CN106529222A - Protection method and protection system for preventing secondary packaging and cracking of application program - Google Patents
Protection method and protection system for preventing secondary packaging and cracking of application program Download PDFInfo
- Publication number
- CN106529222A CN106529222A CN201611128845.4A CN201611128845A CN106529222A CN 106529222 A CN106529222 A CN 106529222A CN 201611128845 A CN201611128845 A CN 201611128845A CN 106529222 A CN106529222 A CN 106529222A
- Authority
- CN
- China
- Prior art keywords
- application program
- hash
- file
- hash value
- value information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000005336 cracking Methods 0.000 title claims abstract description 24
- 238000009517 secondary packaging Methods 0.000 title abstract 3
- 238000012795 verification Methods 0.000 claims abstract description 60
- 238000012856 packing Methods 0.000 claims description 24
- 238000012937 correction Methods 0.000 claims description 7
- 238000012360 testing method Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 6
- 230000003014 reinforcing effect Effects 0.000 description 2
- 229910002056 binary alloy Inorganic materials 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a protection method for preventing secondary packaging and cracking of an application program. The method comprises the following steps of (1) carrying out encryption processing on the application program and obtaining the encrypted application program and a Hash verification certificate file of an application program file; (2) installing and running the encrypted application program and obtaining Hash value information of an encrypted application program file; and (3) verifying the Hash verification certificate file and the Hash value information and judging whether the Hash verification certificate file is consistent with the Hash value information or not, if so, enabling the application program to normally run, and if not, enabling the application program to quit running. The invention further provides a protection system for preventing secondary packaging and cracking of the application program.
Description
Technical field
The invention belongs to security technology area, more particularly to the anti-secondary packing and the protection for cracking of a kind of application program
Method and protection system.
Background technology
At present, existing on the market to apply Android or IOS uses signature check technology to beat as the anti-secondary of application program
Bag and the guard method for cracking and system.By taking Android platform as an example, the method is by Android java layer or c layers or server layer
During by obtaining current operation, the signature of program is once verified to judge whether changed when program signature with original signature
(I.e. secondary packing).
But, existing guard method is only verified to application program, before having original application program signature file
The meaning for just losing safeguard protection is put, and, existing guard method obtains the signature of program using Android system interface
Information, and Android system is due to increasing income, the code of each system interface all by being perfectly clear that hacker grasps, by simple
Hook technologies are rewritable, interception, monitor any data obtained by system interface, there is very big safe back door.
The content of the invention
It is an object of the invention to provide a kind of can improve answering for application security level by hash value check addition
With anti-secondary packing and the guard method for cracking and the protection system of program.
Technical scheme is as follows:A kind of anti-secondary packing and the guard method for cracking of application program includes:Plus
Close application program, the Hash verification certificate files of file in the application program and application program after acquisition is encrypted;Install and transport
Row it is described it is encrypted after application program, and obtain it is described it is encrypted after application program own files hash value information;School
Test the Hash to verify certificate file with the hash value information and judge whether consistent, if unanimously, application program is normal
Operation, if it is inconsistent, application program is out of service.
Preferably, the encryption application program is specifically included:To carrying out Hash per text document in the application program
Obtain and generate Hash verification certificate files.
Preferably, it is described obtain it is described it is encrypted after the hash value information of application program own files specifically include:Institute
State it is encrypted after application program obtain per text document hash value information.
Preferably, the verification Hash verifies certificate file with the hash value information and judges whether consistent concrete
Including:Verified described with the hash value information of the corresponding file per portion Hash verification certificate files;Judge
Whether the Hash verification certificate files of each file are consistent with corresponding hash value information;If described per portion Hash verifications
Certificate file is consistent with corresponding hash value information, and the application program continues normal operation;If arbitrary Hash
Verification certificate file is inconsistent with corresponding hash value information, then the application program is directly out of service.
Preferably, the file in the application program includes DEX file, XML file, text, resource file and stream
Media file.
A kind of anti-secondary packing of application program and the protection system for cracking, including:Encrypting module, for encrypting application
Program, the Hash verification certificate files of file in the application program and the application program after acquisition is encrypted;Hash value information
Acquisition module, for install and run it is described it is encrypted after application program after, obtain it is described it is encrypted after application program
The hash value information of own files;Hash value correction verification module, for verifying the Hash verification certificate files and the hash value
Information, judges whether that unanimously if unanimously, application program is normally run, if it is inconsistent, application program is out of service.
Preferably, the encrypting module, specifically for carrying out Hash acquisitions per text document in the application program
And generate corresponding Hash verifications certificate file.
Preferably, the hash value data obtaining module, specifically for every a in application program of the acquisition after encrypted
The hash value information of file.
Preferably, the hash value correction verification module, specifically for:By described per portion Hash verification certificate files and institute
The hash value information for stating corresponding file is verified;Judge the Hash verification certificate files and corresponding Hash of each file
Whether value information is consistent;It is if described consistent with corresponding hash value information per portion Hash verification certificate files, described
Application program continues normal operation;If arbitrary Hash verifications certificate file is inconsistent with corresponding hash value information,
Then the application program is directly out of service.
Preferably, the file in the application program includes DEX file, XML file, text, resource file and stream
Media file.
The technical scheme that the present invention is provided has the advantages that:
1st, the anti-secondary packing and the guard method for cracking of the application program and protection system are realized to every a resource text
Part, text, code file, media file etc. are verified, and realizing any text document has carried out deleting, changed, replace
Change and all can be detected by verification mode;
2nd, the anti-secondary packing and the guard method for cracking of the application program and protection system obtain file hash value, file school
The technology tested is all unrelated with the code of Android system or IOS systems, so safe back door will not be caused because Android is increased income to ask
Topic.
Description of the drawings
Fig. 1 is the anti-secondary packing of application program provided in an embodiment of the present invention and the flow chart element of the guard method for cracking
Figure;
Fig. 2 is the anti-secondary packing of application program shown in Fig. 1 and the schematic flow sheet of the guard method for cracking;
Fig. 3 is the anti-secondary packing of application program provided in an embodiment of the present invention and the structured flowchart of the protection system for cracking.
Specific embodiment
In order that the objects, technical solutions and advantages of the present invention become more apparent, it is below in conjunction with drawings and Examples, right
The present invention is further elaborated.It should be appreciated that specific embodiment described herein is only to explain the present invention, and
It is not used in the restriction present invention.
The description of specific distinct unless the context otherwise, the element and component in the present invention, quantity both can be with single shape
Formula is present, it is also possible in the form of multiple, and the present invention is not defined to this.Although the step in the present invention is entered with label
Arrangement is gone, but is not used to limit the precedence of step, unless expressly stated the order of step or holding for certain step
Based on row needs other steps, the relative rank of otherwise step is adjustable.It is appreciated that used herein
Term "and/or" is related to and covers one of associated Listed Items or one or more of any and all possible group
Close.
Please refer to Fig. 1 and Fig. 2, the anti-secondary packing and the protection for cracking of application program provided in an embodiment of the present invention
Method, wherein, the application program is the application program of mobile terminal, and, the mobile terminal including but not limited to has
The mobile terminals such as the mobile phone of Android platform or ios platform, flat board, Vehicular display device.
The anti-secondary packing and the guard method for cracking of the application program comprises the steps:
S1, encryption application program, the Hash verification certificate files of file in the application program and application program after acquisition is encrypted.
Specifically,
In the present embodiment, original application program is reinforced using encipheror, not only obtains having and prevent secondary packing
With crack defencive function it is encrypted after application program, also the every text document in the application program is carried out based on Hash
The reinforcing operation of algorithm, and obtain the Hash verification certificate file corresponding per text document.
Wherein, risk point of the encipheror from application program, labor hacker is to the anti-of application program
Compiling/compiling flow process, and by obtain application program in per text document carry out hash value verification come protect application program not by
It is secondary to pack and crack.I.e. described encipheror can prevent data input, data display, local datastore and data from passing
The leaking data problem occurred during defeated, such as safety keyboard, anti-screenshotss, anti-record screen, anti-fishing etc..It is selectable, it is described to add
Close program is the encipheror based on Android platform or ios platform.
In step sl, the encryption application program is specifically included:To carrying out per text document in the application program
Reinforcing based on hash algorithm is operated, and obtains the Hash verification certificate files in the application program per text document.It is optional
Select, the application file include but is not limited to DEX file, XML file, text, code file, resource file and
Files in stream media etc..
It should be noted that the binary value of random length to be mapped as hash algorithm the less binary system of regular length
Value, this less binary value are referred to as hash value.Hash value is the unique and extremely compact numerical value representation of one piece of data.
If hashing one section of plaintext and even only change the paragraph one is alphabetical, subsequent Hash will produce different values.Will
Find hash for same value two different inputs, computationally for it is substantially impossible.
Therefore, Hash is the numerical value that obtained by logical operation of data of the content according to file, different file (even if
It is identical filename) hash value that obtains is different, so hash value is just into the identity card of each file;And,
The file of different hash values is considered as different files, the content of the file of identical HASH value be certainly it is identical (i.e.
Make filename difference).
S2, install and run it is described it is encrypted after application program, and obtain it is described it is encrypted after application program itself
The hash value information of file.
Specifically, in step s 2, in mobile terminal, install, start and run it is described it is encrypted after application program
Afterwards, based on the hash algorithm, it is described it is encrypted after application program obtain own files hash value information.In the present embodiment
In, it is described it is encrypted after application program obtain per text document hash value information.
S3, by the Hash verification certificate file verified with the hash value information and judged whether it is consistent, if
Unanimously, then application program is normally run, if it is inconsistent, application program is out of service.
Specifically, in step s3, certificate file is with the hash value information and judges for the verification Hash verifications
Whether unanimously specifically include:
Verified described with the hash value information of the corresponding file per portion Hash verification certificate files;
Judge whether the Hash verification certificate files of each file are consistent with corresponding hash value information;
If described consistent with corresponding hash value information per portion Hash verification certificate files, the application program continues
It is normal to run;
If arbitrary Hash verifications certificate file is inconsistent with corresponding hash value information, the application program is direct
It is out of service.
In the present embodiment, when the application program after the encryption is run, the application program after the encryption is transported automatically
Row hash value verification operation.And, if any application file of the application program after the encryption is once changed
Dynamic, the application program terminates self-operating automatically.
Fig. 3 is referred to, is anti-secondary packing and the knot of the protection system for cracking of a kind of application program that the present invention is provided
Composition, the system include:Encrypting module 10, hash value data obtaining module 20 and hash value correction verification module 30.
Wherein, the encrypting module 10 is used to encrypt application program, the application program and the application after acquisition is encrypted
The Hash verification certificate files of file in program.
Specifically, in the encrypting module 10, for obtaining to carrying out Hash per text document in the application program
Take and generate corresponding Hash verifications certificate file.It is literary that file in the application program includes but is not limited to DEX file, XML
Part, resource file, code file, text and files in stream media etc..
In a preferred embodiment of the invention, the encrypting module 10 can be based on Android platform or ios platform
Encrypting module.Risk point of the encrypting module 10 from application program, anti-volume of the labor hacker to application program
Translate/flow process is compiled, carry out hash value verification to protect application program by the hash value obtained using journey in the school per text document
Not by it is secondary packing and crack.I.e. the encrypting module 10 can prevent data input, data display, local datastore and
The leaking data problem occurred in data transmission procedure, such as safety keyboard, anti-screenshotss, anti-record screen, anti-fishing etc..
Specifically, in mobile terminal, install, start and run it is described it is encrypted after application program after, based on described
Hash algorithm, the hash value data obtaining module 20 obtain it is described it is encrypted after application program own files hash value letter
Breath.In the present embodiment, the hash value data obtaining module 20 be used to obtaining it is encrypted after application program in per a text
The hash value information of part.
The hash value correction verification module 30 is used to verify the Hash verification certificate files and the hash value information, judges
Whether consistent, if unanimously, application program is normally run, if it is inconsistent, application program is out of service.
Specifically, the hash value correction verification module 30 verifies certificate file and the corresponding text per portion Hash by described
The hash value information of part is verified, by judge each file in application program Hash verify certificate file with it is corresponding
Whether hash value information is consistent, and the application program is verified.
In checking procedure, if all Hash verifications certificate files are consistent with corresponding hash value information,
The verification success of the application program is illustrated then, the application program continues normal operation.
If arbitrary Hash verifications certificate file is inconsistent with corresponding hash value information, the application is illustrated
The verification of program is unsuccessful, illustrates that the program in the application program is tampered itself, and the application program is directly out of service.
In the present embodiment, when the application program after the encryption is run, the application program after the encryption is transported automatically
Row hash value verification operation.And, it is if any file in the application program after the encryption is once altered, described
Application program terminates self-operating automatically.
Compared to prior art, the technical scheme that the present invention is provided has the advantages that:
1st, the anti-secondary packing and the guard method for cracking of the application program and protection system are realized to every a resource text
Part, text, code file, media file etc. are verified, and realizing any text document has carried out deleting, changed, replace
Change and all can be detected by verification mode;
2nd, the anti-secondary packing and the guard method for cracking of the application program and protection system obtain file hash value, file school
The technology tested is all unrelated with the code of Android system or IOS systems, will not cause safe back door problem because Android is increased income.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of spirit or essential attributes without departing substantially from the present invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit is required rather than described above is limited, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as and limit involved claim.
Moreover, it will be appreciated that although this specification is been described by according to embodiment, not each embodiment is only wrapped
Containing an independent technical scheme, this narrating mode of specification is only that those skilled in the art should for clarity
Using specification as an entirety, the technical scheme in each embodiment can also Jing it is appropriately combined, form those skilled in the art
Understandable other embodiment..
Claims (10)
1. the anti-secondary packing and the guard method for cracking of a kind of application program, it is characterised in that methods described includes:Encryption should
With program, the Hash verification certificate files of file in the application program and application program after acquisition is encrypted;Install and run institute
State it is encrypted after application program, and obtain it is described it is encrypted after application program own files hash value information;Verification institute
State Hash to verify certificate file with the hash value information and judge whether consistent, if unanimously, application program is normally run,
If it is inconsistent, application program is out of service.
2. the anti-secondary packing and the guard method for cracking of application program according to claim 1, it is characterised in that described
Encryption application program is specifically included:Obtain and generate Hash verification cards to carrying out Hash in the application program per text document
Written matter.
3. the anti-secondary packing and the guard method for cracking of application program according to claim 1, it is characterised in that described
Obtain it is described it is encrypted after the hash value information of application program own files specifically include:It is described it is encrypted after application program
Obtain the hash value information per text document.
4. the anti-secondary packing and the guard method for cracking of application program as claimed in claim 3, it is characterised in that the school
Test the Hash to verify certificate file with the hash value information and judge whether consistent specifically including:By described per a
Hash verification certificate files are verified with the hash value information of the corresponding file;Judge the Hash verifications of each file
Whether certificate file is consistent with corresponding hash value information;If it is described verify per portion Hash certificate file with it is corresponding
Hash value information it is consistent, the application program continues normal operation;If arbitrary Hash verification certificate files are right with institute
The hash value information answered is inconsistent, then the application program is directly out of service.
5. the anti-secondary packing and the guard method for cracking of the application program as described in any one of Claims 1-4, its feature exist
In the file in the application program includes DEX file, XML file, text, resource file and files in stream media.
6. a kind of anti-secondary packing of application program and the protection system that cracks, it is characterised in that the system includes:Encryption
Module, for encrypting application program, the Hash verification cards of file in the application program and the application program after acquisition is encrypted
Written matter;Hash value data obtaining module, for install and run it is described it is encrypted after application program after, obtain described
The hash value information of the application program own files after encrypted;Hash value correction verification module, for verifying the Hash verifications card
Written matter and the hash value information, judge whether that unanimously if unanimously, application program is normally run, if it is inconsistent,
Application program is out of service.
7. protection system as claimed in claim 6, it is characterised in that the encrypting module, specifically for the application journey
Carry out Hash to obtain and generate corresponding Hash verifications certificate file in sequence per text document.
8. protection system as claimed in claim 6, it is characterised in that the hash value data obtaining module, specifically for obtaining
Take it is encrypted after application program in per text document hash value information.
9. protection system as claimed in claim 8, it is characterised in that the hash value correction verification module, specifically for:By institute
State every a Hash verifications certificate file to be verified with the hash value information of the corresponding file;Judge each file
Whether Hash verification certificate files are consistent with corresponding hash value information;If described equal per portion Hash verification certificate files
Consistent with corresponding hash value information, the application program continues normal operation;If arbitrary Hash verifications certificate text
Part is inconsistent with corresponding hash value information, then the application program is directly out of service.
10. the protection system as described in any one of claim 6 to 9, it is characterised in that the file in the application program includes
DEX file, XML file, text, resource file and files in stream media.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611128845.4A CN106529222A (en) | 2016-12-09 | 2016-12-09 | Protection method and protection system for preventing secondary packaging and cracking of application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611128845.4A CN106529222A (en) | 2016-12-09 | 2016-12-09 | Protection method and protection system for preventing secondary packaging and cracking of application program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106529222A true CN106529222A (en) | 2017-03-22 |
Family
ID=58342962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611128845.4A Pending CN106529222A (en) | 2016-12-09 | 2016-12-09 | Protection method and protection system for preventing secondary packaging and cracking of application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106529222A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108319823A (en) * | 2018-02-02 | 2018-07-24 | 广东蜂助手网络技术股份有限公司 | A kind of Android APP signature binding method and device |
| CN110362970A (en) * | 2019-07-23 | 2019-10-22 | 北京智游网安科技有限公司 | A kind of method preventing application program decompiling, storage medium and terminal device |
| CN114722356A (en) * | 2021-01-04 | 2022-07-08 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device, medium and equipment for protecting copyright based on block chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130151861A1 (en) * | 2011-12-08 | 2013-06-13 | Raytheon Company | System and method to protect computer software from unauthorized use |
| CN105426708A (en) * | 2016-01-19 | 2016-03-23 | 北京鼎源科技有限公司 | Reinforcing method of application program of Android system |
| CN106055936A (en) * | 2016-05-18 | 2016-10-26 | 深圳大学 | Method and device for encryption/decryption of executable program data package |
-
2016
- 2016-12-09 CN CN201611128845.4A patent/CN106529222A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130151861A1 (en) * | 2011-12-08 | 2013-06-13 | Raytheon Company | System and method to protect computer software from unauthorized use |
| CN105426708A (en) * | 2016-01-19 | 2016-03-23 | 北京鼎源科技有限公司 | Reinforcing method of application program of Android system |
| CN106055936A (en) * | 2016-05-18 | 2016-10-26 | 深圳大学 | Method and device for encryption/decryption of executable program data package |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108319823A (en) * | 2018-02-02 | 2018-07-24 | 广东蜂助手网络技术股份有限公司 | A kind of Android APP signature binding method and device |
| CN110362970A (en) * | 2019-07-23 | 2019-10-22 | 北京智游网安科技有限公司 | A kind of method preventing application program decompiling, storage medium and terminal device |
| CN114722356A (en) * | 2021-01-04 | 2022-07-08 | 武汉斗鱼鱼乐网络科技有限公司 | Method, device, medium and equipment for protecting copyright based on block chain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106230851B (en) | Data security method and system based on block chain | |
| CN104579649B (en) | Personal identification method and system | |
| CN110225063A (en) | Upgrade method, upgrade-system, server and the car-mounted terminal of automobile mounted system | |
| EP2854070A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
| US8484752B2 (en) | Verifying authenticity of electronic control unit code | |
| CN105429754B (en) | The management method and system of national standard Electronic Signature | |
| CN109714303A (en) | BIOS starts method and data processing method | |
| US20160197950A1 (en) | Detection system and method for statically detecting applications | |
| CN106055936A (en) | Method and device for encryption/decryption of executable program data package | |
| CN106529222A (en) | Protection method and protection system for preventing secondary packaging and cracking of application program | |
| US20150200783A1 (en) | Secure access for sensitive digital information | |
| CN107301343A (en) | Secure data processing method, device and electronic equipment | |
| CN113472521A (en) | Block chain-based real-name digital identity management method, signature device and verification device | |
| CN106548065B (en) | Application program installation detection method and device | |
| CN108599961A (en) | A kind of communication means, car-mounted terminal, automobile services platform and system | |
| EP1430680B1 (en) | Server with file verification | |
| CN107196761A (en) | A kind of method of core function in protection application program | |
| CN107908962A (en) | Self checking method applied to Android intelligent terminal | |
| CN107454041A (en) | Prevent the method and device that server is attacked | |
| CN108599959A (en) | Certificate of authority method of calibration, device and readable storage medium storing program for executing, application apparatus | |
| WO2017197869A1 (en) | Version file checking method and apparatus, encryption method and apparatus, and storage medium | |
| CN111479265A (en) | Information dissemination method and device, computer equipment and storage medium | |
| CN109033818B (en) | Terminal, authentication method, and computer-readable storage medium | |
| US20140230068A1 (en) | System and method for packaging and authenticating a software product | |
| CN105812134A (en) | Digital signature method, digital signature verification method, security authentication device and security authentication apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170322 |