KR20160114903A - Code obfuscation method and electronic device supporting the same - Google Patents
Code obfuscation method and electronic device supporting the same Download PDFInfo
- Publication number
- KR20160114903A KR20160114903A KR1020150041371A KR20150041371A KR20160114903A KR 20160114903 A KR20160114903 A KR 20160114903A KR 1020150041371 A KR1020150041371 A KR 1020150041371A KR 20150041371 A KR20150041371 A KR 20150041371A KR 20160114903 A KR20160114903 A KR 20160114903A
- Authority
- KR
- South Korea
- Prior art keywords
- code
- file
- application
- electronic device
- codes
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 46
- 238000006243 chemical reaction Methods 0.000 claims description 18
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 11
- 238000004891 communication Methods 0.000 description 9
- 238000000926 separation method Methods 0.000 description 8
- 230000014509 gene expression Effects 0.000 description 6
- 230000009471 action Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Various embodiments of the invention relate to a method for obfuscating an application's code in an electronic device.
The electronic device may include at least one application program (hereinafter referred to as an application). The application may be composed of a plurality of codes for achieving a specific purpose and the codes may be a kind of instruction set written in a programming language and converted according to a platform supported by the electronic device .
The application may require a high level of security processing depending on the purpose to be achieved. For example, when the application is a security-related application or an application requiring a high level of security such as electronic commerce or on-line banking, a protection method such as code obfuscation, watermarking, or forgery detection is applied . The watermarking may be a method of including identification information related to the application in a specific area of the application, for example, information related to rights such as ownership or copyright of the application. In addition, the forgery detection may be a method of adding a routine for determining whether the application is repackaged.
However, the watermarking and forgery detection method described above is not a method for preventing reverse engineering of the application. Therefore, at present, the code obfuscation method is applied as a method for preventing reverse engineering of the application. The code obfuscation method may include an identifier conversion of codes constituting the application, a control flow conversion, a call concealment, a string encryption, or a class encryption. The above-described methods may make the codes unnecessarily complicated, or may cause code that is not executed to be executed, for example, a dead code inserted, a position of the codes changed, ) To treat the codes in an inconceivable way.
However, the existing code obfuscation method is a method of selecting a protection target code in an executable file of an application and applying the above-described methods to the code. For example, if an existing code obfuscation method is applied to an Android application, the electronic device selects a class to be protected in a DEX (Dalvik Executable) file, changes the names of the variables included in the class, Or changing the location of the functions included in the class, or encrypting the class.
In the above-described conventional code obfuscation method, since the obfuscation is performed only on the executable file of the application, the attack target can be limited to the executable file in reverse engineering. In addition, if an executable file can be easily exposed, such as an Android application, there may be a drawback that the reverse engineering attack time is also shortened.
In order to overcome the above-described problems, various embodiments of the present invention include code obfuscation for separating a protected code from an executable file that can be selected as a major attack target in reverse engineering and concealing the resource file at a physically different location Method and an electronic device supporting the same can be provided.
An electronic device according to various embodiments of the present invention includes a memory for storing an application and a program for separating some code from an executable file of the application and adding connection information and loading information of the separated code to the executable file, And a processor for controlling to store the separated partial code in a predetermined portion of the resource file of the application.
According to various embodiments of the present invention, the protection target code is separated from the executable file and concealed in a resource file at a physically different location, thereby widening the scope of attack target in reverse engineering and delaying the attack time.
1 is a diagram illustrating an electronic device according to an embodiment of the present invention.
2 is a diagram illustrating a method of operating an electronic device associated with a code obfuscation method according to various embodiments.
3 is a diagram illustrating a method of obfuscating an Android application according to various embodiments.
4 is a diagram for explaining code concealment processing according to various embodiments.
FIG. 5 is a diagram for illustrating the loading of codes that are hidden when an obfuscated application is executed according to various embodiments.
FIG. 6 is a diagram for explaining reverse engineering results of cloaked codes of an obfuscated application according to various embodiments.
Hereinafter, various embodiments of the present document will be described with reference to the accompanying drawings. It should be understood, however, that this invention is not intended to be limited to the particular embodiments described herein but includes various modifications, equivalents, and / or alternatives of the embodiments of this document . In connection with the description of the drawings, like reference numerals may be used for similar components.
In this document, the expressions "have," "may," "include," or "include" may be used to denote the presence of a feature (eg, a numerical value, a function, Quot ;, and does not exclude the presence of additional features.
In this document, the expressions "A or B," "at least one of A and / or B," or "one or more of A and / or B," etc. may include all possible combinations of the listed items . For example, "A or B," "at least one of A and B," or "at least one of A or B" includes (1) at least one A, (2) Or (3) at least one A and at least one B all together.
The expressions "first," " second, "" first, " or "second ", etc. used in this document may describe various components, It is used to distinguish the components and does not limit the components. For example, the first user equipment and the second user equipment may represent different user equipment, regardless of order or importance. For example, without departing from the scope of the rights described in this document, the first component can be named as the second component, and similarly the second component can also be named as the first component.
(Or functionally or communicatively) coupled with / to "another component (eg, a second component), or a component (eg, a second component) Quot; connected to ", it is to be understood that any such element may be directly connected to the other element or may be connected through another element (e.g., a third element). On the other hand, when it is mentioned that a component (e.g., a first component) is "directly connected" or "directly connected" to another component (e.g., a second component) It can be understood that there is no other component (e.g., a third component) between other components.
As used herein, the phrase " configured to " (or set) to be "adapted to, " To be designed to, "" adapted to, "" made to, "or" capable of ". The term " configured to (or set up) "may not necessarily mean" specifically designed to "in hardware. Instead, in some situations, the expression "configured to" may mean that the device can "do " with other devices or components. For example, a processor configured (or configured) to perform the phrases "A, B, and C" may be implemented by executing one or more software programs stored in a memory device or a dedicated processor (e.g., an embedded processor) , And a generic-purpose processor (e.g., a CPU or an application processor) capable of performing the corresponding operations.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of the other embodiments. The singular expressions may include plural expressions unless the context clearly dictates otherwise. Terms used herein, including technical or scientific terms, may have the same meaning as commonly understood by one of ordinary skill in the art. The general predefined terms used in this document may be interpreted in the same or similar sense as the contextual meanings of the related art and, unless expressly defined in this document, include ideally or excessively formal meanings . In some cases, even the terms defined in this document can not be construed as excluding the embodiments of this document.
An electronic device in accordance with various embodiments of the present document may be, for example, a smartphone, a tablet personal computer, a mobile phone, a video phone, an e-book reader, Such as a desktop personal computer, a laptop personal computer, a netbook computer, a workstation, a server, a personal digital assistant (PDA), a portable multimedia player (PMP) A device, a camera, or a wearable device. According to various embodiments, the wearable device may be of the accessory type (e.g., a watch, a ring, a bracelet, a bracelet, a necklace, a pair of glasses, a contact lens or a head-mounted-device (HMD) (E. G., Electronic apparel), a body attachment type (e. G., A skin pad or tattoo), or a bioimplantable type (e.g., implantable circuit).
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS An electronic apparatus according to various embodiments will now be described with reference to the accompanying drawings. In this document, the term user may refer to a person using an electronic device or a device using an electronic device (e.g., an artificial intelligence electronic device).
1 is a diagram illustrating an electronic device according to an embodiment of the present invention.
Referring to Figure 1, in various embodiments, an
The
The
According to various embodiments, the
According to various embodiments, the code
According to various embodiments, the code
According to various embodiments, the code
According to various embodiments, the code obfuscation processing module 125 may obfuscate the codes of the application. For example, the code obfuscation processing module 125 may perform at least one of the protection target codes or the executable file of the application in which the protection target codes are separated by performing an identifier conversion, a control flow conversion, a call concealment, a string encryption, Can be obfuscated by the method of.
According to various embodiments, the
The input /
According to various embodiments, the input /
The
As described above, the
According to various embodiments, the
According to various embodiments, the
According to various embodiments, the
According to various embodiments, the
2 is a diagram illustrating a method of operating an electronic device associated with a code obfuscation method according to various embodiments.
Referring to FIG. 2, the
After analyzing the executable file, at
Once the protected codes are detached from the executable file, the
At
At
At operation 250, the
After performing operations on the executable file (e.g.,
3 is a diagram illustrating a method of obfuscating an Android application according to various embodiments.
Typically, Android applications are distributed as files with an apk (android package) extension. The file with the above apk extension is implemented in the same form as a zip archive file and can be easily decompressed. When the Android application is decompressed, it may include a META-INF folder, a res folder, a lib folder, androidManifest.xml file, and a classes.dex file. The META-INF folder may be a folder containing data associated with the signature (e.g., an authenticated key value). The res folder may be a folder including resource files of the Android application, and the lib folder may be a folder containing a so-called shared object library. Also, the androidManifest.xml file may be a configuration file of the android application, and the classes.dex file may be an executable file of the android application. Applications for other operating systems besides Android may have a similar or corresponding structure to the above Android applications.
A file having a dex extension of the above components, for example, a classes.dex file, includes code such as a class to be recognized by the android dalvik virtual machine, a bytecode corresponding to the virtual machine (byte codes). Since the executable file (eg, a Dex file) is a set of codes for performing functions of the corresponding Android application, it can be a major attack target in reverse engineering. Therefore, the
Referring to FIG. 3, the
According to various embodiments, the
According to various embodiments, the
According to various embodiments, the
As described above, an application code obfuscation method includes an operation of separating some code from an executable file of the application, an operation of adding connection information and loading information of the separated code to the executable file, And controlling the code to be stored in a predetermined portion of the resource file of the application.
According to various embodiments, the code obfuscation method includes at least one of an identifier conversion, a control flow conversion, a call concealment, a string encryption, or a class encryption for at least one of the code or the executable file in which the code is separated May be applied.
According to various embodiments, the act of controlling to store includes adding a dummy code of a certain size to the partial code, and storing the partial code to which the dummy code has been added in a predetermined portion of the resource file Lt; / RTI >
According to various embodiments, the adding operation may further include adding the dummy code to a portion of at least one resource file that is different from the resource file.
According to various embodiments, the code obfuscation method may further include an operation of re-configuring the application by packaging the resource file in which at least the partial code is separated and the executable file in which the partial code is stored.
4 is a diagram for explaining code concealment processing according to various embodiments. The
Referring to FIG. 4A, the PJ file 410 may include a
4B, the
According to various embodiments, the
According to various embodiments, the
FIG. 5 is a diagram for illustrating the loading of codes that are hidden when an obfuscated application is executed according to various embodiments.
Referring to FIG. 5, the obfuscated
According to various embodiments, the
The
FIG. 6 is a diagram for explaining reverse engineering results of cloaked codes of an obfuscated application according to various embodiments.
6A, an
In order to solve the above problem, the
As used in this document, the term "module" may refer to a unit comprising, for example, one or a combination of two or more of hardware, software or firmware. A "module" may be interchangeably used with terms such as, for example, unit, logic, logical block, component, or circuit. A "module" may be a minimum unit or a portion of an integrally constructed component. A "module" may be a minimum unit or a portion thereof that performs one or more functions. "Modules" may be implemented either mechanically or electronically. For example, a "module" may be an application-specific integrated circuit (ASIC) chip, field-programmable gate arrays (FPGAs) or programmable-logic devices And may include at least one.
At least a portion of a device (e.g., modules or functions thereof) or a method (e.g., operations) according to various embodiments may include, for example, computer-readable storage media in the form of program modules, As shown in FIG. When the instruction is executed by a processor (e.g., processor 120), the one or more processors may perform a function corresponding to the instruction. The computer readable storage medium may be, for example,
The computer readable recording medium may be a hard disk, a floppy disk, a magnetic media (e.g., a magnetic tape), an optical media (e.g., a compact disc read only memory (CD-ROM) digital versatile discs, magneto-optical media such as floptical disks, hardware devices such as read only memory (ROM), random access memory (RAM) Etc. The program instructions may also include machine language code such as those produced by a compiler, as well as high-level language code that may be executed by a computer using an interpreter, etc. The above- May be configured to operate as one or more software modules to perform the operations of the embodiment, and vice versa.
Modules or program modules according to various embodiments may include at least one or more of the elements described above, some of which may be omitted, or may further include additional other elements. Operations performed by modules, program modules, or other components in accordance with various embodiments may be performed in a sequential, parallel, iterative, or heuristic manner. Also, some operations may be performed in a different order, omitted, or other operations may be added. And the embodiments disclosed in this document are presented for the purpose of explanation and understanding of the disclosed technology and do not limit the scope of the technology described in this document. Accordingly, the scope of this document should be interpreted to include all modifications based on the technical idea of this document or various other embodiments.
Claims (10)
A memory for storing an application; And
A control unit that separates some codes from the executable file of the application, adds connection information and loading information of the separated code to the executable file, and stores the separated code in a predetermined portion of the resource file of the application A processor comprising: a processor;
Wherein the processor applies at least one of identifier conversion, control flow conversion, call concealment, string encryption, or class encryption to at least one of the partial code or the executable file in which the partial code is separated.
Wherein the processor adds a dummy code of a certain size to the partial code and stores the partial code to which the dummy code is added in a predetermined portion of the resource file.
Wherein the processor further adds the dummy code to a portion of at least one resource file different from the resource file.
And the processor re-configures the application by packaging the resource file in which at least the executable file in which the partial code is separated and the partial code is stored.
Separating some code from an executable file of the application;
Adding connection information and loading information of the separated partial code to the executable file; And
And storing the separated partial code in a predetermined portion of the resource file of the application.
Applying at least one of identifier conversion, control flow conversion, call concealment, string encryption, or class encryption to at least one of the code or the executable file in which the code is partially separated; and code obfuscation Way.
Wherein the act of controlling to store comprises: adding a dummy code of a certain size to the partial code; And
And storing the partial code to which the dummy code is added in a predetermined portion of the resource file.
Wherein the adding operation further includes adding the dummy code to a portion of at least one resource file different from the resource file.
And packaging the resource file in which at least the executable file in which the partial code is separated and the partial code is reconstructed to reconstruct the application.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150041371A KR20160114903A (en) | 2015-03-25 | 2015-03-25 | Code obfuscation method and electronic device supporting the same |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150041371A KR20160114903A (en) | 2015-03-25 | 2015-03-25 | Code obfuscation method and electronic device supporting the same |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160114903A true KR20160114903A (en) | 2016-10-06 |
Family
ID=57164774
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150041371A KR20160114903A (en) | 2015-03-25 | 2015-03-25 | Code obfuscation method and electronic device supporting the same |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160114903A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101885260B1 (en) | 2017-10-30 | 2018-08-03 | 주식회사 안랩 | Obfuscated symbol recognition apparatus and method |
CN111274057A (en) * | 2020-01-13 | 2020-06-12 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
-
2015
- 2015-03-25 KR KR1020150041371A patent/KR20160114903A/en unknown
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101885260B1 (en) | 2017-10-30 | 2018-08-03 | 주식회사 안랩 | Obfuscated symbol recognition apparatus and method |
CN111274057A (en) * | 2020-01-13 | 2020-06-12 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
CN111274057B (en) * | 2020-01-13 | 2021-07-06 | 北京字节跳动网络技术有限公司 | Memory leakage link processing method, device, medium and electronic equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6166839B2 (en) | System and method for replacing application methods at runtime | |
US10032043B2 (en) | Masking sensitive data in mobile applications | |
JP6490598B2 (en) | Compiler-based obfuscation | |
US8892876B1 (en) | Secured application package files for mobile computing devices | |
US9535942B2 (en) | Apparatus and method for managing APK file in an android platform | |
TWI530874B (en) | Method and apparatus for generating application installation packages and running applications | |
CN106295255B (en) | Application program reinforcing method and device | |
US20140245448A1 (en) | Apparatus and method for analyzing permission of application for mobile devices and detecting risk | |
WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
US9762385B1 (en) | Protection of program code of apps of mobile computing devices | |
US10002193B2 (en) | Implementation of data protection policies in ETL landscapes | |
CN106560830A (en) | Linux embedded system safety protection method and system | |
KR101234591B1 (en) | Method for Anti-Encoding Android by Using Java Native Interface | |
US9632853B2 (en) | Virtualizing integrated calls to provide access to resources in a virtual namespace | |
CN108319850B (en) | Sandbox detection method, sandbox system and sandbox equipment | |
US9250917B2 (en) | Auto-cloudifying applications via runtime modifications | |
US9659156B1 (en) | Systems and methods for protecting virtual machine program code | |
KR20160114903A (en) | Code obfuscation method and electronic device supporting the same | |
CN111090425A (en) | Program packaging method and device and electronic equipment | |
JP6798669B2 (en) | Methods and devices for hiding user information contained in applications | |
US8788785B1 (en) | Systems and methods for preventing heap-spray attacks | |
US20190102573A1 (en) | Theater ears android app sensitive data management | |
KR102226218B1 (en) | Apparatus and method for extracting feature information to identify an application created by cross-platform development framework | |
CN113835748A (en) | HTML 5-based application packaging method, system and readable medium | |
KR20210154017A (en) | Method and system for protecting file using class dispersion and sequential memory loading |