CN107870793B - Method and device for loading SO file in application program - Google Patents
Method and device for loading SO file in application program Download PDFInfo
- Publication number
- CN107870793B CN107870793B CN201711403504.8A CN201711403504A CN107870793B CN 107870793 B CN107870793 B CN 107870793B CN 201711403504 A CN201711403504 A CN 201711403504A CN 107870793 B CN107870793 B CN 107870793B
- Authority
- CN
- China
- Prior art keywords
- file
- application program
- check value
- current
- factory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012795 verification Methods 0.000 claims description 28
- 238000012544 monitoring process Methods 0.000 claims description 7
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 230000001960 triggered effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for loading an SO file in an application program. The method comprises the following steps: when an operation instruction of an application program is received, a shell code in the application program and a current SO file of the application program are obtained, the shell code is called to encrypt the current SO file by a first encryption algorithm to obtain a current check value, the shell code is called to compare whether the current check value is consistent with a factory check value stored in the application program in advance, the factory check value is a check value formed after the factory SO file of the application program is encrypted by the first encryption algorithm, when the current check value is determined to be the same as the factory check value, the current SO file of the application program is loaded according to the operation instruction, whether the current SO file is the same as the factory SO file is verified by the shell code, and the current SO file is loaded only when the current SO file is determined to be the same as the factory SO file, SO that the safety of loading the SO file in the application program is improved.
Description
Technical Field
The embodiment of the invention relates to computer technology, in particular to a method and a device for loading an SO file in an application program.
Background
With the development of communication and computer technologies, the use of terminal devices such as mobile phones and the like is more and more widespread. In the development process of Android (Android) mobile applications, how to prevent the applications from being decompiled is an important measure for ensuring the running safety of the applications.
Currently, to prevent an application from being decompiled, some core functions of the application are written in C or C + +. For convenience of use, codes written in C or C + + language are compiled into SO files and provided externally. And directly loading the compiled SO file in an application program, and calling by using a JAVA Native Interface (JNI) technology. Generally, when an SO file is loaded, the SO file is placed at a program entrance of an application program, SO that the SO file is loaded into a memory of a terminal device as long as a packaged Android Package (APK) is run.
However, with the increase of attack means, the SO file can be disassembled by an Interactive Disassembler Professional (IDApro), the binary code can be converted into assembly language, and the code in the SO file can be viewed. And the content of the SO file can be modified by combining binary editing software such as a text editor (UltraEdit). When the application program is running, the modified SO file is loaded, which may threaten the information security of the user. Therefore, the security of the current application program is low when the SO file is loaded.
Disclosure of Invention
The invention provides a method and a device for loading an SO file in an application program, which are used for solving the problem of low security of loading the SO file in the current application program and improving the security of loading the SO file in the application program.
In a first aspect, an embodiment of the present invention provides a method for loading an SO file in an application program, where the application program is installed on a terminal device whose operating system is an android operating system, and the method includes:
when an operation instruction of the application program is received, acquiring a shell code in the application program and a current SO file of the application program;
calling the shell code to encrypt the current SO file by a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value stored in an application program in advance; the factory check value is a check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm;
and if the factory check value is consistent with the current check value, loading the current SO file of the application program according to the running instruction.
In a second aspect, an embodiment of the present invention further provides an apparatus for loading an SO file in an application program, where the application program is installed in the apparatus, an operating system of the apparatus is an android operating system, and the apparatus includes:
the acquisition module is used for acquiring a shell code in the application program and a current SO file of the application program when receiving an operation instruction of the application program;
the first calling module is used for calling the shell code to encrypt the current SO file by using a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value stored in an application program in advance; the factory check value is a check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm;
and the loading module is used for loading the current SO file of the application program according to the running instruction when the factory check value is consistent with the current check value.
In a third aspect, an embodiment of the present invention further provides a terminal device, where the terminal device includes:
one or more processors;
a memory for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for loading SO files in an application program according to the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for loading an SO file in an application program according to the first aspect.
The method and the device for loading the SO file in the application program provided by the embodiment of the invention can be used for obtaining the shell code in the application program and the current SO file of the application program when receiving the operation instruction of the application program, calling the shell code to encrypt the current SO file by using a first encryption algorithm to obtain the current check value, calling the shell code to compare whether the current check value is consistent with the factory check value pre-stored in the application program, wherein the factory check value is the check value formed after the factory SO file of the application program is encrypted by using the first encryption algorithm, when the current check value is the same as the factory check value, the current SO file of the application program is loaded according to the operation instruction, SO that whether the current SO file is the same as the factory SO file is verified by the shell code, and the current SO file can be loaded only when the current SO file is determined to be the same as the factory SO file, the leakage of user information caused by loading the modified SO file is avoided, SO that the safety of loading the SO file in the application program is improved, and further, the information safety of the user is ensured.
Drawings
Fig. 1 is a schematic flowchart of a first embodiment of a method for loading an SO file in an application according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a user interface in the embodiment of FIG. 1;
fig. 3 is a schematic flowchart of a second embodiment of a method for loading an SO file in an application according to an embodiment of the present invention;
FIG. 4 is a schematic illustration of a user interface in the embodiment of FIG. 3;
fig. 5 is a schematic structural diagram of a first apparatus for loading an SO file in an application according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a second apparatus for loading an SO file in an application according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
At present, SO files compiled by codes written in C or C + + languages can be attacked and implanted with viruses, SO that the information security of users is threatened. The embodiment of the invention provides a method for loading an SO file in an application program, aiming at solving the problem.
Fig. 1 is a schematic flowchart of a first embodiment of a method for loading an SO file in an application program according to an embodiment of the present invention. The embodiment can be applied to the situation that the SO file is loaded after the application program runs. The method may be performed by a processor of a terminal device. As shown in fig. 1, the embodiment of the present invention specifically includes the following steps:
step 101: and when an operation instruction of the application program is received, acquiring a shell code in the application program and a current SO file of the application program.
Specifically, the terminal device in this embodiment may be a handheld device, a vehicle-mounted device, a wearable device, a computing device, and various forms of User Equipment (UE), a Mobile Station (MS), a terminal (terminal), and the like, of which an operating system is android. Exemplarily, the terminal device in this embodiment is a mobile phone.
Existing applications can be divided into: different application types such as tool type programs, game type programs, shopping type programs, life type programs and multimedia type programs. The application program in the embodiment of the present invention may be any of the above-described application programs. For example, the application program in the embodiment of the present invention may be an instant messaging program, a video playing program, or an online shopping program.
In this embodiment, the application program has been installed in advance on the terminal device. Installing the application may be accomplished by an APK running the application. In one implementation, the APK of the application may be obtained by the terminal device from an application store via a network. In another implementation manner, the APK of the application may be obtained by the terminal device from another terminal device through a connection signal such as bluetooth. In yet another implementation, the APK of the application program may be pre-stored on the terminal device by the manufacturer of the terminal device at the time of factory shipment.
In this embodiment, the execution main body hardware is a processor of the terminal device, and the software is a main program of the application program.
After the application program is installed, the application program may be executed under the control of a user or other devices, that is, an execution instruction of the application program may be triggered by the user or other devices. In one implementation, the terminal device may determine that the application needs to be run after receiving a running instruction triggered by a user, where the running instruction may be triggered by a touch screen or a microphone. For example, the user clicks on an icon of the application to run the application. In another implementation manner, after receiving an operation instruction sent by the control device, the terminal device determines that the application program needs to be operated, and the operation instruction may be triggered by remote control or a predetermined manner. For example, the control device sends a video to the terminal device, and sets in advance that the terminal device starts to run a video playback program to play the video after receiving the video, in which case, after the terminal device receives the video, it is determined that the application program needs to run.
In this embodiment, the SO file is placed at the program entrance of the application program, and therefore, the SO file is loaded after the application program runs. Therefore, in the embodiment of the present invention, in order to ensure the security of loading the SO file in the application program, after receiving an operation instruction triggered by a user or triggered by another device, a shell code in the application program and a current SO file of the application program need to be acquired to verify the current SO file.
The shell code in the embodiment of the present invention may be a file named ksotp. SO files may be files named libsotpcomm.
The current SO file of the application program in step 101 refers to an SO file in the application program when the operation instruction of the application program is received. When the application program leaves the factory, the application program can be provided with a factory SO file. After the application is installed on the terminal device, the factory SO file may be illegally modified. That is, the current SO file may or may not be the same as the factory SO file. If the SO file is the same as the factory SO file, the current SO file of the application program is not modified; if the SO file is different from the factory SO file, the current SO file of the application program is modified.
The shell code referred to in this embodiment is code written by a developer of the application. The shell code is used for verifying the current SO file.
Step 102: and calling the shell code to encrypt the current SO file by using a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value pre-stored in the application program.
The factory check value is the check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm.
Specifically, after the current SO file and the shell code are acquired, the current SO file can be verified through the shell code.
In this embodiment, the application program stores a factory verification value in advance. The factory check value is determined based on a first encryption algorithm and a factory SO file of the application program when the APK of the application program is factory. The factory SO file referred to herein refers to an SO file that is determined by a developer of an application program when developing the SO file and has not been modified by another person without modification authority. The SO file is a binary file formed by compiling codes written in C or C + +.
In this embodiment, whether the current SO file is modified may be determined by calculating a current check value of the current SO file and comparing whether the current check value is the same as the factory check value. Specifically, whether the current check value is the same as the factory check value is determined by calling a shell code.
The shell code in this embodiment functions as: and encrypting the current SO file according to a first encryption algorithm, determining a current check value, and comparing whether the current check value is the same as the factory check value. The first encryption Algorithm may be a Message Digest Algorithm (MD 5), a Secure Hash Algorithm (SHA), a Hash Authentication Code (HMAC), or other encryption algorithms.
Alternatively, the first encryption algorithm may be the national secret SM3 — HMAC algorithm. The SM3-HMAC algorithm generates a hash value through padding and iterative compression, and the length of the hash value is 256 bits. Accordingly, when determining the factory verification value, the SM3-hmac. exe tool may be used to obtain the factory verification value of the factory SO file. Compared with other algorithms, the SM3-HMAC algorithm outputs a longer hash value, and therefore, the security is higher.
In one implementation, the factory check value is directly stored in a storage space in a private directory of the application program in the terminal device, and when the current check value is compared with the factory check value, the factory check value is read from the private directory of the application program in the terminal device and compared.
In another implementation, the factory verification value is stored in the storage space under the private directory of the application program in the terminal device in the form of a verification file. The verification file referred to herein is a file formed by encrypting the factory verification value according to a second encryption algorithm.
Optionally, after the application program is installed and when the application program is run for the first time, a shell code may be called, where the shell code is used to encrypt the factory verification value with the second encryption algorithm to form a verification file, and store the verification file in a storage space in a private directory of the application program in the terminal device. It should be noted that, when the shell code is called and the factory check value is encrypted by the second encryption algorithm, the factory check value may be assigned to a temporary variable, and then the temporary variable is encrypted, the encrypted factory check value is written into the check file, and the check file is stored in the storage space in the private directory of the application program. To further ensure the security of the check file, the value of the temporary variable may be cleared after the check file is stored. Emptying the temporary variable can prevent the temporary variable from remaining in the memory space, thereby avoiding the problem of factory check value leakage.
The format of the check file can be txt, bin and the like. Illustratively, the check file may be a file named SM3-hmac. The second Encryption algorithm may be an SM1 algorithm, an SM4 algorithm, an Advanced Encryption Standard (AES), or a Data Encryption Standard (DES). Illustratively, the second encryption algorithm may be the SM4 algorithm, which is a block cipher algorithm, with a block length of 128 bits and a key length of 128 bits.
Based on the storage mode of the factory check value, when the terminal device calls the shell code to determine whether the current check value is the same as the factory check value, the following two implementation modes are provided:
the first realization mode is as follows: and the shell code determines a factory check value according to the decryption algorithm corresponding to the second encryption algorithm and the check file, and determines whether the current check value is the same as the factory check value. In this implementation manner, after the shell code obtains the check file from the storage space in the private directory of the application program in the terminal device, the content in the check file is decrypted according to the decryption algorithm corresponding to the second encryption algorithm, and after the factory check value is obtained, the current check value is compared with the factory check value to determine whether the current check value is the same as the factory check value.
The second implementation manner is as follows: the shell code encrypts the current check value according to a second encryption algorithm to form an encrypted current check value, and determines whether the encrypted current check value is the same as the value stored in the check file.
It should be noted that, in the terminal device with an android operating system, all data in the application program is private. When an application program is installed in an operating system, a folder is used for storing own data, and only the application program has write authority to the folder. No other application can write data in this folder. The storage path of this folder is the private directory of the application.
The factory check value is stored in the storage space under the private directory of the application program in the terminal equipment, or the factory check value is stored in the storage space under the private directory of the application program in the terminal equipment in the form of a check file, and the storage mode can ensure that other application programs cannot modify the factory check value, so that the running safety of the application program is further improved. Further, the factory check value is stored in a storage space under a private directory of an application program in the terminal device in the form of a check file, and the check file is formed by encrypting the factory check value according to a second encryption algorithm, SO that on one hand, double encryption of the factory SO file is realized, and the security is higher, and on the other hand, the purpose of storing the factory check value by using the check file is to facilitate subsequent monitoring of the check file, SO that a user is reminded when an attacker illegally modifies the factory check value, and the security of loading the SO file is further improved. This implementation will be described in detail in the embodiment shown in fig. 3.
After the main program of the application program calls the shell code, the shell code can return the operation result to the main program after the operation is finished.
Step 103: and if the current check value is consistent with the factory check value, loading the current SO file of the application program according to the operation instruction.
Specifically, when the current check value is determined to be the same as the factory check value, which indicates that the current SO file is the same as the factory SO file, the current SO file is proved to be safe, and at this time, the current SO file is loaded according to the operation instruction to call the method in the SO file.
Optionally, in step 103, the current SO file may be loaded by calling a system. The parameter in the system load method is the path of the SO file in the application.
In one implementation, the operation of the application is terminated if the current check value is inconsistent with the factory check value.
In another implementation manner, this embodiment further includes step 104: and if the current check value is different from the factory check value, outputting first prompt information.
Wherein the first prompt message is used for indicating that the current SO file of the application program has been modified.
Specifically, when the current check value is determined to be different from the factory check value, which indicates that the current SO file is different from the factory SO file, it is proved that the current SO file has been modified and a potential safety hazard may exist, and at this time, first prompt information is output to prompt a user.
In step 104, the first prompt message may be output in an interface display mode, in a vibration mode or in a voice prompt mode.
The following description will be given taking an example in which the first presentation information is output by using an interface display. FIG. 2 is a schematic diagram of a user interface in the embodiment shown in FIG. 1. As shown in fig. 2, in the user interface 201, a prompt message "the application has been illegally modified, an exit is suggested" is output, and a button 202 for determining the exit and a button 203 for canceling the exit are given. The user can select according to the requirement of the user.
The above process is illustrated below with a specific example: after downloading the installation package of the online shopping program, a user installs the online shopping program on a mobile phone, wherein the online shopping program comprises a factory SO file, a factory check value of the factory SO file and a shell code. After the installation is completed and the online shopping program runs for the first time, the main program of the application program calls the shell code, the factory check value of the factory SO file in the online shopping program is encrypted to form a check file, and the check file is stored in the storage space of the private directory of the online shopping program on the terminal equipment. Meanwhile, the factory SO file and the shell code can be stored in the terminal equipment. After the installation is completed, an icon of the online shopping program appears on a mobile phone application program interface. After the first operation, when determining that the online shopping program needs to be operated to perform online shopping, the user can click the icon of the online shopping program, and the click operation can trigger an operation instruction of the application program. At this time, a current SO file (an SO file when an operation instruction of the online shopping program is received, the current SO file may be the same as or different from a factory SO file) in the online shopping program may have been attacked, and loading the modified SO file may threaten information security of the user, for example, loading the SO file may allow an attacker to obtain sensitive information such as an account number and a password of the user. To avoid this risk, the main program of the online shopping program executes steps 101 and 102 to determine whether the current SO file is modified. And selecting to execute the step 103 or the step 104 according to the execution result of the step 102. In the process, if the current SO file in the online shopping program is modified, the first prompt message is output to prompt the user, SO that the information safety of the user can be ensured.
In the method for loading an SO file in an application program provided in this embodiment, when an operation instruction of the application program is received, a shell code in the application program and a current SO file of the application program are obtained, the shell code is called to encrypt the current SO file with a first encryption algorithm to obtain a current check value, and the shell code is called to compare whether the current check value is consistent with a factory check value pre-stored in the application program, where the factory check value is a check value formed after the factory SO file of the application program is encrypted with the first encryption algorithm, and when it is determined that the current check value is the same as the factory check value, the current SO file of the application program is loaded according to an operation instruction to operate the application program, SO that it is achieved that whether the current SO file is the same as the factory SO file is verified with the shell code, and the current SO file is loaded only when it is determined that the current SO file is the same as the factory SO file, the leakage of user information caused by loading the modified SO file is avoided, SO that the safety of loading the SO file in the application program is improved, and further, the information safety of the user is ensured.
Fig. 3 is a flowchart illustrating a second embodiment of a method for loading an SO file in an application according to an embodiment of the present invention. The embodiment of the present invention provides a detailed description of other steps of the method for loading the SO file in the application program based on the embodiment shown in fig. 1. As shown in fig. 3, the method for loading an SO file in an application program provided in the embodiment of the present invention includes:
step 301: and when an operation instruction of the application program is received, acquiring a shell code in the application program and a current SO file of the application program.
Step 301 is similar to the implementation process and technical principle of step 101, and is not described herein again.
Step 302: and calling the shell code to determine whether the verification file exists in the storage space under the private directory of the application program in the terminal equipment.
Step 303: if the verification file does not exist, calling the shell code to encrypt the factory verification value according to a second encryption algorithm, writing the encrypted value into the file to form the verification file, and storing the verification file in a storage space under a private directory of an application program in the terminal equipment.
In the embodiment of the invention, the factory check value is stored in the storage space of the private directory of the application program in the terminal equipment in the form of the check file.
Based on the description in the embodiment shown in fig. 1, the check file is generated and stored in the storage space in the private directory of the application program in the terminal device when the application program is run for the first time. In the embodiment of the invention, before comparing the current check value with the factory check value, whether the check file exists needs to be judged firstly. And when the check file does not exist, calling the shell code to encrypt the factory check value according to a second encryption algorithm, writing the encrypted value into the file to form the check file, and storing the check file in a storage space under a private directory of an application program in the terminal equipment.
Step 304: calling shell code to listen to check whether the file is modified.
The shell code is used for calling a FileObserver method and a service method and monitoring whether the check file is modified.
Specifically, step 304 may be started after it is determined that a check file exists or is created. In this implementation, as long as the check file is created on the terminal device, it can be listened whether the check file is modified.
Optionally, the way of snooping is to call shell code to implement snooping. In other words, in this embodiment, the shell code may call a FileObserver method and a service method, and monitor whether the check file is modified, in addition to determining whether the current SO file of the application program is modified and generating the check file. Once the service for listening to the check file is started, the service is in a listening state during the running of the application program.
It should be noted that before step 304 is executed, it may be determined whether the state of the check file (whether it is modified) has been monitored by calling the shell code, and if so, step 305 is directly executed.
Step 305: and outputting second prompt information when the verification file is determined to be modified.
Wherein the second prompt message is used for indicating that the check file is modified.
Specifically, when it is determined that a value in the check file is changed, it is determined that the check file is modified. At this time, the second prompt message may be output. The output mode of the second prompt message can be an interface display mode, a vibration mode or a sound prompt mode.
It should be noted that the purpose of monitoring the check file is as follows: if the value in the check file is changed by an illegal means and the check of the SO file is passed, but the SO file is loaded even if the check of the SO file is successful because of the function of monitoring the check file, but the check file is modified after monitoring, a prompt is given to indicate that the SO file is tampered, the user is prevented from entering the next operation, and the information safety of the user is further ensured.
Step 306: and calling the shell code to encrypt the current SO file by using a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value pre-stored in the application program.
The factory check value is the check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm.
There is no timing relationship between step 306 and step 304. That is, the step of calling the shell code to determine whether the current check value is the same as the factory check value and the step of calling the shell code to monitor whether the check file is modified may be executed simultaneously, or may be executed sequentially in any order. The step 304 is first executed in fig. 3 for illustration.
Step 307: and if the current check value is consistent with the factory check value, loading the current SO file of the application program according to the operation instruction.
Step 308: and if the current check value is different from the factory check value, outputting first prompt information.
The implementation processes and technical principles of step 306 and step 102, step 307 and step 103, and step 308 and step 104 are similar, and are not described herein again.
FIG. 4 is a schematic diagram of a user interface in the embodiment shown in FIG. 3. As shown in fig. 4, in the user interface 401, a prompt message "the file in the application has been illegally modified, the uninstall is recommended" is output, and a button 402 for determining uninstall and a button 403 for canceling uninstall are given. The user can select according to the requirement of the user.
In the method for loading the SO file in the application program provided by this embodiment, a shell code is called to monitor whether the check file is modified, where the shell code is used to call the FileObserver method and the service method, and monitor whether the check file is modified, and when it is determined that the check file is modified, a second prompt message is output, where the second prompt message is used to indicate that the check file is modified, SO that whether the check file is modified is monitored in real time through the shell code, and when the check file is modified, the second prompt message is output to prompt a user, and it is ensured that a factory check value of a factory-leaving SO file is not modified illegally, thereby further improving the security of application program operation.
Fig. 5 is a schematic structural diagram of a first apparatus for loading an SO file in an application according to an embodiment of the present invention. As shown in fig. 5, the apparatus for loading an SO file in an application provided in an embodiment of the present invention includes: an acquisition module 51, a first calling module 52 and a loading module 53.
The obtaining module 51 is configured to obtain a shell code in the application program and a current SO file of the application program when receiving an operation instruction of the application program.
A first calling module 52, configured to call the shell code, encrypt the current SO file with a first encryption algorithm to obtain a current check value, and call the shell code to compare whether the current check value is consistent with a factory check value pre-stored in an application program; and the factory check value is the check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm.
In one implementation, the factory check value is stored in a storage space under a private directory of an application program in the terminal device in the form of a check file, and the check file is a file formed by encrypting the factory check value according to a second encryption algorithm. The first calling module 52 specifically determines whether the current verification value is the same as the factory verification value by calling the shell code in the following two ways: calling the shell code to determine a factory check value according to a decryption algorithm and a check file corresponding to the second encryption algorithm, and determining whether the current check value is the same as the factory check value; or calling the shell code to encrypt the current check value according to a second encryption algorithm to form an encrypted current check value, and determining whether the encrypted current check value is the same as the value stored in the check file.
Optionally, the first encryption algorithm is SM3 — HMAC algorithm, and the second encryption algorithm is SM4 algorithm.
And the loading module 53 is configured to load the current SO file of the application program according to the operation instruction when the factory verification value is consistent with the current verification value.
Optionally, the loading module 53 is specifically configured to call a system load method, and load the current SO file.
Optionally, in this embodiment, the apparatus further includes a first output module (not shown in the figure). The first output module is used for outputting first prompt information when the factory check value is different from the current check value. Wherein the first prompt message is used for indicating that the current SO file of the application program has been modified.
The device for loading the SO file in the application program provided by the embodiment of the invention can execute the method for loading the SO file in the application program provided by the embodiment of the invention shown in FIG. 1, and has corresponding functional modules and beneficial effects of the execution method.
Fig. 6 is a schematic structural diagram of a second apparatus for loading an SO file in an application according to an embodiment of the present invention. As shown in fig. 6, the embodiment of the present invention further includes, on the basis of the embodiment shown in fig. 5: a third calling module 63, a fourth calling module 64, a second calling module 61 and a second output module 62.
And a third calling module 63, configured to call the shell code to determine whether a check file exists in a storage space in the private directory of the application program in the terminal device.
And a fourth calling module 64, configured to, when it is determined that the check file does not exist, call the shell code to encrypt the factory check value according to the second encryption algorithm, write the encrypted value into the file to form a check file, and store the check file in a storage space in a private directory of an application program in the terminal device.
And the second calling module 61 is used for calling the shell code to monitor whether the check file is modified.
The shell code is used for calling a FileObserver method and a service method and monitoring whether the check file is modified.
And a second output module 62, configured to output a second prompt message when it is determined that the check file is modified.
Wherein the second prompt message is used for indicating that the check file is modified.
The device for loading the SO file in the application program provided by the embodiment of the invention can execute the method for loading the SO file in the application program provided by the embodiment of fig. 3 of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 7, the terminal device includes a processor 70 and a memory 71. Optionally, an input device 72 and an output device 73 may also be included. The number of the processors 70 in the terminal device may be one or more, and one processor 70 is taken as an example in fig. 7. The processor 70, the memory 71, the input device 72 and the output device 73 in the terminal equipment may be connected by a bus or other means, and the connection by the bus is exemplified in fig. 7.
The memory 71 is used as a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions and modules corresponding to the method for loading the SO file in the application program in the embodiment of the present invention (for example, the obtaining module 51, the first calling module 52, and the loading module 53 in the device for loading the SO file in the application program). The processor 70 executes various functional applications and data processing of the terminal device by running software programs, instructions and modules stored in the memory 71, that is, implements the method for loading the SO file in the application program.
The memory 71 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 71 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 71 may further include memory located remotely from the processor 70, which may be connected to the terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 72 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the terminal device. The output device 73 may include a display device such as a display screen.
Embodiments of the present invention also provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are used to perform a method for loading an SO file in an application program as described above.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the method for loading the SO file in the application program provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the above search apparatus, each included unit and module are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (9)
1. A method for loading SO files in an application program is characterized in that the application program is installed on a terminal device with an operating system being an android operating system, and the method comprises the following steps:
when an operation instruction of the application program is received, acquiring a shell code in the application program and a current SO file of the application program;
calling the shell code to encrypt the current SO file by a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value stored in the application program in advance;
the factory check value is a check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm;
if the factory check value is consistent with the current check value, loading the current SO file of the application program according to the running instruction;
the factory check value is stored in a storage space under a private directory of an application program in the terminal equipment in the form of a check file, and the check file is formed by encrypting the factory check value according to a second encryption algorithm;
the step of calling the shell code to compare whether the current check value is consistent with a pre-stored factory check value comprises the following steps:
calling the shell code to determine the factory check value according to a decryption algorithm corresponding to the second encryption algorithm and the check file, and determining whether the current check value is the same as the factory check value; or calling the shell code to encrypt the current check value according to the second encryption algorithm to form an encrypted current check value, and determining whether the encrypted current check value is the same as the value stored in the check file.
2. The method of claim 1, further comprising:
if the current check value is different from the factory check value, outputting first prompt information; wherein the first prompt message is used to indicate that the current SO file of the application program has been modified.
3. The method of claim 1, wherein prior to said invoking said shell code comparing said current verification value to a pre-stored factory verification value, said method further comprises:
calling the shell code to determine whether the check file exists in a storage space under a private directory of an application program in the terminal equipment;
if the verification file does not exist, calling the shell code to encrypt the factory verification value according to the second encryption algorithm, writing the encrypted value into a file to form the verification file, and storing the verification file in a storage space under a private directory of an application program in the terminal equipment.
4. The method according to claim 3, wherein after storing the verification file in the storage space under the private directory of the application program in the terminal device, the method further comprises:
calling the shell code to monitor whether the check file is modified; the shell code is used for calling a FileObserver method and a service method and monitoring whether the check file is modified or not;
when the verification file is determined to be modified, outputting second prompt information; wherein the second prompt message is used for indicating that the check file is modified.
5. Method according to claim 3 or 4, characterized in that said first encryption algorithm is the SM3-HMAC algorithm and said second encryption algorithm is the SM4 algorithm.
6. The method of claim 1 or 2, wherein said loading the current SO file of the application comprises:
and calling a System load method, and loading the current SO file.
7. An apparatus for loading an SO file in an application program, wherein the application program is installed in the apparatus, an operating system of the apparatus is an android operating system, and the apparatus comprises:
the acquisition module is used for acquiring a shell code in the application program and a current SO file of the application program when receiving an operation instruction of the application program;
the first calling module is used for calling the shell code to encrypt the current SO file by using a first encryption algorithm to obtain a current check value, and calling the shell code to compare whether the current check value is consistent with a factory check value stored in an application program in advance;
the step of calling the shell code to compare whether the current check value is consistent with a factory check value stored in an application program in advance comprises the following steps:
calling the shell code to determine the factory check value according to a decryption algorithm corresponding to a second encryption algorithm and the check file, and determining whether the current check value is the same as the factory check value; or calling the shell code to encrypt the current check value according to the second encryption algorithm to form an encrypted current check value, and determining whether the encrypted current check value is the same as the value stored in the check file;
the factory check value is a check value of the factory SO file of the application program encrypted by adopting a first encryption algorithm;
the factory check value is stored in a storage space under a private directory of an application program in the terminal equipment in the form of a check file, and the check file is formed by encrypting the factory check value according to a second encryption algorithm;
and the loading module is used for loading the current SO file of the application program according to the running instruction when the factory check value is consistent with the current check value.
8. A terminal device, characterized in that the terminal device comprises:
one or more processors;
a memory for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a method of loading SO files in an application as claimed in any of claims 1 to 6.
9. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method of loading SO files in an application program according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711403504.8A CN107870793B (en) | 2017-12-22 | 2017-12-22 | Method and device for loading SO file in application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711403504.8A CN107870793B (en) | 2017-12-22 | 2017-12-22 | Method and device for loading SO file in application program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107870793A CN107870793A (en) | 2018-04-03 |
| CN107870793B true CN107870793B (en) | 2021-03-23 |
Family
ID=61756255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711403504.8A Active CN107870793B (en) | 2017-12-22 | 2017-12-22 | Method and device for loading SO file in application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107870793B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109271758B (en) * | 2018-08-24 | 2021-04-20 | 阿里巴巴(中国)有限公司 | Method, equipment, device and server for preventing So file from being stolen |
| CN111199039B (en) * | 2018-11-20 | 2023-02-28 | 成都鼎桥通信技术有限公司 | Application security verification method and device and terminal equipment |
| CN112182584A (en) * | 2020-09-28 | 2021-01-05 | 广东小天才科技有限公司 | Security verification method and device, electronic equipment and storage medium |
| CN112035803B (en) * | 2020-11-05 | 2021-03-19 | 北京华云安信息技术有限公司 | Protection method and device based on Windows platform software |
| CN113656043B (en) * | 2021-08-24 | 2023-09-05 | 北京奇艺世纪科技有限公司 | Code verification method and device, electronic equipment and storage medium |
| CN114615075B (en) * | 2022-03-28 | 2023-04-25 | 重庆长安汽车股份有限公司 | Software tamper-proof system and method of controller and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281187A (en) * | 2013-05-17 | 2013-09-04 | 北京网秦天下科技有限公司 | Security authentication method, equipment and system |
| CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
| CN106355049A (en) * | 2016-08-19 | 2017-01-25 | 北京奇虎科技有限公司 | Method and device for reinforcing dynamic linking library SO file of Android installation package |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11063950B2 (en) * | 2016-06-09 | 2021-07-13 | Microsoft Technology Licensing, Llc | Secure remote desktop session |
-
2017
- 2017-12-22 CN CN201711403504.8A patent/CN107870793B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281187A (en) * | 2013-05-17 | 2013-09-04 | 北京网秦天下科技有限公司 | Security authentication method, equipment and system |
| CN104268468A (en) * | 2014-09-25 | 2015-01-07 | 福建升腾资讯有限公司 | Protecting method and system of dynamic link library of Android system |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
| CN106355049A (en) * | 2016-08-19 | 2017-01-25 | 北京奇虎科技有限公司 | Method and device for reinforcing dynamic linking library SO file of Android installation package |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107870793A (en) | 2018-04-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107870793B (en) | Method and device for loading SO file in application program | |
| JP6888011B2 (en) | Mobile device with a reliable execution environment | |
| EP3038004A1 (en) | Method for providing security for common intermediate language-based program | |
| CN111143869B (en) | Application package processing method and device, electronic equipment and storage medium | |
| CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
| KR20140099126A (en) | Method of securing software using a hash function, Computer readable storage medium of recording the method and a software processing apparatus | |
| JP2016540282A (en) | Method and apparatus for protecting a dynamic library | |
| CN107766701B (en) | Electronic equipment, dynamic library file protection method and device | |
| EP2051181A1 (en) | Information terminal, security device, data protection method, and data protection program | |
| CN104680039A (en) | Data protection method and device of application installation package | |
| JP4647392B2 (en) | Device control apparatus, device control method, and program | |
| CN110765470A (en) | Method and device for realizing safety keyboard, computer equipment and storage medium | |
| JP4664055B2 (en) | Program dividing device, program executing device, program dividing method, and program executing method | |
| KR20170069337A (en) | Method and apparatus for protecting application and program made by the method | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium | |
| WO2021092809A1 (en) | Function calling method and device, electronic device, and computer-readable medium | |
| CN115964681A (en) | Generation method of certificate file of target application program | |
| CN114238870A (en) | Network request processing method, device, equipment and storage medium | |
| CN110737910B (en) | Android log decryption management method, device, equipment and medium | |
| CN114675865A (en) | Method and device for upgrading over-the-air technology, storage medium and terminal equipment | |
| DONG et al. | Sesoa: Security enhancement system with online authentication for android apk | |
| CN108259490B (en) | Client verification method and device | |
| US20160275271A1 (en) | User Terminal And Method For Protecting Core Codes Using Peripheral Device of User Terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240606 Address after: Room 503, Building 3, No. 6, Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province, 364000 Patentee after: Xie Xinyong Country or region after: China Address before: Room 211, building 4, No. 1411, Yecheng Road, Jiading Industrial Zone, Jiading District, Shanghai, 201821 Patentee before: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd. Country or region before: China |