CN111597514B - An Zhuoyuan code protection method and device - Google Patents
An Zhuoyuan code protection method and device Download PDFInfo
- Publication number
- CN111597514B CN111597514B CN202010294655.XA CN202010294655A CN111597514B CN 111597514 B CN111597514 B CN 111597514B CN 202010294655 A CN202010294655 A CN 202010294655A CN 111597514 B CN111597514 B CN 111597514B
- Authority
- CN
- China
- Prior art keywords
- file
- function
- code
- class
- cpp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012545 processing Methods 0.000 claims abstract description 21
- 238000000605 extraction Methods 0.000 claims abstract description 9
- 238000004806 packaging method and process Methods 0.000 claims abstract description 5
- 230000006870 function Effects 0.000 claims description 154
- 230000004048 modification Effects 0.000 claims 2
- 238000012986 modification Methods 0.000 claims 2
- 230000011218 segmentation Effects 0.000 claims 2
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 238000012856 packing Methods 0.000 abstract description 3
- 102100023609 Nucleoside diphosphate kinase, mitochondrial Human genes 0.000 description 14
- 238000011161 development Methods 0.000 description 5
- 239000000284 extract Substances 0.000 description 4
- 238000000638 solvent extraction Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000009434 installation Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000007429 general method Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
- 238000005215 recombination Methods 0.000 description 1
- 230000006798 recombination Effects 0.000 description 1
- 238000012857 repacking Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Devices For Executing Special Programs (AREA)
Abstract
The invention discloses a An Zhuoyuan code protection method and a An Zhuoyuan code protection device, comprising the following steps: converting the original dex file into a class file; extracting and translating the function in the class file into a corresponding function of C++, so as to obtain a cpp file; compiling the cpp file through the customized NDK to obtain a reinforced ABI dynamic library; converting the class file after the function extraction into a second dex file; packaging the ABI dynamic library and the second dex file to form a new code file. The apparatus is for performing the method. The invention can carry out the safety processing of codes on the native layer by converting the integral function into the function of C++, thereby being beneficial to improving the difficulty of decoding; the cpp file can be reinforced in a targeted manner through the customized NDK, so that the safety is improved; and packing the ABI dynamic library and the second dex file to form a formal code file.
Description
Technical Field
The present invention relates to programming security technology, and more particularly to An Zhuoyuan code protection methods and apparatus.
Background
At present, the open source characteristic of the Android system and more core services borne by mobile applications make the Android system become a main attack object of hackers. The dex file is easily decompiled and restored to java source code, resulting in hacking.
To solve these problems, a general method is as follows:
1. in the developed files, the dex is encrypted into the dex of a new file, then an agent App is enabled to be in butt joint with an Android system, the dex file in the obtained encrypted apk is decrypted through loading the dex file, and then the encrypted apk is submitted to system processing.
2. The encryption and decryption logic is written by the core related logic through the C or C++ codes, the function or the segment needing to be encrypted is encrypted first, then the SO file is loaded, and the previously encrypted function or the segment is decrypted, SO that the core logic in dex is prevented from being decompiled into the java source code with readability.
The prior art has obvious defects for the source code protection treatment, and specifically comprises the following steps:
the dex file after decryption can be obtained by reflection when the system acquires the dex file.
The core-related logic decrypts the SO file using the encryption written by C. Because the related logic needs to be decrypted after the operation, a cracker only needs to obtain the decrypted logic from the DUMP memory after the operation of the SO file, SO that other codes can be stolen and utilized.
Each application requires protection function writing that encrypts and decrypts separately for the core function code. The development period of the project is prolonged, and the defects of low safety strength and high maintenance cost exist.
Disclosure of Invention
The present invention aims to solve at least one of the technical problems existing in the prior art. To this end, the invention proposes An Zhuoyuan code protection methods and apparatus.
In a first aspect, an embodiment of the present invention provides a An Zhuoyuan code protection method, including: converting the original dex file into a class file; extracting and translating functions in the class file into corresponding functions of C++, and obtaining a cpp file; compiling cpp files through the customized NDK to obtain a reinforced ABI dynamic library; converting the class file after the function extraction into a second dex file; the ABI dynamic library and the second dex file are packaged to form a new code file.
The An Zhuoyuan code protection method has at least the following beneficial effects: the code can be safely processed on the native layer by converting the whole function into the function of C++, so that the difficulty of decoding can be improved; the cpp file can be reinforced in a targeted manner through the customized NDK, so that the safety is improved; and packing the ABI dynamic library and the second dex file to form a formal code file.
According to further embodiments of the present invention, a An Zhuoyuan code protection method extracts and translates functions in class files into corresponding c++ functions, including: the same code logic is implemented by jni reflection to call the byte code of the function in the class file to obtain the corresponding function of C or C++ version.
According to An Zhuoyuan code protection methods of other embodiments of the present invention, customized NDKs are specifically used to: virtualization protection, content obfuscation, identifying specific codes and partitioning, traversing and adding virtual machine got tables, traversing and processing LLVM native instructions, traversing and adding virtual machine global variables, calling a back-end converter to generate virtual machine bytecodes, and modifying functions to be protected as virtual machine intermediate functions.
According to further embodiments of the present invention, a An Zhuoyuan code protection method, a cpp file is obtained, including: translating the bytecode instructions in the function; generating a Native constant pool file; initializing the running environment of the Native function; registering a Native function; the source file list in the VMakelist file is replaced.
An Zhuoyuan code protection methods according to further embodiments of the invention further include providing auxiliary classes to handle interface functions; and carrying out corresponding processing aiming at specific function attributes.
In a second aspect, an embodiment of the present invention provides a An Zhuoyuan code protection device comprising a processor configured to perform: converting the original dex file into a class file; extracting and translating functions in the class file into corresponding functions of C++, and obtaining a cpp file; compiling cpp files through the customized NDK to obtain a reinforced ABI dynamic library; converting the class file after the function extraction into a second dex file; the ABI dynamic library and the second dex file are packaged to form a new code file.
According to other embodiments of the present invention, a An Zhuoyuan code protection device extracts and translates functions in class files into corresponding c++ functions, including: the same code logic is implemented by jni reflection to call the byte code of the function in the class file to obtain the corresponding function of C or C++ version.
According to further embodiments of the An Zhuoyuan code protection device of the present invention, the customized NDK is specifically configured to: virtualization protection, content obfuscation, identifying specific codes and partitioning, traversing and adding virtual machine got tables, traversing and processing LLVM native instructions, traversing and adding virtual machine global variables, calling a back-end converter to generate virtual machine bytecodes, and modifying functions to be protected as virtual machine intermediate functions.
According to further embodiments of the present invention, a An Zhuoyuan code protection device, a cpp file is obtained, including: translating the bytecode instructions in the function; generating a Native constant pool file; initializing the running environment of the Native function; registering a Native function; the source file list in the VMakelist file is replaced.
According to other embodiments of the present invention, a An Zhuoyuan code protection device, a cpp file obtaining process further includes: providing auxiliary classes to process the interface functions; and carrying out corresponding processing aiming at specific function attributes.
Drawings
FIG. 1 is a flowchart of an embodiment of a An Zhuoyuan code protection method according to the present invention;
FIG. 2 is a flowchart of an embodiment of a An Zhuoyuan code protection process according to the present invention;
FIG. 3 is a flowchart of an embodiment of converting class files to C++ according to an embodiment of the present invention.
Detailed Description
The conception and the technical effects produced by the present invention will be clearly and completely described in conjunction with the embodiments below to fully understand the objects, features and effects of the present invention. It is apparent that the described embodiments are only some embodiments of the present invention, but not all embodiments, and that other embodiments obtained by those skilled in the art without inventive effort are within the scope of the present invention based on the embodiments of the present invention.
In the description of the present invention, if an orientation description such as "upper", "lower", "front", "rear", "left", "right", etc. is referred to, it is merely for convenience of description and simplification of the description, and does not indicate or imply that the apparatus or element referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the invention. If a feature is referred to as being "disposed," "secured," "connected," or "mounted" on another feature, it can be directly disposed, secured, or connected to the other feature or be indirectly disposed, secured, connected, or mounted on the other feature.
In the description of the embodiments of the present invention, if "several" is referred to, it means more than one, if "multiple" is referred to, it is understood that the number is not included if "greater than", "less than", "exceeding", and it is understood that the number is included if "above", "below", "within" is referred to. If reference is made to "first", "second" it is to be understood as being used for distinguishing technical features and not as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
The technical terms involved include:
IR (intermediate representation) is an intermediate language in the LLVM framework, which corresponds to a "bridge" of the front end and the back end of a compiler, different programming languages are input to the front end, and after being uniformly converted into an IR expression, the IR expression is provided for the back end to generate a target machine instruction.
JNI is an abbreviation of Java Native Interface, and by writing a program using a Java native interface, it can be ensured that code is convenient to migrate on different platforms.
Example 1.
Referring to fig. 1, a An Zhuoyuan code protection method is shown, comprising:
s1, converting an original dex file into a class file;
s2, extracting and translating functions in the class file into corresponding functions of C++, and obtaining a cpp file;
s3, compiling cpp files through the customized NDK to obtain a reinforced ABI dynamic library;
s4, converting the class file after the function extraction into a second dex file;
s5, packaging the ABI dynamic library and the second dex file to form a new code file.
The original dex file is a dex file which is read and not modified by the method in the code file which is programmed completely; cpp file is source file; NDK is Native Development Kit, which is a development kit for Android; ABI is an application binary interface (Application Binary Interface, ABI); the dynamic library is a dynamic link library, and the ABI dynamic library is a dynamic link library of ABI.
The detailed flow of the corresponding An Zhuoyuan code protection method comprises the following steps:
compilation of Java code will generate a dex file. Giving any apk file, taking out a dex file containing core realization, reading out each type of information in the dex file according to the dex file format given by the official of ***, converting according to a preset rule (namely, converting the dex format into a class format), and outputting a corresponding class file.
For each individual class file, the bytecode of each function is read, translated into C++ language, and the corresponding translated function is a native function, resulting in cpp file of the corresponding function. In the native function, the same (code/run) logic is expressed when jvm emulates the run of the function (in the class file) using the way the jni reflection calls the java code.
Compiling a cpp file expressing the same logic C++, using the NDK customized by a compiler, into a dynamic library libxxx.so corresponding to the ABI; the customization of the NDK comprises the following steps: the virtualization protection technology of the so file and common content confusion identify the code to be protected and divide, traverse and add a virtual machine got table, traverse and process LLVM inherent instructions, traverse and add virtual machine global variables, call a back-end converter to generate virtual machine byte codes, and modify the function to be protected into a virtual machine intermediate function.
The core principle of the virtualization protection technology is as follows: and locally converting the function byte code instruction into a corresponding custom instruction for encryption storage, evacuating the function body instruction, inserting a virtual machine interpretation function, and searching the corresponding custom instruction through an interpreter interface when the corresponding function is called by a system to carry out a process of performing cycle-by-cycle interpretation execution.
Content confusion, namely the confusion means of so files, has the core principle that: and an irrelevant code is inserted into the function, so that the instruction quantity of the function is expanded, and the difficulty of reverse analysis is increased.
Compiler back-end converter role: the method mainly converts an intermediate language generated by a front end into assembler machine instructions running on a processor.
The basic principle of how to generate virtual machine bytecodes: the Java byte codes generate virtual machine byte codes through a custom conversion table, and the Java byte codes and the virtual machine byte codes have a one-to-one correspondence.
By traversing LLVM IR code, it is converted into corresponding virtual machine bytecodes. The virtual machine compiler template traversing mode is to traverse according to LLVM IR language, namely, the mode of function- > block- > instruction, and then translate each corresponding instruction. When the software runs, the byte codes generated by compiling are interpreted by a virtual machine interpretation engine embedded in the executable file of the software, when the function is called by a system, the function enters a JNI initialization environment through an interpreter interface, a virtualized stack space is allocated, corresponding custom instructions are searched for performing cycle interpretation one by one, and finally an execution result is returned.
The class file includes the contents processed by the steps described above (i.e., evacuated) and the contents not processed (i.e., not evacuated). The class file of the bytecode will be evacuated as well as the non-evacuated bytecode. The recombination is converted into a new. Dex file. And then adding the compiled interpreter dynamic library file to the directory corresponding to the ABI, and replacing the original dex file with the new dex file. And finally deleting the certificate file in the original signature catalog, repackaging and signing the APK file, and installing, operating and using the APK file.
Through the steps, any application which is not reinforced after development is completed can have safe application protection capability without carrying out secondary development for each application safety. The method effectively avoids various security risks caused by Java security defects, realizes deep security protection of source codes, and effectively protects intellectual property rights.
The An Zhuoyuan code protection method has at least the following beneficial effects: the code can be safely processed on the native layer by converting the whole function into the function of C++, so that the difficulty of decoding can be improved; the cpp file can be reinforced in a targeted manner through the customized NDK, so that the safety is improved; and packing the ABI dynamic library and the second dex file to form a formal code file.
According to further embodiments of the present invention, a An Zhuoyuan code protection method extracts and translates functions in class files into corresponding c++ functions, including: the same code logic is implemented by jni reflection to call the byte code of the function in the class file to obtain the corresponding function of C or C++ version. The Java instruction codes are transferred to the C/C++ function for interpretation and execution through the custom interpreter, original Java instruction logic is not existed in the execution process all the time, VMP protection cannot be recovered by direct memory uncoating, and the security is stronger.
According to An Zhuoyuan code protection methods of other embodiments of the present invention, customized NDKs are specifically used to: virtualization protection, content obfuscation, identifying specific codes and partitioning, traversing and adding virtual machine got tables, traversing and processing LLVM native instructions, traversing and adding virtual machine global variables, calling a back-end converter to generate virtual machine bytecodes, and modifying functions to be protected as virtual machine intermediate functions.
According to further embodiments of the present invention, a An Zhuoyuan code protection method, a cpp file is obtained, including: translating the bytecode instructions in the function; generating a Native constant pool file; initializing the running environment of the Native function; registering a Native function; the source file list in the VMakelist file is replaced.
The method comprises the steps of generating a native constant pool file: for a constant pool in java, a corresponding string cache pool must be in c++ to store all possible string information.
Constant pool: all constants are stored in the Class file, and in Java, constant pools can be divided into two forms, static constant pools and runtime constant pools.
The static constant pool is characterized in that the constant pool in the class file is provided with character string literal quantity, class information, method information and the like, occupies a larger part of space of the class file, and mainly stores the literal quantity and the symbol reference quantity in the constant pool.
And the constant pool is operated by the java virtual machine after finishing class loading, and the constant pool in the class file is loaded into the memory and is ensured to be in a method area.
Native function registration, using dynamic registration mode, JNI allows to provide a function mapping table for registering to Java virtual machine, thus JVM can call corresponding function by function mapping table, and can find the function to be called without function name.
An Zhuoyuan code protection methods according to further embodiments of the invention further include providing auxiliary classes to handle interface functions; and carrying out corresponding processing aiming at specific function attributes.
One embodiment of the invention provides An Zhuoyuan code protection apparatus comprising a processor to perform: converting the original dex file into a class file; extracting and translating functions in the class file into corresponding functions of C++, and obtaining a cpp file; compiling cpp files through the customized NDK to obtain a reinforced ABI dynamic library; converting the class file after the function extraction into a second dex file; the ABI dynamic library and the second dex file are packaged to form a new code file.
According to other embodiments of the present invention, a An Zhuoyuan code protection device extracts and translates functions in class files into corresponding c++ functions, including: the same code logic is implemented by jni reflection to call the byte code of the function in the class file to obtain the corresponding function of C or C++ version.
According to further embodiments of the An Zhuoyuan code protection device of the present invention, the customized NDK is specifically configured to: virtualization protection, content obfuscation, identifying specific codes and partitioning, traversing and adding virtual machine got tables, traversing and processing LLVM native instructions, traversing and adding virtual machine global variables, calling a back-end converter to generate virtual machine bytecodes, and modifying functions to be protected as virtual machine intermediate functions.
According to other embodiments of the invention, the An Zhuoyuan code protection device, the processor is further configured to create a navactive constant pool file; and establishing a running stack, a cache pool stored by the local variable and an object reference cache pool.
According to further embodiments of the invention, the An Zhuoyuan code protection device, the processor is further configured to register Native functions and a list of alternate source files.
Example 2.
This embodiment is used to explain the An Zhuoyuan code protection flow based on embodiment 1.
The overall An Zhuoyuan code protection flow as shown in fig. 2 includes:
s01, converting a dex file into a class file;
i.e. converting the original dex file into a class file.
The method specifically comprises the steps of reading out each class information of the dex file according to the dex file format, and packaging all class information into a class file.
S02, translating the class file into a cpp file of C++;
and extracting and translating the functions in the class file into corresponding C++ functions to obtain the cpp file.
The method specifically comprises the steps of reading class information in a class file format strictly, and translating byte codes in each core class function, wherein the translation is to use jni reflection to call java codes to realize the same logic.
S03, compiling cpp files into a so library, and converting class after evacuating code instructions into dex;
namely compiling the cpp file to obtain a reinforced ABI dynamic library; and converting the class file after the function extraction into a second dex file.
Specifically, the method comprises the steps of constructing a customized NDK compiling environment, setting a compiling tool chain into a designated tool chain for compiling by using CMake, and converting class after the Java function byte codes are evacuated back to dex.
Wherein, CMake is a cross-platform installation (compiling) tool, and the installation (compiling process) of all platforms can be described by simple sentences. The evacuation is defined as the content left un-extracted/selected after the extraction/selection function.
S04, repackaging the compiled so library and the converted dex into apk, signing and running.
I.e. the ABI dynamic library and the second dex file are packaged to form a new code file.
The method specifically comprises the steps of deleting a signature before calling, replacing the previous dex with a dex file after conversion, adding a compiled so library under a dynamic library architecture directory appointed by application, and repacking.
The specific flow or principle of the c++ cpp file from the class file shown in fig. 3 includes:
s11, analyzing class files;
analyzing each class file read from the dex file; if it is not content in class file format, copy a copy directly.
S12, class analysis;
and for each class file obtained in the step S11, processing to obtain all class information of the class file according to the class file format. Judging whether specific class information meets the requirement of class processing or not, and providing auxiliary classes because the interface classes do not have corresponding native methods (functions) for processing; such that the interface function is provided with auxiliary classes to effect the conversion; the interface class invokes the auxiliary class, naming the space in the class-corresponding cpp. The principle is that for each obtained function information, special or general processing is performed according to the attribute of the function, such as: 1. if the function is an active, the processing is not carried out 2. If the function is an init function, the function is a clinit function, some initialization codes need to be added to facilitate the registration of the active, etc. 3. If the function is an interface class function, an auxiliary class needs to be used for realizing the active.
S13, function analysis;
for each piece of obtained function information, special or general processing is performed according to the attribute of the function, such as:
1. if the function is a native function and an abstract function, the processing is not performed;
2. if the initial function and the clinit function are adopted, some initialization codes need to be added, so that convenience such as native registration and the like is realized; for example, init and clinit are initializing functions before Java class member functions are executed, and codes such as native registration functions are inserted, so that the initializing operation of the virtual machine can be guaranteed to be completed before the consolidated functions are interpreted and executed.
3. In the case of interface class functions, auxiliary classes are required to implement native transformations. Whereas the interface function corresponds to a function under the namespace in cpp:
namespaces: in c++, names (names) may be sign constants, variables, macros, functions, structures, enumerations, classes, objects, and so on. To avoid collisions of these identifier naming in large-scale program designs, and when programmers use a wide variety of c++ libraries, standard c++ introduces the key name space/namespace/domain, which allows better control over the scope of the identifier.
S14, instruction translation;
traversing each byte code instruction of each obtained function, and performing special processing on special instructions, such as LOOKUPSWITCH, wherein keys and corresponding labels of all switch branches need to be found out first, and a switch statement corresponding to cpp is encoded according to the information. In general, all information related to the instruction needs to be found out first, and then translated into cpp according to an operation code table.
S15, generating Native constant pool files;
if there is a jni reflection statement written in c++ language that can express the corresponding logic, for the constant pool in java, there must be a corresponding string cache pool in c++ to store all the string information that may be used.
S16, initializing a Native function operation environment;
in addition to requiring constant pools, a similar run stack as in jvm is required, with local variables holding a cache pool to which objects refer.
S20, native function registration;
the Native function registration uses a dynamic registration mode, when each class file is loaded, a clinit function (clinit is an initialization function before Java class member function execution, and can ensure that the initialization operation of the virtual machine is completed before the consolidated function is interpreted and executed) must be initialized, and the Native function registration corresponding to the class is placed in the function.
S21, generating a CMakeList file.
Each translated class file corresponds to a cpp file and an h file, which need to be collected to replace the source file list in the CMakeLists file for later compiling using cmake.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of one of ordinary skill in the art without departing from the spirit of the present invention. Furthermore, embodiments of the invention and features of the embodiments may be combined with each other without conflict.
Claims (6)
1. An Zhuoyuan code protection method, characterized by comprising:
converting the original dex file into a class file;
extracting and translating the integral function in the class file into a corresponding function of C++, so as to obtain a cpp file; the cpp file obtaining process comprises the following steps: translating each bytecode instruction in each function; generating a Native constant pool file; initializing the running environment of the Native function; registering a Native function; replacing a source file list in the VMakelist file;
compiling the cpp file through the customized NDK to obtain a reinforced ABI dynamic library; wherein, the customized NDK is specifically configured to: virtualization protection, content confusion, specific code identification and segmentation, traversal and addition of a virtual machine got table, traversal and processing of LLVM inherent instructions, traversal and addition of a virtual machine global variable, calling of a back-end converter to generate a virtual machine byte code and modification of a function to be protected as a virtual machine intermediate function; compiling the cpp file through the customized NDK to obtain a reinforced ABI dynamic library, which specifically comprises the following steps: constructing a customized NDK compiling environment, and compiling the cpp file by using a CMake setting compiling tool chain to obtain a reinforced ABI dynamic library;
converting the class file after the function extraction into a second dex file;
packaging the ABI dynamic library and the second dex file to form a new code file.
2. The An Zhuoyuan code protection method of claim 1, wherein said extracting and translating functions in said class file as corresponding c++ functions comprises:
and calling the byte codes of the functions in the class file through jni reflection, and realizing the same code logic to obtain the corresponding C or C++ version functions.
3. The An Zhuoyuan code protection method of claim 1, further comprising:
providing auxiliary classes to process the interface functions;
and carrying out corresponding processing aiming at specific function attributes.
4. An Zhuoyuan code protection means comprising a processor for performing:
converting the original dex file into a class file;
extracting and translating the integral function in the class file into a corresponding function of C++, so as to obtain a cpp file; the cpp file obtaining process comprises the following steps: translating the bytecode instructions in the function; generating a Native constant pool file; initializing the running environment of the Native function; registering a Native function; replacing a source file list in the VMakelist file;
compiling the cpp file through the customized NDK to obtain a reinforced ABI dynamic library; wherein, the customized NDK is specifically configured to: virtualization protection, content confusion, specific code identification and segmentation, traversal and addition of a virtual machine got table, traversal and processing of LLVM inherent instructions, traversal and addition of a virtual machine global variable, calling of a back-end converter to generate a virtual machine byte code and modification of a function to be protected as a virtual machine intermediate function; compiling the cpp file through the customized NDK to obtain a reinforced ABI dynamic library, which specifically comprises the following steps: constructing a customized NDK compiling environment, and compiling the cpp file by using a CMake setting compiling tool chain to obtain a reinforced ABI dynamic library;
converting the class file after the function extraction into a second dex file;
packaging the ABI dynamic library and the second dex file to form a new code file.
5. The An Zhuoyuan code protection device of claim 4, wherein said extracting and translating functions in said class file to corresponding c++ functions comprises:
and calling the byte codes of the functions in the class file through jni reflection, and realizing the same code logic to obtain the corresponding C or C++ version functions.
6. The An Zhuoyuan code protection device of claim 5, wherein the process of obtaining a cpp file further comprises:
providing auxiliary classes to process the interface functions;
and carrying out corresponding processing aiming at specific function attributes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010294655.XA CN111597514B (en) | 2020-04-15 | 2020-04-15 | An Zhuoyuan code protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010294655.XA CN111597514B (en) | 2020-04-15 | 2020-04-15 | An Zhuoyuan code protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111597514A CN111597514A (en) | 2020-08-28 |
| CN111597514B true CN111597514B (en) | 2023-10-13 |
Family
ID=72183196
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010294655.XA Active CN111597514B (en) | 2020-04-15 | 2020-04-15 | An Zhuoyuan code protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111597514B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395614B (en) * | 2020-11-27 | 2023-07-28 | 南京理工大学 | LLVM-based Android application program virtualization protection method |
| CN113127004B (en) * | 2021-05-06 | 2022-08-16 | 福建省天奕网络科技有限公司 | Method and system for realizing VMP protection of android terminal |
| CN113836495A (en) * | 2021-09-25 | 2021-12-24 | 上海蛮犀科技有限公司 | Method for equivalently converting Java code into C + + code |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN104462883A (en) * | 2014-11-09 | 2015-03-25 | 刘鹏 | APK file strengthening method |
| KR20180028666A (en) * | 2016-09-09 | 2018-03-19 | 단국대학교 산학협력단 | Method and apparatus for preventing reverse engineering |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
| WO2018192025A1 (en) * | 2017-04-19 | 2018-10-25 | 北京洋浦伟业科技发展有限公司 | Method for protecting executable program on android platform |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
| CN109857447A (en) * | 2018-12-27 | 2019-06-07 | 广州幂动科技有限公司 | A kind of automation packaging method of the Android APP application packet batch with security signature |
| CN110245467A (en) * | 2019-05-13 | 2019-09-17 | 西北大学 | Android application program guard method based on Dex2C and LLVM |
-
2020
- 2020-04-15 CN CN202010294655.XA patent/CN111597514B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462883A (en) * | 2014-11-09 | 2015-03-25 | 刘鹏 | APK file strengthening method |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| KR20180028666A (en) * | 2016-09-09 | 2018-03-19 | 단국대학교 산학협력단 | Method and apparatus for preventing reverse engineering |
| WO2018192025A1 (en) * | 2017-04-19 | 2018-10-25 | 北京洋浦伟业科技发展有限公司 | Method for protecting executable program on android platform |
| CN108733988A (en) * | 2017-04-19 | 2018-11-02 | 北京洋浦伟业科技发展有限公司 | The guard method of executable program on Android platform |
| CN108681457A (en) * | 2018-05-11 | 2018-10-19 | 西北大学 | The Android application program guard methods explained with residual code based on code sinking |
| CN108846264A (en) * | 2018-06-11 | 2018-11-20 | 北京奇虎科技有限公司 | Code reinforcement means, device, intelligent terminal and computer readable storage medium |
| CN109857447A (en) * | 2018-12-27 | 2019-06-07 | 广州幂动科技有限公司 | A kind of automation packaging method of the Android APP application packet batch with security signature |
| CN110245467A (en) * | 2019-05-13 | 2019-09-17 | 西北大学 | Android application program guard method based on Dex2C and LLVM |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111597514A (en) | 2020-08-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108681457B (en) | Android application program protection method based on code sinking and residual code interpretation | |
| CN108932406B (en) | Virtualization software protection method and device | |
| CN108733988B (en) | Method for protecting executable program on android platform | |
| CN111597514B (en) | An Zhuoyuan code protection method and device | |
| US8863079B2 (en) | Efficient and expansive conversions between reference and primitive | |
| US11354103B2 (en) | Load module compiler | |
| TWI453671B (en) | Method and apparatus for combined execution of native code and target code during program code conversion | |
| CN107924326B (en) | Overriding migration methods of updated types | |
| CN108491235B (en) | DEX protection method combining dynamic loading and function Native | |
| CN111813389A (en) | Manual refinement of specialized classes | |
| CN109948308A (en) | Code security guard method, device, electronic equipment and computer readable storage medium | |
| CN112052433B (en) | Virtual protection method, terminal and storage medium for Jar file | |
| CN111782334B (en) | Dynamic link library file virtualization method, storage medium and terminal equipment | |
| Casset | Development of an embedded verifier for java card byte code using formal methods | |
| CN106557350B (en) | JAVA byte code conversion method, device and equipment in application program installation package | |
| EP1438644A2 (en) | Method for fast compilation of preverified java bytecode to high quality native machine code | |
| Korenčik | Decompiling binaries into LLVM IR using McSema and Dyninst | |
| Haijiang et al. | Nightingale: Translating embedded VM code in x86 binary executables | |
| Staursky | Lambda Calculus for Binary Security and Analysis | |
| US11194756B2 (en) | Systems and methods for facilitating interactions with remote memory spaces | |
| Kågström et al. | Cibyl: an environment for language diversity on mobile devices | |
| Puder et al. | Towards an XML-based bytecode level transformation framework | |
| Wendland | WebAssembly as a Multi-Language Platform | |
| Marevac et al. | Design and Implementation of a Virtual Machine for a Dynamic Object-Oriented Programming Language | |
| CN114707124A (en) | NET platform code protection method and system based on code virtualization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 518000 w601, Shenzhen Hong Kong industry university research base, 015 Gaoxin South 7th Road, high tech Zone community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Applicant after: ASPIRE TECHNOLOGIES (SHENZHEN) LTD. Address before: 518000 south wing, 6th floor, west block, Shenzhen Hong Kong industry university research base building, South District, high tech Industrial Park, Nanshan District, Shenzhen City, Guangdong Province Applicant before: ASPIRE TECHNOLOGIES (SHENZHEN) LTD. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |