[go: up one dir, main page]

CN107273723A - A kind of Android platform applied software protection method based on so file shell addings - Google Patents

A kind of Android platform applied software protection method based on so file shell addings Download PDF

Info

Publication number
CN107273723A
CN107273723A CN201710324703.3A CN201710324703A CN107273723A CN 107273723 A CN107273723 A CN 107273723A CN 201710324703 A CN201710324703 A CN 201710324703A CN 107273723 A CN107273723 A CN 107273723A
Authority
CN
China
Prior art keywords
file
protected
files
shelf
documents
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710324703.3A
Other languages
Chinese (zh)
Other versions
CN107273723B (en
Inventor
凌捷
林擎宇
谢锐
周喨
罗玉
龚怡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201710324703.3A priority Critical patent/CN107273723B/en
Publication of CN107273723A publication Critical patent/CN107273723A/en
Application granted granted Critical
Publication of CN107273723B publication Critical patent/CN107273723B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提出了一种基于so文件加壳的Android平台应用软件保护方法,在该方法中,对dex文件的解密和动态加载操作都放在受保护so文件里,首先对受保护so文件中的函数进行非对称加密后,再对整个受保护so文件进行非对称加密,其两个密钥都存放在服务器中,结合了服务器验证技术保证了源代码的安全性。其次对so壳文件中与section相关的字段置为随机数,加大了静态反编译的难度,同时对受保护so文件的加载期间相关校验字段置0,加大了内存dump攻击的难度。最后so壳文件作为自定义Linker对受保护so文件进行加载,加载完成后,对自身和受保护so文件的Program Header全部置0以防止内存dump攻击和修改系统Linker的攻击。

The present invention proposes a method for protecting application software on an Android platform based on so file packing. In the method, the decryption and dynamic loading operations of the dex file are all placed in the protected so file, and at first the protected so file is After the function is asymmetrically encrypted, the entire protected so file is asymmetrically encrypted, and the two keys are stored in the server, which combines server verification technology to ensure the security of the source code. Secondly, set the section-related fields in the so shell file to random numbers, which increases the difficulty of static decompilation. At the same time, set the relevant verification fields during the loading of the protected so file to 0, which increases the difficulty of memory dump attacks. Finally, the so shell file is used as a custom Linker to load the protected so file. After the loading is complete, all the Program Headers of itself and the protected so file are set to 0 to prevent memory dump attacks and attacks that modify the system Linker.

Description

一种基于so文件加壳的Android平台应用软件保护方法A protection method for Android platform application software based on so file packing

技术领域technical field

本发明涉及软件信息安全研究领域,特别涉及一种基于so文件加壳的Android平台应用软件保护方法。The invention relates to the field of software information security research, in particular to an Android platform application software protection method based on so file packing.

背景技术Background technique

Android系统是Google于2007年11月推出的基于Linux、开放源码的智能手机操作系统。该系统自推出以来,以其开源的特性席卷了全球的移动智能终端市场,得到大批开发者以及许多厂商的支持,已经逐步成为了移动终端最普及的操作系统。虽然Android平台采用了多层次的安全保护机制,但由于Android平台自身的缺陷,使用易于反编译的Java语言,其软件仍然受到来自各方面的威胁,其中最重要的威胁便是逆向攻击。即通过逆向工程破解软件的关键部位,从而获取软件信息或实施一系列恶意攻击。逆向Android软件的一般步骤是:首先是对其进行反编译,然后阅读反汇编代码,如果有必要还会对其进行动态调试,找到突破口后注入或直接修改反汇编代码,最后重新编译软件进行测试。The Android system is a Linux-based, open source smartphone operating system launched by Google in November 2007. Since its launch, the system has swept the global mobile smart terminal market with its open source features, and has been supported by a large number of developers and many manufacturers. It has gradually become the most popular operating system for mobile terminals. Although the Android platform adopts a multi-level security protection mechanism, due to the defects of the Android platform itself, using the easy-to-decompile Java language, its software is still threatened from various aspects, and the most important threat is the reverse attack. That is to crack the key parts of the software through reverse engineering, so as to obtain software information or implement a series of malicious attacks. The general steps of reverse Android software are: first decompile it, then read the disassembled code, if necessary, dynamically debug it, inject or directly modify the disassembled code after finding a breakthrough, and finally recompile the software for testing .

处于Java层的apk应用极容易被逆向从而得到Java源代码,而Native层的原生程序具有较高的安全性,同时直接和CPU打交道,不仅逆向难度大,而且程序的性能得到提高。由于Native层的so文件难被静态反编译,所以针对so文件的攻击大多是动态调试和内存dump分析,甚至可以通过修改系统Linker来实现对so文件的自动化攻击从而获得解密的数据。The apk application in the Java layer is very easy to be reversed to obtain the Java source code, while the native program in the Native layer has higher security, and at the same time directly deals with the CPU, not only is it difficult to reverse, but also the performance of the program is improved. Since the so files in the Native layer are difficult to be statically decompiled, most of the attacks on so files are dynamic debugging and memory dump analysis, and even the automatic attack on so files can be realized by modifying the system linker to obtain decrypted data.

发明内容Contents of the invention

为了解决上述存在的问题,本发明提出了一种基于so文件加壳的Android平台应用软件保护方法,该方法修改so壳文件和对受保护so文件的关键函数进行加密,同时so壳文件作为自定义Linker加载受保护so文件,不仅能够抵抗so壳文件的静态反编译,而且加大了受保护so文件的动态分析难度,另外结合远程服务器验证保证了源代码不被篡改,从而达到了保护Android应用程序的目的。In order to solve the above-mentioned problems, the present invention proposes a method for protecting the Android platform application software based on so file packing, the method modifies the so file and encrypts the key functions of the protected so file, and simultaneously the so file is used as an automatic Define Linker to load protected so files, which can not only resist static decompilation of so shell files, but also increase the difficulty of dynamic analysis of protected so files, and combine remote server verification to ensure that the source code is not tampered with, thus achieving the protection of Android Purpose of the application.

本发明使用的一种基于so文件加壳的Android平台应用软件保护方法主要分为加壳和解壳两个过程,具体包括下面的步骤:A kind of Android platform application software protection method based on so file packing that the present invention uses mainly is divided into two processes of packing and unpacking, specifically comprises the following steps:

(1)找到受保护so文件中的函数使用密钥进行非对称加密,密钥放在服务器;(1) Find the function in the protected so file and use the key to perform asymmetric encryption, and the key is placed on the server;

(2)对受保护so文件修改后,使用密钥对受保护so文件进行非对称加密,密钥保存在服务器;(2) After the protected so file is modified, use the key to asymmetrically encrypt the protected so file, and the key is stored in the server;

(3)把经过上述加密后的受保护so文件嵌入到so壳文件的尾部;(3) Embedding the protected so file through the above encryption into the tail of the so shell file;

(4)对so壳文件进行修改;(4) Modify the so shell file;

(5)程序运行时,由系统Linker加载so壳文件后,把控制权移交给so壳文件;(5) When the program is running, after the so shell file is loaded by the system Linker, the control is transferred to the so shell file;

(6)服务器返回密钥,so壳文件对受保护so文件进行解密;(6) The server returns the key, and the so shell file decrypts the protected so file;

(7)so壳文件模仿系统Linker对受保护so文件进行加载,从服务器返回密钥对受保护so文件的函数进行解密,加载完成后,修改so壳文件和受保护so文件;(7) The so shell file imitates the system Linker to load the protected so file, returns the key from the server to decrypt the function of the protected so file, after the loading is completed, modify the so shell file and the protected so file;

(8)受保护so文件执行解密与动态加载dex文件的函数,将控制权移交给源程序。(8) The protected so file executes the function of decrypting and dynamically loading the dex file, and transfers control to the source program.

在步骤(1)中,受保护so文件中先实现了动态加载与解密dex文件的逻辑,对其函数加密的算法是AES;In step (1), the logic of dynamically loading and decrypting the dex file is first implemented in the protected so file, and the algorithm for encrypting its function is AES;

在步骤(2)中,先对加载受保护so文件期间的相关检验字段置为0后再进行加密,对其加密的算法是AES;In step (2), the relevant check fields during the loading of the protected so file are set to 0 and then encrypted, and the encryption algorithm is AES;

在步骤(3)中,so壳文件实现Linker操作和解密so文件的逻辑;In step (3), the so shell file realizes the logic of Linker operation and decryption so file;

在步骤(4)中,主要操作是对so壳文件中与section相关的字段置为随机数;In step (4), the main operation is to set random numbers to the fields related to section in the so shell file;

在步骤(5)中,程序运行时保证系统Linker最先加载的是so壳文件;In step (5), when the program is running, it is guaranteed that the system Linker first loads the so shell file;

在步骤(6)中,由so壳文件剥离出加密的受保护so文件,再对其进行解密和函数解密;In step (6), the encrypted protected so file is stripped from the so shell file, and then decrypted and function decrypted;

在步骤(7)中,将so壳文件作为自定义Linker加载解密后的受保护so文件时跳过验证文件操作,同时加载完成后对so壳文件和受保护so文件的Program header全部置为0;In step (7), the so shell file is used as a custom Linker to skip the verification file operation when loading the decrypted protected so file, and at the same time, after the loading is completed, all the program headers of the so shell file and the protected so file are set to 0 ;

在步骤(8)中,受保护so文件解密后先获得了liddvm.so库中的openDexFile、getClassNameList和defineClass(defineClassNative)的函数指针实现动态加载功能。In step (8), after the protected so file is decrypted, the function pointers of openDexFile, getClassNameList and defineClass (defineClassNative) in the liddvm.so library are first obtained to realize the dynamic loading function.

本发明与现有技术相比,具有如下优点和有益效果:Compared with the prior art, the present invention has the following advantages and beneficial effects:

现有的Android应用程序保护技术存在so文件容易被动态分析或加密算法过于简单等问题,本发明具有下面的优点:Existing Android application program protection technology exists the problems such as so file is easily analyzed dynamically or encryption algorithm is too simple, and the present invention has following advantage:

1.传统的加密方法是受保护so文件嵌入壳文件中,由系统Linker进行加载链接,攻击者甚至能通过修改的系统Linker实现自动化脱壳。由so壳文件模仿系统Linker对受保护so文件进行加载,能有效地防止修改系统Linker攻击的方式。1. The traditional encryption method is to embed the protected so file in the shell file, which is loaded and linked by the system Linker, and the attacker can even realize automatic unpacking through the modified system Linker. The so shell file imitates the system Linker to load the protected so file, which can effectively prevent the way of modifying the system Linker attack.

2.由于so文件难被静态反编译,所以对so文件的主要攻击方式是动态分析,其最常见的攻击手段是在内存中dump出so文件。本发明设计的方法中,对so壳文件进行文件结构修改防止静态反编译,在so壳文件加载受保护so文件前后,对so壳文件和so文件进行修改,从而使攻击者无法通过关键字在内存中获取so文件的地址和使动态调试工具无法解析so文件。2. Since so files are difficult to be statically decompiled, the main attack method on so files is dynamic analysis, and the most common attack method is to dump so files in memory. In the method designed by the present invention, file structure modification is carried out to so shell file to prevent static decompilation, before and after so shell file loads protected so file, so shell file and so file are modified, thereby make attacker unable to pass keyword in Obtain the address of the so file in the memory and make the dynamic debugging tool unable to parse the so file.

3.对受保护so文件的关键函数和整个受保护so文件进行AES加密,两个密钥放在服务器中,攻击者很难通过服务器获取密钥,保证了so文件的源代码安全。3. AES encryption is performed on the key function of the protected so file and the entire protected so file. The two keys are placed in the server, and it is difficult for an attacker to obtain the key through the server, which ensures the security of the source code of the so file.

附图说明Description of drawings

图1为对Android应用程序中的so文件进行加壳的流程图。Fig. 1 is a flow chart of packing the so file in the Android application program.

图2为本发明的取得liddvm.so的函数指针流程图。Fig. 2 is a flow chart of the function pointer for obtaining liddvm.so in the present invention.

图3为当Android应用程序运行时so文件进行解壳的流程图。Fig. 3 is a flow chart of unpacking the so file when the Android application program is running.

图4为加载so文件过程示意图。Fig. 4 is a schematic diagram of the process of loading the so file.

具体实施方式detailed description

下面结合实施例及附图对本发明作进一步详细的描述,但本发明的实施方式不限于此。The present invention will be further described in detail below in conjunction with the embodiments and the accompanying drawings, but the embodiments of the present invention are not limited thereto.

本发明提供了基于so文件加壳的Android平台应用软件保护方法,其中加壳过程主要在计算机端进行,图1是加壳的流程图,具体步骤如下:The invention provides an Android platform application software protection method based on so file packing, wherein the packing process is mainly carried out at the computer end, and Fig. 1 is a flow chart of packing, and the specific steps are as follows:

(1)先实现受保护so文件中的函数,主要包括实现动态加载的三个自定义函数和解密dex文件,其中实现动态加载的三个自定义函数主要是取得对应liddvm.so库中的openDexFile、getClassNameList和defineClass(defineClassNative)的函数指针,图2是取得函数指针的流程图。通过哈希符号表找到这四个函数名后,对函数的区域使用AES算法加密,其AES密钥放在服务器中。(1) Implement the functions in the protected so file first, mainly including three custom functions to realize dynamic loading and decrypt the dex file, among which the three custom functions to realize dynamic loading are mainly to obtain openDexFile in the corresponding liddvm.so library , getClassNameList and defineClass (defineClassNative) function pointers, Figure 2 is a flow chart for obtaining function pointers. After finding the four function names through the hash symbol table, use the AES algorithm to encrypt the function area, and put the AES key in the server.

(2)在系统Linker对so文件的加载期间,会对so文件进行校验,使用so壳文件代替系统Linker,并不会对so文件进行校验,而是直接进行装载工作。若是攻击者使用系统Linker加载已经经过加固的so文件,必然会使校验ELF文件失败从而导致无法进行装载。同时,攻击者在对so文件进行动态分析的时候,会在内存中搜索相关so文件的相关字段确定so文件的位置,从而dump下完整的so文件。在经过(1)的函数加密后。本文把e_ident[16](文件标识)、e_type(文件类型)、e_machine(体系结构类型)、e_version(文件版本)、e_flag(文件相关属性)检验相关字段全部置为0,之后使用AES算法加密受保护so文件的二进制流,其AES密钥上传到服务器。(2) During the loading of the so file by the system Linker, the so file will be verified, and the so shell file will be used instead of the system Linker, and the so file will not be verified, but the loading work will be carried out directly. If an attacker uses the system Linker to load the hardened so file, it will inevitably fail to verify the ELF file, resulting in failure to load. At the same time, when the attacker dynamically analyzes the so file, he will search the relevant fields of the relevant so file in the memory to determine the location of the so file, thereby dumping the complete so file. After being encrypted by the function of (1). In this paper, e_ident[16] (file identification), e_type (file type), e_machine (architecture type), e_version (file version), e_flag (file related attributes) are all set to 0, and then the AES algorithm is used to encrypt the received data. Protect the binary stream of the so file, whose AES key is uploaded to the server.

(3)从so文件的链接和执行视图来看,so文件被装载时,使用的是执行视图,与链接视图无关,故与section相关的字段e_shoff、e_shentsize、e_shnum和e_shstrndx是可以修改的,同时由于so文件被加载的时候,设定的跳转地址是动态链接器的地址,所以e_entry也是可以修改的。为了使so壳文件达到静态反编译的目的,将so壳文件中的e_entry、e_shoff、e_shentsize、e_shnum和e_shstrndx这些字段置为随机数。(3) From the link and execution view of the so file, when the so file is loaded, the execution view is used, which has nothing to do with the link view, so the fields e_shoff, e_shentsize, e_shnum and e_shstrndx related to the section can be modified, and at the same time Since when the so file is loaded, the set jump address is the address of the dynamic linker, so e_entry can also be modified. In order to achieve the purpose of static decompilation of the so shell file, the fields e_entry, e_shoff, e_shentsize, e_shnum, and e_shstrndx in the so shell file are set to random numbers.

(4)把经过(2)加密后的受保护so文件嵌入到so壳文件的尾部,同时对dex文件进行加密操作。本示例对dex文件DES加密,加密后的密文和密钥嵌入资源文件图片中。(4) Embedding the protected so file after (2) encryption into the tail of the so shell file, and encrypting the dex file simultaneously. This example encrypts the dex file with DES, and the encrypted ciphertext and key are embedded in the image of the resource file.

(5)把so壳文件放入源程序apk中,签名打包,得到加固后的程序。(5) Put the so shell file into the source program apk, sign and pack it, and obtain the program after reinforcement.

解壳过程主要在Android手机端进行,图3为Android程序加固后运行的流程图,具体步骤如下:The unpacking process is mainly carried out on the Android mobile phone. Figure 3 is the flowchart of running the Android program after hardening. The specific steps are as follows:

(1)如图4的1、2、3、4步是系统Linker对so文件的装载和链接过程,为了让系统Linker首先将so壳文件加载起来,需要把so壳文件放在系统Linker的初始化阶段,即JNI_OnLoad或so壳文件中.init,.init_array指定的函数,为减少繁琐的操作,把so壳文件对受保护so文件的加载过程放在JNI_OnLoad中。由系统Linker把so壳文件加载后,把控制权交给so壳文件。(1) Steps 1, 2, 3, and 4 as shown in Figure 4 are the loading and linking process of the so file by the system Linker. In order for the system Linker to load the so shell file first, the so shell file needs to be placed in the initialization of the system Linker stage, that is, the functions specified by .init and .init_array in JNI_OnLoad or the so shell file. In order to reduce tedious operations, the loading process of the protected so file from the so shell file is placed in JNI_OnLoad. After the so shell file is loaded by the system Linker, control is given to the so shell file.

(2)如图4的第5、6步,so壳文件获得系统Linker的控制权后,首先将加密的受保护so文件从服务器返回密钥进行AES解密,接着作为一个解释器继续运行和使用服务器返回的密钥对受保护so文件中的函数AES解密。so壳文件对受保护so文件的装载链接可以完全按照系统Linker进行实现,所以源码也和系统Linker差不多。不同之处在:(1)在装载和链接阶段,解密的so文件在内存中,需要把文件操作改成内存操作。(2)为了防止攻击者在内存中利用soinfo的各类映射信息对受保护so文件进行分析,将受保护so文件的导出表和so壳文件的导出表进行合并,之后将受保护so文件的soinfo删除,同时合并的soinfo并不会添加到全局链表中,需要用到soinfo时,由系统Linker直接对soinfo进行分配。(3)应用程序会对so文件进行符号查找,但是受保护so文件依附在so壳文件里,所以应用程序不能访问到受保护so文件的动态符号表。为了解决这个问题,必须将受保护so文件动态符号表导出到so壳文件的动态符号表中,so文件动态符号表中的符号查找过程涉及到符号哈希表、符号表和字符串表这三个结构,如图4的步骤7所示,把受保护so文件的字符串表和符号表添加到so壳文件的字符串表和符号表中,根据新的符号表重建哈希表,最后将重建的哈希表放到so壳文件中。(2) As shown in steps 5 and 6 of Figure 4, after the so shell file obtains the control of the system Linker, it first decrypts the encrypted protected so file from the server with the key returned by AES, and then continues to run and use it as an interpreter The key returned by the server is used to decrypt the function AES in the protected so file. The loading link of the so shell file to the protected so file can be implemented completely according to the system Linker, so the source code is similar to the system Linker. The difference is: (1) In the loading and linking phase, the decrypted so file is in the memory, and the file operation needs to be changed into a memory operation. (2) In order to prevent attackers from using various mapping information of soinfo to analyze protected so files in memory, the export table of the protected so file and the export table of the so shell file are merged, and then the protected so file Soinfo is deleted, and the merged soinfo will not be added to the global linked list. When soinfo is needed, the system Linker will directly allocate soinfo. (3) The application program will perform symbol search on the so file, but the protected so file is attached to the so shell file, so the application program cannot access the dynamic symbol table of the protected so file. In order to solve this problem, the dynamic symbol table of the protected so file must be exported to the dynamic symbol table of the so shell file. The symbol lookup process in the dynamic symbol table of the so file involves the symbol hash table, symbol table and string table. A structure, as shown in step 7 of Figure 4, the string table and the symbol table of the protected so file are added to the string table and the symbol table of the so shell file, and the hash table is reconstructed according to the new symbol table, and finally the Put the reconstructed hash table into the so shell file.

(3)Program Header描述了与程序执行相关的so文件结构信息,根据这些信息能确定各个段的大小偏移,所在的虚拟地址等。在装载so文件的时候,load_library函数中的ReadProgramHeader、ReserveAddressSpace、LoadSegments这些函数会读取ProgramHeader加载类型为PT_LOAD的segment,之后会把Program Header的装载结果存到soinfo中,即si->phdr=elf_reader.loaded_phdr(),这样攻击者就能通过找到soinfo来提取Program Header从而分析和提取so文件。为了规避这种攻击,so壳文件在受保护so文件加载完毕后通过自身的信息找到自身和受保护so文件的Program Header地址,将ProgramHeader全部置为0。(3) Program Header describes the so file structure information related to program execution. According to this information, the size offset of each segment, the virtual address where it is located, etc. can be determined. When loading the so file, the functions ReadProgramHeader, ReserveAddressSpace, and LoadSegments in the load_library function will read the segment whose ProgramHeader loading type is PT_LOAD, and then store the loading result of the Program Header in soinfo, that is, si->phdr=elf_reader. loaded_phdr(), so that the attacker can extract the Program Header by finding the soinfo to analyze and extract the so file. In order to avoid this attack, the so shell file finds the Program Header address of itself and the protected so file through its own information after the protected so file is loaded, and sets all Program Headers to 0.

(4)在Java层使用DexClassLoader动态加载方式存在一些安全问题,不但会将odex文件以文件的形式产生在手机存储空间中,而且解密后的dex文件也以文件形式明文存放在存储空间中,所以本发明使用liddvm.so库的函数进行动态加载。解密后的受保护so文件从资源文件中找到加密的dex文件和密钥,使用密钥对dex文件进行DES解密后,使用对应liddvm.so库中的openDexFile、getClassNameList和defineClass(defineClassNative)的自定义函数对dex文件进行动态加载,将控制权交给源程序。(4) There are some security issues in using the dynamic loading method of DexClassLoader in the Java layer. Not only will the odex file be generated in the storage space of the mobile phone in the form of a file, but the decrypted dex file will also be stored in the storage space in the form of a file in plain text, so The present invention uses the functions of the liddvm.so library for dynamic loading. The decrypted protected so file finds the encrypted dex file and key from the resource file, uses the key to decrypt the dex file with DES, and then uses the corresponding openDexFile, getClassNameList and defineClass (defineClassNative) in the liddvm.so library to customize The function dynamically loads the dex file and hands over control to the source program.

Claims (7)

1. a kind of Android platform applied software protection method based on so file shell addings, it is characterised in that methods described includes Following steps:
A, ciphering process
(1) to protected so files dynamic load dex files;
(2) asymmetric encryption is carried out to protected so files and its function, and key is uploaded onto the server;
(3) protected so files and so shelf documents are modified;
(4) after protected so file encryptions, its ciphertext is embedded into so shelf document afterbodys, then using so shelf documents as self-defined Linker alternative systems Linker is loaded to protected so files;
B, decrypting process
(5) when program is run, so shelf documents use the key returned from server to be decrypted protected so files first, connect The key for running as Linker and using server to return the function in protected so files to be decrypted, loading is completed Afterwards, itself and protected so files are modified;
(6) in its dex file of Native layers of dynamic load after dex files are decrypted protected so files.
2. the method as described in claim 1, it is characterised in that in step (2), first to during loading protected so files Related check field is encrypted again after being set to 0, is aes algorithm to the algorithm that it is encrypted.
3. method as claimed in claim 2, it is characterised in that also include part field in so shelf documents in step (4) The step of being set to random number.
4. method as claimed in claim 3, it is characterised in that in step (5), program runtime system Linker is first loaded So shelf documents.
5. method as claimed in claim 4, it is characterised in that being protected for encryption is separated by so shelf documents in step (6) So files are protected, then it are decrypted and function decryption.
6. method as claimed in claim 5, it is characterised in that in step (7), regard so shelf documents as self-defined Linker Checking file operation is skipped when loading protected so files after decryption, while to so shelf documents and protected so after the completion of loading The modification content of file is that Program header therein are all set to 0.
7. the method as described in claim 1, it is characterised in that in step (3), the modification content to protected so files is Relevant field is examined all to be set to 0 e_ident, e_type, e_machine, e_version, e_flag in file, to so The modification content of shelf document is e_entry, e_shoff, e_shentsize, e_shnum and e_ in so shelf documents Shstrndx these be set to random number with section relevant fields.
CN201710324703.3A 2017-07-07 2017-07-07 So file shell adding-based Android platform application software protection method Active CN107273723B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710324703.3A CN107273723B (en) 2017-07-07 2017-07-07 So file shell adding-based Android platform application software protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710324703.3A CN107273723B (en) 2017-07-07 2017-07-07 So file shell adding-based Android platform application software protection method

Publications (2)

Publication Number Publication Date
CN107273723A true CN107273723A (en) 2017-10-20
CN107273723B CN107273723B (en) 2022-01-28

Family

ID=60074120

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710324703.3A Active CN107273723B (en) 2017-07-07 2017-07-07 So file shell adding-based Android platform application software protection method

Country Status (1)

Country Link
CN (1) CN107273723B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN109271759A (en) * 2018-09-26 2019-01-25 杭州凯米科技有限公司 So file security reinforcement technique method based on Android platform
CN109657480A (en) * 2017-10-11 2019-04-19 中国移动通信有限公司研究院 A kind of document handling method, equipment and computer readable storage medium
CN109858203A (en) * 2018-12-21 2019-06-07 厦门市美亚柏科信息股份有限公司 A kind of safety protecting method, device and the storage medium of Android platform application
CN110046504A (en) * 2019-04-22 2019-07-23 北京智游网安科技有限公司 SO file hiding method, storage medium and device based on Linker
CN111191195A (en) * 2019-12-10 2020-05-22 航天信息股份有限公司 Method and device for protecting APK
CN111984940A (en) * 2019-05-22 2020-11-24 北京奇虎科技有限公司 SO file reinforcing method and device, electronic equipment and storage medium
WO2021232311A1 (en) * 2020-05-20 2021-11-25 深圳市欢太科技有限公司 File processing method, file processing apparatus, storage medium and electronic device
CN118673474A (en) * 2024-08-23 2024-09-20 山东浪潮科学研究院有限公司 Link method, equipment and medium for preventing dynamic link library hijacking

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104392181A (en) * 2014-11-18 2015-03-04 北京奇虎科技有限公司 SO file protection method and device and android installation package reinforcement method and system
US20150067815A1 (en) * 2013-08-28 2015-03-05 Cisco Technology, Inc. Configuration of energy savings
CN106203006A (en) * 2016-08-31 2016-12-07 北京鼎源科技有限公司 Android application reinforcement means based on dex Yu so file Dynamic Execution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150067815A1 (en) * 2013-08-28 2015-03-05 Cisco Technology, Inc. Configuration of energy savings
CN104392181A (en) * 2014-11-18 2015-03-04 北京奇虎科技有限公司 SO file protection method and device and android installation package reinforcement method and system
CN106203006A (en) * 2016-08-31 2016-12-07 北京鼎源科技有限公司 Android application reinforcement means based on dex Yu so file Dynamic Execution

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
韩子诺 等: "基于Android平台的SO加固技术研究", 《现代计算机(专业版)》 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109657480A (en) * 2017-10-11 2019-04-19 中国移动通信有限公司研究院 A kind of document handling method, equipment and computer readable storage medium
CN109255245A (en) * 2018-08-13 2019-01-22 海南新软软件有限公司 A kind of local cryptographic key protection method, apparatus and system
CN109271759A (en) * 2018-09-26 2019-01-25 杭州凯米科技有限公司 So file security reinforcement technique method based on Android platform
CN109858203A (en) * 2018-12-21 2019-06-07 厦门市美亚柏科信息股份有限公司 A kind of safety protecting method, device and the storage medium of Android platform application
CN110046504A (en) * 2019-04-22 2019-07-23 北京智游网安科技有限公司 SO file hiding method, storage medium and device based on Linker
CN110046504B (en) * 2019-04-22 2021-04-06 北京智游网安科技有限公司 SO file hiding method, storage medium and device based on Linker
CN111984940A (en) * 2019-05-22 2020-11-24 北京奇虎科技有限公司 SO file reinforcing method and device, electronic equipment and storage medium
CN111191195A (en) * 2019-12-10 2020-05-22 航天信息股份有限公司 Method and device for protecting APK
WO2021232311A1 (en) * 2020-05-20 2021-11-25 深圳市欢太科技有限公司 File processing method, file processing apparatus, storage medium and electronic device
CN115039096A (en) * 2020-05-20 2022-09-09 深圳市欢太科技有限公司 File processing method, file processing device, storage medium and electronic equipment
CN115039096B (en) * 2020-05-20 2025-09-05 深圳市欢太科技有限公司 File processing method, file processing device, storage medium and electronic equipment
CN118673474A (en) * 2024-08-23 2024-09-20 山东浪潮科学研究院有限公司 Link method, equipment and medium for preventing dynamic link library hijacking

Also Published As

Publication number Publication date
CN107273723B (en) 2022-01-28

Similar Documents

Publication Publication Date Title
CN107273723B (en) So file shell adding-based Android platform application software protection method
KR101471589B1 (en) Method for Providing Security for Common Intermediate Language Program
CN106778103B (en) Reinforcement method, system and decryption method for preventing reverse cracking of android application program
CN105683990B (en) Method and apparatus for protecting dynamic base
CN101908119B (en) Method and device for processing dynamic link library (DLL) file
JP5990654B2 (en) Application code obfuscation device and method
US20180260199A1 (en) Method and apparatus for intermediate representation of applications
CN106203006A (en) Android application reinforcement means based on dex Yu so file Dynamic Execution
WO2016078130A1 (en) Dynamic loading method for preventing reverse of apk file
CN109784007B (en) Byte code encryption method, byte code decryption method and terminal
US20160239671A1 (en) Method and device for protecting an application and method and device for executing a protected application thus protected
CN104392181A (en) SO file protection method and device and android installation package reinforcement method and system
CN106228041B (en) A kind of code protection method for Android precompile
JPWO2006009081A1 (en) Application execution apparatus and application execution method of application execution apparatus
CN104408337A (en) Reinforcement method for preventing reverse of APK (Android package) file
CN104239757A (en) Application program reversing-preventing method and device and operation method and terminal
US10867017B2 (en) Apparatus and method of providing security and apparatus and method of executing security for common intermediate language
US11061998B2 (en) Apparatus and method for providing security and apparatus and method for executing security to protect code of shared object
CN109960509B (en) Application hardening method, device, computing equipment and computer storage medium
CN109241707A (en) Application program obscures method, apparatus and server
KR101863325B1 (en) Method and apparatus for preventing reverse engineering
KR20160020294A (en) Method and system for providing application security service based on cloud
KR101749209B1 (en) Method and apparatus for hiding information of application, and method and apparatus for executing application
CN108664796A (en) A kind of so document protection methods and device
CN110597496B (en) Method and device for acquiring bytecode file of application program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant