CN108898007A - A kind of safety method based on JavaAgent and dll enhancing Java distribution software - Google Patents
A kind of safety method based on JavaAgent and dll enhancing Java distribution software Download PDFInfo
- Publication number
- CN108898007A CN108898007A CN201810669993.XA CN201810669993A CN108898007A CN 108898007 A CN108898007 A CN 108898007A CN 201810669993 A CN201810669993 A CN 201810669993A CN 108898007 A CN108898007 A CN 108898007A
- Authority
- CN
- China
- Prior art keywords
- javaagent
- java
- dll
- jar packet
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 230000002708 enhancing effect Effects 0.000 title claims abstract description 7
- 230000004048 modification Effects 0.000 claims abstract description 7
- 238000012986 modification Methods 0.000 claims abstract description 7
- 230000006870 function Effects 0.000 claims abstract description 6
- 241000208340 Araliaceae Species 0.000 claims 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims 1
- 235000003140 Panax quinquefolius Nutrition 0.000 claims 1
- 235000008434 ginseng Nutrition 0.000 claims 1
- 230000007246 mechanism Effects 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
A kind of safety method based on JavaAgent and dll enhancing Java distribution software, steps are as follows:Step 1:The encipheror write with c language, and cryptographic operation only is carried out to the online lower c language encipheror of jar packet that needs are issued;The jar packet path encrypted will be needed to pass to encipheror;Step 2:The jar packet of encryption added in the starting script of application JavaAgent decryption after loaded by Classloader after run.JavaAgent related command is used to do decryption work before jvm load;JavaAgent is intercept to bytecode the program of modification before Java loads class file, then be connected to through dll dynamic link library and use jar packet address executable file as in Sharing Function library to decrypt.
Description
Technical field
The invention belongs to software security fields, and in particular to (one kind that Java is provided can be based on JavaAgent for one kind
Load class file before to bytecode carry out intercept modification mechanism) and dll enhancing Java distribution software security method with
Tool.
Background technique
Java can easily be realized by bytecode technology it is cross-platform, so be widely used in a variety of applications.But it is main
Application field then never has too big achievement in Enterprise Development, to desktop application field.One of reason is exactly its word
Section code technology is easy to be cracked, so that the code that developed is easy to be come out by decompiling, thus it is pirate, make application and development
The intellectual property of person is invaded.
Existing patent CN101814124A and solution to the problems described above, CN101814124A are based on Java
The method that software security is reinforced, encrypts the class code that java is generated using code protection method, to Class text
Part is encrypted, so that treated code and code completes identical function before handling, but the code encrypted is difficult
By decompiling, i.e., the code obtained after decompiling is very difficult to understand, file after obscure encryption, therefore decompiling personnel are difficult
The real semanteme of program out, guarantees the cross-platform characteristic of java exploitation software in this way, and prevents the software of exploitation anti-by others
It is obtained easily after compiling, has achieved the purpose that protect software, this method includes ciphering process and the class text to class file
Part executed when being loaded by jvm before decrypting process:1) after the completion of program code, the class file of production is encrypted,
And Encryption Algorithm is saved, to obtain decryption method when jvm is executed;2) class text is carried out by loadClass when Jvm is executed
Part load, during loading, obtains the Encryption Algorithm of file first, file is decrypted according to corresponding decipherment algorithm,
Then jvm execution is delivered.But the patent is solved by the loadclass method of heavily loaded ClassLoader, have it is following not
Foot:
It is required that threshold is higher, there is very much research for JVM load mechanism.It is invasive to JVM itself higher, it to change
The original load mechanism of JVM.Customizability is not strong, and unified loadclass load cannot be accomplished can single cent part solution in javaagent
The function of close point of different modes decryption.
Summary of the invention
The object of the present invention is to by JavaAgent, (one kind that Java is provided can be right before loading class file
Bytecode carry out intercept modification mechanism) and dll (dynamic link library, an executable file as Sharing Function library) right
Encryption and decryption operation is carried out to application in the case where using no intrusion;Improve the safety of application.
The technical scheme is that:A method of software security is distributed based on JavaAgent and dll enhancing Java,
It specifically includes:A method of software security being distributed based on JavaAgent and dll enhancing Java, steps are as follows:
Step 1:The encipheror write with c language, and the online lower c language encipheror of jar packet that only needs are issued
Carry out cryptographic operation;The jar packet path encrypted will be needed to pass to encipheror;
Step 2:The jar packet of encryption is added after adding JavaAgent decryption in the starting script of application by Classloader
It is run after load.
In step 2, JavaAgent related command, for doing decryption work before jvm is loaded (specifically:JavaAgent
It is a kind of program that intercept to bytecode modification before loading class file that Java is provided, then through dll dynamic
Chained library, which is connected to, uses jar packet address executable file as in Sharing Function library to decrypt;Added after decryption by Classloader
It is run after load.
JAR (Java Archive, Java archive file) is usually developed with platform-independent file format, jar packet
When want quoting general class, break into packet convenient for storage and managenent.
The present invention has beneficial effect compared with other technologies scheme:
(1) present invention to it is to be applied itself without any invasive, do not influence any process of application, including exploitation, test,
Deployment.
(2) present invention through JavaAgent before JVM load, is completed to JVM itself load mechanism without any invasive
All decryption logics.
(3) present invention carries out actual encryption and decryption operation by c language, and raising cracks difficulty.
Detailed description of the invention
Fig. 1 is flow diagram of the present invention.
Specific embodiment
To make technical solution of the present invention, technical purpose and technical effect is apparent understands, below in conjunction with specific embodiment,
The present invention is described in more detail.
1. having developed application by normal flow, and it is packaged as jar packet or war packet to be released.
C language encipheror is executed, transmitting is packaged the jar packet completed or war packet path.Encipheror can be to corresponding
Jar packet/war packet is encrypted.Generate encrypted jar packet/war packet.Encrypted jar packet/war packet cannot directly pass through
Java order or container are directly run, and can not decompiling.The encipheror write with c language, to the jar packet issued of needs into
Row cryptographic operation;
2. JavaAgent related command is added in the starting script of application, for doing decryption work before jvm is loaded,
Application launch script parameter is modified ,-the agentpath that such as issues orders is added:${path-to-dll}
-javaagent:$ { path-to-wrap-runner.jar }, wherein path-to-dll is decryption dynamic link
Library address, path-to-wrap-runner.jar are decryption jar packet address.
For war packet, corresponding instruction is added in a reservoir, and by taking jetty as an example, addition is as ordered in start.ini
--exec
-agentpath:${path-to-dll}
-javaagent:${path-to-wrap-runner.jar}
After 4.JavaAgent decryption, run after transferring to Classloader to load the normal class file after decryption, i.e.,
Execute starting script or starting container.
Although the present invention has been disclosed as a preferred embodiment, however, it is not to limit the invention.Skill belonging to the present invention
Has usually intellectual in art field, without departing from the spirit and scope of the present invention, when can be used for a variety of modifications and variations.Cause
This, the scope of protection of the present invention is defined by those of the claims.
Claims (3)
1. a kind of safety method based on JavaAgent and dll enhancing Java distribution software, characterized in that steps are as follows:
Step 1:The encipheror write with c language, and the jar packet lower c language encipheror progress online that only needs are issued
Cryptographic operation;The jar packet path encrypted will be needed to pass to encipheror;
Step 2:The jar packet of encryption added in the starting script of application JavaAgent decryption after loaded by Classloader after
Operation.
2. the safety method of Java distribution software according to claim 1, characterized in that in step 2, JavaAgent phase
Order is closed to be used to do decryption work before jvm load;JavaAgent carries out bytecode before being Java load class file
The program of modification is intercepted, then is connected to through dll dynamic link library as executable with jar packet address for decryption in Sharing Function library
File.
3. the safety method of Java distribution software according to claim 2, characterized in that modification application launch script ginseng
Number, addition are such as issued orders:-agentpath:${path-to-dll} -javaagent:${path-to-wrap-
Runner.jar }, wherein path-to-dll is decryption dynamic link library address, and path-to-wrap-runner.jar is solution
It is close to use jar packet address.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810669993.XA CN108898007A (en) | 2018-06-26 | 2018-06-26 | A kind of safety method based on JavaAgent and dll enhancing Java distribution software |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810669993.XA CN108898007A (en) | 2018-06-26 | 2018-06-26 | A kind of safety method based on JavaAgent and dll enhancing Java distribution software |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108898007A true CN108898007A (en) | 2018-11-27 |
Family
ID=64345967
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810669993.XA Pending CN108898007A (en) | 2018-06-26 | 2018-06-26 | A kind of safety method based on JavaAgent and dll enhancing Java distribution software |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108898007A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109783077A (en) * | 2018-12-14 | 2019-05-21 | 平安科技(深圳)有限公司 | Block catenary system and its middleware system, data cochain method, storage medium |
CN110826031A (en) * | 2019-10-31 | 2020-02-21 | 北京东软望海科技有限公司 | Encryption method, device, computer equipment and storage medium |
CN110909345A (en) * | 2019-12-02 | 2020-03-24 | 中国银行股份有限公司 | Tamper-proof method and system for Java system open source software |
CN111078224A (en) * | 2019-10-12 | 2020-04-28 | 中国平安人寿保险股份有限公司 | Software package file data processing method and device, computer equipment and storage medium |
CN112395564A (en) * | 2020-11-17 | 2021-02-23 | 平安普惠企业管理有限公司 | Protection and operation method, device, equipment and storage medium of class file |
CN115168873A (en) * | 2022-09-09 | 2022-10-11 | 南京国睿信维软件有限公司 | Software anti-cracking method based on C + + language |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043932A (en) * | 2010-12-31 | 2011-05-04 | 中国航空工业集团公司第六三一研究所 | Method for preventing Java program from being decompiled |
-
2018
- 2018-06-26 CN CN201810669993.XA patent/CN108898007A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043932A (en) * | 2010-12-31 | 2011-05-04 | 中国航空工业集团公司第六三一研究所 | Method for preventing Java program from being decompiled |
Non-Patent Citations (1)
Title |
---|
为中: "《Java加密Jar包和Class文件防止反编译的方法》", 14 June 2017, HTTPS://BLOG.CSDN.NET/FANGLEI517/ARTICLE/DETAILS/73198419 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109783077A (en) * | 2018-12-14 | 2019-05-21 | 平安科技(深圳)有限公司 | Block catenary system and its middleware system, data cochain method, storage medium |
CN111078224A (en) * | 2019-10-12 | 2020-04-28 | 中国平安人寿保险股份有限公司 | Software package file data processing method and device, computer equipment and storage medium |
CN110826031A (en) * | 2019-10-31 | 2020-02-21 | 北京东软望海科技有限公司 | Encryption method, device, computer equipment and storage medium |
CN110826031B (en) * | 2019-10-31 | 2022-08-02 | 望海康信(北京)科技股份公司 | Encryption method, device, computer equipment and storage medium |
CN110909345A (en) * | 2019-12-02 | 2020-03-24 | 中国银行股份有限公司 | Tamper-proof method and system for Java system open source software |
CN110909345B (en) * | 2019-12-02 | 2022-03-22 | 中国银行股份有限公司 | Tamper-proof method and system for Java system open source software |
CN112395564A (en) * | 2020-11-17 | 2021-02-23 | 平安普惠企业管理有限公司 | Protection and operation method, device, equipment and storage medium of class file |
CN115168873A (en) * | 2022-09-09 | 2022-10-11 | 南京国睿信维软件有限公司 | Software anti-cracking method based on C + + language |
CN115168873B (en) * | 2022-09-09 | 2022-11-29 | 南京国睿信维软件有限公司 | Based on C + + language software anti-cracking method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108898007A (en) | A kind of safety method based on JavaAgent and dll enhancing Java distribution software | |
US9213826B2 (en) | System and method to protect Java bytecode code against static and dynamic attacks within hostile execution environments | |
US8892876B1 (en) | Secured application package files for mobile computing devices | |
US9443064B2 (en) | Protecting method and system of java source code | |
US20160203087A1 (en) | Method for providing security for common intermediate language-based program | |
WO2021217980A1 (en) | Java code packing method and system | |
CN107977553A (en) | The method and device of the security hardening of mobile applications | |
US20120144208A1 (en) | Indexed table based code encrypting/decrypting device and method thereof | |
CN101814124A (en) | Java-based method for enhancing software security | |
CN104268444A (en) | Cloud OS Java source code protection method | |
US10482221B2 (en) | Protecting a computer program against reverse engineering | |
EP3126973A1 (en) | Method, apparatus, and computer-readable medium for obfuscating execution of application on virtual machine | |
CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
CN104408337A (en) | Reinforcement method for preventing reverse of APK (Android package) file | |
US8694548B2 (en) | Defense-in-depth security for bytecode executables | |
CN113032741B (en) | Class file encryption method, class file operation method, device, equipment and medium | |
CN104657635A (en) | Application processing method, device and server | |
EP3479275A1 (en) | On demand code decryption | |
EP2674892B1 (en) | A method, a device and a computer program support for execution of encrypted computer code | |
US20210266158A1 (en) | System and method for generation of a disposable software module for cryptographic material protection | |
CN117828555B (en) | Low-cost Java source code protection method and device | |
CN114943062B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
EP3944106A1 (en) | Obfuscating method of protecting code | |
KR102177920B1 (en) | Apparatus and method for packing original source code | |
Xu et al. | A Dynamic Online Protection Framework for Android Applications. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181127 |
|
RJ01 | Rejection of invention patent application after publication |