JP4837506B2 - Program obfuscation method and program - Google Patents

Description

  The present invention relates to a program obfuscation method and a program for making it difficult to analyze an algorithm included in the program.

  In general, software may include information that should be kept secret from users, such as valuable algorithms and content encryption keys. On the other hand, many technologies (RE: Reverse Engineering) for analyzing software have been developed. For this reason, when software is analyzed by these techniques, there is a threat that secret information is obtained by unauthorized persons.

  For such threats, there is a technique called obfuscation that makes software analysis difficult while maintaining software specifications. For example, as a software obfuscation by encoding a variable, a method of encoding a variable in a source code by linear transformation has been proposed (see, for example, Non-Patent Document 1). This method is intended to make software analysis difficult by encoding a variable X (= ax + b) by linear transformation of a single variable x, and is used here for linear transformation. The integers a and b are secret keys. In addition, this method aims at hiding the values and operations of variables in the source code.

There is also a technology to conceal the number of variables used in the original program and the reference / substitution relationship between the variables, and to increase the number of secret key candidates to obfuscate highly resistant programs. (For example, refer to Patent Document 1).
Sato et al., IEICE Technical Report, Vol. IT-2002-49, pp. 13-18, Mar. 2002 "Program obfuscation by data encoding and operator conversion" JP 2006-79347 A

  However, according to the technique disclosed in Non-Patent Document 1 above, the number of variables used in the source code before obfuscation can be concealed, even though the values and operations of the variables in the source code can be concealed. In addition, it was impossible to conceal the relationship of reference and substitution between variables. In addition, the number of secret key candidates is small, and it is considered vulnerable to attacks by searching for all secret keys.

  Further, in the technique disclosed in Patent Document 1, since an integer value included in a program is a target for encoding, a program that hardly includes arithmetic operations or a program that uses only real type variables. There is a problem that the effect is small.

  Therefore, the present invention has been made in view of the above-described problems, and an object thereof is to provide a program obfuscation method and program that are not limited to integer values but have a wide application range.

  The present invention proposes the following items in order to solve the above problems.

(1) The present invention is a program obfuscation method for making it difficult to analyze an algorithm included in a program. The program is read by reading means , and continuous instructions included in the source code of the read program are cut out. A first step of setting a control variable for managing the execution order of the program by a setting unit; and a step of encoding the control variable set by the setting unit by an encoding unit . And a program obfuscation method characterized by comprising two steps.

  According to the present invention, the control structure of the program is smoothed, the control variable for managing the execution order of the program is set, and the control variable is encoded. Therefore, not only integer values but also control variables can be encoded.

(2) The present invention relates to the program obfuscation method of (1), wherein the first step reads the program by the reading means , and uses the cutout means to execute consecutive instructions included in the source code of the read program. a step of cutting into blocks, a control variable for controlling the execution order of the blocks cut out by the cutout unit, a step of setting by the setting unit, in each of the blocks cut out by the cutout unit takes control variables A step of assigning a power value by the assigning means, a step of arranging the blocks cut out by the cut- out means in parallel using a switch statement or an if statement, and a value of the control variable set by the setting means Assigned to the next block to be executed The process of rewriting the control variable values, proposes a step of adding the last block cut respectively, a program obfuscation method characterized by including the additional means.

  According to the present invention, as a method for setting a control variable for smoothing the control structure of a program and managing the execution order of the program, continuous instructions included in the source code are cut out in block units, and the execution order of the cut out blocks Set control variables to control Then, a value to be taken by the control variable is assigned to each of the cut out blocks, and the cut out blocks are arranged in parallel using a switch statement or an if statement, and the value of the control variable is assigned to the block to be executed next. The process of rewriting to the control variable value is added to the end of each extracted block.

(3) The present invention relates to the program obfuscation method of (1) or (2), wherein the second step includes n control variables (where n is a positive integer) that is encoded by the encoding means. Are arbitrarily selected by the selecting means, an m × n matrix (where m is a positive integer satisfying m ≧ n) and an arbitrary m-dimensional vector are generated by the generating means , and the generating means the resulting matrix and vector as the conversion key, a linear transformation to the m control variables simultaneously the n control variables selected by the selecting means, to include the steps of encoding by said encoding means We propose a program obfuscation method characterized by

  According to the present invention, n variables (where n is a positive integer) to be encoded are arbitrarily selected, an m × n matrix (where m is a positive integer satisfying m ≧ n), and an m-dimensional variable. Generate an arbitrary vector. Then, using the generated matrix and vector as a conversion key, n variables are linearly converted and m control variables are encoded simultaneously.

  Therefore, since n control variables in the program are simultaneously encoded into m control variables by linear transformation, the number of control variables used in the program is concealed, and at the same time, the reference and substitution relationship between the control variables Can also be concealed. In addition, since the matrix and the vector are used as the conversion key, the number of key candidates can be increased. Thereby, obfuscation of highly resistant software can be realized.

(4) The present invention is a program for causing a computer to execute a program obfuscation method for making it difficult to analyze an algorithm included in the program. The program is read, and the continuous code included in the source code of the read program the instruction cut into blocks, and wherein a first step of setting a control variable for managing the execution sequence of the program, a second step of encoding the control variables, that causes a computer to execute the Propose a program to do.

  According to the present invention, the control structure of the program is smoothed, the control variable for managing the execution order of the program is set, and the control variable is encoded. Therefore, not only an integer value but also a control variable can be a target of encoding, and such processing can be automatically executed by a program.

(5) According to the present invention, in the program of (4), the first step is a step of cutting out consecutive instructions included in the source code in units of blocks, and controlling the execution order of the cut out blocks Declaring a control variable, assigning a value to be taken by the control variable to each of the cut-out blocks, arranging the cut-out blocks in parallel using a switch statement or an if statement, and the control variable proposes a program characterized by including a step of adding value then rewritten to run controlled variable value assigned to the block is processed to the the end of each cut-out block.

  According to the present invention, as a method for setting a control variable for smoothing the control structure of a program and managing the execution order of the program, continuous instructions included in the source code are cut out in block units, and the execution order of the cut out blocks Set control variables to control Then, a value to be taken by the control variable is assigned to each of the cut out blocks, and the cut out blocks are arranged in parallel using a switch statement or an if statement, and the value of the control variable is assigned to the block to be executed next. The process of rewriting to the control variable value is added to the end of each extracted block.

(6) According to the present invention, in the program of (4) or (5), the second step is a first step of arbitrarily selecting n (n is a positive integer) control variables to be encoded. , M × n matrix (where m is a positive integer satisfying m ≧ n) and an arbitrary vector of m dimensions, and the n control variables are linearly converted using the generated matrix and vector as a conversion key. conversion to propose a program which comprises the steps of encoding the m control variables simultaneously.

  According to the present invention, n variables (where n is a positive integer) to be encoded are arbitrarily selected, an m × n matrix (where m is a positive integer satisfying m ≧ n), and an m-dimensional variable. Generate an arbitrary vector. Then, using the generated matrix and vector as a conversion key, n variables are linearly converted and m control variables are encoded simultaneously.

  Therefore, since n control variables in the program are simultaneously encoded into m control variables by linear transformation, the number of control variables used in the program is concealed, and at the same time, the reference and substitution relationship between the control variables Can be concealed, and such processing can be automatically executed by a program. In addition, since the matrix and the vector are used as the conversion key, the number of key candidates can be increased. Thereby, obfuscation of highly resistant software can be realized.

  According to the present invention, since a control variable is introduced into a program and the variable is a target for encoding, obfuscation of highly resistant software is realized even for a program that does not include a variable that can be directly encoded. There is an effect that can be done.

  Moreover, the security in various services can be improved by using the technique of the present invention. Specifically, there are effects of protecting copyrights related to software such as Java (registered trademark) and Brew (registered trademark) and preventing information leakage to unauthorized persons who attempt to analyze programs illegally.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
Note that the constituent elements in the present embodiment can be appropriately replaced with existing constituent elements and the like, and various variations including combinations with other existing constituent elements are possible. Therefore, the description of the present embodiment does not limit the contents of the invention described in the claims.

<Processing flow>
A general process of the program obfuscation method according to the embodiment of the present invention will be described with reference to FIGS. 1 and 3 to 7.

  First, as shown in FIG. 3, continuous instructions included in the source code (program) are cut out as blocks (B1 ;, B2 ;, B3; in the figure) (step S101). Next, a control variable (“int c” shown in FIG. 4) for controlling the execution order of the blocks is declared (step S102).

  Further, in each block (B1; B2; B3; in FIG. 3), a value to be taken by the control variable (“5” for B1; shown in FIG. 5; “9” for B2; (3) is assigned to B3; (step S103).

  Next, as shown in FIG. 6, the blocks are arranged in parallel using a switch statement or an if statement (step S104). In the decision statement of the conditional branch instruction, it is determined whether the value of the control variable is equal to the value assigned to each block in step S103, and control is performed at the head of the block to which the value equal to the value of the control variable is assigned. Move.

  Further, as shown in FIG. 7, the process of rewriting the value of the control variable to the value assigned to the block to be executed next (c = 9 in block B1; shown in FIG. 7, c = 4 in block B2;). Is added to the end of each block (step S105). And the process which encodes a control variable is performed (step S106).

<Control variable encoding process>
Next, control variable encoding processing will be described with reference to FIG.

  First, n control variables (n is an integer number) to be encoded are arbitrarily selected as obfuscation targets from the program. The n control variables selected by this operation are set to x1, x2,..., Xn (step S201).

  Next, an m × n matrix A and an m-dimensional vector c are arbitrarily generated and set as secret keys (step S202). However, m is a positive integer such that m ≧ n.

Furthermore, the following conversion equation (1) is defined using the generated matrix A and vector c (step S203).

  Here, X1, X2,..., Xm are encoded m control variables used in the obfuscated software.

  The above conversion equations are regarded as m simultaneous equations for n control variables x1, x2,..., Xn, and the simultaneous equations are solved for each control variable. As a result, the decoding equation shown in the following (2) is established for each control variable x1, x2,..., Xn (step S204).

With this decryption formula, the values of the respective control variables x1, x2,..., Xn in the original program can be expressed using the decrypted control variables X1, X2,.
In this procedure, the values of n control variables x1, x2,... Xn are obtained from m simultaneous equations. Therefore, mn non-obvious relational expressions (3) are established between the encoded control variables X1, X2,... Xm.

  By using this non-obvious relational expression, the coefficients of the control variables X1, X2,..., Xm in the above decoding formula can be made variable.

  Next, the control variables x1, x2,..., Xn used in the program are replaced with encoded control variables X1, X2,... Xm according to the following rules (step S205). Specifically, the assignment instruction xi ← u for the control variable xi in the algorithm is replaced with an assignment instruction for the control variables X1, X2,... XM as shown by the following arithmetic expression (4).

  When this assignment instruction is executed, all the encoded m control variables X1, X2,... Xm are changed simultaneously. That is, the control variables x1, X2,... Xm are expressed by using the decryption expressions xj (X1, X2,... Xm) obtained in the process of step S204 for the control variables xj referenced in the program. Replace with

  As post-processing, initial values for the encoded control variables X1, X2,. Further, the assignment instruction to the continuous control variables X1, X2,... Xm is merged (step S206).

  Specifically, the control variables x1, x2,..., Xn in the program are all replaced with X1, X2,. The initial values of these control variables are arbitrary integers that satisfy non-trivial relational expressions f1, f2,... Fm-n.

  In addition, the consecutive assignment instructions into the encoded control variables X1, X2,... Xm generated by the processing in step S205 are merged.

  If it is determined that the program analysis is sufficiently difficult, the obfuscation process is terminated (“YES” in step S207). On the other hand, if it is determined that further obfuscation is necessary (“NO” in step S207), the processing from step S201 to step S206 is repeatedly executed.

<Flow of processing exemplifying specific program>
Hereinafter, a specific program is illustrated and the flow of processing of the program obfuscation method according to the present embodiment will be described with reference to FIGS. 8 to 14. FIG. 8 shows the original source code that is processed by the program obfuscation method according to the present embodiment.

  First, with respect to the source code before processing shown in FIG. 8, as shown in FIG. 9, consecutive instructions are “/ * block 1 * /”, “/ * block 2 * /”, “/ * block 3 * /”. The process of dividing as follows.

  Next, as shown in FIG. 10, a process of adding a control variable declaration “int c1, c2;” is performed. Further, as shown in FIG. 11, “/ * block 1 * /” includes “/ * c1 = 5; c2 = 3 * /”, and “/ * block 2 * /” includes “/ * c1 = 9; c2 = 2 * / ”and“ / * block 3 * / ”are assigned values to be taken by the control variables in the respective blocks“ / * c1 = 4; c2 = 6 * / ”. Then, as shown in FIG. 12, by using the “if” statement, the blocks are arranged in parallel to create a source code in which the control structure is flattened.

  Then, as shown in FIG. 13, at the end of each block, “c1 = c2 = 3;” and “c1 + = 2;”, “c1 = c1 + c2 + 1;” and “c2 +++;”, “c1 == c2;” And source code to which processing for rewriting the values of the control variables “c2 == 9;”, “c1 = c2 +++;” and “c2—;” into values assigned to the next block to be executed is created. . Then, by performing the above encoding process (see FIG. 2), a source code in which the control variables c1 and c2 shown in FIG. 14 are encoded into d1, d2, and d3 is obtained.

  As described above, according to the present embodiment, the control variable of the program is smoothed, the control variable for managing the execution order of the program is set, and the control variable is encoded. Therefore, not only integer values but also control variables can be encoded.

  The described embodiment is realized by an arithmetic device or a computer. In particular, in a computer, the processing executed in steps S101 to S106 and the procedure thereof are stored in a computer-readable recording medium. The program obfuscation method of the present invention can be realized by recording, reading the program recorded on the recording medium into a computer, and executing the program. Here, the computer includes hardware such as an OS and peripheral devices.

  Further, the “computer” includes a homepage providing environment (or display environment) if a WWW (World Wide Web) system is used. Also, “computer-readable recording medium” refers to a portable medium such as a flexible disk, a magneto-optical disk, a ROM, a CD-ROM, or a storage device such as a hard disk built in a computer system. Furthermore, the program is held for a certain period of time, such as a volatile memory (RAM) in a computer system that becomes a system or a client when the program is transmitted via a network such as the Internet or a communication line such as a telephone line. Including things.

  The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.

  The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the embodiments, and includes designs and the like that do not depart from the gist of the present invention.

It is a processing flow concerning this embodiment. It is a flow which shows the encoding process of the control variable which concerns on this embodiment. It is a conceptual diagram of the process which cuts out the continuous instruction contained in a source code as a block. It is a conceptual diagram of the process which declares the control variable for controlling the execution order of a source code. It is a conceptual diagram of the process which assigns the value which should be taken as a control variable to each block. It is a conceptual diagram of the process which arranges each block in parallel using a switch sentence or an if sentence. It is a conceptual diagram of the process which adds the process which rewrites the value of a control variable to the value allocated to the block performed next at the end of each block. It is a figure which shows the source code before performing the process which concerns on this embodiment. It is a figure which shows the source code which divided | segmented the continuous instruction into blocks 1, 2, and 3. FIG. It is a figure which shows the source code which added the declaration of the control variable. It is a figure which shows the source code which assigned the value which should take a control variable to each block. It is a figure which shows the source code which planarized the control structure. It is a figure which shows the source code which added the process which rewrites the value of a control variable to the value allocated to the block performed next at the end of each block. It is a figure which shows the source code which encoded the control variable.

Claims (6)

A program obfuscation method for making it difficult to analyze an algorithm included in a program,
A first step of reading a program by the reading means, cutting out consecutive instructions included in the source code of the read program into blocks by the cutting means, and setting a control variable for managing the execution order of the program by the setting means When,
A second step of encoding the control variable set by the setting means by an encoding means ;
A program obfuscation method characterized by comprising: The first step includes
Reading the program by the reading means, and cutting out consecutive instructions included in the source code of the read program into blocks by the cutting means ;
Setting a control variable for controlling the execution order of the blocks cut out by the cutout means by the setting means ;
Assigning a value to be taken by the control variable to each of the blocks cut out by the cut- out means by the assigning means ;
using the switch statement or the if statement, arranging the blocks cut out by the cut- out means in parallel by the parallel means ;
Adding the process of rewriting the value of the control variable set by the setting means to the control variable value assigned to the block to be executed next, at the end of each block cut out by the adding means ;
The program obfuscation method according to claim 1, comprising : The second step includes
A step of arbitrarily selecting n control variables (where n is a positive integer) to be encoded by the encoding means ;
Generating an m × n matrix (where m is a positive integer satisfying m ≧ n) and an m-dimensional arbitrary vector by a generating unit;
Linearly transforming the n control variables selected by the selection unit using the matrix and vector generated by the generation unit as conversion keys, and simultaneously encoding m control variables by the encoding unit ; ,
The program obfuscation method according to claim 1 or 2, characterized by comprising : A program for causing a computer to execute a program obfuscation method for making it difficult to analyze an algorithm included in the program,
A first step of reading a program, cutting out consecutive instructions included in the source code of the read program in units of blocks, and setting a control variable for managing the execution order of the program;
A second step of encoding the control variable;
A program that causes a computer to execute . The first step includes
Cutting out consecutive instructions included in the source code into blocks;
Declaring a control variable for controlling the execution order of the extracted blocks;
Assigning a value to be taken by the control variable to each of the extracted blocks;
arranging the cut-out blocks in parallel using a switch statement or an if statement;
Adding a process of rewriting the value of the control variable to a control variable value assigned to a block to be executed next, at the end of each cut block;
The program according to claim 4, comprising: The second step includes
A first step of arbitrarily selecting n (n is a positive integer) control variables to be encoded;
generating an m × n matrix (where m is a positive integer of m ≧ n) and an arbitrary vector of m dimensions;
Linearly transforming the n control variables using the generated matrix and vector as a conversion key and simultaneously encoding m control variables;
6. The program according to claim 4 or 5, characterized by comprising:

Images