WO2021102753A1 - Flash packet encryption method and apparatus, electronic device, and computer storage medium - Google Patents

Flash packet encryption method and apparatus, electronic device, and computer storage medium Download PDF

Info

Publication number
WO2021102753A1
WO2021102753A1 PCT/CN2019/121328 CN2019121328W WO2021102753A1 WO 2021102753 A1 WO2021102753 A1 WO 2021102753A1 CN 2019121328 W CN2019121328 W CN 2019121328W WO 2021102753 A1 WO2021102753 A1 WO 2021102753A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
partition
encrypted
file
flashing package
Prior art date
Application number
PCT/CN2019/121328
Other languages
French (fr)
Chinese (zh)
Inventor
郭明强
张志龙
尚玉栋
裴磊
Original Assignee
深圳市欢太科技有限公司
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市欢太科技有限公司, Oppo广东移动通信有限公司 filed Critical 深圳市欢太科技有限公司
Priority to CN201980100601.0A priority Critical patent/CN114424193A/en
Priority to PCT/CN2019/121328 priority patent/WO2021102753A1/en
Publication of WO2021102753A1 publication Critical patent/WO2021102753A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Definitions

  • This application relates to the field of computer technology, in particular to a method, device, electronic equipment, and computer storage medium for encrypting a flash package.
  • this application proposes a flashing package encryption method, device, electronic equipment, and computer storage medium, which can protect the security of the flashing package while preventing the mixing of different versions of the flashing package.
  • the first aspect of the embodiments of the present application provides a method for encrypting a flashing package, and the method includes:
  • partition identification data of each partition file in the flashing package Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
  • the encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • a second aspect of the embodiments of the present application provides a device for encrypting a flashing package.
  • the device includes a processing unit and a communication unit, wherein:
  • the processing unit is configured to encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
  • partition identification data of each partition file in the flashing package Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
  • the encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • a third aspect of the embodiments of the present application provides an electronic device, including a multi-core processor, a communication interface, and a memory.
  • the multi-core processor, the communication interface, and the memory are connected to each other.
  • the memory is used to store a computer program, and the The computer program includes program instructions, and the multi-core processor is configured to invoke the program instructions to execute the method described in any step of the first aspect of the embodiments of the present application.
  • the fourth aspect of the embodiments of the present application provides a computer storage medium, the computer storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute such as The method described in any step of the first aspect of the embodiments of the present application.
  • a fifth aspect of the embodiments of the present application provides a computer program product, wherein the above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the above-mentioned computer program is operable to cause a computer to execute the computer program Part or all of the steps described in any method of the first aspect.
  • the computer program product may be a software installation package.
  • the above flashing package encryption method, device, electronic equipment and computer storage medium by encrypting the feature data of each partition file in the flashing package to obtain feature encrypted data, the feature data includes any one of the each partition file Fragment; processing the signature data of each partition file in the flashing package to obtain signature encrypted data, the signature data is used to represent the version information of the flashing package; for each partitioning file in the flashing package The partition identification data is processed to obtain partition identification encrypted data, the partition identification data is used to indicate the type of each partition file; determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data Encrypted flashing package.
  • the identification code containing the version information can be used to confirm whether the flashing package can be installed on the current terminal, which protects the security of the flashing package while preventing the mixing of different versions of the flashing package.
  • FIG. 1 is a schematic diagram of the contents of a flashing package provided by an embodiment of the application
  • Figure 2 is a system architecture diagram of a method for encrypting a flashing package provided by an embodiment of the application
  • FIG. 3 is a schematic flowchart of a method for encrypting a flashing package provided by an embodiment of the application
  • Figure 4 is a schematic structural diagram of an encrypted flashing package provided by an embodiment of the application.
  • FIG. 5 is a schematic flowchart of another method for encrypting a flashing package provided by an embodiment of the application
  • FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of this application.
  • FIG. 7 is a block diagram of structural units of a device for encrypting a flashing package provided by an embodiment of the application.
  • the electronic devices and terminals involved in the embodiments of this application may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of user equipment (User Equipment, UE), mobile station (Mobile Station, MS), terminal device (terminal device), etc.
  • UE User Equipment
  • MS Mobile Station
  • terminal device terminal device
  • Figure 1 is a schematic diagram of the contents of a flashing package provided by an embodiment of the present application.
  • the flashing package can be an application program used to store firmware codes in the terminal's memory (Read only Memory, ROM). The content is rewritten.
  • Figure 1 includes all the partition files of the flashing package.
  • All files can be classified into boot boot (Little Kernel, LK) partition files, operating system Linux kernel partition files, and Android system framework partition files And user data partition files, etc., are not listed here.
  • the flashing package in Figure 1 is not encrypted. You can directly modify any partition file in the flashing package.
  • a flashing package with specific permissions may appear. Install it on a user terminal that cannot use the specific authority, such as installing the operator’s version of the flashing package on a common user’s terminal, which will bring losses to the operator.
  • FIG. 2 is The system architecture diagram of the flashing package encryption method provided by the application embodiment includes: a user terminal 210 and a server 220.
  • the user terminal 210 can be any electronic device with a network connection function.
  • the server 220 can have a built-in database to perform the flashing package. Encryption processing, and save the encrypted flashing package data in the database.
  • the user terminal 210 can be connected to the server 220 by wired or wireless connection.
  • the server 220 can obtain the identification of the user terminal 210 when decrypting the encrypted flashing package. And it is determined whether the encrypted flashing package can be decrypted and installed on the user terminal 210.
  • the above system structure can confirm whether the flashing package can be installed on the current terminal through the identification code containing the version information, which can prevent the flashing package of different versions from being mixed while protecting the security of the flashing package.
  • FIG. 3 is a schematic flow diagram of a flashing package encryption method provided by an embodiment of the application, which specifically includes the following steps:
  • Step 301 Encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data.
  • each of the above-mentioned partition files corresponds to a feature data
  • the above-mentioned feature data can be any fragment of the partition file.
  • the feature data of the preset address of each partition file in the flashing package can be obtained first, and the above-mentioned preset address It is used to indicate the location of the above-mentioned feature data in the corresponding above-mentioned partition file.
  • a 256KB segment of the header of the partition file can be set as a preset address.
  • the 256KB data of the header of each partition file is the feature data. .
  • the feature data of each partition file can be encrypted by an asymmetric encryption algorithm (RSA algorithm) to obtain a feature encrypted data.
  • RSA algorithm asymmetric encryption algorithm
  • the front part of the ofp file save the remaining data in the boot partition file except the above-mentioned feature data to the back part of the above-mentioned rom.ofp file.
  • the 256KB data of the first part of the operating system Linux kernel partition file can be sequentially saved .
  • the partition files such as the 256KB data of the header of the Android system framework partition file and the 256KB data of the header of the user data partition file are encrypted to obtain the corresponding feature encrypted data, and the aforementioned feature encrypted data are sequentially saved to the aforementioned rom.ofp file,
  • the remaining data except for the encrypted feature data of all the above partition files are also appended and saved to the back of the above rom.ofp file.
  • the above-mentioned server encrypts the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data.
  • the characteristic data of each partition file is unique, which can avoid confusion between encrypted characteristic data and eliminates the need for partition files All of the data are encrypted, which can greatly improve the efficiency of the encryption step.
  • Step 302 Process the signature data of each partition file in the flashing package to obtain signature encrypted data.
  • the above-mentioned signature data can be the data that comes with each of the above-mentioned partition files to indicate the source of the flashing package. It should be noted that the above-mentioned signature data is the signature data generated by the RSA algorithm, which can be represented by a character string.
  • the signature data of each partition file in the above flashing package can be obtained and combined to obtain a full signature data.
  • a full signature file AllSignatureFile can be created, and then the signature data of each partition file can be extracted and combined into A full signature data is saved in the AllSignatureFile file.
  • the AllSignatureFile file can be additionally saved to the back of the rom.ofp file.
  • the full signature data can be encrypted by a hash algorithm to obtain the signature encrypted data, the signature
  • the encrypted data may include version identification information.
  • the above hash algorithm can be the SHA256 algorithm
  • the hash value used by the SHA256 algorithm is 256 bits
  • 256Bit binary data can be obtained through the SHA256 algorithm, that is, 64 characters
  • the 64 characters are the aforementioned signature encrypted data , Used to indicate the version information of the flashing package.
  • the above-mentioned server processes the signature data of each partition file in the flashing package to obtain signature encrypted data, which can encrypt the version information of the judgment flashing package, which can prevent the mixing of different versions of flashing packages.
  • Step 303 Process the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data.
  • the above-mentioned partition identification data can be a structural variable.
  • the partition name, partition offset address, and partition checksum of each partition file in the above-mentioned flashing package can be obtained first; and the partition name and partition of each partition file
  • the offset address and the partition checksum are merged into structure variable data; the structure variable data is encrypted by the RSA algorithm to obtain the partition identification encrypted data.
  • the partition offset address can be used to indicate that the partition file is in rom.ofp
  • the location in the file the partition checksum can be used to indicate the integrity of the partition file transmission
  • the structure variable data includes the identification information of each partition file
  • the partition identification encrypted data can finally be saved to the database of the server .
  • the decryption path of each partition file can be determined by calling during decryption.
  • the above-mentioned server processes the partition identification data of each partition file in the flashing package to obtain the encrypted data of the partition identification, which can prevent the partition files in the flashing package from being tampered with, which greatly improves the security of the flashing package.
  • Step 304 Determine an encrypted flashing package according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • the characteristic encrypted data may be saved to the header of a preset format file
  • the signature encrypted data and the partition identification data may be saved to the end of the preset format file
  • the preset format file is used to indicate the encrypted Brush package.
  • the rom.ofp file finally obtained after the above steps is the above-mentioned encrypted flashing package.
  • FIG. 4 is a schematic diagram of the structure of an encrypted flashing package, as shown in the figure, the most The left part is the structure of the encrypted flash package, including the boot partition, the operating system Linux kernel partition, the Android system framework partition, and the user data partition.
  • Each partition includes three parts.
  • the first part is encrypted 256kb binary data.
  • the second part is the remaining data in the partition, which can be converted into binary data by server compilation, and the third part is the RSA signature, which is used to verify the source of the partition file. That is, the above RSA signature can be used to determine whether the partition file is Tampering, if the flashing package is generated by OPPO company, the RSA signature here can verify whether the data of each partition is generated by OPPO company.
  • the RSA signature of each partition can be combined into one full signature data AllSignatureFile, and a 256-bit version of the identity signal code can be obtained according to the hash 256 algorithm.
  • the version of the identity signal code is the signature encrypted data.
  • the above flashing package structure also includes full signature data and partition identification encrypted data at the end of the flashing package.
  • the partition identification encrypted data includes the name, offset address, file length, checksum and other information of each partition.
  • FIG. 5 is a schematic flowchart of another method for encrypting a flashing package provided by an embodiment of the application, which specifically includes the following steps:
  • Step 501 Encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data.
  • Step 502 Process the signature data of each partition file in the flashing package to obtain signature encrypted data.
  • Step 503 Process the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data.
  • Step 504 Determine an encrypted flashing package based on the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • Step 505 Obtain the preset version identifier of the user terminal.
  • this step is performed before the user terminal installs the encrypted flashing package.
  • the above-mentioned preset version identifier may be used to indicate the version information of the flashing package that can be installed on the user terminal, and the above-mentioned preset version identifier may include an enterprise customized version identifier. , Operator version identification, common version identification, etc., which are not specifically limited here.
  • Step 506 Determine whether there is a version correspondence between the version identification information and the preset version identification.
  • the above version identification information can be used to indicate the version information corresponding to the current flashing package.
  • the above version identification information and the version of the above preset version identification are the same, it can be determined that there is a version correspondence relationship.
  • step 507 when it is judged that there is a version correspondence between the above-mentioned version identification information and the above-mentioned preset version identification, step 507 can be executed; when it is judged that there is no version correspondence between the above-mentioned version identification information and the above-mentioned preset version identification, the encrypted version cannot be compared. Complete the decryption of the flashing package.
  • Step 507 Perform a decryption step on the encrypted flashing package to obtain the flashing package.
  • the above decryption step may be sending a key to the user terminal, and the above key is an RSA password.
  • the above RSA password may be used to decrypt the partition identification encrypted data to obtain the partition identification data of each partition file, such as partition name and offset. Address, checksum, etc., and then find the location of the corresponding partition file in the rom.ofp file according to the offset address of each partition file above, and decrypt the characteristic encrypted data of the partition file after finding the corresponding partition file , Restore the partition file, similarly, you can restore each partition file, complete the decryption of the flashing package, and get the original flashing package.
  • the partition identification encrypted data and the characteristic encrypted data can be decrypted, and the decryption of the flashing package can be completed safely.
  • Step 508 Burn the partition file to the user terminal according to the signature data.
  • step 508 can be executed after decrypting the encrypted flashing package.
  • the above-mentioned signature data includes the source information of the partition file.
  • the above-mentioned signature data can be used to verify whether the current partition location to be installed is the partition corresponding to the signature data. If so, The installation is completed. If the verification fails, the installation cannot be completed.
  • FIG. 6 is a schematic structural diagram of an electronic device 600 provided by an embodiment of the present application.
  • the electronic device 600 includes an application The processor 601, the communication interface 602, and the memory 603.
  • the application processor 601, the communication interface 602, and the memory 603 are connected to each other through a bus 604.
  • the bus 604 may be a Peripheral Component Interconnect (PCI) bus or Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus, etc.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the bus 604 can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in FIG.
  • the memory is used to store a computer program
  • the computer program includes program instructions
  • the application processor is configured to call the program instructions to perform the following steps: Encrypting the characteristic data to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
  • partition identification data of each partition file in the flashing package Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
  • the encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • the instructions in the program are specifically used to perform the following operations: The characteristic data of the preset address of each partition file;
  • the characteristic data is encrypted by an asymmetric encryption algorithm to obtain the characteristic encrypted data.
  • the instructions in the program are specifically used to perform the following operations: obtaining the flashing Combine the signature data of each partition file in the package to obtain a full signature data;
  • the fully signed data is encrypted by a hash algorithm to obtain the signed encrypted data, and the signed encrypted data includes version identification information.
  • the instructions in the program are specifically used to perform the following operations: State the partition name, partition offset address and partition checksum of each partition file in the flashing package;
  • the structure variable data is encrypted by an asymmetric encryption algorithm to obtain the partition identification encrypted data.
  • the instructions in the program are specifically used to perform the following operations: Save the feature encrypted data to the header of a preset format file, save the signature encrypted data and the partition identification data to the end of the preset format file, and the preset format file is used to represent the encrypted flashing package .
  • the instructions in the program are specifically used to execute the following Operation: before the user terminal installs the encrypted flashing package, obtain the preset version identifier of the user terminal;
  • the instructions in the program are specifically used to perform the following operations: burning according to the signature data Record the partition file to the user terminal.
  • an electronic device includes hardware structures and/or software modules corresponding to each function.
  • this application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
  • the embodiment of the present application may divide the electronic device into functional units according to the foregoing method examples.
  • each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit. It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
  • FIG. 7 is a block diagram of functional units of a device 700 for encrypting a flashing package provided in an embodiment of the application.
  • the flashing package encryption device 700 is applied to electronic equipment.
  • the device includes a processing unit 701, a communication unit 702, and a storage unit 703.
  • the processing unit 701 is used to perform any step in the above method embodiment, and When performing data transmission such as sending, the communication unit 702 can be optionally invoked to complete the corresponding operation.
  • the detailed description will be given below.
  • the processing unit 701 is configured to encrypt characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
  • partition identification data of each partition file in the flashing package Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
  • the encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  • the processing unit 701 is specifically configured to: obtain each partition in the flashing package Characteristic data of the preset address of the file;
  • the characteristic data is encrypted by an asymmetric encryption algorithm to obtain the characteristic encrypted data.
  • the processing unit 701 is specifically configured to: obtain each The signature data of the partition files are merged to obtain a full signature data;
  • the fully signed data is encrypted by a hash algorithm to obtain the signed encrypted data, and the signed encrypted data includes version identification information.
  • the processing unit 701 is specifically configured to: obtain the information in the flashing package The partition name, partition offset address and partition checksum of each partition file;
  • the structure variable data is encrypted by an asymmetric encryption algorithm to obtain the partition identification encrypted data.
  • the processing unit 701 is specifically configured to: The encrypted data is saved to the header of a preset format file, the signature encrypted data and the partition identification data are saved to the end of the preset format file, and the preset format file is used to represent the encrypted flashing package.
  • the processing unit 701 is further specifically configured to: Before the terminal installs the encrypted flashing package, obtain the preset version identifier of the user terminal;
  • the processing unit 701 is further specifically configured to: burn the partition according to the signature data File to the user terminal.
  • An embodiment of the present application also provides a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program enables a computer to execute part or all of the steps of any method as described in the above method embodiment ,
  • the above-mentioned computer includes electronic equipment.
  • the embodiments of the present application also provide a computer program product.
  • the above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program.
  • the above-mentioned computer program is operable to cause a computer to execute any of the methods described in the above-mentioned method embodiments. Part or all of the steps of the method.
  • the computer program product may be a software installation package, and the above-mentioned computer includes electronic equipment.
  • the disclosed device may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of the above-mentioned units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated. To another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.
  • the units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable memory.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory.
  • a number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the foregoing methods of the various embodiments of the present application.
  • the aforementioned memory includes: U disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program codes.
  • the program can be stored in a computer-readable memory, and the memory can include: a flash disk , Read-only memory (English: Read-Only Memory, abbreviation: ROM), random access device (English: Random Access Memory, abbreviation: RAM), magnetic disk or optical disc, etc.

Abstract

A flash packet encryption method and apparatus, an electronic device, and a computer storage medium. The method comprises: encrypting feature data of each partitioned file in a flash packet to obtain encrypted feature data; processing signature data of each partitioned file in the flash packet to obtain encrypted signature data; processing partitioned identification data of each partitioned file in the flash packet to obtain encrypted partitioned identification data; and determining an encrypted flash packet according to the encrypted feature data, the encrypted signature data, and the encrypted partitioned identification data. Whether the flash packet can be installed on a current terminal can be determined by means of an identity identifier containing version information, thereby preventing mixed use of different versions of flash packages while protecting the security of the flash package.

Description

刷机包加密方法、装置、电子设备及计算机存储介质Encryption method, device, electronic equipment and computer storage medium for flashing package 技术领域Technical field
本申请涉及计算机技术领域,特别是一种刷机包加密方法、装置、电子设备及计算机存储介质。This application relates to the field of computer technology, in particular to a method, device, electronic equipment, and computer storage medium for encrypting a flash package.
背景技术Background technique
随着技术的发展,终端需要安装刷机包来更新操作系统,由于市场的多元化,用户可以分为很多类,不同种类的用户需要不同版本的刷机包来得到具备不同权限的操作系统,如将运营商的系统安装到普通用户的终端上,可能损害到运营商的利益。With the development of technology, terminals need to install flashing packages to update the operating system. Due to the diversification of the market, users can be divided into many categories. Different types of users need different versions of flashing packages to obtain operating systems with different permissions. The operator's system is installed on the terminal of ordinary users, which may harm the interests of the operator.
所以,需要对不同版本的刷机包进行加密处理来避免上述情况,目前常用的加密方法需要用户手动输入预设的密码来进行验证,但这十分不方便且无法识别刷机包是否经过了非法修改。Therefore, it is necessary to encrypt different versions of the flashing package to avoid the above situation. Currently, the commonly used encryption method requires the user to manually enter a preset password for verification, but this is very inconvenient and cannot identify whether the flashing package has been illegally modified.
发明内容Summary of the invention
基于上述问题,本申请提出了一种刷机包加密方法、装置、电子设备及计算机存储介质,可以在保护刷机包的安全的同时防止不同版本的刷机包出现混用的情况。Based on the above problems, this application proposes a flashing package encryption method, device, electronic equipment, and computer storage medium, which can protect the security of the flashing package while preventing the mixing of different versions of the flashing package.
本申请实施例第一方面提供了一种刷机包加密方法,所述方法包括:The first aspect of the embodiments of the present application provides a method for encrypting a flashing package, and the method includes:
对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;Encrypting the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
本申请实施例第二方面提供了一种刷机包加密装置,所述装置包括处理单 元和通信单元,其中,A second aspect of the embodiments of the present application provides a device for encrypting a flashing package. The device includes a processing unit and a communication unit, wherein:
所述处理单元,用于对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;The processing unit is configured to encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
本申请实施例第三方面提供了一种电子设备,包括多核处理器、通信接口和存储器,所述多核处理器、通信接口和存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述多核处理器被配置用于调用所述程序指令,执行如本申请实施例第一方面任意步骤所描述的方法。A third aspect of the embodiments of the present application provides an electronic device, including a multi-core processor, a communication interface, and a memory. The multi-core processor, the communication interface, and the memory are connected to each other. The memory is used to store a computer program, and the The computer program includes program instructions, and the multi-core processor is configured to invoke the program instructions to execute the method described in any step of the first aspect of the embodiments of the present application.
本申请实施例第四方面提供了一种计算机存储介质,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如本申请实施例第一方面任意步骤所描述的方法。The fourth aspect of the embodiments of the present application provides a computer storage medium, the computer storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute such as The method described in any step of the first aspect of the embodiments of the present application.
本申请实施例第五方面提供了一种计算机程序产品,其中,上述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,上述计算机程序可操作来使计算机执行如本申请实施例第一方面任一方法中所描述的部分或全部步骤。该计算机程序产品可以为一个软件安装包。A fifth aspect of the embodiments of the present application provides a computer program product, wherein the above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program, and the above-mentioned computer program is operable to cause a computer to execute the computer program Part or all of the steps described in any method of the first aspect. The computer program product may be a software installation package.
通过实施上述申请实施例,可以得到以下有益效果:By implementing the above application examples, the following beneficial effects can be obtained:
上述刷机包加密方法、装置、电子设备及计算机存储介质,通过对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷 机包。可以通过包含版本信息的身份标识码来确认是否可以在当前终端上安装该刷机包,在保护刷机包的安全的同时防止不同版本的刷机包出现混用的情况。The above flashing package encryption method, device, electronic equipment and computer storage medium, by encrypting the feature data of each partition file in the flashing package to obtain feature encrypted data, the feature data includes any one of the each partition file Fragment; processing the signature data of each partition file in the flashing package to obtain signature encrypted data, the signature data is used to represent the version information of the flashing package; for each partitioning file in the flashing package The partition identification data is processed to obtain partition identification encrypted data, the partition identification data is used to indicate the type of each partition file; determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data Encrypted flashing package. The identification code containing the version information can be used to confirm whether the flashing package can be installed on the current terminal, which protects the security of the flashing package while preventing the mixing of different versions of the flashing package.
附图说明Description of the drawings
为了更清楚地说明本发明实施例技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the technical solutions of the embodiments of the present invention more clearly, the following will briefly introduce the drawings used in the description of the embodiments. Obviously, the drawings in the following description are some embodiments of the present invention. Ordinary technicians can obtain other drawings based on these drawings without creative work.
图1为本申请实施例提供的刷机包的内容示意图;FIG. 1 is a schematic diagram of the contents of a flashing package provided by an embodiment of the application;
图2为本申请实施例提供的刷机包加密方法的系统构架图;Figure 2 is a system architecture diagram of a method for encrypting a flashing package provided by an embodiment of the application;
图3为本申请实施例提供的一种刷机包加密方法的流程示意图;FIG. 3 is a schematic flowchart of a method for encrypting a flashing package provided by an embodiment of the application;
图4为本申请实施例提供的一种加密后的刷机包的结构示意图;Figure 4 is a schematic structural diagram of an encrypted flashing package provided by an embodiment of the application;
图5为本申请实施例提供的另一种刷机包加密方法的流程示意图;FIG. 5 is a schematic flowchart of another method for encrypting a flashing package provided by an embodiment of the application;
图6为本申请实施例提供的一种电子设备的结构示意图;FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of this application;
图7为本申请实施例提供的一种刷机包加密装置的结构单元框图。FIG. 7 is a block diagram of structural units of a device for encrypting a flashing package provided by an embodiment of the application.
具体实施方式Detailed ways
为了使本技术领域的人员更好地理解本发明方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present application will be described clearly and completely in conjunction with the accompanying drawings in the embodiments of the present application. Obviously, the described embodiments are only These are a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别不同对象,而不是用于描述特定顺序。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其他步骤或单元。The terms "first", "second", etc. in the specification and claims of the present invention and the above-mentioned drawings are used to distinguish different objects, rather than to describe a specific sequence. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but optionally includes unlisted steps or units, or optionally also includes Other steps or units inherent to these processes, methods, products or equipment.
在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本发明的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference to "embodiments" herein means that a specific feature, structure or characteristic described in conjunction with the embodiments may be included in at least one embodiment of the present invention. The appearance of the phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive with other embodiments. Those skilled in the art clearly and implicitly understand that the embodiments described herein can be combined with other embodiments.
本申请实施例所涉及到的电子设备和终端可以包括各种具有无线通信功能的手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其他处理设备,以及各种形式的用户设备(User Equipment,UE),移动台(Mobile Station,MS),终端设备(terminal device)等等。The electronic devices and terminals involved in the embodiments of this application may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of user equipment (User Equipment, UE), mobile station (Mobile Station, MS), terminal device (terminal device), etc.
目前,如图1所示,图1是本申请实施例提供的刷机包的内容示意图,上述刷机包可以为应用程序,用于对终端的存放固件代码的存储器(Read only Memory,ROM)中的内容进行改写,图1包括该刷机包的全部分区文件,此处以安卓系统为例,全部文件可以分类为启动引导(Little Kernel,LK)分区文件、操作系统Linux内核分区文件、安卓系统框架分区文件以及用户数据分区文件等等,在此不一一列出,图1中的刷机包未做加密处理,可以直接修改该刷机包中的任意一个分区文件,可能会出现将具备特定权限的刷机包安装到不能使用该特定权限的用户终端上,如将运营商版本的刷机包安装到普通用户的终端上,这会给运营商带来损失。At present, as shown in Figure 1, Figure 1 is a schematic diagram of the contents of a flashing package provided by an embodiment of the present application. The flashing package can be an application program used to store firmware codes in the terminal's memory (Read only Memory, ROM). The content is rewritten. Figure 1 includes all the partition files of the flashing package. Here, taking the Android system as an example, all files can be classified into boot boot (Little Kernel, LK) partition files, operating system Linux kernel partition files, and Android system framework partition files And user data partition files, etc., are not listed here. The flashing package in Figure 1 is not encrypted. You can directly modify any partition file in the flashing package. A flashing package with specific permissions may appear. Install it on a user terminal that cannot use the specific authority, such as installing the operator’s version of the flashing package on a common user’s terminal, which will bring losses to the operator.
基于上述问题,本申请实施例提供了一种刷机包加密方法、装置、电子设备及计算机存储介质,下面结合图2对本申请实施例中刷机包加密方法的系统架构作详细说明,图2为本申请实施例提供的刷机包加密方法的系统架构图,包括:用户终端210以及服务器220,上述用户终端210可以为任意具备网络连接功能的电子设备,上述服务器220中可以内置数据库,对刷机包进行加密处理,并将加密后的刷机包数据保存到数据库中,上述用户终端210可以与上述服务器220有线或无线连接,在对加密的刷机包解密时上述服务器220可以获取上述用户终端210的标识,并判断上述加密的刷机包是否可以在该用户终端210上进行解密安装。Based on the above problems, the embodiments of the present application provide a flashing package encryption method, device, electronic equipment, and computer storage medium. The following describes the system architecture of the flashing package encryption method in the embodiment of the application in detail with reference to FIG. 2. FIG. 2 is The system architecture diagram of the flashing package encryption method provided by the application embodiment includes: a user terminal 210 and a server 220. The user terminal 210 can be any electronic device with a network connection function. The server 220 can have a built-in database to perform the flashing package. Encryption processing, and save the encrypted flashing package data in the database. The user terminal 210 can be connected to the server 220 by wired or wireless connection. The server 220 can obtain the identification of the user terminal 210 when decrypting the encrypted flashing package. And it is determined whether the encrypted flashing package can be decrypted and installed on the user terminal 210.
可以看出,上述系统结构可以通过包含版本信息的身份标识码来确认是否可以在当前终端上安装该刷机包,在保护刷机包的安全的同时可以防止不同版 本的刷机包出现混用的情况。It can be seen that the above system structure can confirm whether the flashing package can be installed on the current terminal through the identification code containing the version information, which can prevent the flashing package of different versions from being mixed while protecting the security of the flashing package.
下面结合图3对本申请实施例中的一种刷机包加密方法作详细说明,图3为本申请实施例提供的一种刷机包加密方法的流程示意图,具体包括以下步骤:The following is a detailed description of a flashing package encryption method in an embodiment of this application with reference to Figure 3. Figure 3 is a schematic flow diagram of a flashing package encryption method provided by an embodiment of the application, which specifically includes the following steps:
步骤301,对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据。Step 301: Encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data.
其中,上述每个分区文件都对应一个特征数据,上述特征数据可以是分区文件的任意一个片段,可以先获取所述刷机包中的每个分区文件的预设地址的特征数据,上述预设地址用于表示上述特征数据在对应的上述分区文件中的位置,举例来说,可以将分区文件首部的256KB的片段设定为预设地址,此时每个分区文件首部的256KB数据即为特征数据。Wherein, each of the above-mentioned partition files corresponds to a feature data, and the above-mentioned feature data can be any fragment of the partition file. The feature data of the preset address of each partition file in the flashing package can be obtained first, and the above-mentioned preset address It is used to indicate the location of the above-mentioned feature data in the corresponding above-mentioned partition file. For example, a 256KB segment of the header of the partition file can be set as a preset address. At this time, the 256KB data of the header of each partition file is the feature data. .
其中,可以通过非对称加密算法(RSA algorithm)对上述每个分区文件的特征数据进行加密,得到一个特征加密数据,具体的,以图1中的刷机包为例进行说明,首先可以新建一个ofp格式的空文件,将其命名为rom,即rom.ofp文件,之后读取启动引导分区文件首部的256KB数据,利用RSA算法加密之后将上述启动引导分区文件对应的特征加密数据保存至上述rom.ofp文件的前部,将上述启动引导分区文件中除了上述特征数据之外的剩余数据保存至上述rom.ofp文件的后部,同理,可以依次将操作系统Linux内核分区文件的首部的256KB数据、安卓系统框架分区文件的首部的256KB数据以及用户数据分区文件的首部的256KB数据等分区文件进行加密,得到对应的特征加密数据,并将上述特征加密数据依次保存至上述rom.ofp文件中,上述全部分区文件的除加密特征数据以外的剩余数据也追加保存至上述rom.ofp文件的后面。Among them, the feature data of each partition file can be encrypted by an asymmetric encryption algorithm (RSA algorithm) to obtain a feature encrypted data. Specifically, take the flashing package in Figure 1 as an example for illustration. First, you can create a new ofp Format the empty file, name it rom, that is, rom.ofp file, and then read the 256KB data at the beginning of the boot partition file, and use the RSA algorithm to encrypt the feature encryption data corresponding to the boot partition file and save it to the above rom. In the front part of the ofp file, save the remaining data in the boot partition file except the above-mentioned feature data to the back part of the above-mentioned rom.ofp file. Similarly, the 256KB data of the first part of the operating system Linux kernel partition file can be sequentially saved , The partition files such as the 256KB data of the header of the Android system framework partition file and the 256KB data of the header of the user data partition file are encrypted to obtain the corresponding feature encrypted data, and the aforementioned feature encrypted data are sequentially saved to the aforementioned rom.ofp file, The remaining data except for the encrypted feature data of all the above partition files are also appended and saved to the back of the above rom.ofp file.
通过上述服务器对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,每个分区文件的特征数据都具备唯一性,可以避免加密特征数据之间产生混淆,并且无需对分区文件的全部数据都进行加密,可以大大提升加密步骤的效率。The above-mentioned server encrypts the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data. The characteristic data of each partition file is unique, which can avoid confusion between encrypted characteristic data and eliminates the need for partition files All of the data are encrypted, which can greatly improve the efficiency of the encryption step.
步骤302,对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据。Step 302: Process the signature data of each partition file in the flashing package to obtain signature encrypted data.
其中,上述签名数据可以为上述每个分区文件自带的数据,用于表示刷机 包的来源,需要说明的是,上述签名数据为经过RSA算法生成的签名数据,可以用字符串表示。Wherein, the above-mentioned signature data can be the data that comes with each of the above-mentioned partition files to indicate the source of the flashing package. It should be noted that the above-mentioned signature data is the signature data generated by the RSA algorithm, which can be represented by a character string.
其中,可以获取上述刷机包中每个分区文件的签名数据并合并,得到一个全签名数据,具体的,可以新建一个全签名文件AllSignatureFile,之后提取上述每个分区文件的签名数据,将其组合为一个全签名数据并保存至上述AllSignatureFile文件中,上述AllSignatureFile文件可以追加保存到上述rom.ofp文件的后面,接着,可以通过哈希算法对上述全签名数据进行加密,得到上述签名加密数据,上述签名加密数据可以包括版本标识信息。需要说明的是,上述哈希算法可以为SHA256算法,该SHA256算法使用的哈希值为256位,通过SHA256算法可以得到256Bit二进制数据,即64个字符,该64个字符即为上述签名加密数据,用于表示刷机包的版本信息。Among them, the signature data of each partition file in the above flashing package can be obtained and combined to obtain a full signature data. Specifically, a full signature file AllSignatureFile can be created, and then the signature data of each partition file can be extracted and combined into A full signature data is saved in the AllSignatureFile file. The AllSignatureFile file can be additionally saved to the back of the rom.ofp file. Then, the full signature data can be encrypted by a hash algorithm to obtain the signature encrypted data, the signature The encrypted data may include version identification information. It should be noted that the above hash algorithm can be the SHA256 algorithm, the hash value used by the SHA256 algorithm is 256 bits, and 256Bit binary data can be obtained through the SHA256 algorithm, that is, 64 characters, and the 64 characters are the aforementioned signature encrypted data , Used to indicate the version information of the flashing package.
通过上述服务器对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,可以对判断该刷机包的版本信息进行加密,可以防止不同版本的刷机包出现混用的情况。The above-mentioned server processes the signature data of each partition file in the flashing package to obtain signature encrypted data, which can encrypt the version information of the judgment flashing package, which can prevent the mixing of different versions of flashing packages.
步骤303,对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据。Step 303: Process the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data.
其中,上述分区标识数据可以为结构体变量,具体的,可以先获取上述刷机包中每个分区文件的分区名字、分区偏移地址以及分区校验和;将每个分区文件的分区名字、分区偏移地址以及分区校验和合并为结构体变量数据;通过RSA算法对上述结构体变量数据进行加密,得到上述分区标识加密数据,上述分区偏移地址可以用于表示上述分区文件在rom.ofp文件中的位置,上述分区校验和可以用于表示上述分区文件传输的完整性,上述结构体变量数据包括了上述每个分区文件的标识信息,上述分区标识加密数据最终可以保存至服务器的数据库中,在解密时进行调用可以确定每个分区文件的解密路径。Among them, the above-mentioned partition identification data can be a structural variable. Specifically, the partition name, partition offset address, and partition checksum of each partition file in the above-mentioned flashing package can be obtained first; and the partition name and partition of each partition file The offset address and the partition checksum are merged into structure variable data; the structure variable data is encrypted by the RSA algorithm to obtain the partition identification encrypted data. The partition offset address can be used to indicate that the partition file is in rom.ofp The location in the file, the partition checksum can be used to indicate the integrity of the partition file transmission, the structure variable data includes the identification information of each partition file, and the partition identification encrypted data can finally be saved to the database of the server , The decryption path of each partition file can be determined by calling during decryption.
通过上述服务器对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,可以避免刷机包中的分区文件被篡改,大大提升了刷机包的安全性。The above-mentioned server processes the partition identification data of each partition file in the flashing package to obtain the encrypted data of the partition identification, which can prevent the partition files in the flashing package from being tampered with, which greatly improves the security of the flashing package.
步骤304,根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。Step 304: Determine an encrypted flashing package according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
其中,可以将所述特征加密数据保存至预设格式文件首部,将所述签名加密数据和所述分区标识数据保存至所述预设格式文件尾部,所述预设格式文件用于表示加密后的刷机包。经过上述步骤最终得到的rom.ofp文件即为上述加密后的刷机包。Wherein, the characteristic encrypted data may be saved to the header of a preset format file, the signature encrypted data and the partition identification data may be saved to the end of the preset format file, and the preset format file is used to indicate the encrypted Brush package. The rom.ofp file finally obtained after the above steps is the above-mentioned encrypted flashing package.
为更加详细说明上述刷机包加密方法,下面结合图4对本申请实施例中的加密后的刷机包的结构进行说明,图4为一种加密后的刷机包的结构示意图,如图所示,最左边部分为加密后的刷机包的结构,包括启动引导分区、操作系统Linux内核分区、安卓系统框架分区以及用户数据分区等,每个分区都包括三个部分,第一部分是加密256kb二进制数据,第二部分是该分区内的剩余数据,该剩余数据可以通过服务器编译转换为二进制数据,第三部分是RSA签名,用于验证该分区文件的来源,即可以通过上述RSA签名判断上述分区文件是否被篡改,若刷机包是OPPO公司生成的,此处的RSA签名可以验证每个分区的数据是否是OPPO公司生成的。In order to explain in more detail the above-mentioned flashing package encryption method, the structure of the encrypted flashing package in the embodiment of this application will be described below with reference to Figure 4. Figure 4 is a schematic diagram of the structure of an encrypted flashing package, as shown in the figure, the most The left part is the structure of the encrypted flash package, including the boot partition, the operating system Linux kernel partition, the Android system framework partition, and the user data partition. Each partition includes three parts. The first part is encrypted 256kb binary data. The second part is the remaining data in the partition, which can be converted into binary data by server compilation, and the third part is the RSA signature, which is used to verify the source of the partition file. That is, the above RSA signature can be used to determine whether the partition file is Tampering, if the flashing package is generated by OPPO company, the RSA signature here can verify whether the data of each partition is generated by OPPO company.
其中,可以将上述每个分区的RSA签名组合一个全签名数据AllSignatureFile,并根据哈希256算法得到256bit的版本身份信号编码,上述版本身份信号编码即为签名加密数据。需要说明的是,上述刷机包结构还包括在刷机包末尾的全签名数据和分区标识加密数据,该分区标识加密数据包括每个分区的名字、偏移地址、文件长度、校验和等信息。Among them, the RSA signature of each partition can be combined into one full signature data AllSignatureFile, and a 256-bit version of the identity signal code can be obtained according to the hash 256 algorithm. The version of the identity signal code is the signature encrypted data. It should be noted that the above flashing package structure also includes full signature data and partition identification encrypted data at the end of the flashing package. The partition identification encrypted data includes the name, offset address, file length, checksum and other information of each partition.
通过上述刷机包的结构,可以统一加密的文件格式和加密区域的偏移地址,方便用户终端使用同一标准进行解密,提升安全性的同时也增强了便捷性。下面结合图5对本申请实施例中另一种刷机包加密方法作详细说明,图5为本申请实施例提供的另一种刷机包加密方法的流程示意图,具体包括以下步骤:Through the structure of the above flashing package, the encrypted file format and the offset address of the encrypted area can be unified, so that the user terminal can use the same standard for decryption, which improves the security and convenience at the same time. Hereinafter, another method for encrypting a flashing package in an embodiment of the application will be described in detail with reference to FIG. 5. FIG. 5 is a schematic flowchart of another method for encrypting a flashing package provided by an embodiment of the application, which specifically includes the following steps:
步骤501,对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据。Step 501: Encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data.
步骤502,对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据。Step 502: Process the signature data of each partition file in the flashing package to obtain signature encrypted data.
步骤503,对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据。Step 503: Process the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data.
步骤504,根据所述特征加密数据、所述签名加密数据以及所述分区标识 加密数据确定加密后的刷机包。Step 504: Determine an encrypted flashing package based on the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
步骤505,获取用户终端的预设版本标识。Step 505: Obtain the preset version identifier of the user terminal.
其中,在用户终端安装所述加密后的刷机包前执行本步骤,上述预设版本标识可以用于表示上述用户终端可安装的刷机包的版本信息,上述预设版本标识可以包括企业定制版本标识、运营商版本标识、普通版本标识等,在此不做具体限定。Wherein, this step is performed before the user terminal installs the encrypted flashing package. The above-mentioned preset version identifier may be used to indicate the version information of the flashing package that can be installed on the user terminal, and the above-mentioned preset version identifier may include an enterprise customized version identifier. , Operator version identification, common version identification, etc., which are not specifically limited here.
步骤506,判断所述版本标识信息是否与所述预设版本标识存在版本对应关系。Step 506: Determine whether there is a version correspondence between the version identification information and the preset version identification.
其中,上述版本标识信息可以用于表示当前刷机包对应的版本信息,上述版本标识信息和上述预设版本标识的版本是同一个时,即可以判断存在版本对应关系。Wherein, the above version identification information can be used to indicate the version information corresponding to the current flashing package. When the above version identification information and the version of the above preset version identification are the same, it can be determined that there is a version correspondence relationship.
其中,当判断上述版本标识信息与上述预设版本标识存在版本对应关系时,可以执行步骤507;当判断上述版本标识信息与上述预设版本标识不存在版本对应关系时,则无法对加密后的刷机包完成解密。Wherein, when it is judged that there is a version correspondence between the above-mentioned version identification information and the above-mentioned preset version identification, step 507 can be executed; when it is judged that there is no version correspondence between the above-mentioned version identification information and the above-mentioned preset version identification, the encrypted version cannot be compared. Complete the decryption of the flashing package.
步骤507,对所述加密后的刷机包执行解密步骤,得到所述刷机包。Step 507: Perform a decryption step on the encrypted flashing package to obtain the flashing package.
其中,上述解密步骤可以为向用户终端发送密钥,上述密钥为RSA密码,可以利用上述RSA密码对上述分区标识加密数据进行解密,获取每个分区文件的分区标识数据如分区名、偏移地址、校验和等,再根据上述每个分区文件的偏移地址寻找到对应的分区文件在rom.ofp文件中的位置,寻找到对应的分区文件后对该分区文件的特征加密数据进行解密,还原出该分区文件,同理,可以还原出每个分区文件,完成对刷机包的解密,得到原始的刷机包。Wherein, the above decryption step may be sending a key to the user terminal, and the above key is an RSA password. The above RSA password may be used to decrypt the partition identification encrypted data to obtain the partition identification data of each partition file, such as partition name and offset. Address, checksum, etc., and then find the location of the corresponding partition file in the rom.ofp file according to the offset address of each partition file above, and decrypt the characteristic encrypted data of the partition file after finding the corresponding partition file , Restore the partition file, similarly, you can restore each partition file, complete the decryption of the flashing package, and get the original flashing package.
通过对所述加密后的刷机包执行解密步骤,得到所述刷机包,可以对分区标识加密数据和特征加密数据进行解密,可以安全地完成对刷机包的解密。By performing a decryption step on the encrypted flashing package to obtain the flashing package, the partition identification encrypted data and the characteristic encrypted data can be decrypted, and the decryption of the flashing package can be completed safely.
步骤508,根据所述签名数据烧录所述分区文件至所述用户终端中。Step 508: Burn the partition file to the user terminal according to the signature data.
其中,可以在对加密后的刷机包解密后执行步骤508,上述签名数据包括了分区文件的来源信息,可以使用上述签名数据校验当前要安装的分区位置是否是签名数据对应的分区,若是,则完成安装,若校验未通过,则无法完成安装。Wherein, step 508 can be executed after decrypting the encrypted flashing package. The above-mentioned signature data includes the source information of the partition file. The above-mentioned signature data can be used to verify whether the current partition location to be installed is the partition corresponding to the signature data. If so, The installation is completed. If the verification fails, the installation cannot be completed.
通过根据所述签名数据烧录所述分区文件至所述用户终端中,可以保证刷 机包的数据没有被非法篡改,大大提升了刷机包的安全性。By burning the partition file to the user terminal according to the signature data, it can be ensured that the data of the flashing package has not been illegally tampered with, which greatly improves the security of the flashing package.
上述未详细说明的步骤可以参见图3中的方法步骤,在此不再赘述。The steps that are not described in detail above can be referred to the method steps in FIG. 3, which will not be repeated here.
与上述图3、图5所示的实施例一致的,请参阅图6,图6是本申请实施例提供的一种电子设备600的结构示意图,如图所示,所述电子设备600包括应用处理器601、通信接口602和存储器603,所述应用处理器601、通信接口602和存储器603通过总线604相互连接,总线604可以是外设部件互连标准(Peripheral Component Interconnect,简称PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,简称EISA)总线等。总线604可以分为地址总线、数据总线、控制总线等。为便于表示,图6中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述应用处理器被配置用于调用所述程序指令,执行以下步骤的方法:对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;Consistent with the embodiments shown in FIG. 3 and FIG. 5, please refer to FIG. 6. FIG. 6 is a schematic structural diagram of an electronic device 600 provided by an embodiment of the present application. As shown in the figure, the electronic device 600 includes an application The processor 601, the communication interface 602, and the memory 603. The application processor 601, the communication interface 602, and the memory 603 are connected to each other through a bus 604. The bus 604 may be a Peripheral Component Interconnect (PCI) bus or Extended Industry Standard Architecture (Extended Industry Standard Architecture, EISA) bus, etc. The bus 604 can be divided into an address bus, a data bus, a control bus, and so on. For ease of representation, only one thick line is used in FIG. 6, but it does not mean that there is only one bus or one type of bus. Wherein, the memory is used to store a computer program, the computer program includes program instructions, and the application processor is configured to call the program instructions to perform the following steps: Encrypting the characteristic data to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
在一个可能的示例中,在所述对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据方面,所述程序中的指令具体用于执行以下操作:获取所述刷机包中的每个分区文件的预设地址的特征数据;In a possible example, in the aspect of encrypting the characteristic data of each partition file in the flashing package to obtain the characteristic encrypted data, the instructions in the program are specifically used to perform the following operations: The characteristic data of the preset address of each partition file;
通过非对称加密算法对所述特征数据进行加密,得到所述特征加密数据。The characteristic data is encrypted by an asymmetric encryption algorithm to obtain the characteristic encrypted data.
在一个可能的示例中,在所述对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据方面,所述程序中的指令具体用于执行以下操作:获取所述刷机包中每个分区文件的签名数据并合并,得到一个全签名数据;In a possible example, in the aspect of processing the signature data of each partition file in the flashing package to obtain the signature encrypted data, the instructions in the program are specifically used to perform the following operations: obtaining the flashing Combine the signature data of each partition file in the package to obtain a full signature data;
通过哈希算法对所述全签名数据进行加密,得到所述签名加密数据,所述签名加密数据包括版本标识信息。The fully signed data is encrypted by a hash algorithm to obtain the signed encrypted data, and the signed encrypted data includes version identification information.
在一个可能的示例中,在所述对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据方面,所述程序中的指令具体用于执行以下操作:获取所述刷机包中每个分区文件的分区名字、分区偏移地址以及分区校验和;In a possible example, in terms of processing the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data, the instructions in the program are specifically used to perform the following operations: State the partition name, partition offset address and partition checksum of each partition file in the flashing package;
将每个分区文件的分区名字、分区偏移地址以及分区校验和合并为结构体变量数据;Combine the partition name, partition offset address, and partition checksum of each partition file into structure variable data;
通过非对称加密算法对所述结构体变量数据进行加密,得到所述分区标识加密数据。The structure variable data is encrypted by an asymmetric encryption algorithm to obtain the partition identification encrypted data.
在一个可能的示例中,在所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包方面,所述程序中的指令具体用于执行以下操作:将所述特征加密数据保存至预设格式文件首部,将所述签名加密数据和所述分区标识数据保存至所述预设格式文件尾部,所述预设格式文件用于表示加密后的刷机包。In a possible example, in terms of determining the encrypted flashing package based on the feature encrypted data, the signature encrypted data, and the partition identification encrypted data, the instructions in the program are specifically used to perform the following operations: Save the feature encrypted data to the header of a preset format file, save the signature encrypted data and the partition identification data to the end of the preset format file, and the preset format file is used to represent the encrypted flashing package .
在一个可能的示例中,在所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包之后方面,所述程序中的指令具体还用于执行以下操作:在用户终端安装所述加密后的刷机包前,获取所述用户终端的预设版本标识;In a possible example, after the encrypted flashing package is determined according to the feature encrypted data, the signature encrypted data, and the partition identification encrypted data, the instructions in the program are specifically used to execute the following Operation: before the user terminal installs the encrypted flashing package, obtain the preset version identifier of the user terminal;
判断所述版本标识信息是否与所述预设版本标识存在版本对应关系;Judging whether the version identification information has a version correspondence with the preset version identification;
若是,则对所述加密后的刷机包执行解密步骤,得到所述刷机包。If yes, perform a decryption step on the encrypted flashing package to obtain the flashing package.
在一个可能的示例中,在所述对所述加密后的刷机包执行解密步骤,得到所述刷机包之后方面,所述程序中的指令具体还用于执行以下操作:根据所述签名数据烧录所述分区文件至所述用户终端中。In a possible example, after the decryption step is performed on the encrypted flashing package to obtain the flashing package, the instructions in the program are specifically used to perform the following operations: burning according to the signature data Record the partition file to the user terminal.
上述主要从方法侧执行过程的角度对本申请实施例的方案进行了介绍。可以理解的是,电子设备为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本文中所提供的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用使用不同方法来实现所描述的功能,但是这种实现不应认为超出 本申请的范围。The foregoing mainly introduces the solution of the embodiment of the present application from the perspective of the execution process on the method side. It can be understood that, in order to implement the above-mentioned functions, an electronic device includes hardware structures and/or software modules corresponding to each function. Those skilled in the art should easily realize that in combination with the units and algorithm steps of the examples described in the embodiments provided herein, this application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a certain function is executed by hardware or computer software-driven hardware depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
本申请实施例可以根据上述方法示例对电子设备进行功能单元的划分,例如,可以对应各个功能划分各个功能单元,也可以将两个或两个以上的功能集成在一个处理单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。需要说明的是,本申请实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。The embodiment of the present application may divide the electronic device into functional units according to the foregoing method examples. For example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit. It should be noted that the division of units in the embodiments of the present application is illustrative, and is only a logical function division, and there may be other division methods in actual implementation.
图7是本申请实施例中提供的一种刷机包加密装置700的功能单元组成框图。该刷机包加密装置700应用于电子设备,所述装置包括处理单元701、通信单元702和存储单元703,其中,所述处理单元701,用于执行如上述方法实施例中的任一步骤,且在执行诸如发送等数据传输时,可选择的调用所述通信单元702来完成相应操作。下面进行详细说明。FIG. 7 is a block diagram of functional units of a device 700 for encrypting a flashing package provided in an embodiment of the application. The flashing package encryption device 700 is applied to electronic equipment. The device includes a processing unit 701, a communication unit 702, and a storage unit 703. The processing unit 701 is used to perform any step in the above method embodiment, and When performing data transmission such as sending, the communication unit 702 can be optionally invoked to complete the corresponding operation. The detailed description will be given below.
所述处理单元701,用于对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;The processing unit 701 is configured to encrypt characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
在一个可能的示例中,在所述对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据方面,所述处理单元701具体用于:获取所述刷机包中的每个分区文件的预设地址的特征数据;In a possible example, in the aspect of encrypting the characteristic data of each partition file in the flashing package to obtain the characteristic encrypted data, the processing unit 701 is specifically configured to: obtain each partition in the flashing package Characteristic data of the preset address of the file;
通过非对称加密算法对所述特征数据进行加密,得到所述特征加密数据。The characteristic data is encrypted by an asymmetric encryption algorithm to obtain the characteristic encrypted data.
在一个可能的示例中,在所述对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据方面,所述处理单元701具体用于:获取所述刷机包中每个分区文件的签名数据并合并,得到一个全签名数据;In a possible example, in the aspect of processing the signature data of each partition file in the flashing package to obtain signature encrypted data, the processing unit 701 is specifically configured to: obtain each The signature data of the partition files are merged to obtain a full signature data;
通过哈希算法对所述全签名数据进行加密,得到所述签名加密数据,所述签名加密数据包括版本标识信息。The fully signed data is encrypted by a hash algorithm to obtain the signed encrypted data, and the signed encrypted data includes version identification information.
在一个可能的示例中,在所述对所述刷机包中的每个分区文件的分区标识 数据进行处理,得到分区标识加密数据方面,所述处理单元701具体用于:获取所述刷机包中每个分区文件的分区名字、分区偏移地址以及分区校验和;In a possible example, in the aspect of processing the partition identification data of each partition file in the flashing package to obtain the encrypted data of the partition identification, the processing unit 701 is specifically configured to: obtain the information in the flashing package The partition name, partition offset address and partition checksum of each partition file;
将每个分区文件的分区名字、分区偏移地址以及分区校验和合并为结构体变量数据;Combine the partition name, partition offset address, and partition checksum of each partition file into structure variable data;
通过非对称加密算法对所述结构体变量数据进行加密,得到所述分区标识加密数据。The structure variable data is encrypted by an asymmetric encryption algorithm to obtain the partition identification encrypted data.
在一个可能的示例中,在所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包方面,所述处理单元701具体用于:将所述特征加密数据保存至预设格式文件首部,将所述签名加密数据和所述分区标识数据保存至所述预设格式文件尾部,所述预设格式文件用于表示加密后的刷机包。In a possible example, in terms of determining the encrypted flashing package based on the feature encrypted data, the signature encrypted data, and the partition identification encrypted data, the processing unit 701 is specifically configured to: The encrypted data is saved to the header of a preset format file, the signature encrypted data and the partition identification data are saved to the end of the preset format file, and the preset format file is used to represent the encrypted flashing package.
在一个可能的示例中,在所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包之后方面,所述处理单元701还具体用于:在用户终端安装所述加密后的刷机包前,获取所述用户终端的预设版本标识;In a possible example, after the encrypted flashing package is determined according to the feature encrypted data, the signature encrypted data, and the partition identification encrypted data, the processing unit 701 is further specifically configured to: Before the terminal installs the encrypted flashing package, obtain the preset version identifier of the user terminal;
判断所述版本标识信息是否与所述预设版本标识存在版本对应关系;Judging whether the version identification information has a version correspondence with the preset version identification;
若是,则对所述加密后的刷机包执行解密步骤,得到所述刷机包。If yes, perform a decryption step on the encrypted flashing package to obtain the flashing package.
在一个可能的示例中,在所述对所述加密后的刷机包执行解密步骤,得到所述刷机包之后方面,所述处理单元701还具体用于:根据所述签名数据烧录所述分区文件至所述用户终端中。In a possible example, after the decryption step is performed on the encrypted flashing package to obtain the flashing package, the processing unit 701 is further specifically configured to: burn the partition according to the signature data File to the user terminal.
本申请实施例还提供一种计算机存储介质,其中,该计算机存储介质存储用于电子数据交换的计算机程序,该计算机程序使得计算机执行如上述方法实施例中记载的任一方法的部分或全部步骤,上述计算机包括电子设备。An embodiment of the present application also provides a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program enables a computer to execute part or all of the steps of any method as described in the above method embodiment , The above-mentioned computer includes electronic equipment.
本申请实施例还提供一种计算机程序产品,上述计算机程序产品包括存储了计算机程序的非瞬时性计算机可读存储介质,上述计算机程序可操作来使计算机执行如上述方法实施例中记载的任一方法的部分或全部步骤。该计算机程序产品可以为一个软件安装包,上述计算机包括电子设备。The embodiments of the present application also provide a computer program product. The above-mentioned computer program product includes a non-transitory computer-readable storage medium storing a computer program. The above-mentioned computer program is operable to cause a computer to execute any of the methods described in the above-mentioned method embodiments. Part or all of the steps of the method. The computer program product may be a software installation package, and the above-mentioned computer includes electronic equipment.
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本申请并不受所描述的 动作顺序的限制,因为依据本申请,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本申请所必须的。It should be noted that for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not limited by the described sequence of actions. Because according to this application, some steps can be performed in other order or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by this application.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如上述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the above-mentioned units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated. To another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical or other forms.
上述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储器中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储器中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例上述方法的全部或部分步骤。而前述的存储器包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable memory. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a memory. A number of instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the foregoing methods of the various embodiments of the present application. The aforementioned memory includes: U disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program codes.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储器中,存储器可以包括:闪存盘、只读存储器(英文:Read-Only Memory,简称:ROM)、随机存取器(英文:Random Access Memory,简称:RAM)、磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by a program instructing relevant hardware. The program can be stored in a computer-readable memory, and the memory can include: a flash disk , Read-only memory (English: Read-Only Memory, abbreviation: ROM), random access device (English: Random Access Memory, abbreviation: RAM), magnetic disk or optical disc, etc.
以上对本申请实施例进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。The embodiments of the application are described in detail above, and specific examples are used in this article to illustrate the principles and implementation of the application. The descriptions of the above embodiments are only used to help understand the methods and core ideas of the application; at the same time, for Those of ordinary skill in the art, based on the idea of the application, will have changes in the specific implementation and the scope of application. In summary, the content of this specification should not be construed as a limitation to the application.

Claims (12)

  1. 一种刷机包加密方法,其特征在于,所述方法包括:An encryption method for flashing package, characterized in that, the method includes:
    对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;Encrypting the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
    对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
    对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
    根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  2. 根据权利要求1所述的方法,其特征在于,所述对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,包括:The method according to claim 1, wherein the encrypting the characteristic data of each partition file in the flashing package to obtain the characteristic encrypted data comprises:
    获取所述刷机包中的每个分区文件的预设地址的特征数据;Acquiring characteristic data of the preset address of each partition file in the flashing package;
    通过非对称加密算法对所述特征数据进行加密,得到所述特征加密数据。The characteristic data is encrypted by an asymmetric encryption algorithm to obtain the characteristic encrypted data.
  3. 根据权利要求1所述的方法,其特征在于,所述对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,包括:The method according to claim 1, wherein the processing the signature data of each partition file in the flashing package to obtain the signature encrypted data comprises:
    获取所述刷机包中每个分区文件的签名数据并合并,得到一个全签名数据;Obtain and merge the signature data of each partition file in the flashing package to obtain a full signature data;
    通过哈希算法对所述全签名数据进行加密,得到所述签名加密数据,所述签名加密数据包括版本标识信息。The fully signed data is encrypted by a hash algorithm to obtain the signed encrypted data, and the signed encrypted data includes version identification information.
  4. 根据权利要求1所述的方法,其特征在于,所述对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,包括:The method according to claim 1, wherein the processing the partition identification data of each partition file in the flashing package to obtain the partition identification encrypted data comprises:
    获取所述刷机包中每个分区文件的分区名字、分区偏移地址以及分区校验和;Acquiring the partition name, partition offset address, and partition checksum of each partition file in the flashing package;
    将每个分区文件的分区名字、分区偏移地址以及分区校验和合并为结构体变量数据;Combine the partition name, partition offset address, and partition checksum of each partition file into structure variable data;
    通过非对称加密算法对所述结构体变量数据进行加密,得到所述分区标识加密数据。The structure variable data is encrypted by an asymmetric encryption algorithm to obtain the partition identification encrypted data.
  5. 根据权利要求1~4任一项所述的方法,其特征在于,所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包,包括:The method according to any one of claims 1 to 4, wherein the determining the encrypted flashing package according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data comprises:
    将所述特征加密数据保存至预设格式文件首部,将所述签名加密数据和所述分区标识数据保存至所述预设格式文件尾部,所述预设格式文件用于表示加密后的刷机包。Save the feature encrypted data to the header of a preset format file, save the signature encrypted data and the partition identification data to the end of the preset format file, and the preset format file is used to represent the encrypted flashing package .
  6. 根据权利要求5所述的方法,其特征在于,所述根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包之后,所述方法还包括:The method according to claim 5, wherein after the encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data, the method further comprises:
    在用户终端安装所述加密后的刷机包前,获取所述用户终端的预设版本标识;Before the user terminal installs the encrypted flashing package, obtain the preset version identifier of the user terminal;
    判断所述版本标识信息是否与所述预设版本标识存在版本对应关系;Judging whether the version identification information has a version correspondence with the preset version identification;
    若是,则对所述加密后的刷机包执行解密步骤,得到所述刷机包。If yes, perform a decryption step on the encrypted flashing package to obtain the flashing package.
  7. 根据权利要求6所述的方法,其特征在于,所述预设版本标识包括256位的二进制数据,所述版本标识信息包括256位的二进制数据;所述判断所述版本标识信息是否与所述预设版本标识存在版本对应关系,包括:The method according to claim 6, wherein the preset version identification includes 256-bit binary data, and the version identification information includes 256-bit binary data; and the judging whether the version identification information is the same as the The preset version identification has version correspondence, including:
    通过逐一对比所述预设版本标识和所述版本标识信息的256位的二进制数据,来判断所述版本标识信息是否与所述预设版本标识存在版本对应关系。By comparing the preset version identifier and the 256-bit binary data of the version identifier information one by one, it is determined whether the version identifier information has a version correspondence relationship with the preset version identifier.
  8. 根据权利要求6所述的方法,其特征在于,所述判断所述版本标识信息是否与所述预设版本标识存在版本对应关系之后,所述方法还包括:The method according to claim 6, wherein after determining whether the version identification information has a version correspondence with the preset version identification, the method further comprises:
    若所述版本标识信息与所述预设版本标识不存在版本对应关系,则在所述用户终端上显示提示信息,所述提示信息用于表示解密失败。If there is no version correspondence between the version identification information and the preset version identification, prompt information is displayed on the user terminal, and the prompt information is used to indicate that the decryption fails.
  9. 根据权利要求1~8任一项所述的方法,其特征在于,所述对所述加密后的刷机包执行解密步骤,得到所述刷机包之后,所述方法还包括:The method according to any one of claims 1 to 8, wherein the step of decrypting the encrypted flashing package is performed, and after the flashing package is obtained, the method further comprises:
    根据所述签名数据烧录所述分区文件至所述用户终端中。Burning the partition file to the user terminal according to the signature data.
  10. 一种刷机包加密装置,其特征在于,所述装置包括处理单元和通信单元,其中,A flashing package encryption device, characterized in that the device includes a processing unit and a communication unit, wherein:
    所述处理单元,用于对刷机包中的每个分区文件的特征数据进行加密,得到特征加密数据,所述特征数据包括所述每个分区文件的任意一个片段;The processing unit is configured to encrypt the characteristic data of each partition file in the flashing package to obtain characteristic encrypted data, where the characteristic data includes any fragment of each partition file;
    对所述刷机包中的每个分区文件的签名数据进行处理,得到签名加密数据,所述签名数据用于表示所述刷机包的版本信息;Processing the signature data of each partition file in the flashing package to obtain signature encrypted data, where the signature data is used to represent the version information of the flashing package;
    对所述刷机包中的每个分区文件的分区标识数据进行处理,得到分区标识加密数据,所述分区标识数据用于表示所述每个分区文件的种类;Processing the partition identification data of each partition file in the flashing package to obtain partition identification encrypted data, where the partition identification data is used to indicate the type of each partition file;
    根据所述特征加密数据、所述签名加密数据以及所述分区标识加密数据确定加密后的刷机包。The encrypted flashing package is determined according to the characteristic encrypted data, the signature encrypted data, and the partition identification encrypted data.
  11. 一种电子设备,其特征在于,包括多核处理器、通信接口和存储器,所述多核处理器、通信接口和存储器相互连接,其中,所述存储器用于存储计算机程序,所述计算机程序包括程序指令,所述多核处理器被配置用于调用所述程序指令,执行如权利要求1~9任一项所述的方法。An electronic device, characterized by comprising a multi-core processor, a communication interface, and a memory, the multi-core processor, the communication interface, and the memory are connected to each other, wherein the memory is used to store a computer program, and the computer program includes program instructions The multi-core processor is configured to call the program instructions to execute the method according to any one of claims 1-9.
  12. 一种计算机存储介质,其特征在于,所述计算机存储介质存储有计算机程序,所述计算机程序包括程序指令,所述程序指令当被处理器执行时使所述处理器执行如权利要求1~9任一项所述的方法。A computer storage medium, wherein the computer storage medium stores a computer program, the computer program includes program instructions, and when executed by a processor, the program instructions cause the processor to execute as claimed in claims 1-9. Any one of the methods.
PCT/CN2019/121328 2019-11-27 2019-11-27 Flash packet encryption method and apparatus, electronic device, and computer storage medium WO2021102753A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980100601.0A CN114424193A (en) 2019-11-27 2019-11-27 Flash package encryption method and device, electronic equipment and computer storage medium
PCT/CN2019/121328 WO2021102753A1 (en) 2019-11-27 2019-11-27 Flash packet encryption method and apparatus, electronic device, and computer storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/121328 WO2021102753A1 (en) 2019-11-27 2019-11-27 Flash packet encryption method and apparatus, electronic device, and computer storage medium

Publications (1)

Publication Number Publication Date
WO2021102753A1 true WO2021102753A1 (en) 2021-06-03

Family

ID=76129822

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/121328 WO2021102753A1 (en) 2019-11-27 2019-11-27 Flash packet encryption method and apparatus, electronic device, and computer storage medium

Country Status (2)

Country Link
CN (1) CN114424193A (en)
WO (1) WO2021102753A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794735A (en) * 2021-09-29 2021-12-14 北京雅丁信息技术有限公司 Sensitive data security protection method under SAAS system scene

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572595A (en) * 2012-02-03 2012-07-11 深圳市同洲电子股份有限公司 IPTV upgrade package structure, upgrading method and startup calibration method
CN108111507A (en) * 2017-12-19 2018-06-01 恒宝股份有限公司 A kind of method and system of equipment remote upgrade
CN110022558A (en) * 2019-04-03 2019-07-16 Oppo广东移动通信有限公司 The encryption and decryption method and electronic device and storage medium of a kind of upgrade package

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102572595A (en) * 2012-02-03 2012-07-11 深圳市同洲电子股份有限公司 IPTV upgrade package structure, upgrading method and startup calibration method
CN108111507A (en) * 2017-12-19 2018-06-01 恒宝股份有限公司 A kind of method and system of equipment remote upgrade
CN110022558A (en) * 2019-04-03 2019-07-16 Oppo广东移动通信有限公司 The encryption and decryption method and electronic device and storage medium of a kind of upgrade package

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794735A (en) * 2021-09-29 2021-12-14 北京雅丁信息技术有限公司 Sensitive data security protection method under SAAS system scene
CN113794735B (en) * 2021-09-29 2023-05-30 北京雅丁信息技术有限公司 Sensitive data security protection method in SAAS system scene

Also Published As

Publication number Publication date
CN114424193A (en) 2022-04-29

Similar Documents

Publication Publication Date Title
US11720503B2 (en) Technologies for secure authentication and programming of accelerator devices
WO2020093214A1 (en) Application program login method, application program login device and mobile terminal
US10339327B2 (en) Technologies for securely binding a platform manifest to a platform
TWI598814B (en) System and method for managing and diagnosing a computing device equipped with unified extensible firmware interface (uefi)-compliant firmware
WO2020042778A1 (en) Firmware upgrade method and device
US10284372B2 (en) Method and system for secure management of computer applications
US20190278583A1 (en) Method for updating firmware, terminal and computer readable non-volatile storage medium
EP2879327A1 (en) Encryption and decryption processing method, apparatus and device
KR102030858B1 (en) Digital signing authority dependent platform secret
US20200026882A1 (en) Methods and systems for activating measurement based on a trusted card
US10726130B2 (en) Method and device for verifying upgrade of diagnosis connector of diagnostic equipment, and diagnosis connector
WO2019109968A1 (en) Method for unlocking sim card and mobile terminal
CN110362427A (en) A kind of processing method of image file, system, BMC and readable storage medium storing program for executing
CN108229144B (en) Verification method of application program, terminal equipment and storage medium
WO2017166362A1 (en) Esim number writing method, security system, esim number server, and terminal
WO2022078366A1 (en) Application protection method and apparatus, device and medium
CN112882750A (en) OTA upgrade package processing method and device and electronic equipment
CN109522683B (en) Software tracing method, system, computer equipment and storage medium
WO2021102753A1 (en) Flash packet encryption method and apparatus, electronic device, and computer storage medium
CN111400771A (en) Target partition checking method and device, storage medium and computer equipment
CN115688120A (en) Secure chip firmware importing method, secure chip and computer readable storage medium
KR101711024B1 (en) Method for accessing temper-proof device and apparatus enabling of the method
WO2021164167A1 (en) Key access method, apparatus, system and device, and storage medium
CN112825093B (en) Security baseline checking method, host, server, electronic device and storage medium
CN109872136B (en) Upgrading method and system for isolated digital wallet, cold wallet and hot wallet

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19954195

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19954195

Country of ref document: EP

Kind code of ref document: A1