WO2019223094A1 - Block chain-based file protection method, and terminal device - Google Patents

Block chain-based file protection method, and terminal device Download PDF

Info

Publication number
WO2019223094A1
WO2019223094A1 PCT/CN2018/097119 CN2018097119W WO2019223094A1 WO 2019223094 A1 WO2019223094 A1 WO 2019223094A1 CN 2018097119 W CN2018097119 W CN 2018097119W WO 2019223094 A1 WO2019223094 A1 WO 2019223094A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
information
protection
invalid program
protection information
Prior art date
Application number
PCT/CN2018/097119
Other languages
French (fr)
Chinese (zh)
Inventor
谢丹力
张宇
陆陈一帆
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Priority to SG11201912786WA priority Critical patent/SG11201912786WA/en
Publication of WO2019223094A1 publication Critical patent/WO2019223094A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Definitions

  • the present application belongs to the field of computer technology, and particularly relates to a file protection method based on a blockchain and a terminal device.
  • the embodiments of the present application provide a method and a terminal device for protecting a file based on a blockchain, so as to solve the problem of low data security in the prior art because an executable file of an application program is decompiled to leak source code.
  • a first aspect of the embodiments of the present application provides a blockchain-based file protection method, including:
  • Acquire type information of a first file to be protected wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file.
  • the executable file is a file formed by linking an object file.
  • the type information is used to identify a programming language used by a source file corresponding to the first file. ;
  • the protection information is configured to the first file according to a preset configuration policy to obtain a second file.
  • the execution logic of the second file is the same as the execution logic of the first file.
  • a second aspect of the embodiments of the present application provides a terminal device, including:
  • An obtaining unit configured to obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, and the first file is an object file or an executable file, and the object
  • the file is a binary file that can be executed by the processor after the source file is compiled.
  • the executable file is a file formed by linking the target file.
  • the type information is used to identify the source file corresponding to the first file.
  • a protection information determining unit configured to determine protection information of the first file according to the type information; the protection information is used to prevent decompilation;
  • a configuration unit is configured to configure the protection information to the first file according to a preset configuration policy to obtain a second file; wherein the execution logic of the second file is the same as the execution logic of the first file.
  • a third aspect of the embodiments of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, where the processor executes the computer Implement the following steps when reading instructions:
  • Acquire type information of a first file to be protected wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file.
  • the executable file is a file formed by linking an object file.
  • the type information is used to identify a programming language used by a source file corresponding to the first file. ;
  • the protection information is configured to the first file according to a preset configuration policy to obtain a second file.
  • the execution logic of the second file is the same as the execution logic of the first file.
  • a fourth aspect of the embodiments of the present application provides a computer-readable storage medium.
  • the computer-readable storage medium stores computer-readable instructions. When the computer-readable instructions are executed by a processor, the following steps are implemented:
  • Acquire type information of a first file to be protected wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file.
  • the executable file is a file formed by linking an object file.
  • the type information is used to identify a programming language used by a source file corresponding to the first file. ;
  • the protection information is configured to the first file according to a preset configuration policy to obtain a second file.
  • the execution logic of the second file is the same as the execution logic of the first file.
  • protection information is configured for the first file used to build a data interaction port of the blockchain, so that the content of the first file is obfuscated by the configured protection information, thereby preventing the first file from being exposed when it is decompiled.
  • the source code caused the algorithm in the first file to be leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex.
  • the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
  • FIG. 1 is an implementation flowchart of a blockchain-based file protection method according to an embodiment of the present application
  • FIG. 2 is a specific implementation flowchart of S103 in a blockchain-based file protection method according to an embodiment of the present application
  • FIG. 3 is a flowchart of implementing a blockchain-based file protection method according to another embodiment of the present application.
  • FIG. 4 is a schematic block diagram of a terminal device according to an embodiment of the present application.
  • FIG. 5 is a schematic block diagram of a terminal device according to another embodiment of the present application.
  • FIG. 1 is an implementation flowchart of a blockchain-based file protection method provided by an embodiment of the present application.
  • the execution subject of the blockchain-based file protection method in this embodiment is a terminal device.
  • the terminal device includes, but is not limited to, a mobile terminal such as a smart phone, a tablet computer, a notebook computer, and may also include a desktop computer.
  • the blockchain-based file protection method includes the following steps:
  • S101 Obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, the first file is a target file or an executable file, and the first file is used for For building a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a binary file that can be executed by a processor after the source file is compiled by the program.
  • the executable file is A file formed by linking an object file, and the type information is used to identify a programming language used by a source file corresponding to the first file.
  • the terminal device When the terminal device detects that the user triggers the file hardening instruction through the interactive interface, it acquires the first file selected by the user that needs to be protected, and obtains type information of the first file. Users can be developers, testers, or software managers.
  • the file hardening instruction is used to harden the files that need to be protected to prevent the files that need to be protected from being decompiled to expose the source program.
  • the blockchain architecture can be simply divided into the protocol layer, the extension layer, and the application layer.
  • the first file can be used to build a data interaction port between the extension layer and the application layer, thereby preventing the first file from being exposed after decompilation. As a result, data uploaded by users or data stored in the extension layer is leaked.
  • the programming language used in the source file corresponding to the first file may be an assembly language or a high-level language.
  • Java language For example Java language, GO language and so on.
  • the file header of the first file may include description information for identifying a programming language adopted by the source file corresponding to the first file
  • the terminal device may read from the file header of the first file. Take the description information, and use the description information to determine the programming language used by the source file corresponding to the first file.
  • the terminal device may scan the content contained in the first file, extract feature information from the content, and determine the type information of the first file by using the feature information.
  • the characteristic information may be a key field, and the key field may identify a type of the compiler, a version number of the compiler, and the like.
  • S102 Determine protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation.
  • the terminal device When the terminal device obtains the type information of the first file, it can select the protection information matching the type information from the database, and determine the protection information of the first file from the matched protection information. When the number of the obtained matched protection information is at least two, the terminal device may randomly select one protection information from the at least two matched protection information as the protection information of the first file, and may also identify the matching protection information, In order to select sequentially, for example, when the terminal device performs S102 for the first time, the matched first protection information is used as the protection information corresponding to the type of information, and when S102 is performed for the second time, the matched second protection information is used as the protection information. The protection information corresponding to the type information, and so on.
  • the protection information may include invalid program fragments, or the protection information may include data obtained by compiling the invalid program fragments.
  • Invalid program fragments are used to obfuscate or modify the execution path of the content contained in the first file, increase the difficulty of analyzing the binary data corresponding to the first file, and prevent the source code from being exposed when the first file is decompiled to protect the corresponding file. Source code, and invalid program fragments will not change the execution logic of the content contained in the first file to maintain the algorithm implementation logic of the first file.
  • Invalid program fragments can be meaningless program instructions or invalid program instructions with execution logic.
  • the number of program segments can be one or at least two.
  • a program fragment written in the GO language is selected from the database.
  • the programming language adopted by the source file corresponding to the first file is the Java language
  • a program fragment written in the Java language is selected from the database.
  • S102 may be specifically: randomly generating interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution of content contained in the first file path.
  • the terminal device may randomly generate protection information matching the type information according to the type information of the first file.
  • the randomly generated protection information may include interference information.
  • the interference information may be invalid program fragments.
  • the data length of each invalid program fragment generated may be the same or different.
  • the randomly generated interference information contains different contents. For example, the length of the program fragment included in the protection information that is randomly generated when the terminal device executes S102 for the first time and matches the type information of the first file is the first length, and that the terminal device randomly generates the The length of the program fragment included in the protection information matching the type information of the file is the second length.
  • S103 Configure the protection information to the first file according to a preset configuration policy to obtain a second file.
  • the execution logic of the second file is the same as the execution logic of the first file.
  • a preset configuration strategy is stored in the terminal device in advance.
  • the preset configuration strategy is used to indicate how to configure the determined protection information.
  • the preset configuration strategy can be set according to actual needs, and is not limited here.
  • the terminal device can mark the location or address of the protection information configured in the first file in the second file, so that the terminal device can accurately load the second file or the executable file corresponding to the second file.
  • the configured protection information is identified.
  • the execution logic of the second file is the same as the execution logic of the first file to ensure that the execution logic of the algorithm or main function before and after the addition of the protection information is unchanged, so that the algorithm or the main function's preset can be executed. Operation to achieve the desired function.
  • the protection information includes invalid program fragments, and the invalid program fragments are used to obfuscate the content contained in the first file.
  • the execution path does not change the execution logic of the first file.
  • S103 may include steps S1031 to S1032. Specifically, please refer to FIG. 2 together, and refer to FIG. 2, which is a specific implementation flowchart of S103 in a blockchain-based file protection method provided by an embodiment of the present application, as follows:
  • S1031 Determine the location information of the invalid program segment.
  • the preset configuration strategy can be used to indicate that invalid program fragments are allocated to the head or tail of the data area of the first file.
  • the position information of the inserted invalid program fragments corresponds to the head of the data area of the first file.
  • the preset configuration strategy can also be used to instruct the configuration of invalid program fragments in the binary data corresponding to the function to be protected in the first file.
  • the position information of the inserted invalid program fragments corresponds to the first file.
  • the corresponding position in the function that needs to be protected; the preset configuration strategy can also be used to instruct the binary information of the first file to be grouped, and to instruct the invalid program fragment to be inserted between any two sets of data.
  • the insert is invalid
  • the position information of the program fragment corresponds to the connection point of the two sets of data that need to be inserted into the invalid program fragment.
  • S1032 Configure the invalid program fragment to the first file according to the position information to obtain a second file.
  • the terminal device determines a preset configuration policy for instructing to configure the protection information to the head or tail of the data area of the first file
  • the protection information of the first file contains an invalid program fragment
  • use a compilation tool Compile invalid program fragments to obtain interference data, and insert the interference data into the beginning or end of the data area of the first file
  • the protection information of the first file contains interference data obtained by compiling the invalid program fragments, Then directly insert the interference data into the head or tail of the data area of the first file.
  • the terminal device compiles the processed first file to obtain a second file through a compiler.
  • the terminal device determines a preset configuration policy to instruct the protection information to be configured in the binary data corresponding to the function to be protected in the first file
  • the protection information of the first file contains invalid program fragments
  • Compile the invalid program fragments to obtain interference data and insert the interference data into the binary data corresponding to the function to be protected in the first file
  • the protection information of the first file contains the interference data obtained by compiling the invalid program fragments, Then directly insert the interference data into the binary data corresponding to the function to be protected in the first file.
  • the terminal device inserts the interference data into the binary data corresponding to the function to be protected in the first file, it compiles the processed first file through a compiler to obtain a second file.
  • the terminal device When the terminal device confirms that the preset configuration policy is used to instruct the binary information of the first file to be grouped, and instructs to insert the protection information between any two sets of data, the terminal device splits the binary data of the data area in the first file It is a preset number of data sets. If the protection information of the first file contains invalid program fragments, the invalid program fragments are compiled by a compilation tool to obtain interference data, and the interference data is inserted into any two data corresponding to the first file. Between groups; if the protection information of the first file contains interference data obtained by compiling invalid program fragments, the interference data is directly inserted between any two data groups corresponding to the first file. After the terminal device inserts the interference data between any two data groups corresponding to the first file, the terminal device compiles the processed first file through a compiler to obtain a second file.
  • S1032 may specifically include The following steps:
  • the terminal device when configuring the protection information, can mark the position or address corresponding to the protection information, set a flag bit for indicating the execution strategy of the protection information according to the type of the protection information, and set an identifier or a flag value in the flag bit .
  • the location or address corresponding to the protection information is used to accurately identify the protection information.
  • the execution strategy of the protection information refers to whether or not the protection information is performed or how to perform the protection information. For example, when the flag value of the flag bit is 0, it means that the protection information is not executed; when the flag value of the flag bit is 1, it means that the protection information is executed.
  • the data area of the first file is composed of a binary array a and a binary array b.
  • the protection information is interference data obtained by compiling an invalid program segment, and the invalid program segment has execution logic
  • the interference data c obtained after the invalid program fragment is compiled is inserted between the binary array a and the binary array b in the first file, the terminal device can set the first identifier at the end of the binary array a and A second identifier is set at the end of the interference data c obtained after the program fragment is compiled.
  • the program instructions corresponding to the binary array a and the binary array b are complete.
  • the first identifier is used to instruct to jump to the entry address corresponding to the invalid program segment after executing the instruction corresponding to the binary array a, and execute the invalid program segment.
  • the second identifier is used to instruct to jump to the program instruction corresponding to the binary array b after executing the invalid program fragment, so as to execute the program instruction corresponding to the binary array b.
  • the execution path of the first file is: binary array a, binary array b; after inserting the interference data c obtained by compiling the invalid program fragment, the second The execution path of the file changes accordingly: binary array a, interference data c, and binary array b.
  • the terminal device may set an identifier or a flag value in the header of the invalid program segment to indicate that the invalid program segment is not executed.
  • the terminal device may also set the address where the protection information is located in the symbol area of the second file and an execution policy for indicating the protection information.
  • an identifier indicating the execution strategy of the protection information is set in the symbol descriptor table, so that the terminal device can load the
  • the protection information can be identified according to the address where the protection information is located, and the identifier of the execution policy of the protection information is queried from the symbol descriptor table of the executable file corresponding to the second file, and the protection information is executed. Analyze the execution strategy of the protection information to execute the protection information according to the execution strategy of the protection information.
  • the terminal device may configure related information of an identifier indicating an execution policy of the protection information in the symbol descriptor table of the second file.
  • the related information may include the corresponding information of the protection information.
  • the address segment and the address corresponding to the marker bit may further include an identifier corresponding to the marker bit.
  • the address segment corresponding to the protection information is used to identify the protection information, and the address corresponding to the tag bit is used to obtain the tag value or the tag, so that when the execution strategy of the tag value or the tag's protection information execution strategy is parsed, The execution strategy of the protection information is processed.
  • protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled As a result, the algorithm in the first file was leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex.
  • the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
  • FIG. 3 is a flowchart of another method for protecting a file based on a blockchain provided by an embodiment of the present application.
  • the difference between this embodiment and the foregoing embodiment is that before the protection information is configured to the first file to obtain the second file according to a preset configuration policy, the entry of the objective function corresponding to the objective data to be protected can also be hidden or modified address.
  • the blockchain-based file protection method shown in FIG. 3 specifically includes the following steps:
  • S201 Obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, the first file is an object file or an executable file, and the object file is a source A binary file that can be executed by a processor after a file is compiled.
  • the executable file is a file formed by linking an object file.
  • the type information is used to identify a program used by a source file corresponding to the first file. Design language.
  • S201 in this embodiment is the same as S101 in the foregoing embodiment.
  • S101 in the foregoing embodiment For details, refer to the related description of S101 in the foregoing embodiment, and details are not described herein.
  • S202 Determine protection information of the first file according to the type information; the protection information is used to prevent decompilation.
  • S202 in this embodiment is the same as S102 in the foregoing embodiment.
  • S102 in the foregoing embodiment For details, refer to the related description of S102 in the foregoing embodiment, and details are not described herein.
  • S203 Determine target data that needs to be protected in the first file; where the target data is used to implement an objective function that needs to be protected.
  • the objective function can be a main function or a function containing a core algorithm.
  • the terminal device may determine the target data to be protected in the first file by using the identifier of the target function; and may also determine the target data to be protected in the first file according to the address segment corresponding to the target function in the first file.
  • S201 and S203 are executed in no particular order. You can execute S201 ⁇ S202 and then S203, you can also execute S203 and then S201 ⁇ S202, and you can also execute S201 and S203 at the same time. There is no limitation here.
  • S204 Hide or modify the entry address of the objective function, and add identification information to the first file; where the identification information is used to describe the entry address.
  • the terminal device when it determines the target data to be protected in the first file through the identifier of the target function, it can obtain the target address segment to which the target data is allocated, set the address offset of the target data, and then press the set address
  • the offset modifies the target address segment, thereby modifying the entry address of the target function.
  • the address offset can be randomly assigned or a preset value, which is not limited here.
  • the terminal device When the terminal device determines the target data to be protected in the first file according to the address segment corresponding to the target function in the first file, the terminal device can set the address offset of the target data, and then modify the target address segment according to the set address offset, thereby Modify the entry address of the target function.
  • identification information describing the address offset of the entry address may be added to the symbol area of the first file according to the address offset.
  • the terminal device may also insert invalid data before the target address segment according to the target address segment to which the target data is allocated, thereby hiding the entry address of the target function corresponding to the target data.
  • S205 Configure the protection information to the first file according to a preset configuration policy to obtain a second file.
  • the execution logic of the second file is the same as the execution logic of the first file.
  • S205 in this embodiment is the same as S103 in the foregoing embodiment.
  • S103 in the foregoing embodiment For details, refer to the related description of S103 in the foregoing embodiment, and details are not described herein.
  • protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled.
  • the algorithm in the first file was leaked.
  • the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex.
  • the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
  • the terminal device hides or changes the entry address of the target function corresponding to the target data to be protected, which increases the difficulty of obtaining and analyzing the target data, and can improve the security of the target data.
  • FIG. 4 is a schematic block diagram of a terminal device according to an embodiment of the present application.
  • Each unit included in the terminal device is configured to execute steps of a blockchain-based file protection method in any of the foregoing embodiments. Please refer to FIG. Related descriptions in the embodiments corresponding to 1 to FIG. 3. For convenience of explanation, only the parts related to this embodiment are shown.
  • the terminal device 4 in this embodiment includes an obtaining unit 410, a protection information determining unit 420, and a configuration unit 430, as follows:
  • the obtaining unit 410 is configured to obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, and the first file is a target file or an executable file, and The target file is a binary file that can be executed by the processor after the source file is compiled by the processor.
  • the executable file is a file formed by linking the target file.
  • the type information is used to identify the source file corresponding to the first file. The programming language used.
  • a protection information determining unit 420 is configured to determine protection information of the first file according to the type information; the protection information is used to prevent decompilation.
  • the protection information determining unit 420 is specifically configured to randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution of the content contained in the first file. path.
  • the configuration unit 430 is configured to configure the protection information to the first file according to a preset configuration policy to obtain a second file; wherein the execution logic of the second file is the same as the execution logic of the first file.
  • the protection information includes invalid program fragments
  • the configuration unit 430 may include:
  • a position information determining unit 431, configured to determine position information for inserting the invalid program fragment
  • An information configuration unit 432 is configured to configure the invalid program fragment to the first file according to the location information to obtain a second file.
  • information configuration unit 432 is specifically configured to:
  • the terminal device may further include:
  • a target data determining unit 440 configured to determine target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
  • the setting unit 450 is configured to hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
  • protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled.
  • the algorithm in the first file was leaked.
  • the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex.
  • the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
  • the terminal device hides or changes the entry address of the target function corresponding to the target data to be protected, which increases the difficulty of obtaining and analyzing the target data, and can improve the security of the target data.
  • FIG. 5 is a schematic block diagram of a terminal device according to another embodiment of the present application.
  • the terminal device 5 of this embodiment includes a processor 510, a memory 520, and computer-readable instructions 530 stored in the memory 520 and executable on the processor 510, for example, based on blocks. Program for chain file protection method.
  • the processor 510 executes the computer-readable instructions 530
  • the steps in the embodiments of the foregoing blockchain-based file protection methods are implemented, such as S101 to S103 shown in FIG. 1.
  • the processor 510 executes the computer-readable instructions 530
  • the functions of the units in the embodiment corresponding to FIG. 4 are implemented, for example, the functions of units 410 to 450 shown in FIG. 4 are described in detail. The related descriptions in the embodiments are not repeated here.
  • the computer-readable instructions 530 may be divided into one or more units, and the one or more units are stored in the memory 520 and executed by the processor 510 to complete the present application.
  • the one or more units may be instruction segments of a series of computer-readable instructions capable of performing a specific function, and the instruction segments are used to describe an execution process of the computer-readable instructions 530 in the terminal device 5.
  • the computer-readable instructions 530 may be divided into an acquisition unit, a protection information determination unit, and a configuration unit, and the specific functions of each unit are as described above.
  • the terminal device may include, but is not limited to, a processor 510 and a memory 520.
  • FIG. 5 is only an example of the terminal device 5 and does not constitute a limitation on the terminal device 5. It may include more or less components than shown in the figure, or combine some components or different components
  • the air conditioner may further include an input / output device, a network access device, a bus, and the like.
  • the processor 510 may be a central processing unit (Central Processing Unit (CPU), or other general-purpose processors, Digital Signal Processors (DSPs), and application-specific integrated circuits (Applications) Specific Integrated Circuit (ASIC), off-the-shelf Programmable Gate Array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • CPU Central Processing Unit
  • DSP Digital Signal Processor
  • ASIC Applications
  • FPGA off-the-shelf Programmable Gate Array
  • a general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the memory 520 may be an internal storage unit of the terminal device 5, such as a hard disk or a memory of the terminal device 5.
  • the memory 520 may also be an external storage device of the terminal device 5, such as a plug-in hard disk, a smart memory card (SMC), and a secure digital (SD) provided on the terminal device 5. Card, flash card, etc. Further, the memory 520 may also include both an internal storage unit of the terminal device 5 and an external storage device.
  • the memory 520 is configured to store the computer-readable instructions and other programs and data required by the air conditioner. The memory 520 may also be used to temporarily store data that has been output or is to be output.

Abstract

The present application is applicable to the technical field of computers, and provided thereby are a block chain-based file protection method and a terminal device, the method comprising: acquiring type information of a first file needing to be protected, the type information being used for identifying a program design language employed by a source file corresponding to the first file; determining protection information of the first file according to the type information, the protection information being used for preventing decompilation; and configuring the protection information to the first file according to a preset configuration policy to obtain a second file, the execution logic of the second file being the same as that of the first file. According to the present application, protection information is configured for a first file of a data interaction port used for setting up a block chain, and content in the first file is obfuscated by means of the configured protection information. Therefore, the data security of the first file may be improved, and the security of user information or user properties in an application program corresponding to the first file is improved.

Description

一种基于区块链的文件保护方法及终端设备File protection method and terminal equipment based on blockchain
本申请要求于2018年05月22日提交中国专利局、申请号为201810496143.4、发明名称为“一种基于区块链的文件保护方法及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on May 22, 2018, with application number 201810496143.4, and the invention name is "A Blockchain-Based File Protection Method and Terminal Device". Citations are incorporated in this application.
技术领域Technical field
本申请属于计算机技术领域,尤其涉及一种基于区块链的文件保护方法及终端设备。The present application belongs to the field of computer technology, and particularly relates to a file protection method based on a blockchain and a terminal device.
背景技术Background technique
随着移动互联网的发展,提供各种服务的应用程序应运而生,用户可在终端上下载并安装应用程序,使用该应用程序(Application,App)享受相应的服务。例如,区块链App、打车类App、金融类App等。With the development of the mobile Internet, applications that provide various services have emerged at the historic moment. Users can download and install applications on the terminal and use the applications (Application, App) to enjoy the corresponding services. For example, Blockchain App, Taxi App, Financial App, etc.
然而,应用程序安装在终端上之后,容易被黑客或不法分子通过反编译工具进行攻击,获取应用程序的安装包里面的可执行文件,并对可执行文件进行反编译得到该可行性文件的源码,窃取源码中包含的算法或对源码进行篡改等,进而导致该应用程序的用户信息或用户财产被窃取,甚至给用户带来巨大的经济损失,数据安全性较低。However, after the application program is installed on the terminal, it is easy for hackers or criminals to attack through decompilation tools, obtain the executable file in the application installation package, and decompile the executable file to obtain the source code of the feasible file. , Stealing the algorithm contained in the source code or tampering with the source code, etc., which leads to the theft of user information or user property of the application, and even brings huge economic losses to the user, and the data security is low.
技术问题technical problem
本申请实施例提供了一种基于区块链的文件保护方法及终端设备,以解决现有技术因应用程序的可执行文件被反编译泄露源码而导致数据安全性低的问题。The embodiments of the present application provide a method and a terminal device for protecting a file based on a blockchain, so as to solve the problem of low data security in the prior art because an executable file of an application program is decompiled to leak source code.
技术解决方案Technical solutions
本申请实施例的第一方面提供了一种基于区块链的文件保护方法,包括:A first aspect of the embodiments of the present application provides a blockchain-based file protection method, including:
获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
本申请实施例的第二方面提供了一种终端设备,包括:A second aspect of the embodiments of the present application provides a terminal device, including:
获取单元,用于获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;An obtaining unit, configured to obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, and the first file is an object file or an executable file, and the object The file is a binary file that can be executed by the processor after the source file is compiled. The executable file is a file formed by linking the target file. The type information is used to identify the source file corresponding to the first file. The programming language used;
防护信息确定单元,用于根据所述类型信息确定所述第一文件的防护信息;所述防护信息用于防止反编译;A protection information determining unit, configured to determine protection information of the first file according to the type information; the protection information is used to prevent decompilation;
配置单元,用于根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,第二文件的执行逻辑与第一文件的执行逻辑相同。A configuration unit is configured to configure the protection information to the first file according to a preset configuration policy to obtain a second file; wherein the execution logic of the second file is the same as the execution logic of the first file.
本申请实施例的第三方面提供了一种终端设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现以下步骤:A third aspect of the embodiments of the present application provides a terminal device, including a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, where the processor executes the computer Implement the following steps when reading instructions:
获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
本申请实施例的第四方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,所述计算机可读指令被处理器执行时实现以下步骤:A fourth aspect of the embodiments of the present application provides a computer-readable storage medium. The computer-readable storage medium stores computer-readable instructions. When the computer-readable instructions are executed by a processor, the following steps are implemented:
获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
有益效果Beneficial effect
本申请实施例通过为用于搭建区块链的数据交互端口的第一文件配置防护信息,从而通过配置的防护信息混淆第一文件中的内容,进而防止第一文件在被反编译时因暴露源码而导致第一文件中的算法被泄露。由于第一文件是二进制文件,通过对第一文件进行处理,而不是对第一文件的源码进行处理,能够提高反编译第一文件获取源码的复杂度以及难度,从而提高第一文件的数据安全性。由于第一交互文件用于搭建区块链的数据交互端口,提高第一文件的安全性的同时,能够提高通过区块链的数据交互端口传输的数据的安全性,进而增加第一文件对应的应用程序的用户信息或用户财产的安全性。In the embodiment of the present application, protection information is configured for the first file used to build a data interaction port of the blockchain, so that the content of the first file is obfuscated by the configured protection information, thereby preventing the first file from being exposed when it is decompiled. The source code caused the algorithm in the first file to be leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex. Since the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1是本申请一实施例提供的一种基于区块链的文件保护方法的实现流程图;FIG. 1 is an implementation flowchart of a blockchain-based file protection method according to an embodiment of the present application; FIG.
图2是本申请实施例提供的一种基于区块链的文件保护方法中S103的具体实现流程图;FIG. 2 is a specific implementation flowchart of S103 in a blockchain-based file protection method according to an embodiment of the present application; FIG.
图3是本申请另一实施例提供的一种基于区块链的文件保护方法的实现流程图;FIG. 3 is a flowchart of implementing a blockchain-based file protection method according to another embodiment of the present application; FIG.
图4是本申请一实施例提供的一种终端设备的示意框图;4 is a schematic block diagram of a terminal device according to an embodiment of the present application;
图5是本申请另一实施例提供的一种终端设备的示意框图。FIG. 5 is a schematic block diagram of a terminal device according to another embodiment of the present application.
本发明的实施方式Embodiments of the invention
以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, for the purpose of explanation rather than limitation, specific details such as a specific system structure and technology are provided in order to thoroughly understand the embodiments of the present application. However, it should be clear to a person skilled in the art that the present application can also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary details.
请参阅图1,图1是本申请实施例提供的一种基于区块链的文件保护方法的实现流程图。本实施例中基于区块链的文件保护方法的执行主体为终端设备,终端设备包括但不限于智能手机、平板电脑、笔记本电脑等移动终端,还可以包括台式电脑。如图所示的基于区块链的文件保护方法包括以下步骤:Please refer to FIG. 1. FIG. 1 is an implementation flowchart of a blockchain-based file protection method provided by an embodiment of the present application. The execution subject of the blockchain-based file protection method in this embodiment is a terminal device. The terminal device includes, but is not limited to, a mobile terminal such as a smart phone, a tablet computer, a notebook computer, and may also include a desktop computer. As shown in the figure, the blockchain-based file protection method includes the following steps:
S101:获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言。S101: Obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, the first file is a target file or an executable file, and the first file is used for For building a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a binary file that can be executed by a processor after the source file is compiled by the program. The executable file is A file formed by linking an object file, and the type information is used to identify a programming language used by a source file corresponding to the first file.
终端设备在检测到用户通过交互界面触发文件加固指令时,获取用户选择的需要保护的第一文件,并获取第一文件的类型信息。用户可以是开发人员、测试人员或软件管理人员等。文件加固指令用于对需要保护的文件进行加固处理,防止需要保护的文件被反编译暴露源程序。When the terminal device detects that the user triggers the file hardening instruction through the interactive interface, it acquires the first file selected by the user that needs to be protected, and obtains type information of the first file. Users can be developers, testers, or software managers. The file hardening instruction is used to harden the files that need to be protected to prevent the files that need to be protected from being decompiled to expose the source program.
其中,区块链的架构可以简单分为协议层、扩展层和应用层,第一文件可以用于搭建扩展层与应用层之间的数据交互端口,从而防止第一文件被反编译后暴露源码而导致用户上传的数据或存储于扩展层的数据泄露。Among them, the blockchain architecture can be simply divided into the protocol layer, the extension layer, and the application layer. The first file can be used to build a data interaction port between the extension layer and the application layer, thereby preventing the first file from being exposed after decompilation. As a result, data uploaded by users or data stored in the extension layer is leaked.
第一文件对应的源文件所采用的程序设计语言可以是汇编语言,也可以是高级语言。例如Java语言、GO语言等。The programming language used in the source file corresponding to the first file may be an assembly language or a high-level language. For example Java language, GO language and so on.
具体地,在一实施方式中,第一文件的文件头中可以包括用于标识第一文件对应的源文件所采用的程序设计语言的描述信息,终端设备可以从第一文件的文件头中读取该描述信息,并通过该描述信息确定第一文件对应的源文件所采用的程序设计语言。Specifically, in an implementation manner, the file header of the first file may include description information for identifying a programming language adopted by the source file corresponding to the first file, and the terminal device may read from the file header of the first file. Take the description information, and use the description information to determine the programming language used by the source file corresponding to the first file.
在另一实施方式中,终端设备可以扫面第一文件包含的内容,并从中提取特征信息,通过特征信息确定第一文件的类型信息。特征信息可以是关键字段,关键字段可以标识编译器的类型、编译器的版本号等。In another embodiment, the terminal device may scan the content contained in the first file, extract feature information from the content, and determine the type information of the first file by using the feature information. The characteristic information may be a key field, and the key field may identify a type of the compiler, a version number of the compiler, and the like.
S102:根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译。S102: Determine protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation.
终端设备在获取到第一文件的类型信息时,可以从数据库中选择与类型信息匹配的防护信息,并从匹配的防护信息中确定第一文件的防护信息。当获取到的匹配的防护信息的数目为至少两个时,终端设备可以至少两个匹配的防护信息从中随机选择一个防护信息作为第一文件的防护信息;也可以对匹配的防护信息进行标识,以便依次循环选用,比如,终端设备在第一次执行S102时,将匹配的第一防护信息作为该类型信息对应的防护信息,在第二次执行S102时,将匹配的第二防护信息作为该类型信息对应的防护信息,依次类推。When the terminal device obtains the type information of the first file, it can select the protection information matching the type information from the database, and determine the protection information of the first file from the matched protection information. When the number of the obtained matched protection information is at least two, the terminal device may randomly select one protection information from the at least two matched protection information as the protection information of the first file, and may also identify the matching protection information, In order to select sequentially, for example, when the terminal device performs S102 for the first time, the matched first protection information is used as the protection information corresponding to the type of information, and when S102 is performed for the second time, the matched second protection information is used as the protection information. The protection information corresponding to the type information, and so on.
可以理解的是,防护信息可以包括无效的程序片段,或者,防护信息可以包括由无效的程序片段编译后得到的数据。无效的程序片段用于混淆或修改所述第一文件包含的内容的执行路径,增加分析第一文件对应的二进制数据的难度,防止第一文件被反编译时暴露源码,以保护第一文件对应的源码,并且无效的程序片段不会改变第一文件包含的内容的执行逻辑,以维持第一文件的算法实现逻辑。无效的程序片段可以是毫无意义的程序指令,也可以是具有执行逻辑的无效的程序指令。程序片段的数目可以是一个或至少两个。例如,当第一文件对应的源文件所采用的程序语言为GO语言时,从数据库中选择采用GO语言编写的程序片段。当第一文件对应的源文件所采用的程序语言为Java语言时,从数据库中选择采用Java语言编写的程序片段。It can be understood that the protection information may include invalid program fragments, or the protection information may include data obtained by compiling the invalid program fragments. Invalid program fragments are used to obfuscate or modify the execution path of the content contained in the first file, increase the difficulty of analyzing the binary data corresponding to the first file, and prevent the source code from being exposed when the first file is decompiled to protect the corresponding file. Source code, and invalid program fragments will not change the execution logic of the content contained in the first file to maintain the algorithm implementation logic of the first file. Invalid program fragments can be meaningless program instructions or invalid program instructions with execution logic. The number of program segments can be one or at least two. For example, when the program language adopted by the source file corresponding to the first file is the GO language, a program fragment written in the GO language is selected from the database. When the programming language adopted by the source file corresponding to the first file is the Java language, a program fragment written in the Java language is selected from the database.
在另一实施方式中,S102可以具体为:根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。In another embodiment, S102 may be specifically: randomly generating interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution of content contained in the first file path.
例如,终端设备可以根据第一文件的类型信息随机生成与该类型信息匹配的防护信息。随机生成的防护信息可以包括干扰信息,干扰信息可以是无效的程序片段,每次生成的无效的程序片段的数据长度可以相同,也可以不同;随机生成的干扰信息所包含的内容不同。例如,终端设备第一次执行S102时随机生成的与第一文件的类型信息匹配的防护信息中包含的程序片段的长度为第一长度,终端设备第二次执行S102时随机生成的与第一文件的类型信息匹配的防护信息中包含的程序片段的长度为第二长度。For example, the terminal device may randomly generate protection information matching the type information according to the type information of the first file. The randomly generated protection information may include interference information. The interference information may be invalid program fragments. The data length of each invalid program fragment generated may be the same or different. The randomly generated interference information contains different contents. For example, the length of the program fragment included in the protection information that is randomly generated when the terminal device executes S102 for the first time and matches the type information of the first file is the first length, and that the terminal device randomly generates the The length of the program fragment included in the protection information matching the type information of the file is the second length.
S103:根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,第二文件的执行逻辑与第一文件的执行逻辑相同。S103: Configure the protection information to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
终端设备内预先存储了预设的配置策略,预设的配置策略用于指示如何配置确定的防护信息,预设的配置策略可以根据实际的需求进行设置,此处不做限制。A preset configuration strategy is stored in the terminal device in advance. The preset configuration strategy is used to indicate how to configure the determined protection information. The preset configuration strategy can be set according to actual needs, and is not limited here.
可以理解的是,终端设备可以在第二文件中标记配置到第一文件中的防护信息所在的位置或地址,以便终端设备在加载第二文件或第二文件对应的可执行文件时,能够准确识别出配置的防护信息,第二文件的执行逻辑与第一文件的执行逻辑相同,以保证增加防护信息前后的算法或主函数的执行逻辑不变,以能够执行该算法或主函数的预设操作,进而实现预期的功能。It can be understood that the terminal device can mark the location or address of the protection information configured in the first file in the second file, so that the terminal device can accurately load the second file or the executable file corresponding to the second file. The configured protection information is identified. The execution logic of the second file is the same as the execution logic of the first file to ensure that the execution logic of the algorithm or main function before and after the addition of the protection information is unchanged, so that the algorithm or the main function's preset can be executed. Operation to achieve the desired function.
在另一实施例中,为了提高第一文件的数据安全性,增加反编译后分析第一文件的难度,防护信息包括无效的程序片段,无效的程序片段用于混淆第一文件包含的内容的执行路径,且不改变第一文件的执行逻辑。S103可以包括步骤S1031~S1032。具体地,请一并参阅图2,请参阅图2,图2是本申请实施例提供的一种基于区块链的文件保护方法中S103的具体实现流程图,具体如下:In another embodiment, in order to improve the data security of the first file and increase the difficulty of analyzing the first file after decompilation, the protection information includes invalid program fragments, and the invalid program fragments are used to obfuscate the content contained in the first file. The execution path does not change the execution logic of the first file. S103 may include steps S1031 to S1032. Specifically, please refer to FIG. 2 together, and refer to FIG. 2, which is a specific implementation flowchart of S103 in a blockchain-based file protection method provided by an embodiment of the present application, as follows:
S1031:确定插入所述无效的程序片段的位置信息。S1031: Determine the location information of the invalid program segment.
预设的配置策略可以用于指示将无效的程序片段配置到第一文件的数据区的首端或尾端,此时,插入无效的程序片段的位置信息对应第一文件的数据区的首端或尾端;预设的配置策略还可以用于指示将无效的程序片段配置到第一文件中需要保护的函数对应的二进制数据中,此时,插入无效的程序片段的位置信息对应第一文件中需要保护的函数中的相应位置;预设的配置策略还可以用于指示将第一文件的二进制信息分组,并指示将无效的程序片段插入至任意两组数据之间,此时,插入无效的程序片段的位置信息对应需要插入无效的程序片段的两组数据的连接处。The preset configuration strategy can be used to indicate that invalid program fragments are allocated to the head or tail of the data area of the first file. At this time, the position information of the inserted invalid program fragments corresponds to the head of the data area of the first file. Or the end; the preset configuration strategy can also be used to instruct the configuration of invalid program fragments in the binary data corresponding to the function to be protected in the first file. At this time, the position information of the inserted invalid program fragments corresponds to the first file. The corresponding position in the function that needs to be protected; the preset configuration strategy can also be used to instruct the binary information of the first file to be grouped, and to instruct the invalid program fragment to be inserted between any two sets of data. At this time, the insert is invalid The position information of the program fragment corresponds to the connection point of the two sets of data that need to be inserted into the invalid program fragment.
S1032:根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。S1032: Configure the invalid program fragment to the first file according to the position information to obtain a second file.
例如,终端设备在确定预设的配置策略用于指示将防护信息配置到第一文件的数据区的首端或尾端时,如果第一文件的防护信息中包含无效的程序片段,通过编译工具对无效的程序片段进行编译得到干扰数据,并将干扰数据插入第一文件的数据区的首端或尾端;如果第一文件的防护信息中包含将无效的程序片段编译后得到的干扰数据,那么直接将干扰数据插入第一文件的数据区的首端或尾端。终端设备在将干扰数据插入第一文件的数据区的首端或尾端后,通过编译器对处理后的第一文件进行编译得到第二文件。For example, when the terminal device determines a preset configuration policy for instructing to configure the protection information to the head or tail of the data area of the first file, if the protection information of the first file contains an invalid program fragment, use a compilation tool Compile invalid program fragments to obtain interference data, and insert the interference data into the beginning or end of the data area of the first file; if the protection information of the first file contains interference data obtained by compiling the invalid program fragments, Then directly insert the interference data into the head or tail of the data area of the first file. After the terminal device inserts the interference data into the head or tail of the data area of the first file, the terminal device compiles the processed first file to obtain a second file through a compiler.
终端设备在确定预设的配置策略用于指示将防护信息配置到第一文件中需要保护的函数对应的二进制数据中时,如果第一文件的防护信息中包含无效的程序片段,通过编译工具对无效的程序片段进行编译得到干扰数据,并将干扰数据插入第一文件中需要保护的函数对应的二进制数据中;如果第一文件的防护信息中包含将无效的程序片段编译后得到的干扰数据,那么直接将干扰数据插入第一文件中需要保护的函数对应的二进制数据中。终端设备在将干扰数据插入第一文件中需要保护的函数对应的二进制数据中之后,通过编译器对处理后的第一文件进行编译得到第二文件。When the terminal device determines a preset configuration policy to instruct the protection information to be configured in the binary data corresponding to the function to be protected in the first file, if the protection information of the first file contains invalid program fragments, Compile the invalid program fragments to obtain interference data, and insert the interference data into the binary data corresponding to the function to be protected in the first file; if the protection information of the first file contains the interference data obtained by compiling the invalid program fragments, Then directly insert the interference data into the binary data corresponding to the function to be protected in the first file. After the terminal device inserts the interference data into the binary data corresponding to the function to be protected in the first file, it compiles the processed first file through a compiler to obtain a second file.
终端设备在确认预设的配置策略用于指示将第一文件的二进制信息分组,并指示将防护信息插入至任意两组数据之间时,终端设备将第一文件中数据区的二进制数据拆分为预设数目的数据组,如果第一文件的防护信息中包含无效的程序片段,通过编译工具对无效的程序片段进行编译得到干扰数据,并将干扰数据插入第一文件对应的任意两个数据组之间;如果第一文件的防护信息中包含将无效的程序片段编译后得到的干扰数据,那么直接将干扰数据插入第一文件对应的任意两个数据组之间。终端设备在将干扰数据插入第一文件对应的任意两个数据组之间之后,通过编译器对处理后的第一文件进行编译得到第二文件。When the terminal device confirms that the preset configuration policy is used to instruct the binary information of the first file to be grouped, and instructs to insert the protection information between any two sets of data, the terminal device splits the binary data of the data area in the first file It is a preset number of data sets. If the protection information of the first file contains invalid program fragments, the invalid program fragments are compiled by a compilation tool to obtain interference data, and the interference data is inserted into any two data corresponding to the first file. Between groups; if the protection information of the first file contains interference data obtained by compiling invalid program fragments, the interference data is directly inserted between any two data groups corresponding to the first file. After the terminal device inserts the interference data between any two data groups corresponding to the first file, the terminal device compiles the processed first file through a compiler to obtain a second file.
进一步地,当防护信息包括无效的程序片段或由无效的程序片段编译后得到的干扰数据,终端设备在配置防护信息时,还设置用于指示防护信息的执行策略的信息时,S1032可以具体包括以下步骤:Further, when the protection information includes invalid program fragments or interference data obtained by compiling the invalid program fragments, and when the terminal device configures the protection information, it also sets information for indicating an execution strategy of the protection information, S1032 may specifically include The following steps:
根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
例如,终端设备在配置防护信息时,可以标记防护信息所对应的位置或地址,根据防护信息的所属类型设置用于指示防护信息的执行策略的标记位,并在标记位设置标识符或标记值。标记防护信息所对应的位置或地址用于准确识别出防护信息,防护信息的执行策略是指是否执行防护信息或者如何执行防护信息。比如,当标记位的标记值为0时,表示不执行防护信息;当标记位的标记值为1时,标识执行防护信息。For example, when configuring the protection information, the terminal device can mark the position or address corresponding to the protection information, set a flag bit for indicating the execution strategy of the protection information according to the type of the protection information, and set an identifier or a flag value in the flag bit . The location or address corresponding to the protection information is used to accurately identify the protection information. The execution strategy of the protection information refers to whether or not the protection information is performed or how to perform the protection information. For example, when the flag value of the flag bit is 0, it means that the protection information is not executed; when the flag value of the flag bit is 1, it means that the protection information is executed.
在一种实施方式中,假设第一文件的数据区由二进制数组a和二进制数组b组成,当防护信息为由无效的程序片段编译后得到的干扰数据,且无效的程序片段具有执行逻辑时,如果将无效的程序片段编译后得到的干扰数据c插入到第一文件中的二进制数组a与二进制数组b之间,那么终端设备可以在二进制数组a的末尾设置第一标识符以及在由无效的程序片段编译后得到的干扰数据c末尾设置第二标识符。In one embodiment, it is assumed that the data area of the first file is composed of a binary array a and a binary array b. When the protection information is interference data obtained by compiling an invalid program segment, and the invalid program segment has execution logic, If the interference data c obtained after the invalid program fragment is compiled is inserted between the binary array a and the binary array b in the first file, the terminal device can set the first identifier at the end of the binary array a and A second identifier is set at the end of the interference data c obtained after the program fragment is compiled.
其中,二进制数组a以及二进制数组b各自对应的程序指令均完整。第一标识符用于指示在执行完二进制数组a对应的指令后跳转至无效的程序片段对应的入口地址,执行无效的程序片段。第二标识符用于指示在执行完无效的程序片段时,跳转至二进制数组b对应的程序指令,以执行二进制数组b对应的程序指令。The program instructions corresponding to the binary array a and the binary array b are complete. The first identifier is used to instruct to jump to the entry address corresponding to the invalid program segment after executing the instruction corresponding to the binary array a, and execute the invalid program segment. The second identifier is used to instruct to jump to the program instruction corresponding to the binary array b after executing the invalid program fragment, so as to execute the program instruction corresponding to the binary array b.
在插入由无效的程序片段编译后得到的干扰数据c之前,第一文件的执行路径为:二进制数组a、二进制数组b;在插入由无效的程序片段编译后得到的干扰数据c之后,第二文件的执行路径相应地变为:二进制数组a、干扰数据c、二进制数组b。Before inserting the interference data c obtained by compiling the invalid program fragment, the execution path of the first file is: binary array a, binary array b; after inserting the interference data c obtained by compiling the invalid program fragment, the second The execution path of the file changes accordingly: binary array a, interference data c, and binary array b.
在另一种实施方式中,当防护信息为无效的程序片段编译后的干扰数据,且无效的程序片段不具有执行逻辑时,此时无效的程序片段为乱码或垃圾代码,终端设备不需要执行无效的程序片段,因此,终端设备可以在无效的程序片段的首部设置用于表示不执行该无效的程序片段的标识符或标记值。In another embodiment, when the protection information is interference data after the invalid program segment is compiled and the invalid program segment does not have execution logic, the invalid program segment is garbled or junk code, and the terminal device does not need to execute The invalid program segment, therefore, the terminal device may set an identifier or a flag value in the header of the invalid program segment to indicate that the invalid program segment is not executed.
当第一文件为目标文件,配置防护信息得到的第二文件也为目标文件时,终端设备还可以在第二文件的符号区设置防护信息所处位置的地址以及用于指示防护信息的执行策略的标识符,在对第二文件进行连接形成可执行文件的过程中,在符号描述符表设置用于指示防护信息的执行策略的标识符,以使得终端设备可以在加载第二文件对应的可执行文件时,可以根据防护信息所处位置的地址识别出防护信息,从第二文件对应的可执行文件的符号描述符表中查询用于指示防护信息的执行策略的标识符,并对其进行解析得到防护信息的执行策略,从而根据防护信息的执行策略执行防护信息。When the first file is the target file and the second file obtained by configuring the protection information is also the target file, the terminal device may also set the address where the protection information is located in the symbol area of the second file and an execution policy for indicating the protection information. Identifier in the process of linking the second file to form an executable file, an identifier indicating the execution strategy of the protection information is set in the symbol descriptor table, so that the terminal device can load the When the file is executed, the protection information can be identified according to the address where the protection information is located, and the identifier of the execution policy of the protection information is queried from the symbol descriptor table of the executable file corresponding to the second file, and the protection information is executed. Analyze the execution strategy of the protection information to execute the protection information according to the execution strategy of the protection information.
当第一文件为可执行文件时,终端设备可以在第二文件的符号描述符表配置用于指示防护信息的执行策略的标识符的相关信息,例如,该相关信息可以包括防护信息所对应的地址段以及标记位对应的地址,还可以包括标记位对应的标识符。防护信息所对应的地址段用于识别防护信息,标记位对应的地址用于获取标记值或标记符,从而能够在解析得到标记值或标记符标识的防护信息的执行策略时,根据解析得到的防护信息的执行策略进行处理。When the first file is an executable file, the terminal device may configure related information of an identifier indicating an execution policy of the protection information in the symbol descriptor table of the second file. For example, the related information may include the corresponding information of the protection information. The address segment and the address corresponding to the marker bit may further include an identifier corresponding to the marker bit. The address segment corresponding to the protection information is used to identify the protection information, and the address corresponding to the tag bit is used to obtain the tag value or the tag, so that when the execution strategy of the tag value or the tag's protection information execution strategy is parsed, The execution strategy of the protection information is processed.
上述方案,通过为用于搭建区块链的数据交互端口的第一文件配置防护信息,从而通过配置的防护信息混淆第一文件中的内容,进而防止第一文件在被反编译时因暴露源码而导致第一文件中的算法被泄露。由于第一文件是二进制文件,通过对第一文件进行处理,而不是对第一文件的源码进行处理,能够提高反编译第一文件获取源码的复杂度以及难度,从而提高第一文件的数据安全性。由于第一交互文件用于搭建区块链的数据交互端口,提高第一文件的安全性的同时,能够提高通过区块链的数据交互端口传输的数据的安全性,进而增加第一文件对应的应用程序的用户信息或用户财产的安全性。In the above solution, protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled As a result, the algorithm in the first file was leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex. Since the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
请参阅图3,图3是本申请实施例提供的另一种基于区块链的文件保护方法的实现流程图。本实施例与上述实施例的区别在于:在根据预设的配置策略将防护信息配置到所述第一文件得到第二文件之前,还可以隐藏或修改需要保护的目标数据对应的目标函数的入口地址。具体地,图3所示的基于区块链的文件保护方法具体包括以下步骤:Please refer to FIG. 3, which is a flowchart of another method for protecting a file based on a blockchain provided by an embodiment of the present application. The difference between this embodiment and the foregoing embodiment is that before the protection information is configured to the first file to obtain the second file according to a preset configuration policy, the entry of the objective function corresponding to the objective data to be protected can also be hidden or modified address. Specifically, the blockchain-based file protection method shown in FIG. 3 specifically includes the following steps:
S201:获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言。S201: Obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, the first file is an object file or an executable file, and the object file is a source A binary file that can be executed by a processor after a file is compiled. The executable file is a file formed by linking an object file. The type information is used to identify a program used by a source file corresponding to the first file. Design language.
本实施例的S201与上述实施例的S101相同,具体请参阅上述实施例中S101的相关描述,此处不赘述。S201 in this embodiment is the same as S101 in the foregoing embodiment. For details, refer to the related description of S101 in the foregoing embodiment, and details are not described herein.
S202:根据所述类型信息确定所述第一文件的防护信息;所述防护信息用于防止反编译。S202: Determine protection information of the first file according to the type information; the protection information is used to prevent decompilation.
本实施例的S202与上述实施例的S102相同,具体请参阅上述实施例中S102的相关描述,此处不赘述。S202 in this embodiment is the same as S102 in the foregoing embodiment. For details, refer to the related description of S102 in the foregoing embodiment, and details are not described herein.
S203:确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数。S203: Determine target data that needs to be protected in the first file; where the target data is used to implement an objective function that needs to be protected.
目标函数可以是主函数,也可以是包含核心算法的函数。终端设备可以通过目标函数的标识符确定第一文件中需要保护的目标数据;也可以根据第一文件中目标函数对应的地址段确定第一文件中需要保护的目标数据。The objective function can be a main function or a function containing a core algorithm. The terminal device may determine the target data to be protected in the first file by using the identifier of the target function; and may also determine the target data to be protected in the first file according to the address segment corresponding to the target function in the first file.
可以理解的是,S201与S203不分先后顺序执行,可以先执行S201~S202再执行S203,也可以先执行S203再执行S201~S202,还可以同时执行S201以及S203,此处不做限制。It can be understood that S201 and S203 are executed in no particular order. You can execute S201 ~ S202 and then S203, you can also execute S203 and then S201 ~ S202, and you can also execute S201 and S203 at the same time. There is no limitation here.
S204:隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述所述入口地址。S204: Hide or modify the entry address of the objective function, and add identification information to the first file; where the identification information is used to describe the entry address.
具体地,终端设备在通过目标函数的标识符确定第一文件中需要保护的目标数据时,可以获取目标数据分配到的目标地址段,并设置目标数据的地址偏移量,然后按设置的地址偏移量修改目标地址段,从而修改目标函数的入口地址。地址偏移量可以是随机分配的,也可以是预设值,此处不做限制。Specifically, when the terminal device determines the target data to be protected in the first file through the identifier of the target function, it can obtain the target address segment to which the target data is allocated, set the address offset of the target data, and then press the set address The offset modifies the target address segment, thereby modifying the entry address of the target function. The address offset can be randomly assigned or a preset value, which is not limited here.
终端设备在根据第一文件中目标函数对应的地址段确定第一文件中需要保护的目标数据时,可以设置目标数据的地址偏移量,然后按设置的地址偏移量修改目标地址段,从而修改目标函数的入口地址。When the terminal device determines the target data to be protected in the first file according to the address segment corresponding to the target function in the first file, the terminal device can set the address offset of the target data, and then modify the target address segment according to the set address offset, thereby Modify the entry address of the target function.
在修改目标函数的入口地址之后,可以根据地址偏移量在第一文件的符号区添加用于描述入口地址的地址偏移量的标识信息。After the entry address of the target function is modified, identification information describing the address offset of the entry address may be added to the symbol area of the first file according to the address offset.
终端设备还可以根据目标数据分配到的目标地址段,在目标地址段之前插入无效的数据,从而隐藏目标数据对应的目标函数的入口地址。The terminal device may also insert invalid data before the target address segment according to the target address segment to which the target data is allocated, thereby hiding the entry address of the target function corresponding to the target data.
S205:根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,第二文件的执行逻辑与第一文件的执行逻辑相同。S205: Configure the protection information to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
本实施例的S205与上述实施例的S103相同,具体请参阅上述实施例中S103的相关描述,此处不赘述。S205 in this embodiment is the same as S103 in the foregoing embodiment. For details, refer to the related description of S103 in the foregoing embodiment, and details are not described herein.
上述方案,通过为用于搭建区块链的数据交互端口的第一文件配置防护信息,从而通过配置的防护信息混淆第一文件中的内容,进而防止第一文件在被反编译时因暴露源码而导致第一文件中的算法被泄露。由于第一文件是二进制文件,通过对第一文件进行处理,而不是对第一文件的源码进行处理,能够提高反编译第一文件获取源码的复杂度以及难度,从而提高第一文件的数据安全性。由于第一交互文件用于搭建区块链的数据交互端口,提高第一文件的安全性的同时,能够提高通过区块链的数据交互端口传输的数据的安全性,进而增加第一文件对应的应用程序的用户信息或用户财产的安全性。In the above solution, protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled. As a result, the algorithm in the first file was leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex. Since the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
终端设备隐藏或改变需要保护的目标数据对应的目标函数的入口地址,提高获取以及分析目标数据的难度,可以提高目标数据的安全性。The terminal device hides or changes the entry address of the target function corresponding to the target data to be protected, which increases the difficulty of obtaining and analyzing the target data, and can improve the security of the target data.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence numbers of the steps in the above embodiments does not mean the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application.
图4是本申请一实施例提供的一种终端设备的示意框图,该终端设备包括的各单元用于执行前述任意实施例中的基于区块链的文件保护方法的各步骤,具体请参阅图1至图3所对应的实施例中的相关描述。为了便于说明,仅示出了与本实施例相关的部分。本实施例的终端设备4包括获取单元410、防护信息确定单元420以及配置单元430,具体如下:FIG. 4 is a schematic block diagram of a terminal device according to an embodiment of the present application. Each unit included in the terminal device is configured to execute steps of a blockchain-based file protection method in any of the foregoing embodiments. Please refer to FIG. Related descriptions in the embodiments corresponding to 1 to FIG. 3. For convenience of explanation, only the parts related to this embodiment are shown. The terminal device 4 in this embodiment includes an obtaining unit 410, a protection information determining unit 420, and a configuration unit 430, as follows:
获取单元410,用于获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言。The obtaining unit 410 is configured to obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, and the first file is a target file or an executable file, and The target file is a binary file that can be executed by the processor after the source file is compiled by the processor. The executable file is a file formed by linking the target file. The type information is used to identify the source file corresponding to the first file. The programming language used.
防护信息确定单元420,用于根据所述类型信息确定所述第一文件的防护信息;所述防护信息用于防止反编译。A protection information determining unit 420 is configured to determine protection information of the first file according to the type information; the protection information is used to prevent decompilation.
进一步地,防护信息确定单元420具体用于:根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。Further, the protection information determining unit 420 is specifically configured to randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution of the content contained in the first file. path.
配置单元430,用于根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,第二文件的执行逻辑与第一文件的执行逻辑相同。The configuration unit 430 is configured to configure the protection information to the first file according to a preset configuration policy to obtain a second file; wherein the execution logic of the second file is the same as the execution logic of the first file.
进一步地,所述防护信息包括无效的程序片段,配置单元430可以包括:Further, the protection information includes invalid program fragments, and the configuration unit 430 may include:
位置信息确定单元431,用于确定插入所述无效的程序片段的位置信息;A position information determining unit 431, configured to determine position information for inserting the invalid program fragment;
信息配置单元432,用于根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。An information configuration unit 432 is configured to configure the invalid program fragment to the first file according to the location information to obtain a second file.
进一步地,信息配置单元432具体用于:Further, the information configuration unit 432 is specifically configured to:
根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
可选地,终端设备还可以包括:Optionally, the terminal device may further include:
目标数据确定单元440,用于确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数;A target data determining unit 440, configured to determine target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
设置单元450,用于隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述获取所述入口地址。The setting unit 450 is configured to hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
上述方案,通过为用于搭建区块链的数据交互端口的第一文件配置防护信息,从而通过配置的防护信息混淆第一文件中的内容,进而防止第一文件在被反编译时因暴露源码而导致第一文件中的算法被泄露。由于第一文件是二进制文件,通过对第一文件进行处理,而不是对第一文件的源码进行处理,能够提高反编译第一文件获取源码的复杂度以及难度,从而提高第一文件的数据安全性。由于第一交互文件用于搭建区块链的数据交互端口,提高第一文件的安全性的同时,能够提高通过区块链的数据交互端口传输的数据的安全性,进而增加第一文件对应的应用程序的用户信息或用户财产的安全性。In the above solution, protection information is configured for the first file used to build the data interaction port of the blockchain, so that the content of the first file is obfuscated through the configured protection information, thereby preventing the first file from being exposed when the source code is decompiled. As a result, the algorithm in the first file was leaked. Because the first file is a binary file, by processing the first file instead of processing the source code of the first file, the complexity and difficulty of decompiling the first file to obtain the source code can be improved, thereby improving the data security of the first file. Sex. Since the first interaction file is used to build a data interaction port of the blockchain, while improving the security of the first file, it can also improve the security of data transmitted through the data interaction port of the blockchain, thereby increasing the corresponding value of the first file. Security of application user information or user property.
终端设备隐藏或改变需要保护的目标数据对应的目标函数的入口地址,提高获取以及分析目标数据的难度,可以提高目标数据的安全性。The terminal device hides or changes the entry address of the target function corresponding to the target data to be protected, which increases the difficulty of obtaining and analyzing the target data, and can improve the security of the target data.
图5是本申请另一实施例提供的一种终端设备的示意框图。如图5所示,该实施例的终端设备5包括:处理器510、存储器520以及存储在所述存储器520中并可在所述处理器510上运行的计算机可读指令530,例如基于区块链的文件保护方法的程序。所述处理器510执行所述计算机可读指令530时实现上述各个基于区块链的文件保护方法的实施例中的各步骤,例如图1所示的S101至S103。或者,所述处理器510执行所述计算机可读指令530时实现上述图4对应的实施例中各单元的功能,例如图4所示的单元410至450的功能,具体请参阅图4对应的实施例中的相关描述,此处不赘述。FIG. 5 is a schematic block diagram of a terminal device according to another embodiment of the present application. As shown in FIG. 5, the terminal device 5 of this embodiment includes a processor 510, a memory 520, and computer-readable instructions 530 stored in the memory 520 and executable on the processor 510, for example, based on blocks. Program for chain file protection method. When the processor 510 executes the computer-readable instructions 530, the steps in the embodiments of the foregoing blockchain-based file protection methods are implemented, such as S101 to S103 shown in FIG. 1. Alternatively, when the processor 510 executes the computer-readable instructions 530, the functions of the units in the embodiment corresponding to FIG. 4 are implemented, for example, the functions of units 410 to 450 shown in FIG. 4 are described in detail. The related descriptions in the embodiments are not repeated here.
示例性的,所述计算机可读指令530可以被分割成一个或多个单元,所述一个或者多个单元被存储在所述存储器520中,并由所述处理器510执行,以完成本申请。所述一个或多个单元可以是能够完成特定功能的一系列计算机可读指令的指令段,该指令段用于描述所述计算机可读指令530在所述终端设备5中的执行过程。例如,所述计算机可读指令530可以被分割成获取单元、防护信息确定单元以及配置单元,各单元具体功能如上所述。Exemplarily, the computer-readable instructions 530 may be divided into one or more units, and the one or more units are stored in the memory 520 and executed by the processor 510 to complete the present application. . The one or more units may be instruction segments of a series of computer-readable instructions capable of performing a specific function, and the instruction segments are used to describe an execution process of the computer-readable instructions 530 in the terminal device 5. For example, the computer-readable instructions 530 may be divided into an acquisition unit, a protection information determination unit, and a configuration unit, and the specific functions of each unit are as described above.
所述终端设备可包括,但不仅限于,处理器510、存储器520。本领域技术人员可以理解,图5仅仅是终端设备5的示例,并不构成对终端设备5的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述空调还可以包括输入输出设备、网络接入设备、总线等。The terminal device may include, but is not limited to, a processor 510 and a memory 520. Those skilled in the art can understand that FIG. 5 is only an example of the terminal device 5 and does not constitute a limitation on the terminal device 5. It may include more or less components than shown in the figure, or combine some components or different components For example, the air conditioner may further include an input / output device, a network access device, a bus, and the like.
所称处理器510可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 510 may be a central processing unit (Central Processing Unit (CPU), or other general-purpose processors, Digital Signal Processors (DSPs), and application-specific integrated circuits (Applications) Specific Integrated Circuit (ASIC), off-the-shelf Programmable Gate Array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
所述存储器520可以是所述终端设备5的内部存储单元,例如终端设备5的硬盘或内存。所述存储器520也可以是所述终端设备5的外部存储设备,例如所述终端设备5上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器520还可以既包括所述终端设备5的内部存储单元也包括外部存储设备。所述存储器520用于存储所述计算机可读指令以及所述空调所需的其他程序和数据。所述存储器520还可以用于暂时地存储已经输出或者将要输出的数据。The memory 520 may be an internal storage unit of the terminal device 5, such as a hard disk or a memory of the terminal device 5. The memory 520 may also be an external storage device of the terminal device 5, such as a plug-in hard disk, a smart memory card (SMC), and a secure digital (SD) provided on the terminal device 5. Card, flash card, etc. Further, the memory 520 may also include both an internal storage unit of the terminal device 5 and an external storage device. The memory 520 is configured to store the computer-readable instructions and other programs and data required by the air conditioner. The memory 520 may also be used to temporarily store data that has been output or is to be output.
以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围,均应包含在本申请的保护范围之内。The above-mentioned embodiments are only used to describe the technical solution of the present application, but not limited thereto. Although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that they can still implement the foregoing implementations. The technical solutions described in the examples are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not deviate the essence of the corresponding technical solutions from the spirit and scope of the technical solutions of the embodiments of the application, and should be included in Within the scope of this application.

Claims (20)

  1. 一种基于区块链的文件保护方法,其特征在于,包括:A method for file protection based on a blockchain is characterized in that it includes:
    获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
    根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
    根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
  2. 根据权利要求1所述的基于区块链的文件保护方法,其特征在于,所述根据所述类型信息确定所述第一文件的防护信息包括:The method for protecting a file based on a blockchain according to claim 1, wherein determining the protection information of the first file according to the type information comprises:
    根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。Randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution path of the content contained in the first file.
  3. 根据权利要求1或2所述的基于区块链的文件保护方法,其特征在于,所述防护信息包括无效的程序片段;所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The method for protecting a file based on a blockchain according to claim 1 or 2, wherein the protection information includes invalid program fragments; and the protection information is configured to the first according to a preset configuration policy. One file to get the second file, including:
    确定插入所述无效的程序片段的位置信息;Determining location information for inserting the invalid program fragment;
    根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。The invalid program segment is configured to the first file according to the position information to obtain a second file.
  4. 根据权利要求3所述的基于区块链的文件保护方法,其特征在于,所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The method for protecting a file based on a blockchain according to claim 3, wherein the configuring the protection information to the first file according to a preset configuration policy to obtain a second file comprises:
    根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
    根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
  5. 根据权利要求1所述的基于区块链的文件保护方法,其特征在于,所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件之前,还包括:The method for protecting a file based on a blockchain according to claim 1, wherein before configuring the protection information to the first file according to a preset configuration policy, before obtaining the second file, the method further comprises:
    确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数;Determining target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
    隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述获取所述入口地址。Hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
  6. 一种终端设备,其特征在于,包括:A terminal device, comprising:
    获取单元,用于获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;An obtaining unit, configured to obtain type information of a first file to be protected; wherein the first file is used to build a data interaction port of a blockchain, and the first file is an object file or an executable file, and the object The file is a binary file that can be executed by the processor after the source file is compiled. The executable file is a file formed by linking the target file. The type information is used to identify the source file corresponding to the first file. The programming language used;
    防护信息确定单元,用于根据所述类型信息确定所述第一文件的防护信息;所述防护信息用于防止反编译;A protection information determining unit, configured to determine protection information of the first file according to the type information; the protection information is used to prevent decompilation;
    配置单元,用于根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,第二文件的执行逻辑与第一文件的执行逻辑相同。A configuration unit is configured to configure the protection information to the first file according to a preset configuration policy to obtain a second file; wherein the execution logic of the second file is the same as the execution logic of the first file.
  7. 如权利要求6所述的终端设备,其特征在于,所述防护信息确定单元具体用于:The terminal device according to claim 6, wherein the protection information determining unit is specifically configured to:
    根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。Randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution path of the content contained in the first file.
  8. 如权利要求6或7所述的终端设备,其特征在于,所述防护信息包括无效的程序片段;所述配置单元包括:The terminal device according to claim 6 or 7, wherein the protection information includes invalid program fragments; and the configuration unit includes:
    位置信息确定单元,用于确定插入所述无效的程序片段的位置信息;A position information determining unit, configured to determine position information for inserting the invalid program fragment;
    信息配置单元,用于根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。An information configuration unit is configured to configure the invalid program fragment to the first file according to the location information to obtain a second file.
  9. 如权利要求8所述的终端设备,其特征在于,所述信息配置单元具体用于:The terminal device according to claim 8, wherein the information configuration unit is specifically configured to:
    根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
    根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
  10. 如权利要求6所述的终端设备,其特征在于,所述基于区块链的文件保护装置还包括:The terminal device according to claim 6, wherein the blockchain-based file protection device further comprises:
    目标数据确定单元,用于确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数;A target data determining unit, configured to determine target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
    设置单元,用于隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述获取所述入口地址。A setting unit, configured to hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
  11. 一种终端设备,其特征在于,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:A terminal device, characterized in that the terminal device includes a memory, a processor, and computer-readable instructions stored in the memory and executable on the processor, and the processor executes the computer-readable Implement the following steps when instructing:
    获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
    根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
    根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
  12. 根据权利要求11所述的终端设备,其特征在于,所述根据所述类型信息确定所述第一文件的防护信息包括:The terminal device according to claim 11, wherein the determining the protection information of the first file according to the type information comprises:
    根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。Randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution path of the content contained in the first file.
  13. 根据权利要求11或12所述的终端设备,其特征在于,所述防护信息包括无效的程序片段;所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The terminal device according to claim 11 or 12, wherein the protection information includes invalid program fragments; and the protection information is configured to the first file according to a preset configuration policy to obtain a second file. Documents, including:
    确定插入所述无效的程序片段的位置信息;Determining location information for inserting the invalid program fragment;
    根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。The invalid program segment is configured to the first file according to the position information to obtain a second file.
  14. 根据权利要求13所述的终端设备,其特征在于,所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The terminal device according to claim 13, wherein the configuring the protection information to the first file according to a preset configuration policy to obtain a second file comprises:
    根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
    根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
  15. 根据权利要求11所述的终端设备,其特征在于,所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件之前,所述处理器执行所述计算机可读指令时还实现如下步骤:The terminal device according to claim 11, wherein the protection information is configured to the first file according to a preset configuration policy, and before the second file is obtained, the processor executes the computer may The following steps are also implemented when reading instructions:
    确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数;Determining target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
    隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述获取所述入口地址。Hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机可读指令,其特征在于,所述计算机可读指令被至少一个处理器执行时实现如下步骤:A computer-readable storage medium storing computer-readable instructions, wherein the computer-readable instructions implement the following steps when executed by at least one processor:
    获取需要保护的第一文件的类型信息;其中,所述第一文件用于搭建区块链的数据交互端口,所述第一文件为目标文件或可执行文件,所述目标文件是源文件经过编译程序产生的能被处理器执行的二进制文件,所述可执行文件是将目标文件链接后形成的文件,所述类型信息用于标识所述第一文件对应的源文件所采用的程序设计语言;Acquire type information of a first file to be protected; wherein the first file is used to build a data interaction port of the blockchain, the first file is an object file or an executable file, and the object file is a source file. A binary file generated by a compiler and executable by a processor. The executable file is a file formed by linking an object file. The type information is used to identify a programming language used by a source file corresponding to the first file. ;
    根据所述类型信息确定所述第一文件的防护信息;其中,所述防护信息用于防止反编译;Determining protection information of the first file according to the type information; wherein the protection information is used to prevent decompilation;
    根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件;其中,所述第二文件的执行逻辑与所述第一文件的执行逻辑相同。The protection information is configured to the first file according to a preset configuration policy to obtain a second file. The execution logic of the second file is the same as the execution logic of the first file.
  17. 根据权利要求16所述的计算机可读存储介质,其特征在于,所述根据所述类型信息确定所述第一文件的防护信息包括:The computer-readable storage medium of claim 16, wherein the determining the protection information of the first file according to the type information comprises:
    根据所述类型信息随机生成需要插入所述第一文件中的干扰信息;其中,所述干扰信息用于混淆所述第一文件包含的内容的执行路径。Randomly generate interference information that needs to be inserted into the first file according to the type information; wherein the interference information is used to obfuscate the execution path of the content contained in the first file.
  18. 根据权利要求16或17所述的计算机可读存储介质,其特征在于,所述防护信息包括无效的程序片段;所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The computer-readable storage medium according to claim 16 or 17, wherein the protection information includes invalid program fragments; and the configuring the protection information to the first file according to a preset configuration policy, Get the second file, including:
    确定插入所述无效的程序片段的位置信息;Determining location information for inserting the invalid program fragment;
    根据所述位置信息将所述无效的程序片段配置到所述第一文件,得到第二文件。The invalid program segment is configured to the first file according to the position information to obtain a second file.
  19. 根据权利要求18所述的计算机可读存储介质,其特征在于,所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件,包括:The computer-readable storage medium according to claim 18, wherein the configuring the protection information to the first file according to a preset configuration policy to obtain a second file comprises:
    根据所述无效的程序片段以及所述位置信息确定所述无效的程序片段的标记信息,其中,所述标记信息包括标识符或标记值,所述标识信息用于指示所述无效的程序片段的执行策略;Determine the tag information of the invalid program fragment according to the invalid program fragment and the location information, wherein the tag information includes an identifier or a tag value, and the identification information is used to indicate the invalid program fragment Execution strategy
    根据所述位置信息将所述无效的程序片段以及所述无效的程序片段的标记信息配置到所述第一文件,得到第二文件。And configuring the invalid program segment and the mark information of the invalid program segment to the first file according to the position information to obtain a second file.
  20. 根据权利要求17所述的计算机可读存储介质,其特征在于,在所述根据预设的配置策略将所述防护信息配置到所述第一文件,得到第二文件之前,所述计算机可读指令被至少一个处理器执行时还实现如下步骤:The computer-readable storage medium according to claim 17, wherein before the configuring the protection information to the first file according to a preset configuration policy and obtaining a second file, the computer-readable storage medium When the instruction is executed by at least one processor, the following steps are also implemented:
    确定所述第一文件中需要保护的目标数据;其中,所述目标数据用于实现需要保护的目标函数;Determining target data in the first file that needs to be protected; wherein the target data is used to implement an objective function that needs to be protected;
    隐藏或修改所述目标函数的入口地址,并在所述第一文件中添加标识信息;其中,所述标识信息用于描述获取所述入口地址。Hide or modify the entry address of the objective function, and add identification information to the first file; wherein the identification information is used to describe obtaining the entry address.
PCT/CN2018/097119 2018-05-22 2018-07-25 Block chain-based file protection method, and terminal device WO2019223094A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
SG11201912786WA SG11201912786WA (en) 2018-05-22 2018-07-25 Block Chain-based File Protection Method and Terminal Device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810496143.4 2018-05-22
CN201810496143.4A CN108733990B (en) 2018-05-22 2018-05-22 Block chain-based file protection method and terminal equipment

Publications (1)

Publication Number Publication Date
WO2019223094A1 true WO2019223094A1 (en) 2019-11-28

Family

ID=63937791

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/097119 WO2019223094A1 (en) 2018-05-22 2018-07-25 Block chain-based file protection method, and terminal device

Country Status (3)

Country Link
CN (1) CN108733990B (en)
SG (1) SG11201912786WA (en)
WO (1) WO2019223094A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108733990B (en) * 2018-05-22 2022-04-05 深圳壹账通智能科技有限公司 Block chain-based file protection method and terminal equipment
CN109104445B (en) * 2018-11-05 2021-01-26 北京京东尚科信息技术有限公司 Anti-attack method and system for block chain-based service system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101957903A (en) * 2010-09-13 2011-01-26 中兴通讯股份有限公司 Method and device for protecting class files
CN103544414A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Deep code obfuscation method for Android system applications
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
US20150205626A1 (en) * 2011-05-12 2015-07-23 Microsoft Technology Licensing, Llc Emulating mixed-code programs using a virtual machine instance
CN107819777A (en) * 2017-11-17 2018-03-20 北京亿生生网络科技有限公司 A kind of data based on block chain technology deposit card method and system
CN108733990A (en) * 2018-05-22 2018-11-02 深圳壹账通智能科技有限公司 A kind of document protection method and terminal device based on block chain

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101807239A (en) * 2010-03-29 2010-08-18 山东高效能服务器和存储研究院 Method for preventing source code from decompiling
CN103324872B (en) * 2013-07-12 2016-04-27 上海交通大学 Based on the guard method of Android application program and the system of order confusion
CN103778355B (en) * 2014-01-15 2017-02-15 西北大学 Code morphing-based binary code obfuscation method
CN104834837B (en) * 2015-04-03 2017-10-31 西北大学 A kind of antialiasing method of binary code based on semanteme
WO2016164520A1 (en) * 2015-04-07 2016-10-13 Kaprica Security, Inc. System and method of obfuscation through binary and memory diversity
CN105005718B (en) * 2015-06-23 2018-02-13 电子科技大学 A kind of method that Code obfuscation is realized using Markov chain
CN106529224A (en) * 2016-10-27 2017-03-22 南京大学 Binary obfuscation method based on ROP (Return Oriented Programming) attack feature
CN106650340B (en) * 2016-11-16 2019-12-06 中国人民解放军国防科学技术大学 binary software protection method adopting dynamic fine-grained code hiding and obfuscating technology

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101957903A (en) * 2010-09-13 2011-01-26 中兴通讯股份有限公司 Method and device for protecting class files
US20150205626A1 (en) * 2011-05-12 2015-07-23 Microsoft Technology Licensing, Llc Emulating mixed-code programs using a virtual machine instance
CN103544414A (en) * 2013-10-25 2014-01-29 苏州通付盾信息技术有限公司 Deep code obfuscation method for Android system applications
CN104021321A (en) * 2014-06-17 2014-09-03 北京奇虎科技有限公司 Reinforcing protection method and device for software installation package
CN107819777A (en) * 2017-11-17 2018-03-20 北京亿生生网络科技有限公司 A kind of data based on block chain technology deposit card method and system
CN108733990A (en) * 2018-05-22 2018-11-02 深圳壹账通智能科技有限公司 A kind of document protection method and terminal device based on block chain

Also Published As

Publication number Publication date
SG11201912786WA (en) 2020-01-30
CN108733990B (en) 2022-04-05
CN108733990A (en) 2018-11-02

Similar Documents

Publication Publication Date Title
KR101504857B1 (en) System and method for supporting jit in a secure system with randomly allocated memory ranges
CN101908119B (en) Method and device for processing dynamic link library (DLL) file
US10223528B2 (en) Technologies for deterministic code flow integrity protection
US10586026B2 (en) Simple obfuscation of text data in binary files
US8205096B2 (en) Software license embedded in shell code
WO2016078130A1 (en) Dynamic loading method for preventing reverse of apk file
WO2015101042A1 (en) Method and device for detecting malicious code in smart terminal
CN104866739A (en) Application program encryption method and application program encryption system in Android system
CN108399319B (en) Source code protection method, application server and computer readable storage medium
EP3127034A1 (en) Software protection
TW200841209A (en) Obfuscating computer program code
US20110271350A1 (en) method for protecting software
WO2015101043A1 (en) Method and device for detecting malicious code in smart terminal
TW201935306A (en) Systems and methods for policy linking and/or loading for secure initialization
CN109271789B (en) Malicious process detection method and device, electronic equipment and storage medium
US20130104239A1 (en) System and method for obfuscating data using instructions as a source of pseudorandom values
CN112001376B (en) Fingerprint identification method, device, equipment and storage medium based on open source component
WO2022078366A1 (en) Application protection method and apparatus, device and medium
WO2021151347A1 (en) Ios application-based reinforcement method, apparatus, device, and storage medium
US20160134652A1 (en) Method for recognizing disguised malicious document
WO2019223094A1 (en) Block chain-based file protection method, and terminal device
KR101536920B1 (en) Method of Obfuscating Files Based on Advanced RISC Machine Processor
CN116235174A (en) Apparatus and method for performing encryption algorithm
US20220129542A1 (en) Deterministic trusted execution container through managed runtime language metadata
Lee et al. Ensuring secure application execution and platform-specific execution in embedded devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18919732

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16/04/2021)

122 Ep: pct application non-entry in european phase

Ref document number: 18919732

Country of ref document: EP

Kind code of ref document: A1