CN1288526C - Software protective method based on function encrypting - Google Patents

Software protective method based on function encrypting Download PDF

Info

Publication number
CN1288526C
CN1288526C CN 200410073699 CN200410073699A CN1288526C CN 1288526 C CN1288526 C CN 1288526C CN 200410073699 CN200410073699 CN 200410073699 CN 200410073699 A CN200410073699 A CN 200410073699A CN 1288526 C CN1288526 C CN 1288526C
Authority
CN
China
Prior art keywords
function
file
encrypted
encryption function
library file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN 200410073699
Other languages
Chinese (zh)
Other versions
CN1588265A (en
Inventor
吴起
毕经平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN 200410073699 priority Critical patent/CN1288526C/en
Publication of CN1588265A publication Critical patent/CN1588265A/en
Application granted granted Critical
Publication of CN1288526C publication Critical patent/CN1288526C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to the technical field of computer application for preventing software from being decrypted, particularly to a software protection method based on function encryption. The method comprises the steps that firstly, the encrypted file is selected, the function is abstracted, the function is encrypted, initialized constant of the function is encrypted, the library file in which the function is located is encrypted, and the abstract function is generated to the abstract of the protected file; an array containing the initialized constant of the encrypt function is generated according to the abstract; the encrypted function is modified, and is initialized by the abstract and the array; the library file in which the encrypt function is located is compiled again, the compiled library file is used for replacing the original library file, and thus, the executable file is protected. The present invention provides the decryption resistance capability for the executable file of the computer software. The encrypted function of the present invention does not need to be reduced to the encrypt function, and then the encrypted function can be executed. The encrypted function can not be obtained by decryption persons, and thus, the encrypted function can not be decrypted.

Description

Method for protecting software based on function encrypting
Technical field
The present invention relates to method for protecting computer software, particularly prevent the method that software is cracked.
Technical background
How the approval of the whole society that the importance of computer software more and more obtains prevents that it is that the protection computer software is not by the gordian technique of piracy that software is not cracked.Though the software of issue is the executable file of binary format mostly, but various decompiling instrument such as W32Dasm, IDAPro etc. can decompile into these binary files and be assembly routine, make a people with certain Basis of Computer Engineering to make amendment to executable file.The appearance of powerful SoftICE debugger makes people to follow the tracks of the whole process of program run, and breakpoint arbitrarily is set debugs.
Method for protecting software commonly used at present has the sequence number protection; warning window; time restriction; the menu function restriction; key file protection or the like; these methods can make the condition redirect into unconditional jump and can remove software protection then by seeking corresponding conditions redirect statement in the assembly code after decompiling greatly.The guard method that more is difficult to crack some mainly comprises anti-tracking technology and encryption technology.Wherein anti-tracking technology is by adding some special instructions (being referred to as the flower instruction) in program code, and what make that the decompiling instrument can't be correct carries out decompiling to binary file.Encryption technology is that executable file is carried out conversion, and the file after the conversion can't carry out decompiling.Though these two kinds of technology can prevent from simply to revise the method for jump instruction, they still have obvious defects.For anti-tracking technology,, revise these flower instructions and just can be easy to such an extent that program is carried out decompiling afterwards if the cracker has also grasped the skill of colored instruction.File after the encryption technology can not be performed when can not be compiled, need shell earlier when therefore carrying out, internal memory when the cracker moves by supervisory programme just can obtain to add shell binary code before easily, thereby can carry out decompiling.
Summary of the invention
The objective of the invention is for the ability that prevents that executable file is modified is provided to computer software.In order to realize this purpose, comprise the following steps: based on the method for protecting software of function encrypting
Selected protected executable file, abstract function, encryption function, the initialization constant of encryption function, needed library file when protected executable file moves, wherein encryption function is present in (hereinafter to be referred as library file) in this library file;
Use abstract function to generate the summary of protected executable file;
Generate the square formation that comprises constant in the encryption function according to summary;
Use summary and square formation, replace the constant in the encryption function;
Recompilate the library file at encryption function place, obtain new library file, use new library file to replace original library file, promptly finish protection protected executable file.
Description of drawings
Fig. 1 function encrypting process synoptic diagram
Embodiment
If being us, file E wants the executable file protected, f (w 1..., w m) be the encryption function that we select for use, this function is present among the needed library file L of E when operation, wherein w 1..., w mIt can be data type arbitrarily.If f is (w 1..., w m) n local variable v arranged 1..., v nNeed initialization.Has only the v of working as 1..., v nGet c respectively 1..., c nThe time, function can provide correct output, and under other situations, the output result that function provides will be wrong.If to protected executable file E make a summary the data block h (E) that obtained the n byte long=<p 1..., p n, p wherein iBe the numerical value (0≤p of i byte i<256), h is an abstract function.Structural matrix
Figure C20041007369900041
Wherein a i , p i + 1 = c i , Other are locational to be the number that produces at random.Be that we are c 1..., c nLeave vector<p in the stochastic matrix in 1..., p nOn the specified position.Constructed fuction f *(w 1..., w m, w M+1), w wherein M+1Be newly-increased n-dimensional vector parameter, w M+1=<p 1+ 1 ..., p n+ 1 〉.During setting forth conveniently, make w M+1[i] represents vectorial w M+1I dimension element, i.e. w M+1[i]=p i+ 1.Except having increased a vectorial parameter, f *Another different f that just are with f *Use matrix A and vectorial w M+1Come initialization local variable v 1..., v n, promptly at f *Middle order
v i = a i , w m + 1 [ i ]
Remove in addition f *Identical with f.Obviously have
f *(w 1,…,w m,<p 1,…,p n>))=f(w 1,…,w m)
f *Be us and use the data block<p of n byte long 1..., p nResult after function f encrypted, i.e. f *Implied data<p 1..., p n.Being encrypted in source code level carries out.If employed function h had nonreversibility (for example using the SHA hash algorithm) when protected executable file was made a summary, a promptly arbitrarily given in practice summary result wants to construct one section specific message to make this message made a summary to obtain top summary result just be unusual difficulty on calculating.Equally, the software cracker to have revised the summary that keeps this document after the protected executable file constant equally also be unusual difficulty.Be that our algorithm can effectively prevent the modification to protected executable file A.At last, we carry out in the encrypted process without any the redirect statement function f, the assignment statement of constant has also become after encryption and has been found everywhere the variable assignments statement, be compiled into the disguise of more having strengthened these statements after the scale-of-two, so the cracker wants the f after encrypting *Recovering f also is very difficult on calculating, and promptly the cracker also is difficult to reach the purpose that cracks by revising library file.
Above discussion illustrated that our protection is effectively, promptly the cracker to want to revise protected executable file or library file all be unusual difficulty on calculating.Below we to f *Some character discuss.At first, the f after the encryption *Itself also be to carry out function, do not need to restore earlier the f function in the running program running process and call then that promptly the f function occurs never.This characteristic herein method of making is different from the common shell guard method that adds.In the process that adds the shell protection, at first the f function is added shell and generate
Figure C20041007369900052
It is the one section binary code that can not carry out.Need the program of operation shelling earlier conversion in the time of program run
Figure C20041007369900053
Becoming f calls then.The important drawback that adds the shell guard method is that the cracker only needs the internal memory in supervisory programme when operation just can be easy to obtain f function itself, use f replacement
Figure C20041007369900054
After, how complicated no matter add shell and shelling algorithm has and is difficult to crack, and adds the shell protection and has just lost effect fully.Owing to do not need to restore encryption function f during the operation of method herein, the cracker can't be by monitoring that internal memory cracks.
Encrypt the back function f *Performance also be that we are concerned about very much.If f *Performance have bigger performance to descend than f, the scope of application of encryption method will reduce greatly so.Can see f by ciphering process *Compare with f and just the constant assignment have been made into variable and duplicate, so f *In full accord with the performance of f.That is to say that the encryption method of this paper can be used for any function.
Below we use an example that the processing procedure of this method is described, its detailed step is as follows:
Step 1, selected encrypted file E, abstract function h, encryption function f, the library file L at encryption function place, the n of encryption function variable v 1..., v nWith these variablees are carried out initialized constant c 1..., c n
Step 2, use abstract function to E make a summary obtain h (E)=<p 1..., p n.
Square formation A=(a of step 3, structure n * n size I, j) N * n, wherein
Figure C20041007369900061
Rand is a random number generation function.
The source code of step 4, modification function is initialization of variable assignment statement v i=c iReplace with
v i = a i , w m + 1 [ i ] .
Step 5, compile amended source code, establishing resulting new library file is L *, in installation procedure, use L *Replace original library file L, then can finish protection protected executable file.Fig. 1 has provided the synoptic diagram of this method.

Claims (5)

1. one kind based on the method for protecting software that function is encrypted, and comprises step:
● selected protected executable file, abstract function, encryption function, the initialization constant of encryption function, needed library file when protected executable file moves, wherein encryption function is present in this library file;
● use abstract function to generate the summary of protected executable file;
● generate the square formation that comprises constant in the encryption function according to summary;
● use summary and square formation, replace the constant in the encryption function;
● recompilate the library file at encryption function place, obtain new library file, use new library file to replace original library file, promptly finish protection protected executable file.
2. method according to claim 1 is characterized in that, encryption function is not in protected executable file.
3. method according to claim 1 is characterized in that, uses the summary of protected executable file to restore the constant of encryption function from square formation.
4. method according to claim 1 is characterized in that, it also is executable using the encryption function itself after summary and square formation are replaced the constant of encryption function.
5. method according to claim 1 is characterized in that, uses summary and square formation that the constant of encryption function is replaced front and back, and the complexity of encryption function is identical.
CN 200410073699 2004-09-01 2004-09-01 Software protective method based on function encrypting Expired - Fee Related CN1288526C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200410073699 CN1288526C (en) 2004-09-01 2004-09-01 Software protective method based on function encrypting

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200410073699 CN1288526C (en) 2004-09-01 2004-09-01 Software protective method based on function encrypting

Publications (2)

Publication Number Publication Date
CN1588265A CN1588265A (en) 2005-03-02
CN1288526C true CN1288526C (en) 2006-12-06

Family

ID=34604762

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200410073699 Expired - Fee Related CN1288526C (en) 2004-09-01 2004-09-01 Software protective method based on function encrypting

Country Status (1)

Country Link
CN (1) CN1288526C (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100428262C (en) * 2006-09-22 2008-10-22 中山大学 A software protection method based on modified one time pad
CN101853357A (en) * 2010-04-28 2010-10-06 北京飞天诚信科技有限公司 Software protection method
CN109033763B (en) * 2018-08-01 2020-09-04 浪潮金融信息技术有限公司 Program encryption method and device, readable medium and storage controller
CN109992935B (en) * 2019-03-15 2021-05-25 同盾控股有限公司 Source code protection method and device
CN110826066B (en) * 2019-10-30 2024-05-31 腾讯科技(深圳)有限公司 Code abstract generation method, device and computer storage medium

Also Published As

Publication number Publication date
CN1588265A (en) 2005-03-02

Similar Documents

Publication Publication Date Title
Behera et al. Different obfuscation techniques for code protection
EP3000068B1 (en) Protecting data
US7958554B2 (en) Secure method and system for computer protection
CN109740363B (en) Document grading desensitization encryption method
Kovacheva Efficient code obfuscation for Android
CN107341374B (en) Insertion method and device of opaque predicates
Chua et al. Effectiveness of android obfuscation on evading anti-malware
CN106778100B (en) Obfuscation compiling method and obfuscation compiler based on android platform and IOS platform
Martín et al. An in-depth study of the jisut family of android ransomware
US8707053B2 (en) Performing boolean logic operations using arithmetic operations by code obfuscation
CN112115427A (en) Code obfuscation method, device, electronic device and storage medium
Yuste et al. Avaddon ransomware: An in-depth analysis and decryption of infected systems
CN1288526C (en) Software protective method based on function encrypting
Cicala et al. Analysis of encryption key generation in modern crypto ransomware
US7000119B1 (en) Instruction/data protection employing derived obscuring instruction/data
Drape et al. Slicing aided design of obfuscating transforms
CN106789051A (en) A kind of method for protecting file, device and computing device
Talukder et al. Analysis of obfuscated code with program slicing
Gautam et al. A novel software protection approach for code obfuscation to enhance software security
CN114036521A (en) Method for generating countermeasure sample of Windows malicious software
CN110147238B (en) Program compiling method, device and system
Cheng et al. Malware clustering using family dependency graph
Koch On the future of cybersecurity
Xianya et al. A survey of software protection methods based on self-modifying code
Sha et al. Model of execution trace obfuscation between threads

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO.

Free format text: FORMER OWNER: INST. OF COMPUTING TECHNOLOGY, CHINESE ACADEMY OF SCIENCES

Effective date: 20110121

C41 Transfer of patent application or patent right or utility model
COR Change of bibliographic data

Free format text: CORRECT: ADDRESS; FROM: 100080 NO. 6, KEXUEYUAN SOUTH ROAD, ZHONGGUANCUN, BEIJING TO: 100083 17/F, TOWER B, HUIZHI BUILDING, NO. 9, XUEQING ROAD, HAIDIAN DISTRICT, BEIJING

TR01 Transfer of patent right

Effective date of registration: 20110121

Address after: 100083 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Patentee after: FEITIAN TECHNOLOGIES Co.,Ltd.

Address before: 100080 No. 6 South Road, Zhongguancun Academy of Sciences, Beijing

Patentee before: Institute of Computing Technology, Chinese Academy of Sciences

C56 Change in the name or address of the patentee

Owner name: FEITIAN TECHNOLOGIES CO., LTD.

Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN TECHNOLOGIES CO., LTD.

CP03 Change of name, title or address

Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Patentee after: Feitian Technologies Co.,Ltd.

Address before: 100083 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20061206

CF01 Termination of patent right due to non-payment of annual fee