CN116827914A - Method and system for preventing hijacking and stealing of video information of mobile terminal - Google Patents
Method and system for preventing hijacking and stealing of video information of mobile terminal Download PDFInfo
- Publication number
- CN116827914A CN116827914A CN202310426347.1A CN202310426347A CN116827914A CN 116827914 A CN116827914 A CN 116827914A CN 202310426347 A CN202310426347 A CN 202310426347A CN 116827914 A CN116827914 A CN 116827914A
- Authority
- CN
- China
- Prior art keywords
- file
- mobile terminal
- video
- code
- codes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 238000009877 rendering Methods 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 33
- 150000003839 salts Chemical class 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 10
- 238000007906 compression Methods 0.000 claims description 9
- 230000006835 compression Effects 0.000 claims description 8
- 238000012856 packing Methods 0.000 claims description 6
- 238000004806 packaging method and process Methods 0.000 claims description 5
- 230000002265 prevention Effects 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 239000012634 fragment Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 102220465380 NF-kappa-B inhibitor beta_S23A_mutation Human genes 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 102220247850 rs1421233354 Human genes 0.000 description 1
- 102220070930 rs794728599 Human genes 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 208000008918 voyeurism Diseases 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1108—Web based protocols, e.g. webRTC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a method and a system for preventing hijacking and stealing of video information of a mobile terminal, which comprises the following steps: when receiving video resources uploaded by a user through a mobile terminal, transcoding a transmission protocol of the video resources into an HLS protocol to obtain an m3u8 file, wherein the m3u8 file comprises video information; encrypting the file content of the m3u8 file; when a browser page entry request of the mobile terminal is received, a video link is sent to the mobile terminal page; when a video acquisition request of the mobile terminal is received, the mobile terminal decrypts the m3u8 file and calls an HLS.js code library to decode the m3u8 file to obtain binary video data; video data is drawn onto a canvas using WebGL technology for rendering on a browser's page. The application has the effect of improving the confidentiality and the safety of video playing on the browser page.
Description
Technical Field
The application relates to the technical field of intelligent analysis, in particular to a method and a system for preventing hijacking and stealing of video information of a mobile terminal.
Background
At present, when an open source player on a github platform is adopted to play videos on a browser page of a mobile terminal, the videos are easy to hijack by the browser in the running environment of part of the browser, and meanwhile, the videos are also easy to suffer from the risk of crawlers on the browser page, so that the copyright privacy of a user is not protected.
The video hijacking refers to that video links of video objects are leaked in a memory when the code is run, and the crawler risk is that the video links of the video tags are illegally grabbed by the crawler on the page level of the browser, so that the video has a larger information leakage risk when part of the browser pages are played, and therefore improvement is needed.
Disclosure of Invention
In order to improve confidentiality and security of video playing on a browser page, video resource copyright privacy of a user is protected; the application provides a method and a system for preventing hijacking and stealing of video information of a mobile terminal.
The first object of the present application is achieved by the following technical solutions:
a method for preventing hijacking and stealing video information of a mobile terminal comprises the following steps:
when receiving video resources uploaded by a user through a mobile terminal, transcoding a transmission protocol of the video resources into an HLS protocol to obtain an m3u8 file, wherein the m3u8 file comprises video information;
encrypting the file content of the m3u8 file;
when a browser page entry request of the mobile terminal is received, a video link is sent to the mobile terminal page;
when a video acquisition request of the mobile terminal is received, the mobile terminal decrypts the m3u8 file and calls an HLS.js code library to decode the m3u8 file to obtain binary video data;
video data is drawn onto a canvas using WebGL technology for rendering on a browser's page.
Through the adoption of the technical scheme, the video is transcoded into the video of the HLS protocol, binary video data is obtained when the mobile terminal decodes the video data, the video link of the video object cannot be obtained in the memory by the browser, namely, the src attribute of the video object cannot be obtained, so that the video is not easily hijacked by part of browser pages, meanwhile, the video information obtained after the transcoding, namely, the content of the m3u8 file is encrypted, so that the video information cannot be played after being leaked, the confidentiality of the video is further improved, and for the risk of a crawler, the video link cannot be crawled in the page by adopting the WebGL technology to draw the video data into canvas instead of the video tag, so that the confidentiality and the security of the video played in the browser pages are improved, and the video resource copyright privacy of users are protected.
The present application is in a preferred example: the step of encrypting the file content of the m3u8 file comprises the following steps:
reading an m3u8 file and converting the m3u8 file into binary data;
dividing binary data into n binary number segments, wherein each m bits of continuous binary number is a segment, and n and m are preset constants;
and carrying out logical operation of segment offset on the n-segment binary number segments to obtain the ciphertext of the m3u8 file.
By adopting the technical scheme, by performing offset operation logic on binary segments, for example, a certain binary segment in the m3u8 file is 0101010, when the binary offset unit is set to be 2, the binary segment after offset is 10010101, even if the m3u8 file is leaked, the offset binary data is difficult to read, and the m3u8 file cannot be acquired, so that the video information is safer.
The present application is in a preferred example: the step of encrypting the file content of the m3u8 file comprises the following steps:
reading an m3u8 file and converting the m3u8 file into binary data;
generating a section of binary data salt according to video information in the m3u8 file, and dividing binary data of the m3u8 file into n1 sections of data sections to be encrypted, wherein the data length of the data sections is the same as that of the data salt;
and performing exclusive OR operation on the n 1-section data section to be encrypted to obtain n 1-section ciphertext so as to complete encryption of the m3u8 file.
By adopting the technical scheme, as the data length of the data salt is unknown to an attacker, the number of the salt corresponding to the binary data converted by the m3u8 file is also unknown, and even if the ciphertext after the exclusive-or operation is obtained by the binary number through the exclusive-or operation, the length of the data salt cannot be known, so that all binary data converted by the m3u8 file cannot be decrypted, the confidentiality of the information is further improved, and the video copyright and privacy of a user are protected.
The present application is in a preferred example: when receiving a browser page entry request of the mobile terminal, before the step of sending the video link to the mobile terminal page, the following steps are further executed:
acquiring a source code of a player in a browser page;
and automatically packaging the source code by adopting a Webpack tool, and carrying out compression, confusion and/or encryption on the source code to obtain a processed player code.
By adopting the technical scheme, in order to further improve the safety of video playing, when the m3u8 file is encrypted, the player source code of the browser page is encrypted at the same time so as to improve the safety of a video playing component, a Webpack tool is adopted to automatically pack the source code, and the source code is compressed, confused and encrypted, so that the safety of the player source code is improved, and even if the player source code leaks, the player source code is still extremely difficult to steal due to the reduced readability after the compression, confusion and/or encryption.
The present application is in a preferred example: the step of automatically packing the source code by adopting the Webpack tool and carrying out compression, confusion and/or encryption on the source code to obtain the processed player code comprises the following steps:
performing dependency analysis on the source codes to extract codes belonging to a third party library from the source codes;
identifying a preset useless code file, useless variable codes and spaces in the source codes and deleting the useless variable codes and the spaces;
based on the preset character length, identifying the code segments representing the long character variable names and the long character function names in the source codes, and replacing the code segments representing the long character variable names and the long character function names with identification characters with shorter characters.
By adopting the technical scheme, in the step of compressing the source codes, codes of a third party library are extracted, the preset useless code file, useless variable codes and blank spaces are deleted, and simultaneously, the variable names of long characters and the function names of the long characters are replaced by suggested character identifiers, such as 'a, b, c', and the like, so that the readability of the deleted source codes is reduced, and the safety of the source codes of the player is improved.
The present application is in a preferred example: the step of automatically packing the source code by adopting the Webpack tool, and compressing, confusing and/or encrypting the source code to obtain the processed player code further comprises the following steps:
acquiring codes representing original names of variables and original names of functions in source codes;
codes representing the original naming of variables and the original naming of functions are encoded as meaningless, unreadable obfuscated codes.
By adopting the technical scheme, the original names of the variables and the functions in the source code are coded into meaningless codes, for example, the variables are separated, the control flow is disturbed to reduce the readability of the source code, so that peeping and stealing of other people are prevented, the confidentiality of the source code is improved, meanwhile, the integrity of the source code is also maintained, and an attacker cannot easily copy or repair the source code.
The present application is in a preferred example: the step of automatically packing the source code by adopting the Webpack tool, and compressing, confusing and/or encrypting the source code to obtain the processed player code further comprises the following steps:
executing a source code in a character string form by using an eval function of the JavaScript code to obtain a character string code;
and calling an encryption rule to perform character contrast conversion encryption on the character string codes to obtain player character string ciphertext.
By adopting the technical scheme, the character string characteristics are executed through the eval function, and the encryption rule is called to carry out comparison conversion on the character string codes. The method is characterized in that the converted character string is further encrypted, the ciphertext of the source code obtained by encrypting the method is completely unreadable, the ciphertext can be converted into plaintext only when the method is operated, and the source code which can be really executed can be obtained only by a character comparison mode, so that the safety of the source code of the player is improved, and the safety of video information is improved.
The second object of the present application is achieved by the following technical solutions:
a video information hijacking prevention and theft prevention system for a mobile terminal, comprising:
the protocol conversion module is used for transcoding a transmission protocol of the video resource into an HLS protocol when receiving the video resource uploaded by a user through the mobile terminal, so as to obtain an m3u8 file, wherein the m3u8 file comprises video information;
the file encryption module is used for encrypting the file content of the m3u8 file;
the link acquisition module is used for sending the video link to the mobile terminal page when receiving a browser page entry request of the mobile terminal;
the video acquisition module is used for sending the encrypted m3u8 file to the mobile terminal when receiving a video acquisition request of the mobile terminal, decrypting the m3u8 file by the mobile terminal and calling an HLS.js code library to decode the m3u8 file to obtain binary video data;
and the video drawing module is used for drawing the video data onto a canvas by adopting the WebGL technology so as to be presented on a page of the browser.
Through the adoption of the technical scheme, the video is transcoded into the video of the HLS protocol, binary video data is obtained when the mobile terminal decodes the video data, the video link of the video object cannot be obtained in the memory by the browser, namely, the src attribute of the video object cannot be obtained, so that the video is not easily hijacked by part of browser pages, meanwhile, the video information obtained after the transcoding, namely, the content of the m3u8 file is encrypted, so that the video information cannot be played after being leaked, the confidentiality of the video is further improved, and for the risk of a crawler, the video link cannot be crawled in the page by adopting the WebGL technology to draw the video data into canvas instead of the video tag, so that the confidentiality and the security of the video played in the browser pages are improved, and the video resource copyright privacy of users are protected.
The third object of the present application is achieved by the following technical solutions:
a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of a method for anti-hijacking and stealing video information for a mobile terminal when executing the computer program.
The fourth object of the present application is achieved by the following technical solutions:
a computer readable storage medium storing a computer program which when executed by a processor implements the steps of a method for hijacking and stealing video information of a mobile terminal.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the binary video data are obtained, the video links of the video objects cannot be obtained in the memory by the browser, namely the src attribute of the video objects cannot be obtained, so that the video is not easily hijacked by part of browser pages, meanwhile, the video information obtained after transcoding, namely the content of an m3u8 file is encrypted, so that the video information cannot be played after being leaked, the confidentiality of the video is further improved, and for the risk of a crawler, the video links cannot be crawled on the pages by the crawler due to the fact that the video data are drawn to canvas by adopting the WebGL technology to replace video tags;
2. by performing offset operation logic on binary segments, for example, a certain binary segment in an m3u8 file is 0101010, when the unit of binary offset is set to 2, the binary segment after offset is 10010101, even if the m3u8 file has leakage, the binary data after offset is difficult to read, and therefore the m3u8 file cannot be acquired, so that video information is safer;
the quantity of the salts corresponding to the binary data converted by the m3u8 file is unknown, and even if the ciphertext after the exclusive-or operation is obtained by the binary data, the length of the data salts cannot be known, so that all binary data converted by the m3u8 file cannot be decrypted, the confidentiality of the information is further improved, and the video copyright and privacy of a user are protected;
4. the preset useless code file, useless variable codes and blank spaces are deleted, and the variable names of the long characters and the long character function names are replaced by suggested character identifiers such as 'a, b, c', and the like, so that the readability of the deleted source codes is reduced, and the safety of the player source codes is improved.
Drawings
FIG. 1 is a flowchart of an embodiment of a method for preventing hijacking and stealing video information for a mobile terminal according to the application;
FIG. 2 is a flowchart showing an implementation of step S20 in an embodiment of the method for anti-hijacking and stealing video information for mobile terminals according to the present application;
FIG. 3 is a flowchart of an implementation of the method for preventing hijacking and stealing video information at a mobile terminal according to an embodiment of the application before step S30;
fig. 4 and fig. 5 are flowcharts showing an implementation of step S32 in an embodiment of the method for preventing hijacking and stealing video information on a mobile terminal according to the present application;
fig. 6 is a schematic block diagram of a system for hijacking and stealing video information for mobile terminals according to the application.
Detailed Description
The application is described in further detail below with reference to fig. 1-6.
In an embodiment, as shown in fig. 1, the application discloses a method for preventing hijacking and stealing video information of a mobile terminal, which specifically comprises the following steps:
s10: when receiving video resources uploaded by a user through a mobile terminal, transcoding a transmission protocol of the video resources into an HLS protocol to obtain an m3u8 file, wherein the m3u8 file comprises video information;
in this embodiment, the mobile terminal refers to an intelligent mobile terminal browser page for uploading and playing HLS or MP4 video, and a browser page at the PC end;
the encoding format of the video of HLS protocol is H264. The HLS protocol is an HTTP-based streaming protocol. The method can support live broadcast and on-demand of streaming media, and is mainly applied to an iOS system and an HTML5 webpage player, and streaming media transmission protocol based on HTTP. The system can support live broadcasting and on-demand broadcasting of streaming media, and is mainly applied to an iOS system and an HTML5 webpage player.
Further, if the video format is not hls protocol video, hls is not used as a decoding protocol for compatibility processing, but is used as a common H264 video for decoding and playing.
The m3u8 file includes video information through which video assets can be obtained. The m3u8 file is actually a play list, when the m3u8 file is used as a media play list, a series of media fragment resources are recorded in the internal information of the m3u8 file, and the fragment resources are sequentially played, so that the multimedia resources can be completely displayed; when m3u8 is used as the main play list, the inside of the main play list is provided with a plurality of streaming list resources of the same media resource.
Specifically, when a video resource uploaded by a user through a mobile terminal is received, a transmission protocol of the video resource is transcoded into an HLS protocol, an m3u8 file capable of acquiring the video resource is obtained, the m3u8 file comprises video information, and the video resource can be acquired through the video information.
S20: and encrypting the file content of the m3u8 file.
In this embodiment, after the encryption representative mobile terminal uploads the video resource to the remote server, the server encrypts the content of the m3u8 file, where the encryption method includes performing a logical operation on the code or a conventional encryption principle, such as symmetric encryption.
Specifically, after the m3u8 file is uploaded to the remote server, the server encrypts the content of the m3u8 file through prestored encryption rules, such as logic operation or symmetric encryption, to obtain ciphertext so as to prevent the content of the m3u8 file from being leaked.
S30: when a browser page entry request of the mobile terminal is received, a video link is sent to the mobile terminal page;
in this embodiment, after the user at the mobile terminal enters the browser page, the remote server automatically sends the video link to the browser page.
S40: when receiving a video acquisition request of the mobile terminal, the mobile terminal decrypts the m3u8 file and calls an HLS.js code library to decode the m3u8 file to obtain binary video data.
In this embodiment, the video acquisition request is used to acquire an m3u8 file.
And decoding the m3u8 file to obtain the blob binary video data.
Decoding is to decompress the data of the compressed m3u8 file. The compression process is encoding and the decompression process is decoding; encoding and decoding for different protocols differ in the degree of corruption of the data compression of the video.
Specifically, when a request for acquiring an m3u8 file sent by a mobile terminal is received, an HLS.js code library is called to decode, namely decompress, the m3u8 file to obtain binary video data, so that in the video running process, a browser cannot acquire a video link of a video object from a memory in the running process, and the video is not easy to hijack by the browser in the video playing process.
S50: video data is drawn onto a canvas using WebGL technology for rendering on a browser's page.
In this embodiment, webGL (Web graphics library) is a JavaScript API that can render high-performance interactive 3D and 2D graphics in any compatible Web browser without using plug-ins.
WebGL can also be used for 2D rendering to render canvas presentation images using video data, and the GPU can be invoked by the WebGL to provide hardware rendering acceleration, so that the CPU pressure is relieved, and the performance is better.
canvas is a label added in HTML5 for generating images in real time on a web page and can manipulate the image content, basically it is a bitmap that can be manipulated in JavaScript.
Specifically, after receiving the decoded video data, the mobile terminal draws the video data on a canvas through a Web graphic library tool, so that the video picture can be presented on a browser page.
In one embodiment, referring to fig. 2, step S20 includes the steps of:
s21: reading an m3u8 file and converting the m3u8 file into binary data;
s22: dividing binary data into n binary number segments, wherein each m bits of continuous binary number is a segment, and n and m are preset constants;
s23: and carrying out logical operation of segment offset on the n-segment binary number segments to obtain the ciphertext of the m3u8 file.
In this embodiment, binary data is generally divided into 8-bit segments, and the logical operation of segment offset is performed, that is, the 8-bit binary data in each segment of binary segments is offset left or right, so as to obtain n segments of binary segments after offset, thereby implementing offset encryption on m3u8 files.
Specifically, the file content of the m3u8 file is read and converted into binary data, the binary data is divided into n binary number segments, wherein each m bits of continuous binary number is one segment, the m bits of each segment of binary number segment are offset to the left or right to set bits, the set bits can customize color values, and the n-segment offset binary number segments are obtained.
In one embodiment, referring to fig. 3, before step S30, the following steps are further performed:
S21A: reading an m3u8 file and converting the m3u8 file into binary data;
S22A: generating a section of binary data salt according to video information in the m3u8 file, and dividing binary data of the m3u8 file into n1 sections of data sections to be encrypted, wherein the data length of the data sections is the same as that of the data salt;
S23A: and performing exclusive OR operation on the n 1-section data section to be encrypted to obtain n 1-section ciphertext so as to complete encryption of the m3u8 file.
In this embodiment, the data salt refers to a specific character string generated in cryptography, and the decryption process is the same as the encryption process, and the decryption can be completed by obtaining the same salt to obtain the plaintext.
The exclusive or operation here uses its principle of autoreactivity.
Optionally, the n1 segment of data to be encrypted may also perform an and, or, not logical operation.
Specifically, the m3u8 file is read and converted into binary data, a binary data salt is generated according to video information in the m3u8 file, the length of the data salt is unknown to an attacker, only a server knows the data length of the data salt, binary data of the m3u8 file is further divided into n1 segments of data segments to be encrypted, the data length of the data salt is identical to that of the data segment, at the moment, the number of the data segments to be encrypted, the starting and ending of the binary data are unknown to the attacker, then the n1 segments of data segments to be encrypted are encrypted according to the principle of self-reflexion of exclusive-OR operation, and n1 segments of ciphertext is obtained.
In one embodiment, before step S30, the following steps are further performed:
s31: acquiring a source code of a player in a browser page;
s32: and automatically packaging the source code by adopting a Webpack tool, and carrying out compression, confusion and/or encryption on the source code to obtain a processed player code.
In this embodiment, the player refers to a player that enters a browser page when the mobile terminal views a video.
The source code is Javascript source code. The weback tool refers to an automatic code packaging tool.
The source code of the player is compressed, confused and/or encrypted, so that the readability of the source code can be reduced or the code can be completely unreadable, and the source code of the player in the browser page is protected.
Specifically, the Javascript source codes of the players in the browser pages logged in when the mobile terminal views the video are obtained, the source codes are automatically packaged through a Webpack tool, and compression, confusion and/or encryption processing is further carried out on the source codes, so that the source codes of the players are encrypted.
In one embodiment, referring to fig. 4 and 5, step S32 includes the steps of:
s321: performing dependency analysis on the source codes to extract codes belonging to a third party library from the source codes;
s322: identifying a preset useless code file, useless variable codes and spaces in the source codes and deleting the useless variable codes and the spaces;
s323: based on the preset character length, identifying the code segments representing the long character variable names and the long character function names in the source codes, and replacing the code segments representing the long character variable names and the long character function names with identification characters with shorter characters.
In this embodiment, the database is set to store code segments representing the useless codes and the useless variable codes, and the codes, the useless codes and the useless variable codes of the third party library in the source codes are identified and deleted after matching and comparison.
The replacement of the long character variable names and the long character function names is also replaced by a preset replacement sequence, such as an abcde and other sequences. The identification characters may also be digital or other easy characters.
Specifically, the dependency analysis is carried out on the source code, the code segments belonging to the third party code library are extracted, useless code files, useless variable codes and spaces in the source code are further identified through a preset database and deleted, the code segments representing long character variable names and long character function names in the source code are identified through the preset character length, and the code segments are replaced by identification characters with fewer digits, so that the compression and confusion of the source code are completed.
In an embodiment, step S32 further includes the steps of:
s324: acquiring codes representing original names of variables and original names of functions in source codes;
s325: codes representing the original naming of variables and the original naming of functions are encoded as meaningless, unreadable obfuscated codes.
In this embodiment, encoding codes representing variable source names and function source names into nonsensical, unreadable obfuscated codes refers to a technique of converting JavaScript source codes into a form that is difficult to understand through JavaScript obfuscation encryption, making it more difficult for the source codes to be decompiled and analyzed. This typically makes the code difficult to read and understand through the use of various techniques such as deleting spaces and notes, variable and function renaming, using special characters, compressing and optimizing the code, and the like.
The purpose of JavaScript obfuscation encryption is to protect confidentiality and integrity of source code, and after the JavaScript source code is obfuscated and encrypted, an attacker cannot easily copy or modify the code, so that rights and interests of a developer are protected.
In one embodiment, step S32 further includes the steps of:
s326: executing a source code in a character string form by using an eval function of the JavaScript code to obtain a character string code;
s327: and calling an encryption rule to perform character contrast conversion encryption on the character string codes to obtain character string ciphertext.
In this embodiment, the eval function is used to execute the source code in the form of a string, and the browser cannot execute the encrypted source code, and first needs to take plaintext through a decryption step, where the plaintext is the code in the form of a string, and further needs to execute the plaintext string by using the eval function to execute the source code.
For example, a comparison table is preset, wherein the character "a" corresponds to the character "d", the character "b" corresponds to "(", the character "c" corresponds to the character "@", etc., all characters in the plaintext are encrypted after being replaced according to the comparison table to obtain ciphertext, and the ciphertext is decrypted and replaced according to the comparison table to obtain the source code if the comparison table is not available.
Specifically, the eval function of the JavaScript code is utilized, the codes in the source code are replaced by preset characters according to a character comparison table, and then the replaced character string codes are encrypted to obtain a character string ciphertext.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.
In an embodiment, a system for preventing hijacking and stealing video information for a mobile terminal is provided, where the system for preventing hijacking and stealing video information for a mobile terminal corresponds to a method for preventing hijacking and stealing video information for a mobile terminal in the above embodiment. The anti-hijacking and theft system for the video information of the mobile terminal comprises:
the protocol conversion module is used for transcoding a transmission protocol of the video resource into an HLS protocol when receiving the video resource uploaded by a user through the mobile terminal, so as to obtain an m3u8 file, wherein the m3u8 file comprises video information;
the file encryption module is used for encrypting the file content of the m3u8 file;
the link acquisition module is used for sending the video link to the mobile terminal page when receiving a browser page entry request of the mobile terminal;
the video acquisition module is used for sending the encrypted m3u8 file to the mobile terminal when receiving a video acquisition request of the mobile terminal, decrypting the m3u8 file by the mobile terminal and calling an HLS.js code library to decode the m3u8 file to obtain binary video data;
and the video drawing module is used for drawing the video data onto a canvas by adopting the WebGL technology so as to be presented on a page of the browser.
Optionally, the file encrypting module includes:
the binary conversion sub-module is used for reading the m3u8 file and converting the m3u8 file into binary data;
the segmentation submodule is used for dividing binary data into n segments of binary data, wherein each m bits of continuous binary data are one segment, and n and m are preset constants;
and the offset sub-module is used for carrying out logical operation of segment offset on the n-segment binary number segments to obtain ciphertext of the m3u8 file.
Optionally, the method further comprises:
the binary conversion sub-module is used for reading the m3u8 file and converting the m3u8 file into binary data;
the data salt module is used for generating a section of binary data salt according to the video information in the m3u8 file, and dividing the binary data of the m3u8 file into n1 sections of data sections to be encrypted, wherein the data length of the data sections is the same as that of the data salt;
and the salt encryption module is used for carrying out exclusive OR operation on the n 1-section data section to be encrypted to obtain n 1-section ciphertext so as to complete encryption of the m3u8 file.
Optionally, the method further comprises:
the original source code acquisition module is used for acquiring the source code of the player in the browser page;
and the source code processing module is used for automatically packaging the source codes by adopting a Webpack tool and carrying out compression, confusion and/or encryption processing on the source codes to obtain processed player codes.
Optionally, the source code processing module includes:
the ion extraction module is used for extracting codes belonging to a third party library in the source codes by carrying out dependency analysis on the source codes;
the identification and deletion sub-module is used for identifying and deleting a useless code file, a useless variable code and a blank preset in the source code;
and the long character replacing sub-module is used for identifying the code segments representing the long character variable names and the long character function names in the source codes based on the preset character length, and replacing the code segments representing the long character variable names and the long character function names with identification characters with shorter characters.
Optionally, the source code processing module includes:
the naming acquisition sub-module is used for acquiring codes representing original naming of variables and original naming of functions in the source codes;
and the naming substitution module is used for encoding codes representing the original naming of the variable and the original naming of the function into meaningless and unreadable confusion codes.
Optionally, the source code processing module further includes:
the character replacing module is used for executing the source code in the form of a character string by utilizing the eval function of the JavaScript code to obtain a character string code;
and the character encryption module is used for calling an encryption rule to perform character contrast conversion encryption on the character string codes to obtain a character string ciphertext.
The specific limitation of the anti-hijacking and theft system for the video information of the mobile terminal can be referred to the limitation of the anti-hijacking and theft method for the video information of the mobile terminal, and the description is omitted herein. The above-mentioned various modules in the video information anti-hijacking and theft system for mobile terminal can be implemented by means of all or part of software, hardware and their combination. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 6. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing m3u8 files, a logic operation database and a character comparison table. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a method for anti-hijacking and theft of video information for a mobile terminal.
In one embodiment, a computer device is provided that includes a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing a method for anti-hijacking and theft of video information for a mobile terminal when executing the computer program.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor implements a method for anti-hijacking and theft of video information for a mobile terminal.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions.
The above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (10)
1. The method for preventing hijacking and stealing of the video information of the mobile terminal is characterized by comprising the following steps:
when receiving video resources uploaded by a user through a mobile terminal, transcoding a transmission protocol of the video resources into an HLS protocol to obtain an m3u8 file, wherein the m3u8 file comprises video information;
encrypting the file content of the m3u8 file;
when a browser page entry request of the mobile terminal is received, a video link is sent to the mobile terminal page;
when a video acquisition request of the mobile terminal is received, the mobile terminal decrypts the m3u8 file and calls an HLS.js code library to decode the m3u8 file to obtain binary video data;
video data is drawn onto a canvas using WebGL technology for rendering on a browser's page.
2. The method for preventing hijacking and stealing video information on a mobile terminal according to claim 1, wherein the step of encrypting the content of the m3u8 file comprises the following steps:
reading an m3u8 file and converting the m3u8 file into binary data;
dividing binary data into n binary number segments, wherein each m bits of continuous binary number is a segment, and n and m are preset constants;
and carrying out logical operation of segment offset on the n-segment binary number segments to obtain the ciphertext of the m3u8 file.
3. The method for hijacking and stealing prevention of video information on a mobile terminal according to claim 1, wherein the step of encrypting the contents of the m3u8 file comprises the steps of:
reading an m3u8 file and converting the m3u8 file into binary data;
generating a section of binary data salt according to video information in the m3u8 file, and dividing binary data of the m3u8 file into n1 sections of data sections to be encrypted, wherein the data length of the data sections is the same as that of the data salt;
and performing exclusive OR operation on the n 1-section data section to be encrypted to obtain n 1-section ciphertext so as to complete encryption of the m3u8 file.
4. The method for hijacking and stealing prevention of video information on a mobile terminal according to claim 1, wherein, when receiving a request for entering a browser page on the mobile terminal, the step of sending a video link to the page on the mobile terminal is further performed by:
acquiring a source code of a player in a browser page;
and automatically packaging the source code by adopting a Webpack tool, and carrying out compression, confusion and/or encryption on the source code to obtain a processed player code.
5. The method for hijacking and stealing video information on a mobile terminal according to claim 4, wherein the step of automatically packing the source code using a weback tool and compressing, confusing and/or encrypting the source code to obtain a processed player code comprises the steps of:
performing dependency analysis on the source codes to extract codes belonging to a third party library from the source codes;
identifying a preset useless code file, useless variable codes and spaces in the source codes and deleting the useless variable codes and the spaces;
based on the preset character length, identifying the code segments representing the long character variable names and the long character function names in the source codes, and replacing the code segments representing the long character variable names and the long character function names with identification characters with shorter characters.
6. The method for hijacking and stealing video information on a mobile terminal according to claim 4, wherein the step of automatically packing the source code using a weback tool and compressing, confusing and/or encrypting the source code to obtain a processed player code further comprises the steps of:
acquiring codes representing original names of variables and original names of functions in source codes;
codes representing the original naming of variables and the original naming of functions are encoded as meaningless, unreadable obfuscated codes.
7. The method for hijacking and stealing video information on a mobile terminal according to claim 4, wherein the step of automatically packing the source code using a weback tool and compressing, confusing and/or encrypting the source code to obtain a processed player code further comprises the steps of:
executing a source code in a character string form by using an eval function of the JavaScript code to obtain a character string code;
and calling an encryption rule to perform character contrast conversion encryption on the character string codes to obtain player character string ciphertext.
8. A system for anti-hijacking and theft of video information at a mobile terminal, comprising:
the protocol conversion module is used for transcoding a transmission protocol of the video resource into an HLS protocol when receiving the video resource uploaded by a user through the mobile terminal, so as to obtain an m3u8 file, wherein the m3u8 file comprises video information;
the file encryption module is used for encrypting the file content of the m3u8 file;
the link acquisition module is used for sending the video link to the mobile terminal page when receiving a browser page entry request of the mobile terminal;
the video acquisition module is used for sending the encrypted m3u8 file to the mobile terminal when receiving a video acquisition request of the mobile terminal, decrypting the m3u8 file by the mobile terminal and calling an HLS.js code library to decode the m3u8 file to obtain binary video data;
and the video drawing module is used for drawing the video data onto a canvas by adopting the WebGL technology so as to be presented on a page of the browser.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of a method for anti-hijacking and theft of video information for a mobile terminal according to any one of claims 1 to 7 when the computer program is executed by the processor.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of a method for anti-hijacking and theft of video information for a mobile terminal according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310426347.1A CN116827914A (en) | 2023-04-19 | 2023-04-19 | Method and system for preventing hijacking and stealing of video information of mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310426347.1A CN116827914A (en) | 2023-04-19 | 2023-04-19 | Method and system for preventing hijacking and stealing of video information of mobile terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116827914A true CN116827914A (en) | 2023-09-29 |
Family
ID=88113468
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310426347.1A Pending CN116827914A (en) | 2023-04-19 | 2023-04-19 | Method and system for preventing hijacking and stealing of video information of mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116827914A (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106331751A (en) * | 2016-08-31 | 2017-01-11 | 广州易方信息科技有限公司 | Online encrypted slice video playing method based on iOS operating system |
CN109275030A (en) * | 2018-12-03 | 2019-01-25 | 南京森林警察学院 | WEB terminal key based on HLS technology obscures incorrect order video encryption method |
WO2019019370A1 (en) * | 2017-07-24 | 2019-01-31 | 平安科技(深圳)有限公司 | Processing method for live broadcast of audio and video, storage medium and mobile terminal |
CN111338631A (en) * | 2018-12-18 | 2020-06-26 | 北京奇虎科技有限公司 | Generation method and device of universal interface framework and computing equipment |
CN113259720A (en) * | 2021-06-15 | 2021-08-13 | 杭州当贝网络科技有限公司 | Video encryption method and system based on HLS protocol |
CN114007106A (en) * | 2021-12-15 | 2022-02-01 | 创盛视联数码科技(北京)有限公司 | H5 video encryption playing method |
-
2023
- 2023-04-19 CN CN202310426347.1A patent/CN116827914A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106331751A (en) * | 2016-08-31 | 2017-01-11 | 广州易方信息科技有限公司 | Online encrypted slice video playing method based on iOS operating system |
WO2019019370A1 (en) * | 2017-07-24 | 2019-01-31 | 平安科技(深圳)有限公司 | Processing method for live broadcast of audio and video, storage medium and mobile terminal |
CN109275030A (en) * | 2018-12-03 | 2019-01-25 | 南京森林警察学院 | WEB terminal key based on HLS technology obscures incorrect order video encryption method |
CN111338631A (en) * | 2018-12-18 | 2020-06-26 | 北京奇虎科技有限公司 | Generation method and device of universal interface framework and computing equipment |
CN113259720A (en) * | 2021-06-15 | 2021-08-13 | 杭州当贝网络科技有限公司 | Video encryption method and system based on HLS protocol |
CN114007106A (en) * | 2021-12-15 | 2022-02-01 | 创盛视联数码科技(北京)有限公司 | H5 video encryption playing method |
Non-Patent Citations (1)
Title |
---|
李皓等: "一种基于HLS的安全直播方案", 中国传媒大学(自然科学版), vol. 25, no. 4, pages 3 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9094733B2 (en) | Methods and systems for cryptographic access control of video | |
US9014374B2 (en) | Protecting video as it is decoded by a codec | |
US20160294781A1 (en) | Partial or complete image obfuscation and recovery for privacy protection | |
US8824728B2 (en) | Method and system for tracking illegal distributor and preventing illegal content distribution | |
CN107302706B (en) | Image anti-hotlinking method and device and electronic equipment | |
US9712845B2 (en) | Media content processing method | |
CN108965882B (en) | Encoding and decoding method and device | |
Bhautmage et al. | Advanced video steganography algorithm | |
CN110881142A (en) | Audio and video data encryption and decryption method and device based on rtmp and readable storage medium | |
CN108833921B (en) | Encoding and decoding method and device | |
CN101355695A (en) | Encoding and decoding method for protecting stream medium video content copyright | |
Shivani et al. | Providing security and privacy to huge and vulnerable songs repository using visual cryptography | |
CN111836054B (en) | Video anti-piracy method, electronic device and computer readable storage medium | |
EKA NINGSIH et al. | MP4 VIDEO STEGANOGRAPHY USING LEAST SIGNIFICANT BIT (LSB) SUBSTITUTION AND ADVANCED ENCRYPTION STANDARD (AES). | |
CN108848382B (en) | Encoding and decoding method and device | |
CN116827914A (en) | Method and system for preventing hijacking and stealing of video information of mobile terminal | |
CN113613015A (en) | Tamper-resistant video generation method and device, electronic equipment and readable medium | |
KR102186480B1 (en) | Apparatus for packaging DRM contents and system comprising it and method for packaging DRM contents | |
KR20210143553A (en) | Video encryption and decryption method and apparatus | |
CN103533457A (en) | Multimedia digital watermark embedding and separation methods and multimedia digital watermark embedding and separation devices | |
CN104272748A (en) | Encryption-resistant watermarking | |
KR102477310B1 (en) | DRM contents parallel packaging device and system comprising it and method for DRM contents parallel packaging | |
CN118590681B (en) | Internet-based teaching data secure transmission method and system | |
CN111698534B (en) | Video processing method and device, electronic equipment and storage medium | |
CN118250494B (en) | Video copyright protection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |