TWI777598B - Software/firmware protection system - Google Patents
Software/firmware protection system Download PDFInfo
- Publication number
- TWI777598B TWI777598B TW110120465A TW110120465A TWI777598B TW I777598 B TWI777598 B TW I777598B TW 110120465 A TW110120465 A TW 110120465A TW 110120465 A TW110120465 A TW 110120465A TW I777598 B TWI777598 B TW I777598B
- Authority
- TW
- Taiwan
- Prior art keywords
- program
- instruction set
- protection system
- data structure
- set architecture
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
本發明所提供之程式保護系統,乃係以自定義之指令集架構為基礎,將所產生之硬體描述文件錄製至一邏輯裝置中,同時以該指令集架構為基礎來產生組譯器,並以該組譯器將程式組譯為機器碼後,以該邏輯裝置執行之,而其中,該指令集架構係為不公開者,藉此,縱該程式之機器碼被駭取,駭取者亦無法逆向解析機器碼之功能,從而可確保程式之安全性。The program protection system provided by the present invention is based on a self-defined instruction set architecture, records the generated hardware description file into a logic device, and generates a assembler based on the instruction set architecture at the same time, After the program group is translated into machine code by the set of compilers, it is executed by the logic device, and the instruction set structure is not disclosed, so that even if the machine code of the program is hacked, hacking It is also impossible to reverse the function of analyzing the machine code, so as to ensure the security of the program.
Description
本發明係與電腦設備之安全防護有關,特別是關於一種程式保護系統。The present invention relates to the security protection of computer equipment, in particular to a program protection system.
在習知技術中,對於軟體(software)、韌體(firmware)等程式之保護手段而言,普遍性地採用加殼技術達到保護之目的,以防止外部的逆向分析,惟縱經加殼之程式,其於執行時仍需於記憶體中還原,始能執行,難以避免外部藉由動態反向組譯來獲取記憶體中之機器碼所對應之功能,使得加殼技術的保護效果難以發揮。In the prior art, for the protection means of programs such as software (software) and firmware (firmware), the packing technology is generally used to achieve the purpose of protection, so as to prevent external reverse analysis. The program still needs to be restored in the memory when it is executed before it can be executed. It is difficult to avoid the external use of dynamic reverse assembly to obtain the function corresponding to the machine code in the memory, which makes the protection effect of the packing technology difficult to play. .
而為了避免程式之機器碼受反向組譯之破解,在中國第112394943A號專利公開案中,遂揭露有以虛擬機技術,將虛擬機指令與機器指令間的映射關係加以定義,使得指令集架構所公開的指令功能,不同於虛擬機所執行的指令功能,從而確保在虛擬機中所運行程式的安全性。In order to prevent the machine code of the program from being deciphered by reverse assembly, in the Chinese Patent Publication No. 112394943A, it is disclosed that the virtual machine technology is used to define the mapping relationship between the virtual machine instructions and the machine instructions, so that the instruction set The instruction function disclosed by the architecture is different from the instruction function executed by the virtual machine, thereby ensuring the security of the program running in the virtual machine.
透過虛擬機技術固可避免基於指令集架構對機器碼所進行的反組譯破解,惟因虛擬機之運作需有一定的基礎資源支持,而難以被廣泛地使用,特別是對於基礎資源較為缺乏的嵌入式系統(Embedded System)而言,透過虛擬機能對程式進行保護之技術,即難以被應用。Through virtual machine technology, it is possible to avoid decomposing and deciphering machine code based on instruction set architecture. However, since the operation of virtual machine requires certain basic resource support, it is difficult to be widely used, especially for the lack of basic resources. For embedded systems, the technology that can protect programs through virtual machines is difficult to apply.
因此,本發明之主要目的即係在提供一種之程式保護系統,其係使程式經組譯後之機器碼不對應於公開之指令集架構,令外部縱自本地取得程式之機器碼,亦無法藉由公開之指令集架構進行反組譯,以確保程式之安全。Therefore, the main purpose of the present invention is to provide a program protection system, which makes the machine code after the program is assembled and translated does not correspond to the disclosed instruction set structure, so that the machine code of the program obtained from the outside cannot be obtained locally. Decompiled by the public instruction set architecture to ensure the safety of the program.
緣是,為達成上述目的,本發明所提供之程式保護系統,乃係以自定義之指令集架構(Instruction Set Architecture, ISA)為基礎,將所產生之硬體描述文件錄製至一邏輯裝置中,同時以該指令集架構為基礎來產生組譯器,並以該組譯器將程式組譯為機器碼後,以該邏輯裝置執行之,而其中,該指令集架構係為不公開者,藉此,縱該程式之機器碼被駭取,駭取者亦無法逆向解析機器碼之功能,從而可確保程式之安全性。The reason is that, in order to achieve the above-mentioned purpose, the program protection system provided by the present invention is based on a self-defined instruction set architecture (Instruction Set Architecture, ISA), and records the generated hardware description file into a logical device , at the same time, a assembler is generated based on the instruction set architecture, and after the assembler interprets the program assembly into machine code, it is executed by the logic device, and the instruction set architecture is not disclosed, Therefore, even if the machine code of the program is hacked, the hacker cannot reverse the function of analyzing the machine code, thereby ensuring the security of the program.
其中,該邏輯裝置係可為現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)。Wherein, the logic device may be a Field Programmable Gate Array (FPGA).
由於如現場可程式邏輯閘陣列等邏輯裝置所具備之邏輯資源有限,為了使資源可以被有效利用,本發明之另一技術特徵即在使以該指令集架構為基礎所產生之硬體描述文件與組譯器,均係以該程式所需之指令為限,而不包含該程式所未使用之功能塊(functional blocks),以確保邏輯裝置的資源有效利用。Since the logic resources of logic devices such as field programmable logic gate arrays are limited, in order to effectively utilize the resources, another technical feature of the present invention is to use the hardware description file generated based on the instruction set architecture. Both the assembler and the assembler are limited to the instructions required by the program, and do not include functional blocks that are not used by the program, so as to ensure the efficient use of the resources of the logic device.
茲即舉以本發明一較佳實施例對本案之技術特徵進行說明,其中,就本發明所屬技術領域之通常知識既已知悉之技術內容,於本實施例中將不予以陳述,且本實施例所舉之實驗例,亦僅用以說明本發明可被實施之具體例示,不應作為限制本發明所應受保護之範圍,合先陳明。Hereby, a preferred embodiment of the present invention is used to illustrate the technical features of this case, wherein, the technical content known to the common knowledge in the technical field of the present invention will not be described in this embodiment, and this implementation The experimental examples exemplified are also only used to illustrate the specific examples that the present invention can be implemented, and should not be used to limit the scope of protection of the present invention.
在本實施例中所提供之程式保護系統,其係包含有一不公開之指令集架構(Instruction Set Architecture, ISA)之描述文字檔,經讀取該描述文字檔並分析後,於一系統平台上建立該指令集架構之一資料結構表,再依據該資料結構表產生一硬體描述文件,並將該硬體描述文件錄製至一邏輯裝置中。The program protection system provided in this embodiment includes an unpublished instruction set architecture (Instruction Set Architecture, ISA) description text file. After reading and analyzing the description text file, it is stored on a system platform. A data structure table of the instruction set architecture is established, a hardware description file is generated according to the data structure table, and the hardware description file is recorded into a logic device.
以該資料結構表為輸入,將該資料結構表嵌入預設的組譯器程式模板中,據以產生一組譯器。Using the data structure table as an input, the data structure table is embedded in a preset assembler program template to generate a set of interpreters accordingly.
而規劃於該系統平台上執行之程式,即可經由該組譯器組譯為機器碼,並將之下載至該邏輯裝置之記憶體中,作為該邏輯裝置進行邏輯運作之指令來源。The program planned to be executed on the system platform can be translated into machine code through the assembler group, and downloaded into the memory of the logic device as an instruction source for the logic device to perform logic operations.
藉此,記錄於該邏輯裝置之記憶體中之機器碼,縱被駭取,但機器碼所對應的功能塊,並無法透過公開的指令集架構進行逆向之解析,從而確保程式之安全性,並防止程式被竄改。Therefore, even if the machine code recorded in the memory of the logic device is hacked, the function blocks corresponding to the machine code cannot be reversely analyzed through the public instruction set architecture, so as to ensure the security of the program. And prevent the program from being tampered with.
在上述實施例之基礎上,茲進一步地以一具體之實驗例進行說明。On the basis of the above-mentioned embodiment, a specific experimental example is further described.
首先,作為本發明基礎的該指令集架構之描述文字檔,在本實驗例中的部分內容係如下表一所例示者,包含了有指令名稱(memo)、運算碼(OP-code)以及指令型態(type)。First of all, the description text file of the instruction set architecture, which is the basis of the present invention, in this experimental example, part of the content is illustrated in the following table 1, including the instruction name (memo), the operation code (OP-code) and the instruction type.
表一 Table I
該描述文字檔經讀取分析後,於系統平台上所建立之資料結構表,則如表二所示,惟所應指出者係,表二所示者係僅對應於表一所舉例之部分,並非對應於指令集架構之全部。After the description text file is read and analyzed, the data structure table established on the system platform is shown in Table 2, but what should be pointed out is that what is shown in Table 2 only corresponds to the part exemplified in Table 1 , not all of the instruction set architectures.
表二
繼之,將如表二所示之資料結構表轉換成為硬體描述文件,其轉換係可利用如verilog等硬體描述語言來執行,以產生如下表三所示之硬體描述文件。Next, convert the data structure table shown in Table 2 into a hardware description file, and the conversion can be performed by using a hardware description language such as verilog to generate the hardware description file shown in Table 3 below.
表三 Table 3
所完成如表三之硬體描述文件則經編譯後燒錄至如現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)之邏輯裝置中,據以將該邏輯裝置配置成自定義之邏輯處理器。The completed hardware description file as shown in Table 3 is compiled and programmed into a logic device such as a Field Programmable Gate Array (FPGA), so that the logic device can be configured as a custom logic process device.
進一步地,本實驗例並以表二所示之資料結構表作為輸入,嵌入預設之組譯器程式模板中,據以建立符合該指令集架構之組譯器之程式碼,再透過編譯產生組譯器之執行檔,藉此,對於將要藉由該自定義之邏輯處理器運行之程式,即可作為該組譯器之輸入,進行組譯為機器碼,舉以如下表四所示之組合語言程式為例,其經該組譯器組譯後之機器碼則如表五所示。Further, this experimental example uses the data structure table shown in Table 2 as input, and embeds it into the default assembler program template, so as to create the assembler code that conforms to the instruction set architecture, and then generates it through compiling. The executable file of the assembler, whereby the program to be run by the custom logical processor can be used as the input of the assembler to be assembled into machine code, as shown in Table 4 below. Take the assembly language program as an example, the machine code assembled by the assembly compiler is shown in Table 5.
表四 Table 4
表五 Table 5
經組譯完成後之機器碼,即可被下載至該自定義之邏輯處理器之記憶體中,以供執行。The assembled machine code can be downloaded into the memory of the customized logical processor for execution.
於本實驗例中,表五所例示之機器碼,僅得以在該自定義之邏輯處理器之系統平台上正常運行,因此,縱被竊取,亦無法藉由該自定義之邏輯處理以外之平台加以執行,同時亦無法透過公開之指令集架構去解析該些機器碼所對應之功能、函數等資訊,從而確保程式之安全性。In this experimental example, the machine code illustrated in Table 5 can only run normally on the system platform of the custom logic processor, so even if it is stolen, it cannot be executed by a platform other than the custom logic processor. At the same time, it is impossible to parse the functions, functions and other information corresponding to the machine codes through the public instruction set architecture, so as to ensure the security of the program.
而更進一步地,就如上開實驗例所採用之現場可程式邏輯閘陣列等邏輯裝置而言,其自身具備了遠不及於一般通用邏輯處理器之資源,因此,為能有效地利用有限的資源,舉例而言,係可以如表四所示之程式所需之指令之集合為限,僅將該指令集架構中與之對應之指令集合建立成為該指令集架構之資料結構表,使得所建立之資料結構表僅為該指令集架構之子集,除去了不被該程式所需用之冗餘功能塊,從而確保了有限資料的有效利用,令剩餘的資源可以保留給其他功能使用,使得本發明可以特別適合應用於資源有限的嵌入式系統。Furthermore, as far as the logic devices such as the field programmable logic gate array used in the above-mentioned experimental example are concerned, their own resources are far less than those of general-purpose logic processors. Therefore, in order to effectively utilize the limited resources , for example, the set of instructions required by the program shown in Table 4 can be limited, and only the corresponding set of instructions in the instruction set architecture can be established as the data structure table of the instruction set architecture, so that the established The data structure table is only a subset of the instruction set architecture, removing redundant function blocks that are not required by the program, thereby ensuring the effective use of limited data, so that the remaining resources can be reserved for other functions. The invention may be particularly suitable for application in resource-limited embedded systems.
無none
無none
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110120465A TWI777598B (en) | 2021-06-04 | 2021-06-04 | Software/firmware protection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110120465A TWI777598B (en) | 2021-06-04 | 2021-06-04 | Software/firmware protection system |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI777598B true TWI777598B (en) | 2022-09-11 |
TW202248877A TW202248877A (en) | 2022-12-16 |
Family
ID=84958006
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110120465A TWI777598B (en) | 2021-06-04 | 2021-06-04 | Software/firmware protection system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI777598B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131934A1 (en) * | 2008-11-21 | 2010-05-27 | Korea University Industrial & Academic | System and method for translating high-level programming language code into hardware description language code |
TW201616343A (en) * | 2010-05-25 | 2016-05-01 | 威盛電子股份有限公司 | A method for encrypting a program and a computer program product thereof |
CN108446535A (en) * | 2018-02-12 | 2018-08-24 | 北京梆梆安全科技有限公司 | Source code reinforcement means based on code execution sequence and device |
CN109460237A (en) * | 2018-10-25 | 2019-03-12 | 北京顶象技术有限公司 | The Compilation Method and device of code |
-
2021
- 2021-06-04 TW TW110120465A patent/TWI777598B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100131934A1 (en) * | 2008-11-21 | 2010-05-27 | Korea University Industrial & Academic | System and method for translating high-level programming language code into hardware description language code |
TW201616343A (en) * | 2010-05-25 | 2016-05-01 | 威盛電子股份有限公司 | A method for encrypting a program and a computer program product thereof |
CN108446535A (en) * | 2018-02-12 | 2018-08-24 | 北京梆梆安全科技有限公司 | Source code reinforcement means based on code execution sequence and device |
CN109460237A (en) * | 2018-10-25 | 2019-03-12 | 北京顶象技术有限公司 | The Compilation Method and device of code |
Also Published As
Publication number | Publication date |
---|---|
TW202248877A (en) | 2022-12-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI648648B (en) | Protection method of executable program on android platform | |
US8090959B2 (en) | Method and apparatus for protecting .net programs | |
CN108932406B (en) | Virtualization software protection method and device | |
RU2439669C2 (en) | Method to prevent reverse engineering of software, unauthorised modification and data capture during performance | |
CN108345773B (en) | Code protection method and device based on virtual machine, electronic equipment and storage medium | |
US8321861B2 (en) | Non-native program execution across multiple execution environments | |
CN103413073B (en) | A kind of method and apparatus protecting JAVA executable program | |
CN108363911B (en) | Python script obfuscating and watermarking method and device | |
CN109598107B (en) | Code conversion method and device based on application installation package file | |
CN103177199A (en) | Webpage application code protective method and system, and executive speed-up method and system | |
Anckaert et al. | A model for self-modifying code | |
CN110309630B (en) | Java code encryption method and device | |
US8533826B2 (en) | Method for protecting the source code of a computer program | |
Wang et al. | Adopting Trusted Types in ProductionWeb Frameworks to Prevent DOM-Based Cross-Site Scripting: A Case Study | |
US20150161363A1 (en) | Method, system and device for protection against reverse engineering and/or tampering with programs | |
TWI777598B (en) | Software/firmware protection system | |
CN107209815B (en) | Method for code obfuscation using return-oriented programming | |
CN112052459A (en) | Code virtualization encryption method, terminal and storage medium | |
Wang et al. | Leveraging WebAssembly for numerical JavaScript code virtualization | |
JP2010231477A (en) | Program and program execution device | |
CN114692171A (en) | RISC-V based TEE construction method, system and related equipment | |
US9239913B2 (en) | Method for obfuscating a computer program | |
CN114707124B (en) | NET platform code protection method and system based on code virtualization | |
JPH11353172A (en) | Recording medium for program described in interpreter language | |
CN112052462B (en) | Virtualized encryption method, terminal and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4A | Issue of patent certificate for granted invention patent |