TWI648648B - Protection method of executable program on android platform - Google Patents

Protection method of executable program on android platform Download PDF

Info

Publication number
TWI648648B
TWI648648B TW106128965A TW106128965A TWI648648B TW I648648 B TWI648648 B TW I648648B TW 106128965 A TW106128965 A TW 106128965A TW 106128965 A TW106128965 A TW 106128965A TW I648648 B TWI648648 B TW I648648B
Authority
TW
Taiwan
Prior art keywords
function
file
code
classes
byte code
Prior art date
Application number
TW106128965A
Other languages
Chinese (zh)
Other versions
TW201839644A (en
Inventor
闞志剛
陳彪
王衛民
朱丹
程顯龍
盧佐華
Original Assignee
大陸商北京梆梆安全科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商北京梆梆安全科技有限公司 filed Critical 大陸商北京梆梆安全科技有限公司
Publication of TW201839644A publication Critical patent/TW201839644A/en
Application granted granted Critical
Publication of TWI648648B publication Critical patent/TWI648648B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

本申請提供一種安卓平台上可執行程式的保護方法,包含:確定APK應用程式套件中的classes.dex檔案中要保護的函式,修改後形成新的classes.dex檔案;編寫函式的C/C++語言實作;將函式的C/C++語言實作編譯為動態連結函式庫;在APK應用程式套件中,用新的classes.dex檔案替換原classes.dex檔案,將動態連結函式庫加入APK應用程式套件。本發明不但提高了逆向分析的難度,而且更大幅度地提高了還原程式碼的難度。 The application provides a method for protecting an executable program on an Android platform, comprising: determining a function to be protected in a classes.dex file in an APK application suite, and modifying to form a new classes.dex file; writing a function C/ C++ language implementation; compile the C/C++ language implementation of the function into a dynamic link library; in the APK application suite, replace the original classes.dex file with the new classes.dex file, and dynamically link the library Join the APK app kit. The invention not only improves the difficulty of the reverse analysis, but also greatly increases the difficulty of restoring the code.

Description

安卓平台上可執行程式的保護方法 Protection method for executable programs on Android platform

本發明涉及一種軟體處理技術,更具體而言,本發明涉及一種用於安卓(Android)平台的可執行程式的保護方法。 The present invention relates to a software processing technique, and more particularly to a method for protecting an executable program for an Android platform.

安卓平台上採用Java語言進行開發,Java語言是一種跨平台的,直譯性的語言,Java的原始碼編譯為一種「位元組碼」形式的中間碼,這種位元組碼保留了很多原始碼的資訊,例如方法(函式)名,變數名等,從而使得Java位元組碼的反編譯(decompiling)變得非常容易。為了保護安卓程式的應用版權等,需要對應用程式進行保護。 The Android platform is developed in the Java language. The Java language is a cross-platform, translatable language. The Java source code is compiled into a middle byte in the form of a "bytes". This byte code retains a lot of originals. Code information, such as method (function) names, variable names, etc., makes decompilation of Java bytecodes very easy. In order to protect the copyright of the application of the Android program, the application needs to be protected.

1.安卓平台基本介紹 1. Basic introduction of Android platform

APK(Android Application Package)是安卓平台上的可執行程式,其本質是一個zip檔案,主要包含以下幾類檔案:classes.dex、so檔案、AndroidManifest.xml、其他資源檔案(例如:圖片、xml檔案等)。 APK (Android Application Package) is an executable program on the Android platform. Its essence is a zip file, which mainly includes the following types of files: classes.dex, so files, AndroidManifest.xml, and other resource files (for example: images, xml files). Wait).

(1)classes.dex是Dalvik的可執行程式,該檔案裡面存放了所有的Java原始碼經過編譯後的位元組碼。也是本發明所欲保護的對象。 (1) classes.dex is Dalvik's executable program, which stores all the compiled bit bytes of the Java source code. It is also the object of the invention to be protected.

Dalvik是Google公司自己設計用於安卓平台的虛擬機器。 Dalvik虛擬機器是Google等廠商合作開發的安卓行動裝置平台的核心組成部分之一。它可以支援已轉換為.dex(即Dalvik Executable)格式的Java應用程式的運行,.dex格式是專為Dalvik設計的一種壓縮格式,適合記憶體和處理器速度有限的系統。Dalvik經過優化,允許在有限的記憶體中同時運行多個虛擬機器的實例,並且每一個Dalvik應用程式都作為一個獨立的Linux行程執行。獨立的行程可以防止在虛擬機器崩潰的時候所有程式都被關閉。 Dalvik is Google's own virtual machine designed for the Android platform. The Dalvik virtual machine is one of the core components of the Android mobile device platform developed by Google and other vendors. It can support the running of Java applications that have been converted to .dex (Dalvik Executable) format. The .dex format is a compression format designed for Dalvik, suitable for systems with limited memory and processor speed. Dalvik is optimized to allow multiple instances of virtual machines to run simultaneously in limited memory, and each Dalvik application is executed as a separate Linux itinerary. A separate itinerary prevents all programs from being closed when the virtual machine crashes.

Java原始碼編譯成dex檔案的過程如第1圖所示。在安卓平台上,Java的原始碼通過Javac編譯器先編譯為class檔案(標準的Java位元組碼),然後利用安卓提供的dx工具將多個class檔案轉換為一個dex檔案。 The process of compiling Java source code into a dex file is shown in Figure 1. On the Android platform, the Java source code is first compiled into a class file (standard Java bytecode) by the Javac compiler, and then multiple font files are converted into a dex file using the dx tool provided by Android.

classes.dex的格式如第2圖所示,主要由幾個部分組成:標頭(Dex Header)、各類表格(Table)、資料區段(Data Section)等。標頭包含了每個區域的大小及偏移信息,各類表格包含各種資料,如字元串表、類別名表、函式表等等,位元組碼裡面透過表格的索引來進行編碼。 The format of classes.dex is shown in Figure 2. It consists of several parts: the header (Dex Header), various tables (Table), and data sections (Data Section). The header contains the size and offset information of each area. Each type of table contains various materials, such as a character string table, a category name table, a function table, etc., and the byte code is encoded by the index of the table.

資料區段包含了位元組碼等資訊,例如以下語句: 其中「1a01 9408」是真正的Raw的位元組碼,「1a」為opcode,表示const-string,「01」代表暫存器v1,「9408」代表在字元串表中的第894項。 The data section contains information such as the byte code, such as the following statement: "1a01 9408" is the real Raw byte code, "1a" is opcode, indicating const-string, "01" is the register v1, and "9408" is the 894th item in the string table.

(2)so檔案。安卓平台除了Java平台外,還允許使用C/C++語言進行混合撰寫。同時提供了JNI介面(Java native interface)。JNI介面提供了一系列的介面允許從C/C++語言中操作Java語言中的物件,如設置某個Java物件的屬性(Field)、呼叫Java中的方法(method)等。 (2) so file. In addition to the Java platform, the Android platform allows for mixed writing in C/C++. A Java native interface is also provided. The JNI interface provides a set of interfaces that allow manipulation of objects in the Java language from the C/C++ language, such as setting the properties of a Java object, calling methods in Java, and so on.

由C/C++編寫的原始碼透過安卓平台之原生開發套件(native development kit;NDK)編譯為動態連結函式庫(dynamic-link library;DLL)(so檔案)。 The source code written in C/C++ is compiled into a dynamic-link library (DLL) (so file) through the native development kit (NDK) of the Android platform.

APK在安裝的時候,安卓系統使用虛擬機器(Dalvik或者ART)讀取dex檔案,然後執行dex檔案中的位元組碼。 When the APK is installed, the Android system uses a virtual machine (Dalvik or ART) to read the dex file and then execute the byte code in the dex file.

2.傳統的軟體保護技術 2. Traditional software protection technology

傳統的安卓平台上之軟體程式碼保護技術主要包含程式碼混淆和軟體加殼這兩種技術。程式碼混淆是指將計算機程式的程式碼轉換成一種功能上等價,但是難以閱讀和理解的形式之行為。程式碼混淆並不能真正阻止逆向工程,只能增強其理解難度。軟體加殼是另一種應用極其普遍的軟體保護技術。所謂「殼」,即包裹在程式外的一層程式碼,這層程式碼在被保護之程式碼執行前執行,執行解密程式碼、反偵錯等運算,完成這些任務後,再將執行權轉交給目標程式碼。軟體加殼能有效地阻止靜態分析,但很難阻止動態分析,因為最後的解密後的程式碼最終要在記憶體中執行,只要破解者能夠在記憶體中找到解密後的程式碼的地址,那麼脫殼就很容易。 The software code protection technology on the traditional Android platform mainly includes two technologies: code confusion and software pack. Code confusion is the act of converting a computer program's code into a functionally equivalent, but difficult to read and understand form. Code confusion does not really prevent reverse engineering, but only enhances its understanding. Software packer is another software protection technology that is extremely popular in applications. The so-called "shell" is a layer of code wrapped outside the program. This code is executed before the protected code is executed. The code is decrypted and counter-error-corrected. After completing these tasks, the execution right is transferred. Give the target code. Software packs can effectively prevent static analysis, but it is difficult to prevent dynamic analysis, because the final decrypted code is finally executed in the memory, as long as the cracker can find the address of the decrypted code in the memory. Then shelling is easy.

基於虛擬機器的軟體保護技術是在2005年之後流行起來的PC(個人計算機)端軟體保護技術,是目前PC(個人計算機)端最有效也是最流行的軟體保護技術,如「VMProtect」等。 The virtual machine-based software protection technology is a PC (Personal Computer) software protection technology that has become popular since 2005. It is the most effective and popular software protection technology for PC (Personal Computer), such as "VMProtect".

3.安卓平台上的軟體保護技術 3. Software protection technology on Android platform

目前在安卓平台市面上的保護方案與PC(個人計算機)上類似,主要有程式碼混淆和程式碼加殼技術。 At present, the protection scheme on the Android platform market is similar to that on a PC (Personal Computer), mainly including code confusion and code packing technology.

程式碼加殼主要有兩代技術:一代技術基於Java的類別載入技術進行保護,二代技術採用方法(函式)程式碼抽取加密的方式實作。 There are two generations of code-packing: the first-generation technology is protected by Java-based class loading technology, and the second-generation technology uses method (function) code extraction and encryption.

一代技術使用Java本身提供的類別載入技術,classes.dex被完整加密,存放到APK的資源中。運行時修改程式入口,將加密後的classes.dex在記憶體中解密,並讓Dalvik/ART虛擬機器載入執行。 The first generation technology uses the class loading technology provided by Java itself, and classes.dex is fully encrypted and stored in the APK resources. The program changes the program entry, decrypts the encrypted classes.dex in memory, and causes the Dalvik/ART virtual machine to load and execute.

二代技術將原APK中的所有方法(函式)的程式碼提取出來,單獨加密,當Dalvik/ART虛擬機器要執行某個方法(函式)時,加固引擎才解密該方法(函式),並將解密後的程式碼交給Dalvik/ART虛擬機器的執行引擎執行。 The second generation technology extracts the code of all the methods (functions) in the original APK and encrypts them separately. When the Dalvik/ART virtual machine wants to execute a method (function), the hardening engine decrypts the method (function). And pass the decrypted code to the execution engine of the Dalvik/ART virtual machine.

可以看出一代和二代最終都需要將被保護的程式碼解密後,交給Dalvik/ART虛擬機器的執行引擎執行,只不過二者的保護粒度不同,一代在Davlik/ART虛擬機器的類別載入模組進行攔截,就可以導出(dump)最終的保護程式碼。二代則需要更進一步地深入Dalvik/ART虛擬機器,在虛擬機器執行引擎這塊進行攔截,即可以導出(dump)解密後的程式碼。 It can be seen that both the first generation and the second generation need to decrypt the protected code and send it to the execution engine of the Dalvik/ART virtual machine, except that the protection granularity of the two is different. The generation of the Davlik/ART virtual machine is contained in the category. By entering the module for interception, you can dump the final protected code. The second generation needs to go deeper into the Dalvik/ART virtual machine and intercept it in the virtual machine execution engine, which can dump the decrypted code.

從本質來說,一代和二代的技術都是一種程式碼的隱藏技術,最終程式碼還是通過Dalvik/ART虛擬機器進行執行的。因此,破解者可以透過建構一個自己修改過的虛擬機器(Dalvik/ART虛擬機器都是開源的),對保護方案進行脫殼。 In essence, the first and second generation technologies are a hidden code of the code, and the final code is still executed by the Dalvik/ART virtual machine. Therefore, the cracker can shell the protection scheme by constructing a virtual machine that has been modified by itself (Dalvik/ART virtual machine is open source).

以上在此先前技術章節中所揭露之資訊僅用於增強對本發明之背景之理解,且因此,其可能含有並不構成先前技術之資訊。 The above information disclosed in this prior art section is only for enhancement of understanding of the background of the invention, and therefore, may contain information that does not constitute prior art.

為克服現有技術的上述缺陷,根據本發明的一個方面,提出了一種安卓平台上可執行程式的保護方法,包含:步驟1,確定並修改APK應用程式套件中的classes.dex檔案中要保護的函式,形成新的classes.dex檔案;步驟2,編寫函式的C/C++語言實作,將函式的C/C++語言實作編譯為動態連結函式庫;以及步驟3,在APK應用程式套件中,用新的classes.dex檔案替換原classes.dex檔案,將動態連結函式庫加入APK應用程式套件。 In order to overcome the above-mentioned deficiencies of the prior art, according to an aspect of the present invention, a method for protecting an executable program on an Android platform is provided, comprising: Step 1, determining and modifying a category.dex file in an APK application suite to be protected The function forms a new classes.dex file; step 2, writes the C/C++ language implementation of the function, compiles the C/C++ language of the function into a dynamic link library; and step 3, in the APK application In the program suite, replace the original classes.dex file with the new classes.dex file and add the dynamic link library to the APK application suite.

進一步而言,步驟1更包含:步驟11,反編譯classes.dex檔案,得到第一檔案;步驟12,確定第一檔案中要保護的函式;步驟13,在第一檔案中將要保護的函式變為native函式,並清空函式內容;以及步驟14,編譯第一檔案,形成新的classes.dex檔案。 Further, step 1 further includes: step 11, decompiling the classes.dex file to obtain the first file; step 12, determining the function to be protected in the first file; and step 13, the letter to be protected in the first file The formula becomes a native function and the contents of the function are cleared; and in step 14, the first file is compiled to form a new classes.dex file.

更進一步而言,步驟2更包含:步驟21,保存在原classes.dex中要保護的函式對應的位元組碼,採用位元組碼轉換引擎將要保護的函式對應的位元組碼轉換為新的位元組碼;步驟22,建立C/C++語言檔案,C/C++語言檔案的內容包含:陣列,用於保存新的位元組碼;原生函式,用於使用C/C++實作新的位元組碼;直譯器執行函式,由原生函式呼叫,以用於根據新的位元組碼的語意進行直譯;以及註冊部分,註冊部分用於將原生函式與要保護的函式建立註冊關係;以及步驟23,採用安卓平台的NDK將C/C++語言檔案編譯生成動態連結函式庫。 Further, step 2 further includes: step 21, storing the byte code corresponding to the function to be protected in the original classes.dex, and converting the byte code corresponding to the function to be protected by using the byte code conversion engine. For the new byte code; step 22, create a C/C++ language file, the contents of the C/C++ language file include: an array for saving the new byte code; a native function for using C/C++ a new byte code; an interpreter execution function, called by a native function for literal translation based on the semantics of the new byte code; and a registration part for the native function to be protected The function establishes a registration relationship; and in step 23, the C/C++ language file is compiled into a dynamic link library using the NDK of the Android platform.

再進一步而言,直譯器執行函式的實作步驟包含:步驟41,分配記憶體:步驟42,將程式計數器(program counter;PC)指標指向陣列的首地址,進入無限迴圈;步驟43,在無限迴圈中,取出陣列中的指令後,解析指令的運算碼,執行運算碼代表的語意;以及步驟44,讀取下一條指令,如果沒有指令則退出無限迴圈。 Further, the implementation step of the interpreter execution function includes: step 41, allocating the memory: step 42, pointing the program counter (PC) indicator to the first address of the array, and entering the infinite loop; In the infinite loop, after the instruction in the array is taken out, the operation code of the instruction is parsed, and the semantics represented by the operation code is executed; and in step 44, the next instruction is read, and if there is no instruction, the infinite loop is exited.

本發明的保護方法主要具有以下優點: The protection method of the present invention mainly has the following advantages:

(1)安全性高。被保護的方法(函式)其位元組碼由標準的位元組碼轉換成了自定義的位元組碼格式,對於破解者來說,即使在記憶體中拿到了自定義的位元組碼的內容,還需要去分析和理解這種自定義的位元組碼格式,因此,破解者需要花費大量的時間來逆向自定義的直譯引擎。 (1) High security. The protected method (function) whose byte code is converted from a standard byte code into a custom byte format, for the cracker, even if a custom bit is obtained in the memory The content of the group code also needs to analyze and understand this custom bytecode format. Therefore, the cracker needs to spend a lot of time to reverse the custom transliteration engine.

另外,本發明是基於函式級別的保護,因此,還可以構建多套不同的直譯引擎,不同的函式採用不同的自定義的位元組碼,可以進一步提高安全性。 In addition, the present invention is based on the protection of the functional level. Therefore, it is also possible to construct a plurality of different transliteration engines, and different functions adopt different custom byte codes, which can further improve security.

(2)靈活性好。使用者可以選擇某些關鍵的函式進行保護,從而在性能和安全性間得到平衡。 (2) Good flexibility. Users can choose some key functions for protection to balance performance and security.

(3)後向的兼容性。由於自定義的直譯器都是採用標準的JNI函式來構建,JNI函式是Java的一個標準規範,安卓上的虛擬機器,無論Dalvik虛擬機器或者ART虛擬機器,都會實作這套函式介面,因此,自定義的直譯器不依賴於具體虛擬機器是如何實作的,具有後向的兼容性。 (3) Backward compatibility. Since the custom interpreters are built using standard JNI functions, the JNI function is a standard specification for Java. The virtual machine on Android, whether it is a Dalvik virtual machine or an ART virtual machine, will implement this set of functions. Therefore, the custom interpreter does not depend on how the virtual machine is implemented, with backward compatibility.

第1圖為例示Java程式編譯流程之流程圖;第2圖為例示classes.dex檔案的格式之示意圖;第3圖為根據本發明之一或多個實施例之可執行程式之保護方法之流程圖。 1 is a flow chart illustrating a Java program compilation process; FIG. 2 is a schematic diagram illustrating a format of a classes.dex file; and FIG. 3 is a flow chart of a method for protecting an executable program according to one or more embodiments of the present invention; Figure.

如圖所示,為了能明確實現本發明的實施例的流程,在圖式 中描述了特定的裝置和運行順序,但這僅為示意需要,並非意圖將本發明限定在該特定裝置、順序、器件和環境中,根據具體需要,本發明所屬技術領域中具有通常知識者可以將這些器件和環境進行調整或者修改,所進行的調整或者修改仍然包含在後附的申請專利範圍中。 As shown in the figure, in order to clearly implement the flow of the embodiment of the present invention, in the drawing The specific devices and operating sequences are described, but are merely intended to be illustrative, and are not intended to limit the invention to the particular device, order, device, and environment. Adjustments or modifications to these devices and environments are made, and adjustments or modifications made are still included in the scope of the appended claims.

下面結合圖式和具體實施例對本發明提供的一種安卓平台的可執行程式的保護方法進行詳細描述。 A method for protecting an executable program of the Android platform provided by the present invention is described in detail below in conjunction with the drawings and specific embodiments.

在以下的描述中,將描述本發明的多個不同的方面。然而,對於本發明所屬技術領域中具有通常知識者而言,可以僅僅利用本發明的一些或者全部結構或者流程來實施本發明。為了解釋的明確性,本說明書闡述了特定的數目、配置和順序,但明顯可知,在沒有這些特定細節的情況下本發明所屬技術領域中具有通常知識者也可以實施本發明。在其他情況下,為了不混淆本發明,對於一些眾所周知的特徵將不再進行詳細闡述。 In the following description, various different aspects of the invention will be described. However, it will be apparent to those skilled in the art that the invention may be The present invention has been described with reference to the particular embodiments of the invention, and it is apparent that the present invention may be practiced without departing from the scope of the invention. In other instances, well-known features are not described in detail in order not to obscure the invention.

本發明的基本原理是將classes.dex的位元組碼轉化成一種新的自定義格式的位元組碼,然後使用一個針對這種自定義格式位元組碼的直譯器來直譯新的位元組碼,如第3圖所示。 The basic principle of the present invention is to convert the byte code of classes.dex into a new custom format byte code, and then use a straight interpreter for this custom format byte code to translate the new bit. The tuple code, as shown in Figure 3.

根據本發明所提供的安卓平台上可執行程式的保護方法,包含:步驟1,確定並修改APK應用程式套件中classes.dex檔案中所需要保護的函式,形成新的classes.dex檔案;步驟2,編寫函式的C/C++語言實作,將函式的C/C++語言實作編譯為動態連結函式庫;步驟3,在APK應用程式套件中,用新的classes.dex檔案替換原classes.dex檔案,將動態連結函式庫加入APK應用程式套件。 The method for protecting an executable program on the Android platform provided by the present invention includes: Step 1, determining and modifying a function to be protected in the classes.dex file in the APK application suite to form a new classes.dex file; 2, write the function of the C / C + + language implementation, the function of the C / C + + language implementation compiled into a dynamic link library; Step 3, in the APK application suite, replace the original with the new classes.dex file The classes.dex file adds the dynamic link library to the APK app suite.

進一步而言,步驟1更包含:步驟11,反編譯classes.dex檔案,得到第一檔案;步驟12,確定第一檔案中要保護的函式;步驟13,在第一檔案中將要保護的函式變為native函式,並清空函式內容;以及步驟14,編譯第一檔案,形成新的classes.dex檔案。 Further, step 1 further includes: step 11, decompiling the classes.dex file to obtain the first file; step 12, determining the function to be protected in the first file; and step 13, the letter to be protected in the first file The formula becomes a native function and the contents of the function are cleared; and in step 14, the first file is compiled to form a new classes.dex file.

進一步而言,步驟2更包含:步驟21,保存在原classes.dex中要保護的函式對應的位元組碼,採用位元組碼轉換引擎將要保護的函式對應的位元組碼轉換為新的位元組碼;步驟22,建立C/C++語言檔案,C/C++語言檔案的內容包含:陣列,用於保存新的位元組碼;原生函式,用於使用C/C++實作新的位元組碼;直譯器執行函式,由原生函式所呼叫,以用於根據新的位元組碼的語意進行直譯;以及註冊部分,用於將原生函式與要保護的函式建立註冊關係;以及步驟23,採用安卓平台的NDK將C/C++語言檔案編譯生成動態連結函式庫。 Further, step 2 further includes: step 21, storing the byte code corresponding to the function to be protected in the original classes.dex, and converting the byte code corresponding to the function to be protected by using the byte code conversion engine to New byte code; Step 22, create C/C++ language file, C/C++ language file contains: array for saving new byte code; native function for C/C++ implementation a new byte code; an interpreter execution function, called by a native function for literal translation based on the semantics of the new byte code; and a registration part for the native function and the letter to be protected The registration relationship is established; and in step 23, the C/C++ language file is compiled into a dynamic link library using the NDK of the Android platform.

進一步而言,直譯器執行函式的實作步驟包含:步驟41,分配記憶體:步驟42,將程式計數器指標指向陣列的首地址,進入無限迴圈;步驟43,在無限迴圈中,取出陣列中的指令後,解析指令的運算碼,執行運算碼代表的語意;以及步驟44,讀取下一條指令,如果沒有指令則退出無限迴圈。 Further, the implementation step of the interpreter execution function includes: step 41, allocating the memory: step 42, pointing the program counter indicator to the first address of the array, entering the infinite loop; and step 43, taking the infinite loop, taking out After the instruction in the array, the operation code of the instruction is parsed, and the semantics represented by the operation code is executed; and in step 44, the next instruction is read, and if there is no instruction, the infinite loop is exited.

下面以一個具體的例子說明本發明的技術內容。 The technical content of the present invention will be described below with a specific example.

1.對於一個APK應用程式套件,首先找到classes.dex檔案,透過反編譯將其變成可讀的檔案,意即人可以識別的檔案。 1. For an APK application suite, first find the classes.dex file and decompile it into a readable file, meaning a file that people can recognize.

反編譯方法和工具有很多,這裡以smali工具為例進行示範和說明。 There are many decompilation methods and tools. The smali tool is used as an example to demonstrate and explain.

在反編譯後的檔案中掃描函式,找出該檔案中所有的函式名。 Scan the function in the decompiled file to find out all the function names in the file.

假設APK裡面有如下的Java方法(函式)(Demo方法)需要保護,採用smali反編譯後程式碼格式如下: Assume that the following Java methods (functions) in the APK (Demo method) need to be protected. The format of the code after decompilation with smali is as follows:

2.將函式的程式碼刪除,並在函式名前增加native,結果如下: 並將此檔案再重新編譯為新的classes.dex。 2. Delete the code of the function and add native before the function name. The result is as follows: And recompile this file into the new classes.dex.

3.在原classes.dex檔案中找到所保護函式對應的位元組碼,例如,上面Demo函式的位元組碼如下: 直線的前後兩部分分別為位元組碼,和位元組碼對應的助憶碼。 3. Find the byte code corresponding to the protected function in the original classes.dex file. For example, the byte code of the above Demo function is as follows: The two parts of the line are the byte code and the mnemonic code corresponding to the byte code.

demo函式的位元組碼為:「6200 031e 1a01 9408 6e20 9042 1000 0e00」。 The byte code of the demo function is: "6200 031e 1a01 9408 6e20 9042 1000 0e00".

4.位元組碼轉換 4. Byte code conversion

使用位元組碼轉換引擎將所保護函式對應的位元組碼轉換成新的位元組碼。 The byte code corresponding to the protected function is converted to a new byte code using a byte code conversion engine.

位元組碼轉換引擎的運算:首先隨機生成運算碼(opcode)的映射表,然後根據該映射表對原來的位元組碼進行映射,生成新的自定義的位元組碼,例如: The operation of the byte code conversion engine: firstly, a mapping table of opcodes is randomly generated, and then the original byte code is mapped according to the mapping table to generate a new custom byte code, for example:

Demo函式的位元組碼轉換如下: The byte code conversion of the Demo function is as follows:

原位元組碼:6200031e 1a01 9408 6e20 9042 1000 0e00 In-situ tuple code: 6200031e 1a01 9408 6e20 9042 1000 0e00

映射後的新位元組碼:c2000b1e 0301 9c08 a720 b142 1000 e300 The mapped new byte code: c2000b1e 0301 9c08 a720 b142 1000 e300

5.生成自定義的位元組碼對應的原生函式(意即native函式)、直譯器和註冊部分 5. Generate a native function corresponding to the custom byte code (meaning the native function), the interpreter and the registration part

創建C++語言檔案,其內容為(1)新的位元組碼用C++實作的原生函式,它用一個陣列(如codebuf)保存轉換後的位元組碼,然後將該位元組碼交給直譯器(vmpInterpret函式)執行;(2)直譯器是一個功 能函式,主要作用是:讀取新的位元組碼,然後根據位元組碼的語意進行直譯(直譯器的詳細實作在後面會詳細介紹);(3)註冊上述原生函式的註冊部分。 Create a C++ language file whose content is (1) the new byte code is implemented in C++ as a native function. It saves the converted byte code with an array (such as codebuf) and then encodes the byte. Delivered to the interpreter (vmpInterpret function); (2) the interpreter is a work The function of the energy function is to read the new byte code and then perform a literal translation according to the semantics of the byte code (the detailed implementation of the interpreter will be described in detail later); (3) registering the above-mentioned native function Registration section.

例如,Demo方法(函式)的native函式實作如下: For example, the native function of the Demo method (function) is as follows:

註冊部分內容為:(1)為每個要註冊的函式生成本地註冊函式結構;JNINativeMethod結構描述了Java方法(函式)和C函式的對應關係,並建立聯繫;(2)使用JNI的函式FindClass得到該方法(函式)所對應的類別(class);(3)使用JNI的函式RegisterNatives將(1)和(2)得到的內容向JVM註冊本地函式。 The registration part is: (1) generate a local registration function structure for each function to be registered; JNINativeMethod structure describes the correspondence between Java methods (functions) and C functions, and establishes contact; (2) use JNI The function FindClass gets the class corresponding to the method (function); (3) uses the JNI function RegisterNatives to register the contents of (1) and (2) with the JVM register local function.

對於上例中的Demo方法(函式),註冊部分內容如下: For the Demo method (function) in the above example, the registration part is as follows:

程式碼的格式和函式名、參數等都是符合JNI規範的,其中,JNINativeMethod的結構如下: The format of the code and the function name, parameters, etc. are all in accordance with the JNI specification. The structure of the JNINativeMethod is as follows:

此外,直譯器的實作也在此檔案內,以方便生成動態連結函式庫。 In addition, the implementation of the interpreter is also in this file to facilitate the generation of dynamic link libraries.

6.新的動態連結函式庫 6. New dynamic link library

採用安卓平台的NDK將原生函式、直譯器和註冊部分,編譯生成新的動態連結函式庫(so檔案)。這樣,註冊函式將C/C++層面的函式「com_bangcle_helloworld_Demo_Demo」與Java方法(函式)Demo建立註冊關係,當Demo方法(函式)被呼叫的時候,Dalvik或者ART虛擬機器會實際呼叫到C層面的「com_bangcle_helloworld_Demo_Demo」函式。 The NDK of the Android platform compiles the native function, the interpreter and the registration part to generate a new dynamic link library (so file). In this way, the registration function establishes a registration relationship between the C/C++ level function "com_bangcle_helloworld_Demo_Demo" and the Java method (function) Demo. When the Demo method (function) is called, the Dalvik or ART virtual machine will actually call C. The "com_bangcle_helloworld_Demo_Demo" function at the level.

7.生成新的apk檔案 7. Generate a new apk file

將新的classes.dex檔案替換掉原APK中的classes.dex檔案,將動態連結函式庫檔案(so檔案)***原APK中。這樣組成的新的APK應用程式套件就是實施保護後的APK應用程式套件。 Replace the new classes.dex file with the classes.dex file in the original APK and insert the dynamic link library file (so file) into the original APK. The new APK app suite that makes up this is the protected APK app suite.

8.直譯器的虛擬碼(pseudocode)如下圖: 8. The virtual code of the interpreter is as follows:

Dalvik虛擬機器的位元組碼是一種基於暫存器的指令集。因此自定義虛擬機器也需要構造出分配出一段記憶體作為運行時使用的暫存器陣列。Dalvik虛擬機器對於每個方法(函式)會指明該方法(函式)所需要的最大暫存器數目。 The byte code of the Dalvik virtual machine is a scratchpad-based instruction set. Therefore, custom virtual machines also need to construct a register array that allocates a piece of memory for use as a runtime. The Dalvik virtual machine indicates the maximum number of scratchpads required for the method (function) for each method (function).

自定義直譯器首先會分配一段記憶體,記憶體大小等於(最大暫存器的個數* 4字節),作為後續執行過程中使用到的暫存器陣列。然後將PC指標指向codebuf的首地址,然後進入一個無限迴圈中,在此迴圈中,解析每條指令的opcode,然後執行該opcode的語意,執行完後,讀取codebuf中的下一條指令,賦予PC。如果沒有指令,則退出該無限迴圈。 The custom interpreter first allocates a piece of memory with a memory size equal to (the maximum number of scratchpads * 4 bytes) as a scratchpad array used in subsequent executions. Then point the PC indicator to the first address of the codebuf, and then enter an infinite loop. In this loop, parse the opcode of each instruction, and then execute the semantics of the opcode. After the execution, read the next instruction in the codebuf. , given to the PC. If there is no instruction, exit the infinite loop.

自定義直譯器的難點在於如何實作每個opcode的語意。 The difficulty with custom interpreters is how to implement the semantics of each opcode.

安卓平台的位元組碼可以分為兩種類型:(1)不涉及Java語意的基本運算,如基本的算術運算、基本的暫存器賦值運算、條件跳轉、return運算等。(2)涉及Java語意的運算,如物件的生成運算、物件屬性的讀取運算、陣列的運算、函式呼叫運算、鎖(Lock)的運算。 The byte code of the Android platform can be divided into two types: (1) basic operations that do not involve Java semantics, such as basic arithmetic operations, basic register assignment operations, conditional jumps, return operations, and the like. (2) Operations involving Java semantics, such as object generation operations, object property read operations, array operations, function call operations, and lock operations.

下面詳述這兩類運算的不同實作 The different implementations of these two types of operations are detailed below.

(1)不涉及Java語意的基本運算 (1) Basic operations that do not involve Java semantics

這類運算基本上是在暫存器上進行運算,不涉及和Java物件的互動。 This type of operation basically performs operations on the scratchpad and does not involve interaction with Java objects.

●基本的算術運算 ●Basic arithmetic operations

此類運算包含加減乘除、移位運算、強制轉換運算等。基本的處理模式就是解析指令中的參數,得到運算的是哪幾個暫存器,然後在幾個暫存器上執行相應的運算。 Such operations include addition, subtraction, multiplication and division, shift operations, cast operations, and the like. The basic processing mode is to parse the parameters in the instruction, get the number of registers in the operation, and then perform the corresponding operations on several registers.

例子:「add-int vAA,vBB,vCC」的實作 Example: Implementation of "add-int vAA, vBB, vCC"

●基本的暫存器賦值運算 ●Basic register assignment operation

此類運算主要是以move為前序的指令,基本語意是從將一個暫存器的值賦給另外一個暫存器。 This kind of operation is mainly an instruction with move as the preorder. The basic meaning is to assign the value of one register to another register.

例子:move vA,vB Example: move vA, vB

●條件跳轉 ● Conditional jump

這類指令主要是以IF為前序的一些指令,主要的區別是會修改PC值,如果條件滿足,PC值等於當前PC+偏移量(如下例的CCCC的值)。 This type of instruction is mainly based on the IF preamble. The main difference is that the PC value will be modified. If the condition is met, the PC value is equal to the current PC+ offset (the CCCC value in the following example).

例子:IF-EQ vA,vB+CCCC Example: IF-EQ vA, vB+CCCC

●return運算 ●return operation

這類指令主要是以RETURN為前序的一些指令,主要工作是 設置返回值,然後從直譯器中返回。 These instructions are mainly pre-ordered by RETURN. The main work is Set the return value and return from the interpreter.

例子:return vAA Example: return vAA

(2)涉及Java語意的基本運算 (2) Basic operations involving Java semantics

這類運算涉及Java的物件的運算。在C/C++層面不能直接訪問Java物件,但是Java提供了JNI介面,通過JNI介面可以對Java物件進行運算,因此這類的運算要通過JNI函式的呼叫來建構對指令的正確運算。 This type of operation involves the operation of objects in Java. Java objects are not directly accessible at the C/C++ level, but Java provides a JNI interface for computing Java objects through the JNI interface. Therefore, such operations require JNI function calls to construct correct operations on the instructions.

●物件以及陣列的生成運算 ●Object and array generation operations

該運算生成一個新的Java物件或者Java陣列,有「new-instance」、「new-array」兩個指令。「new-instance」實作的核心是使用JNI的「AllocObject」函式來生成新的Java物件。 This operation generates a new Java object or Java array with "new-instance" and "new-array" instructions. The core of the "new-instance" implementation is to use JNI's "AllocObject" function to generate new Java objects.

「new-array」指令實作的核心是根據指令的參數,使用不同的「New[type]Array」來生成對應類型的物件,例如:如果參數是物件,使用「NewObjectArray」,如果參數是boolean,則使用「NewBooleanArray」等。 The core of the "new-array" instruction implementation is to use the different "New[type]Array" to generate objects of the corresponding type according to the parameters of the instruction. For example, if the parameter is an object, use "NewObjectArray". If the parameter is boolean, Then use "NewBooleanArray" and so on.

例子:new-instance vAA,class@BBBB Example: new-instance vAA, class@BBBB

●物件屬性的讀取運算 ●The reading operation of the object attribute

這類指令是對物件裡面的屬性進行讀寫運算。包含. This type of instruction is to read and write the attributes in the object. contain.

「iget/iput」是對物件中的非靜態(non-static)屬性進行讀取運算,這類指令使用JNI函式「Get[type]Field」系列函式來實作。 "iget/iput" is a read operation on non-static attributes in objects. These instructions are implemented using the JNI function "Get[type]Field" series of functions.

「sget/sput」是對物件中的靜態(static)屬性進行讀取運算,這類指令使用JNI函式「GetStatic[type]Field」系列函式來實作。 "sget/sput" is a read operation on the static property of an object. This type of instruction is implemented using the JNI function "GetStatic[type]Field" series function.

例子:iget-obiect vA,vB,field@CCCC Example: iget-obiect vA, vB, field@CCCC

●陣列的讀寫運算 ●Array read and write operations

這類指令是對陣列裡某個元素進行讀寫,包含. This type of instruction is to read and write an element in the array, including.

「aget/aput」系列的指令,通過使用JNI的「Get[Type]ArrayElements」等一系列的函式來實作。 The instructions of the "aget/aput" series are implemented by using a series of functions such as "Get[Type]ArrayElements" of JNI.

例子:aget-object vAA,vBB,vCC Example: age-object vAA, vBB, vCC

●函式呼叫運算 ● Function call operation

這類運算主要是對Java層面的函式進行呼叫,包含: This kind of operation is mainly to call the Java level function, including:

「invoke-static」系列的指令呼叫Java的靜態函式,使用JNI介面中「CallStatic[type]Method」系列函式來實作。 The "invoke-static" series of commands calls Java's static functions, which are implemented using the "CallStatic[type]Method" family of functions in the JNI interface.

「invoke-virtual」、「invoke-interface」系列的指令呼叫Java的成員函式、介面等,使用JNI介面中「Call[type]method」系列函式來實作。 The "invoke-virtual" and "invoke-interface" commands call Java member functions, interfaces, etc., using the "Call[type]method" function in the JNI interface.

「invoke-super」和「invoke-direct」系列的指令呼叫Java的父類別、private函式等,使用JNI介面中「CallNonvirtual[type]Method」系列函式來實作。 The "invoke-super" and "invoke-direct" series of commands call Java's parent class, private function, etc., using the "CallNonvirtual[type]Method" series function in the JNI interface.

例子:invoke-virtual vB,{vD,vE,vF,vG,vA}, meth@CCCC Example: invoke-virtual vB, {vD, vE, vF, vG, vA}, Meth@CCCC

●鎖的運算 ●Lock operation

這類指令主要有兩個「Monitor-enter(進入臨界區)」和「moniter-exit(退出臨界區)」。採用JNI函式「env->MonitorEnter」和「env->MoniterExit」來實作。 There are two main types of instructions: "Monitor-enter" and "moniter-exit". Use the JNI functions "env->MonitorEnter" and "env->MoniterExit" to implement.

●例外(exception)處理的運算 ●Exception processing

Java支持例外的處理,這類指令有「move-exception」、「throw」等,這類指令可以採用「env->ExceptionClear」、「env->ExceptionOccurred」、「env->ThrowNew」以及「env->Throw」等JNI的函式進行實作。 Java supports exception handling. Such instructions include "move-exception", "throw", etc. These commands can use "env->ExceptionClear", "env-> ExceptionOccurred", "env->ThrowNew", and "env-". JNI's functions such as >Throw are implemented.

(3)JNI物件引用表的問題 (3) The problem of the JNI object reference table

在自定義直譯器執行過程中,會產生大量的臨時Java物件(jobject),在Android JNI的規範中,一個native函式最多只能有512個Java物件的引用,如果超過512個,則會報「JNIERROR(app bug):local reference table overflow(max=512)」錯誤,因此自定義直譯器需要處理這種情況。 In the implementation of the custom interpreter, a large number of temporary Java objects (jobjects) are generated. In the Android JNI specification, a native function can only have a maximum of 512 references to Java objects. If there are more than 512, it will report " JNIERROR(app bug): local reference table overflow(max=512)" error, so the custom interpreter needs to handle this situation.

JNI介面提供了「DeleteLocalRef」來手動刪除不再使用jobject的引用。 The JNI interface provides a "DeleteLocalRef" to manually delete references that are no longer using the jobject.

在本發明中採用類似於垃圾收集的方式來處理這種情況。其思想是在自定義直譯器執行過程中,如果一個jobject不在當前的暫存器陣列中,則可以安全的刪除。 This situation is handled in a manner similar to garbage collection in the present invention. The idea is that during the execution of the custom interpreter, if a jobject is not in the current scratchpad array, it can be safely deleted.

演算法如下: The algorithm is as follows:

本方法也可以應用在PC(個人計算機)上,例如通過對J2SE的jar檔案進行同樣的或類似的運算,即可實作可執行程式的保護。 The method can also be applied to a PC (personal computer), for example, by performing the same or similar operations on the J2SE jar file, the executable program can be protected.

最後應說明的是,以上實施例僅用以描述本發明的技術方案而不是對本技術方法進行限制,本發明在應用上可以延伸為其他的修改、變化、應用和實施例,並且因此認為所有這樣的修改、變化、應用、實施例都在本發明的精神和教導範圍內。 Finally, it should be noted that the above embodiments are only used to describe the technical solutions of the present invention and are not intended to limit the technical methods. The present invention may be extended to other modifications, changes, applications, and embodiments, and thus all such Modifications, variations, applications, and embodiments are within the spirit and scope of the invention.

Claims (5)

一種用於安卓(Android)平台上之一可執行程式之保護方法,該保護方法包含以下步驟:步驟1,確定並修改一APK應用程式套件(Android application package)中之一第一classes.dex檔案中所需要保護之一欲保護函式,形成新的一第二classes.dex檔案;步驟2,編寫該欲保護函式的一C/C++語言實作,將該欲保護函式的該C/C++語言實作編譯成一動態連結函式庫(dynamic-link library;DLL),其中該步驟2更進一步包含以下步驟:步驟21,保存在該第一classes.dex檔案中之該欲保護函式所對應之一位元組碼(bytecode),採用一位元組碼轉換引擎將該欲保護函式所對應之該位元組碼轉換成一新的位元組碼,其中該位元組碼轉換引擎係根據隨機生成之一運算碼映射表,將該位元組碼轉換成該新的位元組碼;步驟22,建立一C/C++語言檔案,該C/C++語言檔案之內容包含:一陣列,該陣列用於保存該新的位元組碼;一原生函式,該原生函式用於使用C/C++程式語言實作該新的位元組碼;一直譯器執行函式,該直譯器執行函式由該原生函式所呼叫,以用於根據該新的位元組碼之一語意進行直譯;和一註冊部分,該註冊部分用於將該原生函式與該欲保護函 式建立一註冊關係;以及步驟23,採用安卓平台的一原生開發套件(native development kit;NDK)將該C/C++語言檔案編譯以生成該動態連結函式庫;以及步驟3,在該APK應用程式套件中,用該第二classes.dex檔案替換該第一classes.dex檔案,將該動態連結函式庫加入該APK應用程式套件中。 A method for protecting an executable program on an Android platform, the protection method comprising the following steps: Step 1, determining and modifying one of the first classes.dex files in an APK application package (Android application package) One of the protections needed to protect the function, forming a new second classes.dex file; step 2, writing a C/C++ language implementation of the function to be protected, the C/ to be protected The C++ language is compiled into a dynamic-link library (DLL), wherein the step 2 further comprises the following steps: Step 21, storing the desired protection function in the first classes.dex file Corresponding to one byte code (bytecode), the one-tuple code conversion engine converts the byte code corresponding to the function to be protected into a new byte code, wherein the byte code conversion engine And converting the byte code into the new byte code according to one of the random operation code mapping tables; and establishing a C/C++ language file, the content of the C/C++ language file includes: an array , the array is used to save the new bit a tuple code; a native function for implementing the new byte code using a C/C++ programming language; a translator implementation function, the interpreter execution function by the native function a call for literal translation based on one of the new byte codes; and a registration portion for the native function and the protection letter Establishing a registration relationship; and step 23, compiling the C/C++ language file to generate the dynamic link library using a native development kit (NDK) of the Android platform; and step 3, applying in the APK In the program suite, the first classes.dex file is replaced with the second classes.dex file, and the dynamic link library is added to the APK application suite. 如請求項1所述之保護方法,其中該步驟1更進一步包含以下步驟:步驟11,反編譯該第一classes.dex檔案,得到一第一檔案;步驟12,確定該第一檔案中所需要保護之該欲保護函式;步驟13,清空該第一檔案之該欲保護函式之內容,並在該欲保護函式之函式名前增加native字串,使該欲保護函式轉變為一native函式;以及步驟14,編譯該第一檔案,形成該第二classes.dex檔案。 The protection method of claim 1, wherein the step 1 further comprises the following steps: step 11, decompile the first classes.dex file to obtain a first file; and step 12, determining that the first file is needed The protection function is protected; in step 13, the content of the protection function of the first file is cleared, and a native string is added before the function name of the function to be protected, so that the protection function is converted into a The native function; and step 14, compiling the first file to form the second classes.dex file. 如請求項1所述之保護方法,其中該直譯器執行函式的實作步驟包含:步驟41,分配記憶體:步驟42,將一程式計數器指標指向該陣列的一首地址,進入一無限迴圈;步驟43,在該無限迴圈中,取出該陣列中的一指令後,解析該指令的一運算碼(opcode),執行該運算碼代表的一語意;以及步驟44,讀取一下一條指令,如果不存在該下一條指令則退出該無限迴圈。 The protection method of claim 1, wherein the implementing step of the interpreter execution function comprises: step 41, allocating memory: step 42, pointing a program counter indicator to a first address of the array, and entering an infinite loop Circle 43. In the infinite loop, after extracting an instruction in the array, parsing an opcode of the instruction, performing a semantic representation of the operation code; and step 44, reading an instruction If the next instruction does not exist, exit the infinite loop. 如請求項3所述之保護方法,其中該運算碼如果不涉及Java語意之運算,則在暫存器上進行運算。 The protection method according to claim 3, wherein the operation code performs an operation on the temporary register if the operation of the semantic meaning is not involved. 如請求項3所述之保護方法,其中該運算碼如果涉及Java語意之運算,則透過一JNI介面(Java native interface)對一Java物件進行運算。 The protection method according to claim 3, wherein if the operation code involves a Java semantic operation, a Java object is operated through a Java native interface.
TW106128965A 2017-04-19 2017-08-25 Protection method of executable program on android platform TWI648648B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
??201710257478.6 2017-04-19
CN201710257478.6A CN108733988B (en) 2017-04-19 2017-04-19 Method for protecting executable program on android platform

Publications (2)

Publication Number Publication Date
TW201839644A TW201839644A (en) 2018-11-01
TWI648648B true TWI648648B (en) 2019-01-21

Family

ID=63856464

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106128965A TWI648648B (en) 2017-04-19 2017-08-25 Protection method of executable program on android platform

Country Status (3)

Country Link
CN (1) CN108733988B (en)
TW (1) TWI648648B (en)
WO (1) WO2018192025A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108932406B (en) * 2017-05-18 2021-12-17 北京梆梆安全科技有限公司 Virtualization software protection method and device
CN109543369B (en) * 2018-11-23 2022-03-25 杭州哲信信息技术有限公司 DEX protection method
CN110046479B (en) * 2019-03-21 2023-02-28 腾讯科技(深圳)有限公司 Link library file anti-debugging method and device based on android operating system
CN110298146B (en) * 2019-06-27 2022-04-22 北京奇艺世纪科技有限公司 Application processing and running method and device
CN110675256B (en) * 2019-08-30 2020-08-21 阿里巴巴集团控股有限公司 Method and device for deploying and executing intelligent contracts
US10783082B2 (en) 2019-08-30 2020-09-22 Alibaba Group Holding Limited Deploying a smart contract
CN112860224B (en) * 2019-11-28 2023-12-12 北京达佳互联信息技术有限公司 Function execution environment construction method and device, electronic equipment and storage medium
CN111274551B (en) * 2019-12-30 2023-06-27 上海上讯信息技术股份有限公司 Compiler-based java code protection method and device and electronic equipment
CN111597514B (en) * 2020-04-15 2023-10-13 卓望数码技术(深圳)有限公司 An Zhuoyuan code protection method and device
CN112114809B (en) * 2020-08-07 2022-09-09 厦门安胜网络科技有限公司 Program code safety protection method, device and storage medium
CN112306584A (en) * 2020-10-19 2021-02-02 北京字节跳动网络技术有限公司 Application program operation control method, device, medium and equipment
CN112486496A (en) * 2020-11-25 2021-03-12 上海连尚网络科技有限公司 Method and equipment for generating and operating so file
CN112506569B (en) * 2020-12-14 2023-06-20 杭州趣链科技有限公司 Byte code executing method, byte code executing device and terminal equipment
CN112667975B (en) * 2020-12-29 2024-04-26 西北工业大学 Application software safety protection method based on hybrid reinforcement Android system
CN112947929B (en) * 2021-01-28 2023-11-24 抖音视界有限公司 Method, device, computer equipment and medium for constructing application program installation package
CN115080006A (en) * 2021-03-15 2022-09-20 武汉斗鱼网络科技有限公司 Data calling method and related equipment
CN113296834B (en) * 2021-05-21 2023-11-03 南京大学 Android closed source service type information extraction method based on reverse engineering
CN113220314B (en) * 2021-05-31 2023-07-21 北京奇艺世纪科技有限公司 APP resource loading and APK generation method, device, equipment and medium
CN113419734B (en) * 2021-06-17 2022-10-04 网易(杭州)网络有限公司 Application program reinforcing method and device and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102760219A (en) * 2011-12-20 2012-10-31 北京安天电子设备有限公司 Android platform software protecting system, method and equipment
CN104573490A (en) * 2013-10-29 2015-04-29 桂林电子科技大学 Method for protecting installed software on Android platform
CN106228041A (en) * 2016-07-21 2016-12-14 北京理工大学 A kind of for the precompiler code protection method of Android

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101114320A (en) * 2006-07-28 2008-01-30 上海山丽信息安全有限公司 Application program protecting equipment and method thereof
CN102087605B (en) * 2011-01-28 2014-05-07 宇龙计算机通信科技(深圳)有限公司 Android-based platform application installation control method and system
CN102136053B (en) * 2011-03-14 2014-12-10 中兴通讯股份有限公司 Method and device for protecting source code of executable file
CN102236757A (en) * 2011-06-30 2011-11-09 北京邮电大学 Software protection method and system applicable to Android system
CN102231117B (en) * 2011-07-08 2013-08-14 盛乐信息技术(上海)有限公司 Software installment method and system for embedded platform
US8892876B1 (en) * 2012-04-20 2014-11-18 Trend Micro Incorporated Secured application package files for mobile computing devices
CN103914637B (en) * 2013-01-07 2017-06-09 北京洋浦伟业科技发展有限公司 A kind of executable program encryption method of Android platform
US9116712B2 (en) * 2013-02-28 2015-08-25 Microsoft Technology Licensing, Llc Compile based obfuscation
CN103413075B (en) * 2013-07-10 2016-05-04 北京深思数盾科技股份有限公司 A kind of method and apparatus of protecting JAVA executable program by virtual machine
CN103324872B (en) * 2013-07-12 2016-04-27 上海交通大学 Based on the guard method of Android application program and the system of order confusion
CN104932902B (en) * 2015-07-09 2019-07-12 魅族科技(中国)有限公司 A kind of method and terminal generating APK file
CN106557350B (en) * 2015-09-30 2019-12-13 北京金山安全软件有限公司 JAVA byte code conversion method, device and equipment in application program installation package
CN106203006A (en) * 2016-08-31 2016-12-07 北京鼎源科技有限公司 Android application reinforcement means based on dex Yu so file Dynamic Execution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102760219A (en) * 2011-12-20 2012-10-31 北京安天电子设备有限公司 Android platform software protecting system, method and equipment
CN104573490A (en) * 2013-10-29 2015-04-29 桂林电子科技大学 Method for protecting installed software on Android platform
CN106228041A (en) * 2016-07-21 2016-12-14 北京理工大学 A kind of for the precompiler code protection method of Android

Also Published As

Publication number Publication date
CN108733988B (en) 2023-01-24
WO2018192025A1 (en) 2018-10-25
CN108733988A (en) 2018-11-02
TW201839644A (en) 2018-11-01

Similar Documents

Publication Publication Date Title
TWI648648B (en) Protection method of executable program on android platform
CN108932406B (en) Virtualization software protection method and device
Watson et al. Capability hardware enhanced RISC instructions: CHERI instruction-set architecture (version 7)
US9891900B2 (en) Generation of specialized methods based on generic methods and type parameterizations
CN108681457B (en) Android application program protection method based on code sinking and residual code interpretation
Chan et al. Advanced obfuscation techniques for Java bytecode
Zeng et al. Obfuscation resilient binary code reuse through trace-oriented programming
EP2076863B1 (en) Virtualization for diversified tamper resistance
CN107924326B (en) Overriding migration methods of updated types
Low Java control flow obfuscation
BRPI0614089A2 (en) method to prevent software reverse engineering, unauthorized modification and interception of runtime data
Watson et al. Capability hardware enhanced RISC instructions: CHERI instruction-set architecture
Cimato et al. Overcoming the obfuscation of Java programs by identifier renaming
Luckow et al. HVMTP: a time predictable and portable java virtual machine for hard real-time embedded systems
Okhravi et al. One giant leap for computer security
Tilevich et al. Transparent program transformations in the presence of opaque code
Foket et al. Pushing java type obfuscation to the limit
Roussel et al. Android 292: implementing invokedynamic in Android
Singer Towards Secure MicroPython on Morello (WIP)
Tullmann The Alta operataing system
Altidor et al. Refactoring Java generics by inferring wildcards, in practice
Larmuseau et al. Implementing a secure abstract machine
Puder et al. Towards an XML-based bytecode level transformation framework
Staursky Lambda Calculus for Binary Security and Analysis
Hansen Flow logic for language-based safety and security