CN116108468A - Method, system and medium for encrypting and decrypting war and jar program package - Google Patents
Method, system and medium for encrypting and decrypting war and jar program package Download PDFInfo
- Publication number
- CN116108468A CN116108468A CN202310072024.7A CN202310072024A CN116108468A CN 116108468 A CN116108468 A CN 116108468A CN 202310072024 A CN202310072024 A CN 202310072024A CN 116108468 A CN116108468 A CN 116108468A
- Authority
- CN
- China
- Prior art keywords
- constant
- encrypted
- program
- program package
- class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
Abstract
The invention provides an encryption and decryption method, a system and a medium for war and jar program packages, wherein the method comprises the following steps: acquiring a program package to be encrypted; the program package to be encrypted comprises a class loader and a source program; encrypting all class files in the program package to be encrypted by adopting an encryption algorithm to obtain an encrypted program package; when decrypting the encrypted program package, loading the encrypted program package by using the JVM, and decrypting part of class files in the encrypted program package by using a decryption method to obtain a class loader and part of source codes; and loading the encrypted program package by using the class loader obtained after decryption, and decrypting the rest class files in the encrypted program package by using a decryption method so as to obtain all the source programs. The program package encrypted by the method cannot be decompiled, the decryption process does not fall to the ground in the memory, the security of decryption is greatly improved, and the encryption and decryption method is simple and easy to operate.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to an encryption and decryption method, system and medium for war and jar program packages.
Background
After an attacker obtains the war and jar program package which is not encrypted and mixed with codes, the war and jar program package can be decompiled by a tool to obtain relevant source codes. Avoiding the application package from acquiring source code has become a problem to be solved in the industry.
Currently, the encryption of war and jar program packages is mainly implemented by encrypting class (class) files, compiling the class (class) files into program packages after the encryption is completed, and decrypting and loading the class (class) files through a custom class loader when the decrypted program packages are operated, so that the operation of an encryption program is realized. However, this method has the following drawbacks: once the class loader is decompiled, meaning that all class files are decrypted, security cannot be guaranteed.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides the method, the system and the medium for encrypting and decrypting the war and jar program packages, which improve the security of the encrypting and decrypting process.
In a first aspect, a method for encrypting and decrypting war and jar program packages includes:
acquiring a program package to be encrypted; the program package to be encrypted comprises a class loader and a source program;
encrypting all class files in the program package to be encrypted by adopting an encryption algorithm to obtain an encrypted program package;
when decrypting the encrypted program package, loading the encrypted program package by using the JVM, and decrypting part of class files in the encrypted program package by using a decryption method to obtain a class loader and part of source codes;
and loading the encrypted program package by using the class loader obtained after decryption, and decrypting the rest class files in the encrypted program package by using a decryption method so as to obtain all the source programs.
Further, the encryption algorithm includes:
analyzing a constant pool of class files;
traversing all CONSTANT types in the CONSTANT pool, and when the CONSTANT type is CONSTANT_methodref_info, subtracting N from the CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE bit by bit respectively.
Further, loading the encrypted package with the JVM specifically includes:
setting a hook function for loading a class file in the JVM;
the encrypted package is loaded into the JVM using a hook function.
Further, the decryption method includes:
analyzing a constant pool of class files;
traversing all CONSTANT types in the CONSTANT pool, and when the CONSTANT type is CONSTANT_methodref_info, adding N bit by bit to CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE respectively.
Further, the class loader is loaded with a decryption method.
Further, the source program includes JVM startup parameters.
In a second aspect, a war and jar package encryption and decryption system includes a unit for performing the method as in the first aspect.
In a third aspect, a war and jar package encryption and decryption system includes a processor and a memory, where the processor and the memory are connected to each other, and the memory is configured to store a computer program, where the computer program includes program instructions, and where the processor is configured to invoke the program instructions to perform the method of the first aspect.
In a fourth aspect, a computer readable storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of the first aspect.
According to the technical scheme, the method, the system and the medium for encrypting and decrypting the jar and jar program package, disclosed by the invention, encrypt the class file by using an encryption algorithm, and finally decrypt the jar and jar program package by using the JVM and the class loader, thereby completing the encryption and decryption of the jar and jar program package. The program package encrypted by the method cannot be decompiled, the decryption process does not fall to the ground in the memory, the security of decryption is greatly improved, and the encryption and decryption method is simple and easy to operate.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. Like elements or portions are generally identified by like reference numerals throughout the several figures. In the drawings, elements or portions thereof are not necessarily drawn to scale.
FIG. 1 is a flowchart of an encryption and decryption method for war and jar packages provided in an embodiment.
Fig. 2 is a flowchart of an encryption method according to an embodiment.
Fig. 3 is a flowchart of a JVM decryption method according to an embodiment.
Fig. 4 is a flowchart of a Web container decryption method according to an embodiment.
Detailed Description
Embodiments of the technical scheme of the present invention will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present invention, and thus are merely examples, and are not intended to limit the scope of the present invention. It is noted that unless otherwise indicated, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this invention pertains.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As used in this specification and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Examples:
a war and jar program package encryption and decryption method comprises the following steps:
acquiring a program package to be encrypted; the program package to be encrypted comprises a class loader and a source program;
encrypting all class files in the program package to be encrypted by adopting an encryption algorithm to obtain an encrypted program package;
when decrypting the encrypted program package, loading the encrypted program package by using a JVM (memory model), and decrypting part of class files in the encrypted program package by using a decryption method to obtain a class loader and part of source codes;
and loading the encrypted program package by using the class loader obtained after decryption, and decrypting the rest class files in the encrypted program package by using a decryption method so as to obtain all the source programs.
In this embodiment, the source program in the to-be-encrypted package may be a war or jar program. Referring to fig. 1, after obtaining a package to be encrypted, the method encrypts a class file in the package to be encrypted by using an encryption program, and places the obtained encrypted package into a tomcat container to wait for being loaded. Upon decryption, the JVM loads the encrypted package and the agent proxy performs decryption. The method firstly decrypts the program package when loading the program package, the decryption process does not need to persistence of the data, only the execution is found in the memory, and the data is not landed.
In this embodiment, referring to fig. 2, when encryption is performed, the method firstly uses a command to decompress the war and jar packages, traverses files in the war and jar packages, when the files are class files, invokes an encryption algorithm to encrypt the class files, and after encryption of all the class files is completed, recompresses all the encrypted files into the war and jar packages to obtain the encryption packages.
In this embodiment, when the JVM is utilized for the first time, the method only analyzes the class loader and part of the source codes, and when the class loader is utilized for decryption for the second time, all the source codes can be decrypted. The method uses an encryption algorithm to encrypt the class file, and finally decrypts the class file through the JVM and the class loader to finish encryption and decryption of jar and war program packages. The program package encrypted by the method cannot be decompiled, the decryption process does not fall to the ground in the memory, the security of decryption is greatly improved, and the encryption and decryption method is simple and easy to operate.
Further, in some embodiments, the encryption algorithm includes:
analyzing a constant pool of class files;
traversing all CONSTANT types in the CONSTANT pool, and when the CONSTANT type is CONSTANT_methodref_info, subtracting N from the CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE bit by bit respectively.
In this embodiment, when encrypting the class loader and the source program, the method first parses the constant pool of the class file and traverses all the constant types in the constant pool. Wherein the CONSTANT types in the CONSTANT pool characterize whether the CONSTANT needs encryption or not, for example, the CONSTANT type needing encryption is set to the CONSTANT_methodref_info structure, so that when traversing to the CONSTANT_methodref_info structure, the CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndtype are reduced by N, for example, the CONSTANT values are reduced by 1 by one bit, thereby destroying the normal byte code index structure and preventing decompilation. The definition of the CONSTANT_methodref_info structure is shown in the following table:
further, in some embodiments, loading the encrypted package with the JVM specifically includes:
setting a hook function for loading a class file in the JVM;
the encrypted package is loaded into the JVM using a hook function.
In this embodiment, the process of loading the encrypted package with the JVM is performed by a proxy process (agent) initiated by the JVM. When executing, a Hook function (Hook) is set in the agent_onload event when the ClassFileLoadHook byte code is loaded, so that an encrypted program package needing to be decrypted can be loaded into the JVM through the Hook function. Referring to fig. 3, the jvm loads the war and jar packages first, then traverses all files in the war and jar packages, and sets an agent_onload event to decrypt after traversing to the class file, and loads the decrypted class file.
Further, in some embodiments, the decryption method includes:
analyzing a constant pool of class files;
traversing all CONSTANT types in the CONSTANT pool, and when the CONSTANT type is CONSTANT_methodref_info, adding N bit by bit to CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE respectively.
In this embodiment, when decryption is performed, the method first parses the constant pool of the class file, and traverses all constant types in the constant pool. For example, when traversing to the CONSTANT_Methodref_info structure, N is added bit by bit to the CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE, for example, 1 is added bit by bit to the CONSTANT value, restoring the normal byte code index structure so that the Class file can be loaded normally.
Further, in some embodiments, the class loader is loaded with a decryption method.
In this embodiment, in order to adapt the class loader to the decryption method, the method may rewrite the class loader so that the class loader is loaded with the decryption method, and thus the class loader may be used to decrypt the encrypted package. When the class loader rewrites, the spring loading class can be rewritten: simpleMetadataReader, localVariableTableParameterNameDiscoverer, specifically, it includes: the simple metadata reader construction method in the org.springpallet.core.type.classreading.simplemetadata reader is rewritten according to the decryption method, and the function of decrypting before analyzing class byte codes is realized. Referring to fig. 4, a web container (i.e., a class loader) loads war and jar packages, loads class files by spring, decrypts the class files when the direction is constructed, and executes logic for loading the class files subsequently.
Further, in some embodiments, the source program includes JVM startup parameters.
In this embodiment, the JVM startup parameters are also included in the source program. In case of the war program package, JAVA_OPTS is newly added into the tomcat/bin/cataline of the war program package-agent path, for example: JAVA_OPTS= "$JAVA_OPTS-server-Xms512m-Xmx1024m-agent path: libemmjvmencode. So. In the case of jar package, the start command in the war package is added-agent path: libemmjvmencode. So, for example: java-Xms100m-Xmx1024m-agent path: libemmjvmencode. So-jar application. Jar.
A war and jar program package encryption and decryption system comprises a unit for executing the method.
The units may or may not be physically separate, i.e. may be located in one place, or may be distributed over a plurality of network elements. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment of the present invention.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
For a brief description of the system provided by the embodiments of the present invention, reference may be made to the corresponding content in the foregoing embodiments where the description of the embodiments is not mentioned.
A war and jar program package encryption and decryption system comprises a processor and a memory, wherein the processor and the memory are connected with each other, the memory is used for storing a computer program, the computer program comprises program instructions, and the processor is configured to call the program instructions and execute the method.
It should be appreciated that in embodiments of the present invention, the processor may be a central processing unit (Central Processing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSPs), application specific integrated circuits (Application Specific Integrated Circuit, ASICs), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory may include read only memory and random access memory and provide instructions and data to the processor. A portion of the memory may also include non-volatile random access memory. For example, the memory may also store information of the device type.
For a brief description of the system provided by the embodiments of the present invention, reference may be made to the corresponding content in the foregoing embodiments where the description of the embodiments is not mentioned.
A computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method described above.
The computer readable storage medium may be an internal storage unit, such as a hard disk or a memory. The computer readable storage medium may also be an external storage device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), etc. Further, the computer readable storage medium may also include both internal storage units and external storage devices. The computer-readable storage medium is used to store the computer program and other programs and data as needed. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
The media provided in the embodiments of the present invention, for brevity, reference may be made to the corresponding content in the foregoing embodiments where no mention is made in the examples section.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention, and are intended to be included within the scope of the appended claims and description.
Claims (9)
1. The method for encrypting and decrypting the war and jar program package is characterized by comprising the following steps:
acquiring a program package to be encrypted; the program package to be encrypted comprises a class loader and a source program;
encrypting all class files in the program package to be encrypted by adopting an encryption algorithm to obtain an encrypted program package;
when decrypting the encrypted program package, loading the encrypted program package by using a JVM, and decrypting part of class files in the encrypted program package by using a decryption method to obtain the class loader and part of the source codes;
and loading the encrypted program package by adopting the class loader obtained after decryption, and decrypting the rest class files in the encrypted program package by adopting a decryption method so as to obtain all the source programs.
2. The method for encrypting and decrypting the war and jar program package according to claim 1, wherein the encryption algorithm comprises:
analyzing a constant pool of the class file;
traversing all CONSTANT types in the CONSTANT pool, and subtracting N bit by bit for CONSTANT values of CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE when the CONSTANT type CONSTANT_methodref_info exists.
3. The method for encrypting and decrypting the war and jar packages according to claim 2, wherein the loading the encrypted packages by using the JVM specifically comprises:
setting a hook function for loading a class file in the JVM;
the encrypted package is loaded into the JVM using the hook function.
4. The method for encrypting and decrypting the war and jar program package according to claim 2, wherein the decrypting method comprises the following steps:
analyzing a constant pool of the class file;
traversing all CONSTANT types in the CONSTANT pool, and when the CONSTANT type is CONSTANT_methodref_info, adding N bit by bit to CONSTANT values of the CONSTANT types CONSTANT_class_info and CONSTANT_NameAndTYPE respectively.
5. The method for encrypting and decrypting the war and jar program package according to claim 2, wherein,
the class loader is loaded with the decryption method.
6. The method for encrypting and decrypting the war and jar program package according to claim 2, wherein,
the source program includes JVM startup parameters.
7. A war and jar package encryption and decryption system comprising means for performing the method of any one of claims 1-6.
8. A war, jar package encryption and decryption system comprising a processor and a memory, said processor and memory being interconnected, wherein said memory is adapted to store a computer program, said computer program comprising program instructions, said processor being configured to invoke said program instructions to perform the method according to any of claims 1-6.
9. A computer readable storage medium, characterized in that the computer storage medium stores a computer program comprising program instructions which, when executed by a processor, cause the processor to perform the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310072024.7A CN116108468A (en) | 2023-01-12 | 2023-01-12 | Method, system and medium for encrypting and decrypting war and jar program package |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310072024.7A CN116108468A (en) | 2023-01-12 | 2023-01-12 | Method, system and medium for encrypting and decrypting war and jar program package |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116108468A true CN116108468A (en) | 2023-05-12 |
Family
ID=86255730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310072024.7A Pending CN116108468A (en) | 2023-01-12 | 2023-01-12 | Method, system and medium for encrypting and decrypting war and jar program package |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116108468A (en) |
-
2023
- 2023-01-12 CN CN202310072024.7A patent/CN116108468A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10089470B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
| US20180101484A1 (en) | Cryptographic pointer address encoding | |
| WO2021217980A1 (en) | Java code packing method and system | |
| CN109784007B (en) | Byte code encryption method, byte code decryption method and terminal | |
| US20080270806A1 (en) | Execution Device | |
| US9129113B2 (en) | Partition-based apparatus and method for securing bios in a trusted computing system during execution | |
| US20200082088A1 (en) | User/Enterprise Data Protection Preventing Non-Authorized Firmware Modification | |
| US20150134978A1 (en) | Secure bios tamper protection mechanism | |
| WO2005098570A1 (en) | Execution device | |
| JPWO2007011001A1 (en) | Execution device | |
| US9507942B2 (en) | Secure BIOS mechanism in a trusted computing system | |
| US9256756B2 (en) | Method of encryption and decryption for shared library in open operating system | |
| US9367689B2 (en) | Apparatus and method for securing BIOS in a trusted computing system | |
| US20120144208A1 (en) | Indexed table based code encrypting/decrypting device and method thereof | |
| US8745407B2 (en) | Virtual machine or hardware processor for IC-card portable electronic devices | |
| JP5945313B2 (en) | Method of generating structure and corresponding structure | |
| WO2011134207A1 (en) | Method for protecting software | |
| WO2019062015A1 (en) | Source code protection method, application server, and computer-readable storage medium | |
| US10248795B2 (en) | Implementing method for JavaCard application function expansion | |
| KR101953444B1 (en) | Software security method based on virtualization technologies to ensure the security level equivalent to hardware and system using the same | |
| JP2008040853A (en) | Application execution method and application execution device | |
| CN116108468A (en) | Method, system and medium for encrypting and decrypting war and jar program package | |
| US10055588B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
| CN112115477B (en) | Kernel repairing method and device, electronic equipment and storage medium | |
| WO2022019910A1 (en) | Read protection for uefi variables |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |