CN105320535A - Checking method of installation package, client side, server and system - Google Patents
Checking method of installation package, client side, server and system Download PDFInfo
- Publication number
- CN105320535A CN105320535A CN201410379582.9A CN201410379582A CN105320535A CN 105320535 A CN105320535 A CN 105320535A CN 201410379582 A CN201410379582 A CN 201410379582A CN 105320535 A CN105320535 A CN 105320535A
- Authority
- CN
- China
- Prior art keywords
- apk
- client
- server
- signature value
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a checking method of an installation package, a client side, a server and a system, wherein the method comprises the following steps of acquiring a signature value of a first APK (Android Package) in C language environment; utilizing the signature value of the first APK to carry out first encryption processing on request parameters for requiring network data , and obtaining an encryption byte stream; transmitting the encryption byte stream to the server so that the server can utilize a preset signature value of a second APK to encrypt the encryption byte stream, wherein the second APK is an original APK; receiving information returned when the server cannot decrypt the request parameters and used for identifying the first APK to be a tampered APK. By using the method, the checking logic of the installation package can be prevented from being decompiled, and the reliability of installation package checking is improved.
Description
Technical field
The present invention relates to the data processing field of mobile communication, more specifically, relate to a kind of method of calibration of installation kit, client, server and system.
Background technology
Popular along with Android platform, much outstanding Android installation kit is distorted by lawless person: or implant malicious virus; Or interpolation advertisement, then packed by secondary and again enter channel.
Anti-tamper for installation kit, existing market mainly uses anti-tamper checkschema, checking procedure Java language realizes, wherein, checking process: at NDK (NativeDevelopmentKit, primary development kit) obtain APK signature value with Java language in layer, whether inspection APK (AndroidPackage, Android installation kit) signature value mates with pre-configured APK signature value; As coupling, then illustrate that APK is legal not being tampered; If do not mated, then illustrate that APK is tampered.
But due to Java be interpreted languages, run in a virtual machine environment with the form of intermediate code when verifying, this makes check logic easily by decompiling, check logic ' is being reduced in * .smali ' or is deleting, so just do not reach the object of installation kit verification, reduce the reliability of installation kit inspection.
Summary of the invention
The object of the invention is to the method for calibration, the Apparatus and system that propose a kind of installation kit, the check logic of installation kit can be prevented by decompiling, improve the reliability of installation kit inspection.
According to an aspect of the present invention, provide a kind of method of calibration of installation kit, wherein, comprise step:
The signature value of an APK is obtained under C language environment; And utilize the label name-value pair of a described APK to be used for asking the required parameter of network data to carry out the first encryption, obtain encrypted word throttling; Described encrypted word throttling is sent to server, for the signature value of pre-configured the 2nd APK of server by utilizing, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK; Receive return when server does not decrypt described request parameter for identifying the information that a described APK is the APK be tampered.
According to another aspect of the present invention, provide a kind of method of calibration of installation kit, wherein, comprise step:
Receive the encrypted word throttling that client sends; Wherein, described encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted; Utilize the signature value of the 2nd pre-configured APK, decipher described encrypted word throttling; Wherein, described 2nd APK is original APK; If do not decrypt described request parameter, then return for identifying the information that a described APK is the APK be tampered to client.
According to another aspect of the present invention, provide a kind of method of calibration of installation kit, wherein, comprise step:
Client obtains the signature value of an APK under C language environment; Client utilizes the label name-value pair of a described APK to carry out the first encryption for asking the required parameter of network data, obtains encrypted word throttling; Described encrypted word throttling is sent to server by client; The signature value of the 2nd APK that described server by utilizing is pre-configured, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK; If do not decrypt described request parameter, then return for identifying the information that a described APK is the APK be tampered to client.
According to another aspect of the present invention, provide a kind of client, wherein, comprising:
First acquiring unit, for obtaining the signature value of an APK under C language environment;
Ciphering unit, being used for for utilizing the label name-value pair of a described APK asking the required parameter of network data to carry out the first encryption, obtaining encrypted word throttling;
First transmitting element, for described encrypted word throttling is sent to server, for the signature value of pre-configured the 2nd APK of server by utilizing, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
First receiving element, for receive return when server does not decrypt described request parameter for identifying the information that a described APK is the APK be tampered.
According to another aspect of the present invention, provide a kind of server, wherein, comprising:
Second receiving element, for receiving the encrypted word throttling that client sends; Wherein, described encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted;
Decryption unit, for utilizing the signature value of the 2nd pre-configured APK, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
Second transmitting element, if for not decrypting described request parameter, then returns for identifying the information that a described APK is the APK be tampered to client.
According to another aspect of the present invention, provide a kind of check system of installation kit, wherein, comprising: above-mentioned client and above-mentioned server.
Utilize the present invention, client obtains the signature value of APK and utilizes this signature value encrypt the network data request of APK and the byte stream after encryption is sent to server verification in C language environment, due to said process logic compile in C language after produce ' * .so file ', crack ' * .so file ' inner logic by decompiling instrument by being difficult to, breaking techniques difficulty increases greatly than the scheme using Java language to realize; At server side, the signature value of pre-configured original APK is utilized to remove to decipher the byte stream of above-mentioned encryption, if above-mentioned network data request can be gone out by successful decryption, then illustrate that above-mentioned client is installed is original APK, if above-mentioned network data request can not be decrypted, then illustrate that above-mentioned client is installed is the APK be tampered, thus the correlation function of the client being provided with the APK be tampered can be forbidden.Therefore, by above-mentioned process, the check logic of APK can be prevented by decompiling, improve the reliability of installation kit inspection.
To achieve these goals, one or more aspect of the present invention will describe in detail and the feature particularly pointed out in the claims after comprising.Explanation below and accompanying drawing describe some illustrative aspects of the present invention in detail.But what these aspects indicated is only some modes that can use in the various modes of principle of the present invention.In addition, the present invention is intended to comprise all these aspects and their equivalent.
Accompanying drawing explanation
According to following detailed description of carrying out with reference to accompanying drawing, above and other object of the present invention, feature and advantage will become more apparent.In the accompanying drawings:
Fig. 1 shows a process flow diagram of the method for calibration of a kind of installation kit that the present invention proposes;
Fig. 2 shows another process flow diagram of the method for calibration of a kind of installation kit that the present invention proposes;
Fig. 3 shows another process flow diagram of the method for calibration of a kind of installation kit that the present invention proposes;
Fig. 4 shows another process flow diagram of the method for calibration of a kind of installation kit that the present invention proposes;
Fig. 5 shows a structural representation of a kind of client that the present invention proposes;
Fig. 6 shows another structural representation of a kind of client that the present invention proposes;
Fig. 7 shows another structural representation of a kind of client that the present invention proposes;
Fig. 8 shows the structural representation of a kind of server that the present invention proposes;
Fig. 9 shows the structural representation of the check system of a kind of installation kit that the present invention proposes.
Label identical in all of the figs indicates similar or corresponding feature or function.
Embodiment
Various aspects of the present disclosure are described below.It is to be understood that instruction herein can with varied form imbody, and in this article disclosed any concrete structure, function or both be only representational.Based on instruction herein, those skilled in the art are it is to be understood that an aspect disclosed herein can realize independent of any other side, and the two or more aspects in these aspects can combine according to various mode.Such as, aspect, implement device or the hands-on approach of any number described in this paper can be used.In addition, other structure, function or except one or more aspect described in this paper or be not the 26S Proteasome Structure and Function of one or more aspect described in this paper can be used, realize this device or put into practice this method.In addition, any aspect described herein can comprise at least one element of claim.
Each embodiment of the present invention is described below with reference to accompanying drawings.
The present invention proposes a kind of method of calibration of installation kit, and its flow process can with reference to figure 1; Concrete, comprise step:
Step S101: the signature value obtaining an APK under C language environment;
Wherein, an APK refers to the APK that user downloads to client; Concrete, when obtaining the signature value of an APK, the signature value sign of an APK can be obtained by getPost function call getSign function;
Step S102: utilize the label name-value pair of an APK to be used for asking the required parameter of network data to carry out the first encryption, obtain encrypted word throttling;
Concrete, the signature value of an APK can be utilized to carry out the first encryption as encryption key to network request parameter by getPost function call encodeData function, obtain encrypted word throttling.Wherein, the cryptographic algorithm that the first encryption adopts is reversible symmetry algorithm, as: DES algorithm, RC5 algorithm, also can adopt M9 cryptographic algorithm.
Then carry out step S103: encrypted word throttling is sent to server, the signature value for pre-configured the 2nd APK of server by utilizing deciphers this encrypted word throttling;
Wherein, the 2nd APK is original APK; Step S101 and step S102 is carried out under C language environment, and encrypted word throttling is sent to server, due to said process logic compile in C language after produce ' * .so file ', crack ' * .so file ' inner logic by decompiling instrument by being difficult to, breaking techniques difficulty increases greatly than the scheme using Java language to realize;
Step S104: receive return when server does not decrypt required parameter for identifying the information that an APK is the APK be tampered.Wherein, return when server decrypts required parameter for identifying the information that an APK is original APK.
Above-mentioned function getPost, getSign, encodeData, implementation procedure is all positioned at AndroidNDK layer, realizes, belong to the primary code of system, can produce ' * .so file ' after compiling, decompiling cannot go out this class file with decompiling instrument by C language.
Utilize the present invention, client obtains the signature value of APK and utilizes this signature value encrypt the network data request of APK and the byte stream after encryption is sent to server verification in C language environment, due to said process logic compile in C language after produce ' * .so file ', crack ' * .so file ' inner logic by decompiling instrument by being difficult to, breaking techniques difficulty increases greatly than the scheme using Java language to realize; At server side, the signature value of pre-configured original APK is utilized to remove to decipher the byte stream of above-mentioned encryption, if above-mentioned network data request can be gone out by successful decryption, the original APK that above-mentioned client is installed then is described, if above-mentioned network data request can not be decrypted, then illustrate that above-mentioned client is installed is the APK be tampered, thus the correlation function of the client being provided with the APK be tampered can be forbidden; Therefore the check logic of APK can be prevented by decompiling, improve the reliability of installation kit inspection.
In order to prevent the check logic of APK by decompiling further, improve the reliability that installation kit detects, for above-described embodiment, in step s 102, when utilizing the label name-value pair of an APK to be used for asking the required parameter of network data to carry out the first encryption, specifically can carry out according to the following steps: 1) carry out the second encryption by the signature value of pre-defined algorithm to an APK, obtain the signature value of the APK after encrypting; Concrete, when carrying out the second encryption, be encrypted according to the signature value of pre-defined algorithm to APK by getPost function call getKey function; Wherein, pre-defined algorithm can be md5 cryptographic algorithm also can be the algorithm that can produce regular length character string; 2) the label name-value pair of the APK after this encryption is utilized to be used for asking the required parameter of network data to carry out the first encryption.
Corresponding, after encrypted word throttling is sent to server by step S103, what server by utilizing was pre-configured deciphers this encrypted word throttling by the signature value of the 2nd APK after the encryption of this pre-defined algorithm.That is to say, make an appointment in client encrypt and the mode of deciphering in the server, this mode only has client and server to know, simultaneously owing to being carry out under the environment of C language, therefore this mode can not be acquired by decompiling, fully can ensure security.
In one aspect of the invention, first can carry out the initial detecting of APK in client, only have by initial detecting, just carry out the installation kit testing process in above-described embodiment after step S102; One of them optional method of initial detecting detects APK signature value; Concrete, initial detecting is carried out after step slol, comprises step:
The signature value of the one APK and the signature value at pre-configured the 2nd APK of client compare by client, if equal, then client carries out this S102 step and testing process afterwards; If unequal, then return for identifying the information that an APK is the APK be tampered.
Another optional method of initial detecting is the CRC (CyclicalRedundancyCheck obtaining the dex type of executable file (in the Android platform) file, CRC) value, compares the crc value of acquisition with pre-configured crc value; Concrete, initial detecting is carried out after step slol, comprises step:
Client obtains the crc value of the dex file of an APK;
The crc value of this dex file compares with pre-configured crc value by client, and wherein, pre-configured crc value is the crc value of the dex file of original APK;
When the crc value of dex file is equal with pre-configured crc value, client carries out above-mentioned S102 step and testing process afterwards.If the crc value of dex file and pre-configured crc value unequal, then return for identifying the information that an APK is the APK be tampered.
Another optional method of initial detecting is the crc value detecting dex file after detecting APK signature value again; Concrete, initial detecting is carried out after step slol, comprises step:
The signature value of the one APK and the signature value at pre-configured the 2nd APK of client compare by client, if equal, then client obtains the crc value of dex file; If unequal, then return for identifying the information that an APK is the APK be tampered;
When the crc value of this dex file is equal with pre-configured crc value, client carries out this S102 step and testing process afterwards; If unequal, then return for identifying the information that an APK is the APK be tampered.
As long as APK is by decompiling, dex file will change, and crc value also can change.Therefore according to the crc value of dex file, tentatively can judge whether an APK is tampered.
As shown in Figure 2, the method is based on client-side for a preferred embodiment flow process.Before carrying out idiographic flow, can obscure by advanced line code: the class name of an APK, bag name are obscured for Window system and linux system two systematic naming method systems forbid strictly the filename that uses, as com1, Com1 etc., wherein, obscure the class name, the bag name that refer to an APK to reorganize and process, obtain the filename that Window system and linux system two systematic naming method systems are forbidded strictly to use; Then following treatment scheme is carried out:
Step S201: client obtains the signature value of an APK under C language environment;
Step S202: client judges that whether the signature value of an APK is equal with the signature value of the 2nd pre-configured APK; Wherein, the 2nd APK is original APK; If judged result is no, then carry out step S203; If the determination result is YES, then step S204 is carried out;
Step S203: client returns for identifying the information that an APK is the APK be tampered;
Step S204: client obtains the crc value of the dex file of an APK;
Step S205: client judges that whether the crc value of dex file is equal with pre-configured crc value; Wherein, pre-configured crc value is the crc value for reference, i.e. the crc value of the dex file of original APK; When the crc value and pre-configured crc value that judge dex file are unequal, carry out step S203; When judging that the crc value of dex file is equal with pre-configured crc value, carry out step S206;
Step S206: client utilizes the label name-value pair of an APK to be used for asking the required parameter of network data to carry out the first encryption, obtains encrypted word throttling; Concrete, client first can also be encrypted the signature value of an APK by pre-defined algorithm; And then be used for asking the required parameter of network data to carry out the first encryption according to the signature value of the APK after encryption.
Step S207: encrypted word throttling is sent to server by client, the signature value for pre-configured the 2nd APK of server by utilizing deciphers this encrypted word throttling; Concrete, when in step S206, when being used for asking the required parameter of network data to carry out the first encryption according to the signature value of an APK after encryption, the signature value of the 2nd APK that what server by utilizing was pre-configured press after pre-defined algorithm encrypts, deciphers this encrypted word throttling.
Step S208: client receive when server decrypts required parameter, by server return for identifying the information that an APK is original APK; And when server does not decrypt required parameter, by server return for identifying the information that an APK is the APK be tampered.
The invention allows for the method for calibration of another kind of installation kit, the method is based on server side, and its flow process with reference to shown in figure 3, can comprise step:
Step S301: the encrypted word throttling that server receives client sends; Wherein, this encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted;
The signature value enabling decryption of encrypted byte stream of step S302: the 2nd APK that server by utilizing is pre-configured; Wherein, the 2nd APK is original APK;
Step S303: if server decrypts required parameter, then return for identifying the information that an APK is original APK to client; If server does not decrypt required parameter, then return for identifying the information that an APK is the APK be tampered to client.
The invention allows for the method for calibration of another kind of installation kit, its flow process can with reference to shown in figure 4, and the method is mutual based on client and server, and concrete steps comprise:
Step S401: client obtains the signature value of an APK under C language environment;
Step S402: client utilizes the label name-value pair of an APK to carry out the first encryption for asking the required parameter of network data, obtains encrypted word throttling;
Step S403: client sends above-mentioned encrypted word throttling to server;
The signature value enabling decryption of encrypted byte stream of step S404: the 2nd APK that server by utilizing is pre-configured; Wherein, the 2nd APK is original APK; Then step S405 or step S406 is carried out according to decrypted result.
Step S405: if server decrypts this required parameter, then return for identifying the information that an APK is this original APK to client;
Step S406: if server does not decrypt this required parameter, then return for identifying the information that an APK is the APK be tampered to client.
Another aspect of the present invention, also proposed a kind of client 801, and its structural representation can with reference to figure 5, and client 801 comprises:
First acquiring unit 601, for obtaining the signature value of an APK under C language environment;
Ciphering unit 602, being used for for utilizing the label name-value pair of an APK asking the required parameter of network data to carry out the first encryption, obtaining encrypted word throttling;
First transmitting element 603, for this encrypted word throttling is sent to server, for the signature value of pre-configured the 2nd APK of server by utilizing, deciphers this encrypted word throttling; Wherein, the 2nd APK is original APK;
First receiving element 604, for receive return when server does not decrypt this required parameter for identifying the information that an APK is the APK be tampered.And, receive return when server decrypts this required parameter for identifying the information that an APK is this original APK.
The another aspect of above-mentioned client, can also be configured to sign name-value pair APK according to APK and carry out initial detecting, concrete, see Fig. 6; Client also comprises:
First comparing unit 605, for comparing the signature value of the signature value of an APK and the 2nd pre-configured APK;
First notification unit 606, for when the comparative result of this first comparing unit is equal, notifies that this ciphering unit is to for asking the required parameter of network data to carry out the first encryption; When the comparative result of this first comparing unit is unequal, return for identifying the information that an APK is the APK be tampered; Wherein, the 2nd APK is original APK.
The another aspect of above-mentioned client, can also be configured to carry out initial detecting according to crc value to APK.Concrete, see Fig. 7, client also comprises:
Second acquisition unit 607, for obtaining the crc value of the dex file of an APK;
Second comparing unit 608, for comparing the crc value of this dex file and pre-configured crc value;
Second notification unit 609, for when the comparative result of the second comparing unit is equal, notifies that this ciphering unit is to for asking the required parameter of network data to carry out the first encryption; When the comparative result of the second comparing unit is unequal, return for identifying the information that an APK is the APK be tampered; Wherein, pre-configured crc value is the crc value of the dex file of original APK.
Another aspect of the present invention, also proposed a kind of server 802, and its structural representation can with reference to figure 8, and server 802 comprises:
Second receiving element 701, for receiving the encrypted word throttling that client sends; Wherein, this encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted;
Decryption unit 702, deciphers this encrypted word throttling for utilizing the signature value of the 2nd pre-configured APK; Wherein, the 2nd APK is original APK;
Second transmitting element 703, if for decrypting this required parameter, then returns for identifying the information that an APK is this original APK to client; If do not decrypt this required parameter, then return for identifying the information that an APK is the APK be tampered to client.
Another aspect of the present invention, also proposed a kind of check system of installation kit, and its structural representation can with reference to figure 9, and this system comprises: the client 801 shown in Fig. 5 and the server shown in Fig. 8 802.Also can be the client of Fig. 6 or Fig. 7 and the server of Fig. 8.
Utilize the present invention, client obtains the signature value of APK and utilizes this signature value encrypt the network data request of APK and the byte stream after encryption is sent to server verification in C language environment, due to said process logic compile in C language after produce * .so file, packing party cracks the logic in * .so by decompiling instrument by being difficult to, and breaking techniques difficulty increases greatly than the scheme using Java language to realize; At server side, the signature value of pre-configured original APK is utilized to remove to decipher the byte stream of above-mentioned encryption, if above-mentioned network data request can be gone out by successful decryption, the original APK that above-mentioned client is installed then is described, if above-mentioned network data request can not be decrypted, then illustrate that above-mentioned client is installed is the APK be tampered, thus the correlation function of the client being provided with the APK be tampered can be forbidden; Therefore the check logic of APK can be prevented by decompiling, improve the reliability of installation kit inspection.
In addition, typically, mobile terminal of the present invention can be the various hand-held terminal device with Bluetooth function, such as, have the mobile phone of Bluetooth function, personal digital assistant (PDA).
In addition, the computer program performed by the processor (such as CPU) in mobile terminal can also be implemented as according to method of the present invention, and store in a memory in the mobile terminal.When this computer program is executed by processor, perform the above-mentioned functions limited in method of the present invention.
In addition, a kind of computer program can also be embodied as according to method of the present invention, this computer program comprises computer-readable medium, stores the computer program for performing the above-mentioned functions limited in method of the present invention on the computer-readable medium.
In addition, said method step and system unit also can utilize controller and realize for storing the computer readable storage devices making controller realize the computer program of above-mentioned steps or Elementary Function.
Those skilled in the art will also understand is that, may be implemented as electronic hardware, computer software or both combinations in conjunction with various illustrative logical blocks, module, circuit and the algorithm steps described by disclosure herein.In order to this interchangeability of hardware and software is clearly described, the function with regard to various exemplary components, square, module, circuit and step has carried out general description to it.This function is implemented as software or is implemented as hardware and depends on embody rule and be applied to the design constraint of whole system.Those skilled in the art can realize described function in every way for often kind of embody rule, but this realization determines should not be interpreted as causing departing from the scope of the present invention.
Although disclosed content shows exemplary embodiment of the present invention above, it should be noted that under the prerequisite not deviating from the scope of the present invention that claim limits, can multiple change and amendment be carried out.Need not perform with any particular order according to the function of the claim to a method of inventive embodiments described herein, step and/or action.In addition, although element of the present invention can describe or requirement with individual form, also it is contemplated that multiple, is odd number unless explicitly limited.
Although describe each embodiment according to the present invention above with reference to figure to be described, it will be appreciated by those skilled in the art that each embodiment that the invention described above is proposed, various improvement can also be made on the basis not departing from content of the present invention.Therefore, protection scope of the present invention should be determined by the content of appending claims.
Claims (12)
1. a method of calibration for installation kit, wherein, comprises step:
The signature value of an APK is obtained under C language environment; And utilize the label name-value pair of a described APK to be used for asking the required parameter of network data to carry out the first encryption, obtain encrypted word throttling;
Described encrypted word throttling is sent to server, and the signature value for pre-configured the 2nd APK of server by utilizing deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
Receive return when server does not decrypt described request parameter for identifying the information that a described APK is the APK be tampered.
2. the method for calibration of installation kit as claimed in claim 1, wherein, the described step utilizing the label name-value pair of an APK to be used for asking the required parameter of network data to carry out the first encryption comprises:
Carry out the second encryption by the signature value of pre-defined algorithm to a described APK, obtain the signature value of the APK after encrypting; The label name-value pair of the APK after described encryption is utilized to be used for asking the required parameter of network data to carry out the first encryption;
The step that the signature value of the 2nd APK that described server by utilizing is pre-configured deciphers described encrypted word throttling comprises:
The signature value by the 2nd APK after described pre-defined algorithm encryption that described server by utilizing is pre-configured, deciphers described encrypted word throttling.
3. the method for calibration of installation kit as claimed in claim 2, wherein, described pre-defined algorithm is the algorithm that can produce regular length character string; The cryptographic algorithm that described first encryption adopts is reversible symmetry algorithm.
4. the method for calibration of installation kit as claimed in claim 1, wherein, after the step of the signature value of described acquisition the one APK under C language environment, also comprises step:
The signature value of the signature value of the one APK and the 2nd pre-configured APK being compared, if equal, then carrying out described to the step for asking the required parameter of network data to carry out the first encryption; If unequal, then return for identifying the information that a described APK is the APK be tampered; Wherein, described 2nd APK is original APK.
5. the method for calibration of installation kit as claimed in claim 1, wherein, after the step of the signature value of described acquisition the one APK under C language environment, also comprises step:
Obtain the crc value of the dex file of an APK;
When the crc value of described dex file is equal with pre-configured crc value, carry out described to the step for asking the required parameter of network data to carry out the first encryption; If unequal, then return for identifying the information that a described APK is the APK be tampered; Wherein, pre-configured crc value is the crc value of the dex file of original APK.
6. a method of calibration for installation kit, wherein, comprises step:
Receive the encrypted word throttling that client sends; Wherein, described encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted;
The signature value of the 2nd pre-configured APK is utilized to decipher described encrypted word throttling; Wherein, described 2nd APK is original APK;
If do not decrypt described request parameter, then return for identifying the information that a described APK is the APK be tampered to client.
7. a method of calibration for installation kit, wherein, comprises step:
Client obtains the signature value of an APK under C language environment;
Client utilizes the label name-value pair of a described APK to carry out the first encryption for asking the required parameter of network data, obtains encrypted word throttling;
Described encrypted word throttling is sent to server by client;
The signature value of the 2nd APK that described server by utilizing is pre-configured, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
If server does not decrypt described request parameter, then return for identifying the information that a described APK is the APK be tampered to client.
8. a client, wherein, comprising:
First acquiring unit, for obtaining the signature value of an APK under C language environment;
Ciphering unit, being used for for utilizing the label name-value pair of a described APK asking the required parameter of network data to carry out the first encryption, obtaining encrypted word throttling;
First transmitting element, for described encrypted word throttling is sent to server, the signature value for pre-configured the 2nd APK of server by utilizing deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
First receiving element, for receive return when server does not decrypt described request parameter for identifying the information that a described APK is the APK be tampered.
9. client as claimed in claim 8, wherein, described client also comprises:
First comparing unit, for comparing the signature value of the signature value of an APK and the 2nd pre-configured APK;
First notification unit, for when the comparative result of described first comparing unit is equal, notifies that described ciphering unit is to for asking the required parameter of network data to carry out the first encryption; When the comparative result of described first comparing unit is unequal, return for identifying the information that a described APK is the APK be tampered; Wherein, described 2nd APK is original APK.
10. client as claimed in claim 8, wherein, described client also comprises:
Second acquisition unit, for obtaining the crc value of the dex file of an APK;
Second comparing unit, for comparing the crc value of described dex file and pre-configured crc value;
Second notification unit, for when the comparative result of the second comparing unit is equal, notifies that described ciphering unit is to for asking the required parameter of network data to carry out the first encryption; When the comparative result of the second comparing unit is unequal, return for identifying the information that a described APK is the APK be tampered; Wherein, pre-configured crc value is the crc value of the dex file of original APK.
11. 1 kinds of servers, wherein, comprising:
Second receiving element, for receiving the encrypted word throttling that client sends; Wherein, described encrypted word throttling is that the label name-value pair of the APK utilizing client to obtain under C language environment obtains for asking the required parameter of network data to be encrypted;
Decryption unit, for utilizing the signature value of the 2nd pre-configured APK, deciphers described encrypted word throttling; Wherein, described 2nd APK is original APK;
Second transmitting element, if for not decrypting described request parameter, then returns for identifying the information that a described APK is the APK be tampered to client.
The check system of 12. 1 kinds of installation kits, wherein, comprising: client as claimed in claim 8 and server according to claim 11.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410379582.9A CN105320535B (en) | 2014-08-04 | 2014-08-04 | A kind of method of calibration of installation kit, client, server and system |
| PCT/CN2015/084272 WO2016019790A1 (en) | 2014-08-04 | 2015-07-16 | Verification method, client, server and system for installation package |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410379582.9A CN105320535B (en) | 2014-08-04 | 2014-08-04 | A kind of method of calibration of installation kit, client, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105320535A true CN105320535A (en) | 2016-02-10 |
| CN105320535B CN105320535B (en) | 2019-02-15 |
Family
ID=55247961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410379582.9A Active CN105320535B (en) | 2014-08-04 | 2014-08-04 | A kind of method of calibration of installation kit, client, server and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105320535B (en) |
| WO (1) | WO2016019790A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778099A (en) * | 2016-11-29 | 2017-05-31 | 北京奇虎科技有限公司 | The generation method and device of anti-tamper APK, install and operation method and device |
| CN107046541A (en) * | 2017-04-18 | 2017-08-15 | 深圳市法马新智能设备有限公司 | A kind of wireless receiving and dispatching encryption communication method and its device |
| CN108563953A (en) * | 2018-03-26 | 2018-09-21 | 南京微可信信息技术有限公司 | A kind of trusted application development approach of secure extensible |
| CN108923910A (en) * | 2018-07-12 | 2018-11-30 | 南方电网科学研究院有限责任公司 | A kind of method that mobile application APK is anti-tamper |
| CN112861191A (en) * | 2021-04-23 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Application program monitoring method and device |
| CN113094660A (en) * | 2021-04-02 | 2021-07-09 | 上海中通吉网络技术有限公司 | Interface calling method, device and equipment and storage medium |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110276173A (en) * | 2019-06-18 | 2019-09-24 | 福州数据技术研究院有限公司 | Dual system termi-nal with server prevents bis- packing operation methods of apk |
| CN110278115B (en) | 2019-06-20 | 2022-11-08 | 京东方科技集团股份有限公司 | Hot update method and device |
| CN110262834A (en) * | 2019-06-25 | 2019-09-20 | 上海缤游网络科技有限公司 | A kind of method and device producing installation kit |
| CN112114824B (en) * | 2020-09-07 | 2023-05-02 | 上海上讯信息技术股份有限公司 | Linux-based software deployment method and device |
| CN114760078B (en) * | 2022-06-15 | 2022-09-06 | 北京亿赛通科技发展有限责任公司 | Method and system for preventing malicious tampering of page request parameters |
| CN117390604A (en) * | 2022-08-15 | 2024-01-12 | 荣耀终端有限公司 | Local authentication method and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457574A (en) * | 2011-10-21 | 2012-05-16 | 北京安天电子设备有限公司 | Method and system for intelligent multi-address downloading of installation package |
| CN102982258A (en) * | 2012-11-09 | 2013-03-20 | 北京深思洛克软件技术股份有限公司 | System for conducting original-edition check to mobile application program |
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050102669A1 (en) * | 2003-10-15 | 2005-05-12 | Siemens Medical Solutions Usa, Inc. | Software installation file verification media and methods for medical equipment |
| CN101256607B (en) * | 2008-03-10 | 2011-08-10 | 北京深思洛克软件技术股份有限公司 | Method for remote updating and controlling use of software protection apparatus |
| CN103544046A (en) * | 2013-10-25 | 2014-01-29 | 苏州通付盾信息技术有限公司 | Mobile application software reinforcement method |
| CN103823751B (en) * | 2013-12-13 | 2016-05-11 | 国家计算机网络与信息安全管理中心 | A kind of counterfeit application program monitoring method of injecting based on feature |
-
2014
- 2014-08-04 CN CN201410379582.9A patent/CN105320535B/en active Active
-
2015
- 2015-07-16 WO PCT/CN2015/084272 patent/WO2016019790A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102457574A (en) * | 2011-10-21 | 2012-05-16 | 北京安天电子设备有限公司 | Method and system for intelligent multi-address downloading of installation package |
| CN103577206A (en) * | 2012-07-27 | 2014-02-12 | 北京三星通信技术研究有限公司 | Method and device for installing application software |
| CN102982258A (en) * | 2012-11-09 | 2013-03-20 | 北京深思洛克软件技术股份有限公司 | System for conducting original-edition check to mobile application program |
Non-Patent Citations (1)
| Title |
|---|
| LIXUANBIN: "《http://lixuanbin.iteye.com》", 10 June 2014 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778099A (en) * | 2016-11-29 | 2017-05-31 | 北京奇虎科技有限公司 | The generation method and device of anti-tamper APK, install and operation method and device |
| CN107046541A (en) * | 2017-04-18 | 2017-08-15 | 深圳市法马新智能设备有限公司 | A kind of wireless receiving and dispatching encryption communication method and its device |
| CN107046541B (en) * | 2017-04-18 | 2023-02-03 | 深圳市法马新智能设备有限公司 | Wireless transceiving encryption communication method and device thereof |
| CN108563953A (en) * | 2018-03-26 | 2018-09-21 | 南京微可信信息技术有限公司 | A kind of trusted application development approach of secure extensible |
| CN108563953B (en) * | 2018-03-26 | 2021-12-21 | 南京微可信信息技术有限公司 | Safe and extensible trusted application development method |
| CN108923910A (en) * | 2018-07-12 | 2018-11-30 | 南方电网科学研究院有限责任公司 | A kind of method that mobile application APK is anti-tamper |
| CN108923910B (en) * | 2018-07-12 | 2021-06-25 | 南方电网科学研究院有限责任公司 | Mobile application APK tamper-proofing method |
| CN113094660A (en) * | 2021-04-02 | 2021-07-09 | 上海中通吉网络技术有限公司 | Interface calling method, device and equipment and storage medium |
| CN112861191A (en) * | 2021-04-23 | 2021-05-28 | 腾讯科技(深圳)有限公司 | Application program monitoring method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105320535B (en) | 2019-02-15 |
| WO2016019790A1 (en) | 2016-02-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105320535A (en) | Checking method of installation package, client side, server and system | |
| CN110492990B (en) | Private key management method, device and system under block chain scene | |
| CN110401615B (en) | Identity authentication method, device, equipment, system and readable storage medium | |
| CN109194625B (en) | Client application protection method and device based on cloud server and storage medium | |
| CN107786331B (en) | Data processing method, device, system and computer readable storage medium | |
| KR101744747B1 (en) | Mobile terminal, terminal and method for authentication using security cookie | |
| CN112469036B (en) | Message encryption and decryption method and device, mobile terminal and storage medium | |
| CN106454528A (en) | Service processing method based on trusted execution environment and client side | |
| CN101682628A (en) | Secure communications | |
| CN106055936A (en) | Method and device for encryption/decryption of executable program data package | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| KR102137122B1 (en) | Security check method, device, terminal and server | |
| US11153074B1 (en) | Trust framework against systematic cryptographic | |
| WO2021114614A1 (en) | Application program secure startup method and apparatus, computer device, and storage medium | |
| WO2017066995A1 (en) | Method and device for preventing unauthorized access to server | |
| CN106470103A (en) | A kind of client sends the method and system of encryption URL request | |
| CN111316596A (en) | Encryption chip with identity authentication | |
| CN110659474B (en) | Inter-application communication method, device, terminal and storage medium | |
| US20180144142A1 (en) | Secure Data Protection and Encryption Techniques for Computing Devices and Information Storage | |
| CN103605927A (en) | Encryption and decryption method based on embedded Linux system | |
| KR20130100032A (en) | Method for distributting smartphone application by using code-signing scheme | |
| CN111949996A (en) | Generation method, encryption method, system, device and medium of security private key | |
| CN109784072A (en) | Security file management method and system | |
| CN106650342B (en) | Jar package reinforcement method and system | |
| CN104392153A (en) | Software protection method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160912 Address after: 510627 Guangdong city of Guangzhou province Whampoa Tianhe District Road No. 163 Xiping Yun Lu Yun Ping radio square B tower 13 floor 02 unit self Applicant after: GUANGZHOU I9GAME INFORMATION TECHNOLOGY CO., LTD. Address before: 100083 Beijing City, Haidian District Road, No. 28 into the house on the 12 floor Applicant before: Excelle View Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200811 Address after: 310052 room 508, floor 5, building 4, No. 699, Wangshang Road, Changhe street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Alibaba (China) Co.,Ltd. Address before: 510627 Guangdong city of Guangzhou province Whampoa Tianhe District Road No. 163 Xiping Yun Lu Yun Ping radio square B tower 13 floor 02 unit self Patentee before: Guangzhou Aijiuyou Information Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right |