definition function table according to an embodiment of the present application;
fig. 3 is a schematic diagram of a software encryption processing device according to an embodiment of the present application;
fig. 4 is a schematic diagram of a software encryption processing device according to an embodiment of the present application.
Description of the embodiments
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, where the described embodiments are only exemplary implementations of the present application, and not all implementations. Those skilled in the art can combine the embodiments of the present application to obtain other embodiments without inventive faculty, and such embodiments are also within the scope of the present application.
In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, the following first describes a technical background related to the present application.
The embedded system is a special computer system which takes the application as a center and takes the modern computer technology as a basis, and can flexibly cut out software and hardware modules according to the requirements (functions, reliability, cost, volume, power consumption, environment and the like) of users. May be applied to some embedded devices such as chips. An embedded system consists of a hardware system and a software system, and in order for the embedded system to operate, there must be a corresponding program, i.e. some executable code stored in a hardware device, also called executable files.
At present, a relatively common executable file is a Hex file, and the Hex file can be written into a single chip microcomputer and is in a file format executed by the single chip microcomputer. There are various ways of generating the Hex file, and the Hex file may be generated by a program or compiled by a different compiler.
For program codes (executable files) running in the embedded device, if the program leaks due to attack by other people, other people can grasp the logic of running the program and a lot of important data (such as encryption and decryption keys), and illegal operations are performed to obtain economic benefits. Especially for some consumer electronic products with lower cost, because of the limitations of the cost, development period and other conditions, the available safety protection conditions are very limited, and some products have few safety protection mechanisms, so that the software program is more easily attacked and leaked.
Based on the above, the embodiment of the application provides a software encryption processing method so as to improve the security of embedded equipment software. In particular, the embedded device can acquire the encrypted executable file subjected to encryption processing, so that the data in the embedded device is prevented from being easily leaked. When the embedded device executes the encryption executable file, if the target area data of the encryption executable file is called, the target address range where the target area data of the encryption executable file is located can be determined firstly based on the address information of the encryption executable file, wherein the target area data is processed by an encryption algorithm. The target area data of the target address range is then decrypted to a target RAM area based on the encryption algorithm, the target RAM area corresponding to the target area. The non-target area data in the encryption executable file can be directly called. By the software encryption processing method, encryption processing can be performed on data with higher security in the embedded equipment software, so that the security of the software is improved. When the embedded device executes the encrypted data, the encrypted data can be decrypted to the RAM area, and the data can be prevented from being stolen according to the volatility of the data in the RAM area, so that the safety of software is improved.
In order to facilitate understanding of the technical solutions provided by the embodiments of the present application, the following description will be made with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a flowchart of a software encryption processing method provided in an embodiment of the present application.
The method can be applied to the embedded equipment and mainly comprises the following steps:
s101: an encrypted executable is obtained after the encryption processing.
In order to improve the security of software in the embedded device, the program to be executed by the embedded device may be encrypted, so that the data content in the program cannot be decrypted and acquired even after the program leaks. The embodiment of the application provides two methods for encrypting the executable file, namely, after the embedded device acquires the initial executable file which is not subjected to encryption processing, the embedded device performs encryption processing on the initial executable file in the process of downloading the initial executable file into the embedded device, so that the encrypted executable file is downloaded into the embedded device; the other is that the processor performs encryption processing on the initial executable file in advance and then sends the encrypted executable file to the embedded device so that the embedded device can directly download the encrypted executable file. These two methods will be described separately below.
The embedded device encrypts the initial executable file
Before introducing the embedded device to download the initial executable file, the process of acquiring the initial executable file is first introduced. In order to facilitate understanding of the solution of the present application, the fourth area data and the fifth area data are described first.
In order to download the program to be processed into the embedded device, the embedded device executes the program to be processed to realize corresponding functions, and the processor compiles the program to be processed to generate an executable file, so that the embedded device can download the executable file. Specifically, the processor may segment the data of the to-be-processed program according to the security level, and determine fourth area data and fifth area data of the to-be-processed program, where the security level of the fifth area data is higher than the security level of the fourth area data. The security level can be predetermined according to actual requirements, for example, the security level can be divided into important data and common data, and leakage of the important data can cause great loss, for example, encryption and decryption keys or electronic signatures and the like can be used for encryption processing. That is, the fifth area data is important data, and the fourth area data is normal data. The program to be processed includes address information of each data, so that when determining the fourth area data and the fifth area data, a first address range corresponding to the fourth area data and a second address range corresponding to the fifth area data can be determined. The processor may then segment the program to be processed based on the redirection configuration file provided by the compiling environment, that is, segment the fourth region data and the fifth region data, and then compile the program to be processed by the segmentation processing, where the generated initial executable file also follows the segmentation principle. The redirection configuration file may be a Linker file. The compiled initial executable file includes first region data and second region data, wherein the first region data corresponds to the fourth region data, and the second region data corresponds to the fifth region data, that is, the second region data has a higher security level than the first region data.
And then the processor sends the generated initial executable file to the embedded device, and the initial executable file is encrypted and downloaded. When the embedded device is a chip, the chip can be configured with a bootstrap program, such as a BootLoader bootstrap program, so that basic configuration of the chip can be realized, downloading of an external program (executable file) can be realized, and the executable file can be downloaded into a flash of the chip. In one possible implementation manner, when the initial executable file is downloaded, since the first area data and the second area data in the initial executable file both have address information, the boot program of the chip can determine whether the data to be downloaded is the second area data according to the address information, if so, the second area data can be encrypted based on an encryption algorithm to obtain third area data, and the third area data is downloaded to the embedded device; if not, the first area data can be directly downloaded, so that the encrypted executable file subjected to encryption processing is obtained. The encryption algorithm may be a symmetric encryption algorithm, which means an encryption algorithm that encrypts and decrypts using the same key, such as a 3DES algorithm. Alternatively, when the fifth area data of the program to be processed is a plurality of functions, each function may be encrypted using a 3DE algorithm. Since the data length encrypted by the 3DES algorithm is 8 bytes at the minimum, when the length of the function is less than 8 bytes, zero padding can be performed.
It should be noted that, the embodiment of the present application is not limited to the manner in which the embedded device performs the encryption processing on the data.
Encryption processing of initial executable file by processor (II)
According to the above embodiment, the processor may segment the data of the to-be-processed program according to the security level, and determine the fourth area data and the fifth area data of the to-be-processed program, where the security level of the fifth area data is higher than the security level of the fourth area data. Similarly, the processor may perform segmentation processing on the to-be-processed program based on the redirection configuration file provided by the compiling environment, that is, segment processing is performed on the fourth area data and the fifth area data, and then compile processing is performed on the to-be-processed program after the segmentation processing, where the generated initial executable file also follows a segmentation principle, and the initial executable file includes first area data and second area data, where the first area data corresponds to the fourth area data, and the second area data corresponds to the fifth area data. The processor may encrypt the second region data in the initial executable file based on an encryption algorithm, so that the encrypted executable may be obtained, and then send the encrypted executable to the embedded device so that the embedded device may download the encrypted executable.
S102: when the target area data of the encryption executable file is called, determining a target address range where the target area data is located based on the address information of the encryption executable file.
When the embedded device executes the encryption executable file, a target address range where target area data of the encryption executable file is located can be determined according to address information of the encryption executable file, wherein the target area data is data processed by an encryption algorithm. According to the above embodiment, the fourth area data and the fifth area data in the to-be-processed program have corresponding address ranges, so that the target address range where the target area data is located can be determined according to the address information of the encrypted executable file corresponding to the encrypted processing, and the target area data can be called according to the target address range. Wherein the target area data corresponds to the third area data or the sixth area data.
In one possible implementation manner, when the fifth region data of the program to be processed is a plurality of functions, the processor may generate a function table corresponding to the plurality of functions according to the second address range of the fifth region data, where the function table includes names corresponding to the plurality of functions and address information of each function, where the address information indicates an address where the function is stored in the embedded device, that is, an address where each function is stored in the embedded device may be predefined. The generated function table may then be added to the pending program for compilation into an executable file. Based on this, when the embedded device calls the target function of the target area data, the function table may be first called, and then address information corresponding to the target function is determined in the function table based on the name of the target function, so that the embedded device obtains the target function according to the address information of the target function, and decrypts the target function into the target RAM area based on the encryption algorithm. FIG. 2 is a schematic diagram of a definition function table. In the function table, a first column indicates the name of the function, a second column indicates the storage address of the function in the embedded device (such as flash), and a third column indicates the length of the function.
S103: the target area data of the target address range is decrypted to the target RAM area based on an encryption algorithm.
According to the above embodiment, the embedded device may download the encrypted executable file to the flash, and in the process of executing the encrypted executable file, the embedded device may start to execute from the 0 address of the flash, and when the data that has not undergone encryption processing is called, the embedded device may directly call the data; when the target area data is called, the target area data of the target address range can be acquired, the target area data is decrypted to the target RAM area of the embedded device based on the encryption algorithm, and the PC pointer is positioned to the corresponding address of the target RAM area, so that the encryption executable file can be continuously executed. Wherein the target area of the encrypted executable corresponds to the target RAM area of the embedded device.
Because the RAM stores the volatility of data, namely the embedded equipment is once the power is cut off, the data stored in the RAM is lost, and the important data of the RAM can be prevented from being leaked. In one possible implementation manner, the embedded device may further set an interval for a preset time, and then clear the data in the RAM area in time, so as to improve the security of the data.
By the software encryption processing method provided by the embodiment of the application, the data with higher security in the embedded equipment software can be encrypted, so that the security of the software is improved. When the embedded device executes the encrypted data, the encrypted data can be decrypted to the RAM area, and the data can be prevented from being stolen according to the volatility of the data in the RAM area, so that the safety of software is improved.
Based on the method embodiment, the embodiment of the application also provides a software encryption processing device. Referring to fig. 3, fig. 3 is a schematic diagram of a software encryption processing apparatus according to an embodiment of the present application.
The apparatus 300 may be applied to an embedded device, the apparatus 300 comprising:
an acquisition unit 301 configured to acquire an encrypted executable file subjected to encryption processing;
a determining unit 302, configured to determine, when target area data of the encrypted executable is called, a target address range where the target area data is located, based on address information of the encrypted executable, where the target area data is processed by an encryption algorithm;
and a decryption unit 303, configured to decrypt target area data of the target address range to a target RAM area based on the encryption algorithm, where the target RAM area corresponds to the target area.
In one possible implementation, the apparatus 300 further includes: a cleaning unit; and the clearing unit is used for clearing the data of the target RAM area after a preset time interval.
In a possible implementation manner, when the embedded device is a chip, the obtaining unit 301 is specifically configured to obtain an initial executable file, where the initial executable file is obtained by compiling a program to be processed by a processor, and the initial executable file includes first area data and second area data, and a security level of the second area data is higher than that of the first area data; when the initial executable file is downloaded, judging whether the downloaded data is second area data or not based on a bootstrap program of the chip, if so, carrying out encryption processing on the second area data based on the encryption algorithm to obtain third area data, and downloading the third area data; and if not, downloading the first area data, wherein the third area data corresponds to the target area data.
In one possible implementation manner, the acquiring process of the initial executable file includes:
the processor determines fourth area data and fifth area data of the to-be-processed program according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data; the processor performs segmentation processing on the program to be processed based on a redirection configuration file; and the processor performs compiling processing on the segmented program to be processed to acquire the initial executable file, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data.
In one possible implementation manner, when the fifth area data includes a plurality of functions, the processor is further configured to generate a function table corresponding to the plurality of functions according to a second address range of the fifth area data, where the function table includes names and address information corresponding to the plurality of functions, and the address information indicates addresses stored in the embedded device by the plurality of functions.
In a possible implementation manner, the determining unit 302 is specifically configured to call the function table, and determine, based on the name of the objective function, address information of the objective function in the function table.
In one possible implementation manner, the process of acquiring the encrypted executable file includes:
the processor determines fourth area data and fifth area data of a program to be processed according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data; the processor performs segmentation processing on the program to be processed based on a redirection configuration file; the processor compiles the segmented program to be processed to obtain an initial executable file, wherein the initial executable file comprises first area data and second area data, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data; the processor performs encryption processing on the second area data based on the encryption algorithm to obtain the encryption executable file; the processor sends the encrypted executable to the embedded device so that the embedded device downloads the encrypted executable.
The beneficial effects of the software encryption processing device provided in the embodiment of the present application can be seen in the above method embodiment, and are not described herein.
Based on the method embodiment and the device embodiment, the embodiment of the application also provides software encryption processing equipment. Referring to fig. 4, fig. 4 is a schematic diagram of a software encryption processing device according to an embodiment of the present application.
The apparatus 400 comprises: a memory 401 and a processor 402;
the memory 401 is used for storing relevant program codes;
the processor 402 is configured to invoke the program code and execute the software encryption processing method described in the above method embodiment.
In addition, the embodiment of the application also provides a computer readable storage medium for storing a computer program for executing the software encryption processing method described in the embodiment of the method.
It should be noted that, in the present description, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. In particular, for system or apparatus embodiments, since they are substantially similar to method embodiments, the description is relatively simple, with relevant portions being referred to in the description of the method embodiments. The above-described apparatus embodiments are merely illustrative, in which units or modules illustrated as separate components may or may not be physically separate, and components shown as units or modules may or may not be physical modules, i.e. may be located in one place, or may be distributed over multiple network units, where some or all of the units or modules may be selected according to actual needs to achieve the purposes of the embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
It should be understood that in this application, "at least one" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A method for software encryption processing, wherein the method is applied to an embedded device, the method comprising:
acquiring an encrypted executable file subjected to encryption processing;
when target area data of the encryption executable file is called, determining a target address range where the target area data is located based on address information of the encryption executable file, wherein the target area data is processed by an encryption algorithm;
decrypting target area data of the target address range into a target RAM area based on the encryption algorithm, wherein the target RAM area corresponds to the target area.
2. The method according to claim 1, wherein the method further comprises:
and after a preset time interval, clearing the data of the target RAM area.
3. The method of claim 1, wherein when the embedded device is a chip, the obtaining the encrypted executable after the encryption processing comprises:
acquiring an initial executable file, wherein the initial executable file is obtained by compiling a program to be processed by a processor, the initial executable file comprises first area data and second area data, and the security level of the second area data is higher than that of the first area data;
when the initial executable file is downloaded, judging whether the downloaded data is second area data or not based on a bootstrap program of the chip, if so, carrying out encryption processing on the second area data based on the encryption algorithm to obtain third area data, and downloading the third area data; and if not, downloading the first area data, wherein the third area data corresponds to the target area data.
4. A method according to claim 3, wherein the initial executable file acquisition process comprises:
the processor determines fourth area data and fifth area data of the to-be-processed program according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data;
the processor performs segmentation processing on the program to be processed based on a redirection configuration file;
and the processor performs compiling processing on the segmented program to be processed to acquire the initial executable file, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data.
5. The method of claim 4, wherein when the fifth region data includes a plurality of functions, the processor is further configured to generate a function table corresponding to the plurality of functions according to a second address range of the fifth region data, the function table including names and address information corresponding to the plurality of functions, the address information indicating addresses of the plurality of functions stored in the embedded device.
6. The method of claim 5, wherein the target region data comprises a target function, wherein when the target region data of the encrypted executable is called, determining a target address range in which the target region data is located based on address information of the encrypted executable comprises:
and calling the function table, and determining the address information of the target function in the function table based on the name of the target function.
7. The method of claim 1, wherein the process of obtaining the encrypted executable includes:
the method comprises the steps that a processor determines fourth area data and fifth area data of a program to be processed according to the security level, wherein the fourth area data corresponds to a first address range, the fifth area data corresponds to a second address range, and the security level of the fifth area data is higher than that of the fourth area data;
the processor performs segmentation processing on the program to be processed based on a redirection configuration file;
the processor compiles the segmented program to be processed to obtain an initial executable file, wherein the initial executable file comprises first area data and second area data, the fourth area data corresponds to the first area data, and the fifth area data corresponds to the second area data;
the processor performs encryption processing on the second area data based on the encryption algorithm to obtain the encryption executable file;
the processor sends the encrypted executable to the embedded device so that the embedded device downloads the encrypted executable.
8. A software encryption processing apparatus, the apparatus being applied to an embedded device, the apparatus comprising:
the acquisition unit is used for acquiring the encrypted executable file subjected to encryption processing;
the determining unit is used for determining a target address range where the target area data is located based on the address information of the encryption executable file when the target area data of the encryption executable file is called, wherein the target area data is processed by an encryption algorithm;
and the decryption unit is used for decrypting the target area data of the target address range to a target RAM area based on the encryption algorithm, wherein the target RAM area corresponds to the target area.
9. A software encryption processing apparatus, the apparatus comprising: a memory and a processor;
the memory is used for storing related program codes;
the processor is configured to invoke the program code to execute the software encryption processing method of any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program for executing the software encryption processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310043218.4A CN115994370B (en) | 2023-01-29 | 2023-01-29 | Software encryption processing method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310043218.4A CN115994370B (en) | 2023-01-29 | 2023-01-29 | Software encryption processing method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115994370A true CN115994370A (en) | 2023-04-21 |
| CN115994370B CN115994370B (en) | 2023-12-19 |
Family
ID=85991743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310043218.4A Active CN115994370B (en) | 2023-01-29 | 2023-01-29 | Software encryption processing method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115994370B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070074046A1 (en) * | 2005-09-23 | 2007-03-29 | Czajkowski David R | Secure microprocessor and method |
| WO2010014981A2 (en) * | 2008-08-01 | 2010-02-04 | Leon Schwartz | Method and apparatus for detection and optimization of presumably parallel program regions |
| CN109101198A (en) * | 2018-08-28 | 2018-12-28 | 北京明朝万达科技股份有限公司 | The magnetic disc control method and device of movable storage device |
| CN114153396A (en) * | 2021-12-03 | 2022-03-08 | 湖南国科微电子股份有限公司 | Data processing method and device, data storage equipment and terminal equipment |
| CN114237492A (en) * | 2021-11-19 | 2022-03-25 | 珠海全志科技股份有限公司 | Nonvolatile memory protection method and device |
-
2023
- 2023-01-29 CN CN202310043218.4A patent/CN115994370B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070074046A1 (en) * | 2005-09-23 | 2007-03-29 | Czajkowski David R | Secure microprocessor and method |
| WO2010014981A2 (en) * | 2008-08-01 | 2010-02-04 | Leon Schwartz | Method and apparatus for detection and optimization of presumably parallel program regions |
| CN109101198A (en) * | 2018-08-28 | 2018-12-28 | 北京明朝万达科技股份有限公司 | The magnetic disc control method and device of movable storage device |
| CN114237492A (en) * | 2021-11-19 | 2022-03-25 | 珠海全志科技股份有限公司 | Nonvolatile memory protection method and device |
| CN114153396A (en) * | 2021-12-03 | 2022-03-08 | 湖南国科微电子股份有限公司 | Data processing method and device, data storage equipment and terminal equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115994370B (en) | 2023-12-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108664773B (en) | Method and device for protecting Java source code | |
| JP6257754B2 (en) | Data protection | |
| US8522042B2 (en) | Method and apparatus for enforcement of software licence protection | |
| US20160364707A1 (en) | Potentate: A Cryptography-Obfuscating, Self-Policing, Pervasive Distribution System For Digital Content | |
| US7975308B1 (en) | Method and apparatus to secure user confidential data from untrusted browser extensions | |
| US8583939B2 (en) | Method and apparatus for securing indirect function calls by using program counter encoding | |
| US20080115216A1 (en) | Method and apparatus for removing homogeneity from execution environment of computing system | |
| US20080115217A1 (en) | Method and apparatus for protection of a computer system from malicious code attacks | |
| CN109784007B (en) | Byte code encryption method, byte code decryption method and terminal | |
| AU2020220465A1 (en) | Securing virtual-machine software applications | |
| CN107077540B (en) | Method and system for providing cloud-based application security services | |
| CN104298932A (en) | Method and device for calling SO file | |
| US8745407B2 (en) | Virtual machine or hardware processor for IC-card portable electronic devices | |
| CN108898008B (en) | Application program running method and device | |
| CN105229652A (en) | Detect the utilization for software application | |
| CN109598105B (en) | Method and device for safely loading firmware by microcontroller, computer equipment and storage medium | |
| US20140047244A1 (en) | Protection of interpreted source code in virtual appliances | |
| CN115994370B (en) | Software encryption processing method, device, equipment and medium | |
| CN112966229A (en) | Method and device for safely operating SDK | |
| CN110535642B (en) | Method for distributing storage keys, intelligent terminal and storage medium | |
| CN111209572A (en) | Encryption and decryption-based safe startup method and system for Linux system | |
| CN104866740A (en) | Static analysis preventing method and device for files | |
| US20190199694A1 (en) | Individual encryption of control commands | |
| CN115310057A (en) | Encryption and decryption method, device, equipment and storage medium for preventing inverse compilation | |
| EP3876119A1 (en) | Method for protecting a data in a software application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |