CN116954646A - Code decoupling protection method based on TF card firmware extension - Google Patents
Code decoupling protection method based on TF card firmware extension Download PDFInfo
- Publication number
- CN116954646A CN116954646A CN202310717299.1A CN202310717299A CN116954646A CN 116954646 A CN116954646 A CN 116954646A CN 202310717299 A CN202310717299 A CN 202310717299A CN 116954646 A CN116954646 A CN 116954646A
- Authority
- CN
- China
- Prior art keywords
- code
- card
- host
- remote
- sector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000006870 function Effects 0.000 claims abstract description 53
- 230000008569 process Effects 0.000 claims abstract description 6
- 238000002955 isolation Methods 0.000 abstract description 21
- 238000012545 processing Methods 0.000 abstract description 12
- 230000006399 behavior Effects 0.000 abstract description 3
- 239000007787 solid Substances 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 6
- 238000000926 separation method Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a code decoupling protection method based on TF card firmware extension, and belongs to the technical field of safety isolation. The invention separates the key code to operate under two (or more) execution environments (host and remote execution environment) by decoupling the key code to CPU and other devices (including solid state disk master, U disk master chip, TF card master chip, etc.). And expanding the TF card, and decomposing the key code into a host code and a remote code to be executed separately. The two execution domains do not share memory and are in an asymmetric form. The preset code does not need to be written into the TF card by the host computer, and the host program can directly call the functions of the preset code for data processing. If the TF card is found to execute unauthorized illegal operation, a self-destruction measure is started. The key code decoupling is a core, dividing an execution domain is a precondition, and directly calling the TF card function to process data is a necessary condition. The invention effectively avoids malicious behaviors from the host computer and has stronger universality.
Description
Technical Field
The invention relates to an asymmetric heterogeneous code decoupling protection technology, in particular to a code decoupling protection method based on TF card firmware extension, and belongs to the technical field of safety isolation.
Background
As networks grow in size, the computers used by users may face a variety of threats. Computers therefore require a trusted execution environment, called a trusted execution environment, to ensure the integrity, confidentiality, security of sensitive data.
To build a trusted execution environment to run sensitive code, a variety of security isolation techniques have been proposed, such as hardware isolation techniques, software isolation techniques, system level isolation techniques.
Hardware isolation technology: a physically isolated execution environment is provided by a hardware unit that is integrally isolated from the host. Whether application software executing in the environment can access the hardware unit depends on whether the computer system grants its rights. Sensitive data, related security functions, can thus be stored in this hardware unit, limiting access to illegal software and malicious hosts.
Software isolation techniques: the software isolation technology is to construct an isolated execution environment through the software technology, and unauthorized illegal software can be limited to acquire private data in the memory without modifying bottom hardware.
System level isolation techniques: the system level isolation technique is a combination of hardware isolation techniques and software isolation techniques. The system not only modifies or perfects the bottom hardware, but also is matched with corresponding driving software, thereby constructing a trusted execution environment capable of safely running programs in the system.
However, the conventional system-level isolation technique is often assisted by an application-level driver while adding hardware extensions to the CPU. This approach, while effective in achieving protection of trusted code, presents a number of problems. If the isolation technology is realized through hardware expansion, the problem is overload power consumption, the efficiency of the CPU is reduced, the performance of the CPU is influenced, and meanwhile, the flexibility is reduced and the updating iteration speed is slower due to the fact that the existing hardware expansion is adopted. If a virtualization technology is adopted, the volume of the virtual machine is huge, and the loopholes are numerous, so that the system is threatened in terms of safety; the huge volume of the system also affects the operation of the host operating system.
For this purpose, a security isolation technique is proposed that breaks down critical code into host code and remote code for separate execution in asymmetric heterogeneous separation. The two execution domains do not share memory and are in an asymmetric form. The preset codes do not need to be written into a universal device (such as a TF card) by a host, and the host program can directly call the functions of the preset codes to perform data processing, so that an attacker is prevented from analyzing and cracking the core algorithm of the host program.
Disclosure of Invention
The invention aims to solve the defects of the prior art and provides a code decoupling protection method based on TF card firmware expansion.
According to the invention, key codes are decoupled to the CPU and other devices, and the key codes are separated and run in a host and remote execution environment; expanding the TF card, and decomposing the key code into a host code and a remote code to be executed separately; the two execution domains do not share the memory and are in an asymmetric form; the preset codes do not need to be written into the TF card by the host, and the host program can directly call the functions of the preset codes to process data; if the TF card is found to execute unauthorized illegal operation, a self-destruction measure is started.
The aim of the invention is achieved by the following technical scheme.
A code decoupling protection method based on TF card firmware extension comprises the following steps:
the basic terms involved are first defined as follows:
sector: a memory area having a fixed capacity;
sector-: a sector for realizing the function, wherein the sector stores the related function;
sector-enable: a sector implementing an enable execution environment function;
sector-receive: a sector implementing a function of receiving remote code;
sector-code: a sector implementing a store remote code function;
sector-execution: a sector implementing the function of executing remote code;
RCEBuf: the buffer area is arranged in the TF card main control XRAM unit;
seg ×: in the embodiments, specific sectors are indicated, and the x is the specific number of the sector;
step 1, the extended TF card builds an isolated execution environment,
step 2, developing a separate execution device comprising an extended input/output interface, an enabling execution environment, a remote receiving code, executing the remote code, separating the execution environment and loading preset code functions; wherein,,
step 2.1, expanding an input/output interface, specifically:
the deployment of the isolated execution environment and the execution of the remote code cannot influence the normal data storage function of the TF card, so that additional processing is required for reading and writing of a specific sector. The function expansion is needed, the LBA address is judged when the sector is read or written, the corresponding operation is determined according to the LBA address, and the normal operation of the data read-write function is ensured.
Step 2.2, enabling an execution environment, specifically:
when the host reads the sector-enable, the module enables an isolated execution environment, allowing the TF card to receive and execute remote code.
Step 2.3, receiving a remote code, specifically:
when the host writes the remote execution code (composed of machine instructions) into the sector-receiver, the receiving remote code module in the TF card firmware redirects the code into the sector-code while saving the code to the specific data segment RCEBuf of the master XRAM unit, and the code in the data segment can be directly executed as code. Thus, reading the sector-send does not obtain remote execution code.
Step 2.4, executing remote codes, specifically:
when the host reads the sector-execution of the specific sector, an execution remote code module in the TF card firmware executes the code at the RCEBuf, and the execution result is stored in the XRAM of the master control and returned to the host.
Step 2.5, separating execution environments, specifically:
when the host computer performs evidence collection analysis on the TF card, the TF card firmware monitors illegal reading operation on the reserved sector, the self-destruction module is executed, the memory is cleaned, remote codes in the extended sector are deleted, and the TF card isolation execution environment is disabled.
Step 2.6, loading a preset code, which specifically comprises the following steps:
the preset code module in the firmware provides various cryptographic algorithms such as hash, custom stream encryption and the like for remote code call, and after the remote code is executed, the preset code module can be called to further encrypt the execution result and the like, thereby improving the safety.
Step 3, the interaction flow of the host and the TF card is as follows:
and 3.1, enabling the TF card to isolate the execution environment, specifically.
Before the host code executes the security sensitive operation which needs to be executed separately, the firmware read-write interface is called to read the sector-enable.
And 3.2, writing the TF card by the host, specifically.
The host calls a firmware read-write interface, remote codes needing to be separately executed are written into a TF card sector-receiver, and after the TF card receives codes from the host, the codes are redirected into an XRAM and a sector-code.
And 3.3, the host reads the TF card, specifically.
The host calls a firmware read-write interface to read the sector-execution, the TF card executes the remote code and returns the result in the XRAM to the host.
And 3.4, after the host receives the processing result, executing the host code.
Advantageous effects
Compared with the prior art, the asymmetric heterogeneous separation execution environment based on the universal device provided by the invention has the following advantages:
1. the original hardware is not modified, the flexibility of updating iteration is increased, the physical modification of the original hardware is skillfully avoided, and the isolation of a physical layer is realized. The security execution domain is arranged on an external general device, so that malicious behaviors from a host can be effectively avoided.
2. The matched functions do not need to be independently developed for the universal device; the related functions are realized by directly using the tools such as a command processing interface, a key data unit, a read-write buffer area management interface and the like of the universal device, and the universal device has stronger universality without carrying out independent development work.
Drawings
FIG. 1 is a schematic diagram of a system architecture of a code decoupling technique based on TF card firmware expansion;
FIG. 2 is a schematic flow chart of a code decoupling technique based on TF card firmware expansion;
fig. 3 is a schematic diagram of a sector structure configuration in an embodiment of a code decoupling technology based on TF card firmware extension according to the present invention;
fig. 4 is a schematic flow chart of a code decoupling technology embodiment based on TF card firmware expansion according to the present invention.
Detailed Description
The invention will now be described in detail with reference to the drawings and specific examples.
Examples
In order to construct an asymmetric heterogeneous separation execution environment, the embodiment needs to establish an execution environment of remote execution codes in a TF card:
the basic terms involved in this embodiment are defined as follows:
seg ×: in the embodiments, specific sectors are indicated, and the symbols are specific numbers of the sectors.
x_sd_function_sector_position: the function, the sector and the specific position of the original related function pointer using sd protocol in the TF card are shown. For example, x_sd_read_seg005_d4e9 represents the read function at the location of sectors seg005, D4E9.
X_Y_Z: representing a self-defined function, X, Y, Z describes its function. For example, execution_remote_code indicates that the function is functional to execute remote code.
RCEBuf: and the buffer area is arranged in the TF card main control XRAM unit.
(address information) ·n: an n-th bit binary memory representing the address. For example, (2C 19). 2 represents the 2 nd bit binary data stored for a memory address of 0x2C 19. For another example, (ram_16). 2 represents the 2 nd bit binary data stored in the memory area ram_16.
Step 1, modifying the TF card based on the asymmetric heterogeneous separation execution environment of the TF card firmware extension by the following technical scheme:
the memory structure is adjusted first to realize the use of one code segment to hold the firmware program. And then carrying out reverse analysis and function expansion on the firmware program, wherein the flow is as follows:
1. function of processing read-write command
1.1 adding LBA address conversion function, which is convenient for read-write operation of TF card sector.
1.2 modifying the read sector function to support the functions of enabling the isolation environment, executing remote code and disabling the isolation environment of the TF card.
1.3 modify the write sector function to support the host to transfer remote code to the TF card.
2. Processing access addresses of read-write commands
And taking the storage address of the logic block address as the memory access address of the read-write command.
3. Read-write buffer management
The host writes the data with sector address of LBA, and according to the lower 6 bits of LBA, the data is stored in the corresponding buffer area first, and then written into the flash memory. When the sector content is read out, the sector data is stored in the initial position of the read-write buffer according to the reading sequence.
After analysis, firmware is modified, updated and downloaded according to the function of the preset function of the universal device.
The modification content is as follows:
(1) When the host reads and writes the LBA, the LBA is modified according to the requirement, and the isolation protection of the TF card sector is realized.
(2) And intercepting the sector reading function to realize the function of executing remote codes when reading a specific sector.
(3) The write sector function is intercepted and the function of saving remote code into the XRAM when writing into a specific sector is realized.
(4) All 0 free memory space is set to accommodate firmware extensions.
(5) The TF card state is set and the CSD register is checked for power up.
(6) The CSD registers are saved to the configuration sector.
(7) The erased TF card area is set in order to protect a specific area (erase is prohibited).
After the firmware is downloaded, additional memory space is obtained, and the additional space can store remote codes. The user cannot read the content in the extra memory space and thus cannot read the remote code written therein.
In addition, a preset code is set in the universal device, and the host program can call the preset code to process data and obtain a data processing result. The preset code is located in the firmware program, and the standard SD protocol can only read the data of the general device, and cannot obtain the content of the preset code. Therefore, an attacker can only learn the data processing result, and cannot analyze the data processing procedure.
The preset code is implanted into the firmware in advance when updating the TF firmware, without the host transmitting to the TF card. In order to conveniently call the preset codes, a jump table is arranged at the back of the buffer area, and the entry of each preset code is jumped to.
And finally, setting a self-destruction program, and executing the self-destruction program if the universal device is abnormally operated. The specific process is as follows:
(1) Erasing the additional sectors after the universal device firmware is downloaded, and clearing the stored remote codes;
(2) The status bit of the generic device is set to indicate the current state (e.g., initialization, self-destruct, normal, etc.) and the CSD register contents are set.
(3) The CSD register content is written into a configuration sector of the universal device, after the checking state is the self-destruction state, the universal device no longer processes functions related to enabling, writing, executing remote codes and the like, and the universal device execution domain no longer functions.
1. Memory structure adjustment
The problem that one code segment cannot accommodate a firmware program is solved by using a segment switching technology. By analyzing the code format by the firmware program, seg000 is known as ROM code (not updatable, solidified inside the TF card master control).
seg005 is a resident code that fixedly occupies 12KB at 0xC000-0xEFFF, corresponding to 0x 20-0 x301F for sCode. seg006-seg022 is a switchable code, 8KB at 0xA000-0xBFF, 17 segments total, corresponding to 0x 3020-0 x501F, 0x 5020-0 x701F, etc. of sCode.
The firmware program is loaded into the IDA Pro and each code segment is generated according to the above layout.
When a function in 0xA000-0xBFF is called, the function entry address is placed in the DPTR and jumps to a different instrumentation entry. E.g., 0x23C9 corresponds to seg006, 0x23DC corresponds to seg007, etc.
2. Reverse analysis
(1) Processing a function of a read-write command, storing data as codes in an XRAM of a main control when writing into a specific sector, and allowing remote execution and remote code execution when reading out the specific sector;
seg005 is a resident code that fixedly occupies 12KB at 0xC000-0xEFFF, corresponding to 0x 20-0 x301F for sCode. seg006-seg022 is a switchable code, 8KB at 0xA000-0xBFF, 17 segments total, corresponding to 0x 3020-0 x501F, 0x 5020-0 x701F, etc. of sCode.
When a function in 0xA000-0xBFF is called, the function entry address is placed in the DPTR and jumps to a different instrumentation entry. E.g., 0x23C9 corresponds to seg006, 0x23DC corresponds to seg007, etc.
SD protocol is adopted between TF card and host, and supported commands are CMD and ACMD. In firmware, there are 1 index table to handle these commands. For example, for CMD17, CMD18 (read one sector, read a plurality of sectors), after receiving the CMD17 or CMD18 command, the master fetches the function pointer, i.e., x_sd_read_seg005_d4e9, from items 17, 18 of x_sd_off. For CMD24, CMD25 (writing one sector, writing a plurality of sectors), after receiving a CMD24 or CMD25 command, the master fetches the function pointer x_sd_write_seg005_d682 from items 24, 25. The command number is read from the 0x2C74 port and stored in the 0x7E6 memory cell.
(2) The sector address of the read-write command is the save location of LBA (Logical Block Address); the code at the positions of seg005, D3C 1-D3E 0 reads the 32-bit LBA from the ports of 0x2C 78-0 x2C7B and stores the 32-bit LBA in 4 units of 0x 080C-0 x 080F.
(3) Buffer management: the location of the host data in the XRAM when writing to the sector; how data (the result of execution of the remote code) is returned to the host when the sector is read. The read-write buffer ranges from 0x4000 to 0x7FFF, is 16KB in size, and can accommodate 32 sectors (index 0-31). The host writes the data into the sector with the sector address of LBA, stores the data in the corresponding buffer area according to the lower 6 bits of LBA, and writes the data into the flash memory. When the sector contents are read out, sector data are stored in 0x4000 in the read-out order.
3. Firmware update modification and download
The sectors 0x 700-0 x7FF are defined as reserved sectors, and the reserved sectors cannot be read or written for normal operation of the TF card. Thus, the operation of reading this portion of the reserved sector is taken as a trigger for self-destruction. The sector configuration is shown in figure three.
The TF card firmware modifying part is as follows.
(1) When seg005 stores LBA in 0x 080C-0 x080F unit, it is convenient for host computer to read and write LBA, and the LBA is modified according to the need, to realize isolation protection of TF card sector.
(2) At seg005, the sector function pointer is read in order to intercept the read sector function, execute remote code when reading a particular sector, etc.
(3) The remote code is saved in the XRAM when seg005 writes to the sector function pointer in order to intercept the write sector function, writing to a particular sector.
(4) Set to all 0 free memory space at seg005 in order to accommodate firmware extensions.
(5) The TF card status is set at seg007 and the CSD registers are checked for power up.
(6) Set to all 0 free memory space at seg007 in order to accommodate the firmware extension program.
(7) At seg010 the TF card status is saved into the configuration sector in order to save the CSD registers into the configuration sector.
(8) Set to all 0 free memory space at seg010 to accommodate firmware extensions.
(9) An erase TF card area is set at seg013 in order to protect a specific area (erase is prohibited).
(10) Set to all 0 free memory space at seg013 in order to accommodate firmware extensions.
The original capacity of the TF card is 0x074B8000 sector, and after firmware download (mass production), the capacity is 0x07860000 sector. While the TF card has a visible capacity of 0x074B8000 sectors, the extra space can hold additional remote codes. The user cannot read the portion of the LBA exceeding 0x074B8000 and therefore cannot read the remote code written into the 0x0785FFF9 sector, the remote code format is as follows.
Table one: remote code format
Step 2, remote execution environment design
Step 2.1I/O interface expansion
Reading the 0x01020305 sector allows the TF card to receive and execute remote code.
When writing 0x01020306 sector, the TF card firmware saves the written 512 bytes of data in the XRAM cell (0 xREE 4-0 xE0E3, RCEBuf) of the master. The data for this region may be executed directly as code. Data is redirected to write into the 0x0785FFF9 sector, so when reading the 0x01020306 sector, no remote code is read.
When reading a 0x01020307 sector, the code at 0 xREE 4 is executed instead of reading the flash data. Execution results in 0x4000, 512 bytes of data at 0x4000 are returned to the host. The execution is as in figure four.
Step 2.2 enabling execution Environment
Check in hook_sd_read if LBA at 0x80C is 0x01020305, and if equal, set RAM_16.0 to 1.
Only when ram_16.0 is 1 will the firmware program handle the saving of remote code (writing to the 0x01020306 sector) and the execution of remote code (writing to the 0x01020307 sector). Step 2.3, TF card receives remote code
When the host writes the remote code to the 0x01020306 sector, the firmware program modifies the LBA to 0x0785fff9, setting RAM_16.1 to 1.
In hook_sd_write, a write function (x_sd_write_main_d682) is first performed, and the firmware code is written to the 0x0785fff9 sector. After that, the ram_16.1 flag is checked, and when it is equal to 1, 512 bytes of data of the buffer are copied into RCEBuf.
The first byte of the remote code is the identification (0 x 5A), the next 3 bytes are the jump instruction, and jump to the execution entry of the remote code. The remote code execution results are saved in 0x4000 (512 bytes total).
Step 2.4, executing remote code
When the 0x01020307 sector is read, the program at execution_remote_code is executed. Checking the identity at 0 xREE 4, when equal to 0x5A, calls the code at 0 xREE 5, i.e. executes the remote code.
Thereafter, the length of the buffer to be transferred (0 x0207 unit) is set to 0x0200 bytes (512 bytes), and x_send_2_host_seg000_45ed is called again to transfer the content at 0x4000 to the host. The host can read the execution result of the remote code.
Step 2.5, separating execution Environment
During evidence collection analysis, full-disk copying operation is carried out on the TF card, and the whole content of the TF card is copied to an image file on a computer, so that deep analysis is facilitated.
For sectors at 0x 700-0 x7FF (256 sectors, 128 KB), it belongs to reserved sectors. The TF card will not read the contents of these sectors when operating normally.
Thus, a read operation for this 128KB reserved region can be taken as a trigger condition for self-destruction. When this area is read, ram_16.3 is set to 1.
After reading the sector is complete, the ram_16.3 flag is determined in hook_sd_read. And when the self-destruction operation is equal to 1, executing the self-destruction operation.
Calling erase_area_d, erasing additional sectors (range is 0x074B 8000-0 x0785 ffff) of the TF card, and clearing the stored remote codes;
set_e_state is called, (2c19). 2=1, indicating that the TF card enters a self-destruct state. (2C 19). 0=1, indicating that the TF card has been initialized. (in normal state, (2C 19). 7=1, indicating that the TF card visible sector is 0x074B8000, (2C 19). 0=1). 16 bytes at 0x2C 18-0 x2C27 are CSD registers (128 bits total) of the TF card. (2C 19) 15-8 bits corresponding to the CSD register. The CSD content in the normal state is:
2C18 39 00 40 0A 80 7F DF D2 01 00 59 5B 2B 00 0E 40
and calling a store_state, and writing the CSD register into a configuration sector of the TF card.
When the TF card is powered on, the seg007_AF93 function reads the content of the configuration sector, and copies the content of the CSD register to 0x2C 18-0 x2C 27. The instruction at seg007, B0A6, is intercepted, the contents of which are checked (2C 19) by check_csd_lun_state, after which it is set to 0 (normal value).
(2C19) When 2 is equal to 1, ram_17.2=1 is set, indicating that the self-destruction state has been entered.
When ram_17.2=1, the functions related to enabling, writing, executing remote code, etc. are not processed any more, and the TF card execution domain is no longer functional.
Step 2.6 loading preset code
The preset code is pre-embedded in firmware as part of the firmware extension program when updating the TF firmware, without the host having to transmit to the TF card.
In order to conveniently call the preset codes, a jump table is arranged behind the RCEBuf, and the entry of each preset code is jumped to. Jump tables such as:
for example, execution of ljmp E0E4 may call preload_code_1 without having to know the real physical address of preload_code_1.
Step 3, the interaction flow of the host and the TF card is as follows:
step 3.1, enabling TF card isolation execution Environment
Using plscsi tool, using plscsi-p-v-x "28 00 01020305 0000 01 00" -i 0x200 command, write TF card 0x01020305 sector, enabling TF card isolation execution environment.
Step 3.2, the host writes in the TF card
And compiling and generating a hex file of the target program by using a keil c51 development environment, converting the hex file into a bin file by using a hex2bin tool, modifying the bin file by using a winhex tool, and adding four bytes in front of the whole content, such as 0x5A 0x02 0xE0 0x45 (0 xE045 is a program entry address), so as to obtain the target bin file. The target bin file is written to the TF card 0x01020306 sector using a plscsi-p-v-x "2A 00 01020306 0000 01 00" -o 0x200-f (target bin file name) command.
Step 3.3, the host reads the TF card
Using plscsi-p-v-x "28 00 01020307 0000 01 00" -i 0x200 command, the result of TF card transmission back to host side is received.
Step 3.4, after the host receives the processing result, executing the host code
The remote code transmitted to the TF card by the host computer is a binary machine code stream. The jump instruction and the call instruction can be used in the remote code, the preset code address is matched, the algorithm in the preset code module is further called, the encryption and other treatments on the result are completed, and the safety is improved.
The invention skillfully avoids the physical change of the original hardware and realizes the isolation of the physical layer. The security execution domain is arranged on an external general device, so that malicious behaviors from a host can be effectively avoided.
Claims (1)
1. A code decoupling protection method based on a TF card is characterized in that: by decoupling the key code to the CPU and other devices, the key code runs separately under the host and remote execution environments; expanding the TF card, and decomposing the key code into a host code and a remote code to be executed separately; the two execution domains do not share the memory and are in an asymmetric form; the preset codes do not need to be written into the TF card by the host, and the host program can directly call the functions of the preset codes to process data; if the TF card is found to execute unauthorized illegal operation, starting self-destruction measures; the method specifically comprises the following steps:
step 1, the extended TF card builds an isolated execution environment,
step 2, developing a separate execution device comprising an extended input/output interface, an enabling execution environment, a remote receiving code, executing the remote code, separating the execution environment and loading preset code functions; wherein,,
and 3, the host interacts with the TF card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310717299.1A CN116954646A (en) | 2023-06-16 | 2023-06-16 | Code decoupling protection method based on TF card firmware extension |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310717299.1A CN116954646A (en) | 2023-06-16 | 2023-06-16 | Code decoupling protection method based on TF card firmware extension |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116954646A true CN116954646A (en) | 2023-10-27 |
Family
ID=88461007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310717299.1A Pending CN116954646A (en) | 2023-06-16 | 2023-06-16 | Code decoupling protection method based on TF card firmware extension |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116954646A (en) |
-
2023
- 2023-06-16 CN CN202310717299.1A patent/CN116954646A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7121112B2 (en) | secure storage device | |
| US5469556A (en) | Resource access security system for controlling access to resources of a data processing system | |
| US9275229B2 (en) | System to bypass a compromised mass storage device driver stack and method thereof | |
| US7636856B2 (en) | Proactive computer malware protection through dynamic translation | |
| EP1342145B1 (en) | Write protection for computer long-term memory devices | |
| CN107851162B (en) | Techniques for secure programming of a cryptographic engine for secure I/O | |
| EP0516682B1 (en) | Method and apparatus for controlling access to and corruption of information in computer systems | |
| US5748888A (en) | Method and apparatus for providing secure and private keyboard communications in computer systems | |
| KR100975981B1 (en) | Trusted client utilizing security kernel under secure execution mode | |
| US9460276B2 (en) | Virtual machine system, confidential information protection method, and confidential information protection program | |
| CN110119302B (en) | Virtual machine monitor and virtual trusted execution environment construction method | |
| US20080052709A1 (en) | Method and system for protecting hard disk data in virtual context | |
| RU2565514C2 (en) | Functional virtualisation means for blocking command function of multifunctional command of virtual process | |
| CN107787495B (en) | Secure input/output device management | |
| US8612708B2 (en) | Hardware data protection device | |
| US8327137B1 (en) | Secure computer system with service guest environment isolated driver | |
| Morgan et al. | Bypassing IOMMU protection against I/O attacks | |
| CN116583840A (en) | Fast peripheral component interconnect protection controller | |
| US11544413B2 (en) | Cryptographic key distribution | |
| Breuk et al. | Integrating DMA attacks in exploitation frameworks | |
| CN112256396B (en) | Memory management method and system, security processing device and data processing device | |
| US10572687B2 (en) | Computer security framework and hardware level computer security in an operating system friendly microprocessor architecture | |
| WO2010041259A2 (en) | Device and method for disjointed computing | |
| CN116954646A (en) | Code decoupling protection method based on TF card firmware extension | |
| Zhong et al. | A virtualization based monitoring system for mini-intrusive live forensics |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |