TWI777598B - Software/firmware protection system - Google Patents

Software/firmware protection system Download PDF

Info

Publication number
TWI777598B
TWI777598B TW110120465A TW110120465A TWI777598B TW I777598 B TWI777598 B TW I777598B TW 110120465 A TW110120465 A TW 110120465A TW 110120465 A TW110120465 A TW 110120465A TW I777598 B TWI777598 B TW I777598B
Authority
TW
Taiwan
Prior art keywords
program
instruction set
protection system
data structure
set architecture
Prior art date
Application number
TW110120465A
Other languages
Chinese (zh)
Other versions
TW202248877A (en
Inventor
袁世一
Original Assignee
逢甲大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 逢甲大學 filed Critical 逢甲大學
Priority to TW110120465A priority Critical patent/TWI777598B/en
Application granted granted Critical
Publication of TWI777598B publication Critical patent/TWI777598B/en
Publication of TW202248877A publication Critical patent/TW202248877A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本發明所提供之程式保護系統,乃係以自定義之指令集架構為基礎,將所產生之硬體描述文件錄製至一邏輯裝置中,同時以該指令集架構為基礎來產生組譯器,並以該組譯器將程式組譯為機器碼後,以該邏輯裝置執行之,而其中,該指令集架構係為不公開者,藉此,縱該程式之機器碼被駭取,駭取者亦無法逆向解析機器碼之功能,從而可確保程式之安全性。The program protection system provided by the present invention is based on a self-defined instruction set architecture, records the generated hardware description file into a logic device, and generates a assembler based on the instruction set architecture at the same time, After the program group is translated into machine code by the set of compilers, it is executed by the logic device, and the instruction set structure is not disclosed, so that even if the machine code of the program is hacked, hacking It is also impossible to reverse the function of analyzing the machine code, so as to ensure the security of the program.

Description

程式保護系統program protection system

本發明係與電腦設備之安全防護有關,特別是關於一種程式保護系統。The present invention relates to the security protection of computer equipment, in particular to a program protection system.

在習知技術中,對於軟體(software)、韌體(firmware)等程式之保護手段而言,普遍性地採用加殼技術達到保護之目的,以防止外部的逆向分析,惟縱經加殼之程式,其於執行時仍需於記憶體中還原,始能執行,難以避免外部藉由動態反向組譯來獲取記憶體中之機器碼所對應之功能,使得加殼技術的保護效果難以發揮。In the prior art, for the protection means of programs such as software (software) and firmware (firmware), the packing technology is generally used to achieve the purpose of protection, so as to prevent external reverse analysis. The program still needs to be restored in the memory when it is executed before it can be executed. It is difficult to avoid the external use of dynamic reverse assembly to obtain the function corresponding to the machine code in the memory, which makes the protection effect of the packing technology difficult to play. .

而為了避免程式之機器碼受反向組譯之破解,在中國第112394943A號專利公開案中,遂揭露有以虛擬機技術,將虛擬機指令與機器指令間的映射關係加以定義,使得指令集架構所公開的指令功能,不同於虛擬機所執行的指令功能,從而確保在虛擬機中所運行程式的安全性。In order to prevent the machine code of the program from being deciphered by reverse assembly, in the Chinese Patent Publication No. 112394943A, it is disclosed that the virtual machine technology is used to define the mapping relationship between the virtual machine instructions and the machine instructions, so that the instruction set The instruction function disclosed by the architecture is different from the instruction function executed by the virtual machine, thereby ensuring the security of the program running in the virtual machine.

透過虛擬機技術固可避免基於指令集架構對機器碼所進行的反組譯破解,惟因虛擬機之運作需有一定的基礎資源支持,而難以被廣泛地使用,特別是對於基礎資源較為缺乏的嵌入式系統(Embedded System)而言,透過虛擬機能對程式進行保護之技術,即難以被應用。Through virtual machine technology, it is possible to avoid decomposing and deciphering machine code based on instruction set architecture. However, since the operation of virtual machine requires certain basic resource support, it is difficult to be widely used, especially for the lack of basic resources. For embedded systems, the technology that can protect programs through virtual machines is difficult to apply.

因此,本發明之主要目的即係在提供一種之程式保護系統,其係使程式經組譯後之機器碼不對應於公開之指令集架構,令外部縱自本地取得程式之機器碼,亦無法藉由公開之指令集架構進行反組譯,以確保程式之安全。Therefore, the main purpose of the present invention is to provide a program protection system, which makes the machine code after the program is assembled and translated does not correspond to the disclosed instruction set structure, so that the machine code of the program obtained from the outside cannot be obtained locally. Decompiled by the public instruction set architecture to ensure the safety of the program.

緣是,為達成上述目的,本發明所提供之程式保護系統,乃係以自定義之指令集架構(Instruction Set Architecture, ISA)為基礎,將所產生之硬體描述文件錄製至一邏輯裝置中,同時以該指令集架構為基礎來產生組譯器,並以該組譯器將程式組譯為機器碼後,以該邏輯裝置執行之,而其中,該指令集架構係為不公開者,藉此,縱該程式之機器碼被駭取,駭取者亦無法逆向解析機器碼之功能,從而可確保程式之安全性。The reason is that, in order to achieve the above-mentioned purpose, the program protection system provided by the present invention is based on a self-defined instruction set architecture (Instruction Set Architecture, ISA), and records the generated hardware description file into a logical device , at the same time, a assembler is generated based on the instruction set architecture, and after the assembler interprets the program assembly into machine code, it is executed by the logic device, and the instruction set architecture is not disclosed, Therefore, even if the machine code of the program is hacked, the hacker cannot reverse the function of analyzing the machine code, thereby ensuring the security of the program.

其中,該邏輯裝置係可為現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)。Wherein, the logic device may be a Field Programmable Gate Array (FPGA).

由於如現場可程式邏輯閘陣列等邏輯裝置所具備之邏輯資源有限,為了使資源可以被有效利用,本發明之另一技術特徵即在使以該指令集架構為基礎所產生之硬體描述文件與組譯器,均係以該程式所需之指令為限,而不包含該程式所未使用之功能塊(functional blocks),以確保邏輯裝置的資源有效利用。Since the logic resources of logic devices such as field programmable logic gate arrays are limited, in order to effectively utilize the resources, another technical feature of the present invention is to use the hardware description file generated based on the instruction set architecture. Both the assembler and the assembler are limited to the instructions required by the program, and do not include functional blocks that are not used by the program, so as to ensure the efficient use of the resources of the logic device.

茲即舉以本發明一較佳實施例對本案之技術特徵進行說明,其中,就本發明所屬技術領域之通常知識既已知悉之技術內容,於本實施例中將不予以陳述,且本實施例所舉之實驗例,亦僅用以說明本發明可被實施之具體例示,不應作為限制本發明所應受保護之範圍,合先陳明。Hereby, a preferred embodiment of the present invention is used to illustrate the technical features of this case, wherein, the technical content known to the common knowledge in the technical field of the present invention will not be described in this embodiment, and this implementation The experimental examples exemplified are also only used to illustrate the specific examples that the present invention can be implemented, and should not be used to limit the scope of protection of the present invention.

在本實施例中所提供之程式保護系統,其係包含有一不公開之指令集架構(Instruction Set Architecture, ISA)之描述文字檔,經讀取該描述文字檔並分析後,於一系統平台上建立該指令集架構之一資料結構表,再依據該資料結構表產生一硬體描述文件,並將該硬體描述文件錄製至一邏輯裝置中。The program protection system provided in this embodiment includes an unpublished instruction set architecture (Instruction Set Architecture, ISA) description text file. After reading and analyzing the description text file, it is stored on a system platform. A data structure table of the instruction set architecture is established, a hardware description file is generated according to the data structure table, and the hardware description file is recorded into a logic device.

以該資料結構表為輸入,將該資料結構表嵌入預設的組譯器程式模板中,據以產生一組譯器。Using the data structure table as an input, the data structure table is embedded in a preset assembler program template to generate a set of interpreters accordingly.

而規劃於該系統平台上執行之程式,即可經由該組譯器組譯為機器碼,並將之下載至該邏輯裝置之記憶體中,作為該邏輯裝置進行邏輯運作之指令來源。The program planned to be executed on the system platform can be translated into machine code through the assembler group, and downloaded into the memory of the logic device as an instruction source for the logic device to perform logic operations.

藉此,記錄於該邏輯裝置之記憶體中之機器碼,縱被駭取,但機器碼所對應的功能塊,並無法透過公開的指令集架構進行逆向之解析,從而確保程式之安全性,並防止程式被竄改。Therefore, even if the machine code recorded in the memory of the logic device is hacked, the function blocks corresponding to the machine code cannot be reversely analyzed through the public instruction set architecture, so as to ensure the security of the program. And prevent the program from being tampered with.

在上述實施例之基礎上,茲進一步地以一具體之實驗例進行說明。On the basis of the above-mentioned embodiment, a specific experimental example is further described.

首先,作為本發明基礎的該指令集架構之描述文字檔,在本實驗例中的部分內容係如下表一所例示者,包含了有指令名稱(memo)、運算碼(OP-code)以及指令型態(type)。First of all, the description text file of the instruction set architecture, which is the basis of the present invention, in this experimental example, part of the content is illustrated in the following table 1, including the instruction name (memo), the operation code (OP-code) and the instruction type.

表一

Figure 02_image001
Table I
Figure 02_image001

該描述文字檔經讀取分析後,於系統平台上所建立之資料結構表,則如表二所示,惟所應指出者係,表二所示者係僅對應於表一所舉例之部分,並非對應於指令集架構之全部。After the description text file is read and analyzed, the data structure table established on the system platform is shown in Table 2, but what should be pointed out is that what is shown in Table 2 only corresponds to the part exemplified in Table 1 , not all of the instruction set architectures.

表二 指令名稱 OP-code 指令類型 LD 0x00 5 ST 0x01 5 LDB 0x02 5 STB 0x03 5 LDR 0x04 6 Table II command name OP-code Instruction type LD 0x00 5 ST 0x01 5 LDB 0x02 5 STB 0x03 5 LDR 0x04 6

繼之,將如表二所示之資料結構表轉換成為硬體描述文件,其轉換係可利用如verilog等硬體描述語言來執行,以產生如下表三所示之硬體描述文件。Next, convert the data structure table shown in Table 2 into a hardware description file, and the conversion can be performed by using a hardware description language such as verilog to generate the hardware description file shown in Table 3 below.

表三

Figure 02_image003
Table 3
Figure 02_image003

所完成如表三之硬體描述文件則經編譯後燒錄至如現場可程式邏輯閘陣列(Field Programmable Gate Array, FPGA)之邏輯裝置中,據以將該邏輯裝置配置成自定義之邏輯處理器。The completed hardware description file as shown in Table 3 is compiled and programmed into a logic device such as a Field Programmable Gate Array (FPGA), so that the logic device can be configured as a custom logic process device.

進一步地,本實驗例並以表二所示之資料結構表作為輸入,嵌入預設之組譯器程式模板中,據以建立符合該指令集架構之組譯器之程式碼,再透過編譯產生組譯器之執行檔,藉此,對於將要藉由該自定義之邏輯處理器運行之程式,即可作為該組譯器之輸入,進行組譯為機器碼,舉以如下表四所示之組合語言程式為例,其經該組譯器組譯後之機器碼則如表五所示。Further, this experimental example uses the data structure table shown in Table 2 as input, and embeds it into the default assembler program template, so as to create the assembler code that conforms to the instruction set architecture, and then generates it through compiling. The executable file of the assembler, whereby the program to be run by the custom logical processor can be used as the input of the assembler to be assembled into machine code, as shown in Table 4 below. Take the assembly language program as an example, the machine code assembled by the assembly compiler is shown in Table 5.

表四

Figure 02_image005
Figure 02_image007
Table 4
Figure 02_image005
Figure 02_image007

表五

Figure 02_image009
Table 5
Figure 02_image009

經組譯完成後之機器碼,即可被下載至該自定義之邏輯處理器之記憶體中,以供執行。The assembled machine code can be downloaded into the memory of the customized logical processor for execution.

於本實驗例中,表五所例示之機器碼,僅得以在該自定義之邏輯處理器之系統平台上正常運行,因此,縱被竊取,亦無法藉由該自定義之邏輯處理以外之平台加以執行,同時亦無法透過公開之指令集架構去解析該些機器碼所對應之功能、函數等資訊,從而確保程式之安全性。In this experimental example, the machine code illustrated in Table 5 can only run normally on the system platform of the custom logic processor, so even if it is stolen, it cannot be executed by a platform other than the custom logic processor. At the same time, it is impossible to parse the functions, functions and other information corresponding to the machine codes through the public instruction set architecture, so as to ensure the security of the program.

而更進一步地,就如上開實驗例所採用之現場可程式邏輯閘陣列等邏輯裝置而言,其自身具備了遠不及於一般通用邏輯處理器之資源,因此,為能有效地利用有限的資源,舉例而言,係可以如表四所示之程式所需之指令之集合為限,僅將該指令集架構中與之對應之指令集合建立成為該指令集架構之資料結構表,使得所建立之資料結構表僅為該指令集架構之子集,除去了不被該程式所需用之冗餘功能塊,從而確保了有限資料的有效利用,令剩餘的資源可以保留給其他功能使用,使得本發明可以特別適合應用於資源有限的嵌入式系統。Furthermore, as far as the logic devices such as the field programmable logic gate array used in the above-mentioned experimental example are concerned, their own resources are far less than those of general-purpose logic processors. Therefore, in order to effectively utilize the limited resources , for example, the set of instructions required by the program shown in Table 4 can be limited, and only the corresponding set of instructions in the instruction set architecture can be established as the data structure table of the instruction set architecture, so that the established The data structure table is only a subset of the instruction set architecture, removing redundant function blocks that are not required by the program, thereby ensuring the effective use of limited data, so that the remaining resources can be reserved for other functions. The invention may be particularly suitable for application in resource-limited embedded systems.

none

none

Claims (5)

一種程式保護系統,包含有:不公開且自定義之一指令集架構之一描述文字檔;以該指令集架構之描述文字檔,建立一資料結構表,且該資料結構表建構的過程中並未將該描述文字檔進行跳轉或改變執行順序;依據該資料結構表產生一硬體描述文件,並將該硬體描述文件錄製至一邏輯裝置中;依據該資料結構表產生一組譯器;將一程式以該組譯器組譯為機器碼,並載至該邏輯裝置之記憶體。 A program protection system, comprising: a description text file of an undisclosed and self-defined instruction set architecture; creating a data structure table with the description text file of the instruction set architecture, and the process of constructing the data structure table does not include Not jumping or changing the execution order of the description file; generating a hardware description file according to the data structure table, and recording the hardware description file into a logic device; generating a set of translators according to the data structure table; A program is translated into machine code by the compiler and loaded into the memory of the logic device. 如請求項1所述之程式保護系統,其中,該邏輯裝置係為現場可程式邏輯閘陣列。 The program protection system of claim 1, wherein the logic device is a field programmable logic gate array. 如請求項1或2所述之程式保護系統,其中,該資料結構表之指令集合係為該指令集架構之子集合。 The program protection system of claim 1 or 2, wherein the instruction set of the data structure table is a subset of the instruction set architecture. 如請求項3所述之程式保護系統,其中,該資料結構表係以該程式所需之指令為選用對象,而以該指令集架構相當於該選用對象之指令集合所建立者。 The program protection system as claimed in claim 3, wherein the data structure table is created with the instruction required by the program as the optional object, and the instruction set architecture is created by the instruction set corresponding to the optional object. 如請求項1所述之程式保護系統,其中,該程式為韌體。 The program protection system of claim 1, wherein the program is firmware.
TW110120465A 2021-06-04 2021-06-04 Software/firmware protection system TWI777598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110120465A TWI777598B (en) 2021-06-04 2021-06-04 Software/firmware protection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110120465A TWI777598B (en) 2021-06-04 2021-06-04 Software/firmware protection system

Publications (2)

Publication Number Publication Date
TWI777598B true TWI777598B (en) 2022-09-11
TW202248877A TW202248877A (en) 2022-12-16

Family

ID=84958006

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110120465A TWI777598B (en) 2021-06-04 2021-06-04 Software/firmware protection system

Country Status (1)

Country Link
TW (1) TWI777598B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100131934A1 (en) * 2008-11-21 2010-05-27 Korea University Industrial & Academic System and method for translating high-level programming language code into hardware description language code
TW201616343A (en) * 2010-05-25 2016-05-01 威盛電子股份有限公司 A method for encrypting a program and a computer program product thereof
CN108446535A (en) * 2018-02-12 2018-08-24 北京梆梆安全科技有限公司 Source code reinforcement means based on code execution sequence and device
CN109460237A (en) * 2018-10-25 2019-03-12 北京顶象技术有限公司 The Compilation Method and device of code

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100131934A1 (en) * 2008-11-21 2010-05-27 Korea University Industrial & Academic System and method for translating high-level programming language code into hardware description language code
TW201616343A (en) * 2010-05-25 2016-05-01 威盛電子股份有限公司 A method for encrypting a program and a computer program product thereof
CN108446535A (en) * 2018-02-12 2018-08-24 北京梆梆安全科技有限公司 Source code reinforcement means based on code execution sequence and device
CN109460237A (en) * 2018-10-25 2019-03-12 北京顶象技术有限公司 The Compilation Method and device of code

Also Published As

Publication number Publication date
TW202248877A (en) 2022-12-16

Similar Documents

Publication Publication Date Title
TWI648648B (en) Protection method of executable program on android platform
US8090959B2 (en) Method and apparatus for protecting .net programs
CN108932406B (en) Virtualization software protection method and device
RU2439669C2 (en) Method to prevent reverse engineering of software, unauthorised modification and data capture during performance
CN108345773B (en) Code protection method and device based on virtual machine, electronic equipment and storage medium
US8321861B2 (en) Non-native program execution across multiple execution environments
CN103413073B (en) A kind of method and apparatus protecting JAVA executable program
CN108363911B (en) Python script obfuscating and watermarking method and device
CN109598107B (en) Code conversion method and device based on application installation package file
CN103177199A (en) Webpage application code protective method and system, and executive speed-up method and system
Anckaert et al. A model for self-modifying code
CN110309630B (en) Java code encryption method and device
US8533826B2 (en) Method for protecting the source code of a computer program
Wang et al. Adopting Trusted Types in ProductionWeb Frameworks to Prevent DOM-Based Cross-Site Scripting: A Case Study
US20150161363A1 (en) Method, system and device for protection against reverse engineering and/or tampering with programs
TWI777598B (en) Software/firmware protection system
CN107209815B (en) Method for code obfuscation using return-oriented programming
CN112052459A (en) Code virtualization encryption method, terminal and storage medium
Wang et al. Leveraging WebAssembly for numerical JavaScript code virtualization
JP2010231477A (en) Program and program execution device
CN114692171A (en) RISC-V based TEE construction method, system and related equipment
US9239913B2 (en) Method for obfuscating a computer program
CN114707124B (en) NET platform code protection method and system based on code virtualization
JPH11353172A (en) Recording medium for program described in interpreter language
CN112052462B (en) Virtualized encryption method, terminal and storage medium

Legal Events

Date Code Title Description
GD4A Issue of patent certificate for granted invention patent