[go: up one dir, main page]

WO2013170724A1 - Method for protecting java application programs in android system - Google Patents

Method for protecting java application programs in android system Download PDF

Info

Publication number
WO2013170724A1
WO2013170724A1 PCT/CN2013/075444 CN2013075444W WO2013170724A1 WO 2013170724 A1 WO2013170724 A1 WO 2013170724A1 CN 2013075444 W CN2013075444 W CN 2013075444W WO 2013170724 A1 WO2013170724 A1 WO 2013170724A1
Authority
WO
WIPO (PCT)
Prior art keywords
java
functional unit
instruction code
protecting
java application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2013/075444
Other languages
French (fr)
Chinese (zh)
Inventor
孙吉平
韩勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Senselock Software Technology Co Ltd
Original Assignee
Beijing Senselock Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Senselock Software Technology Co Ltd filed Critical Beijing Senselock Software Technology Co Ltd
Publication of WO2013170724A1 publication Critical patent/WO2013170724A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/128Restricting unauthorised execution of programs involving web programs, i.e. using technology especially used in internet, generally interacting with a web browser, e.g. hypertext markup language [HTML], applets, java
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators

Definitions

  • the present invention relates to the field of computer security, and more particularly to a method for protecting a JAVA application in an Android system.
  • the encrypted method code is decrypted in real time according to the calling requirement during the running of the program, which makes the application difficult to decompile and static analysis, and realizes JAVA. Effective protection of the program.
  • Android is a Linux-based open source operating system mainly used in portable devices. Android is one of the mainstream operating systems used in mobile devices such as mobile phones and tablets.
  • the application in Android system is usually written in JAVA language, compiled and generated JAVA program files are installed and run. Because JAVA belongs to the intermediate language, its compiled executable file contains a lot of source code structure and design information, and the Android system is a Linux-based operating system. Its openness and rich variety of program analysis tools make the JAVA program very It is easy to be decompiled and statically analyzed, so the copyright protection of the application in Android is very weak. The application's installation files are easy to copy and distribute, and pirates can easily get it on the network and install it on other unauthorized devices.
  • the present invention provides a method for protecting a JAVA application in an Android system by using a plurality of method instruction codes of a JAVA class object to be protected. Transform storage, real-time decryption operation of the encrypted method code according to the calling requirement when the program runs, making the application difficult to be decompiled and statically analyzed, and effectively protecting the JAVA application.
  • JAVA language there are two types of method functions for class objects: normal methods and native methods.
  • the normal method is compiled into JAVA instruction code by JAVA language.
  • the runtime is executed by JAVA Virtual Machine (JVM).
  • JVM JAVA Virtual Machine
  • Another type of native method is Native Method.
  • JANI Native Interface Java Native Interface
  • the interface accesses the external library running on the local operating system.
  • JNI implements mutual calls between JAVA programs and external libraries, and is usually used to provide JAVA programs with non-JAVA language implementations.
  • the invention encrypts the method data content of a class object implemented by the JAVA language and changes it to a specific
  • the JNI protection function interface calls the decryption to restore the original instruction code in the JNI protection function interface, and then calls the restored original instruction code.
  • the steps to protect a JAVA application are:
  • the new normal method is the copy method of the above-mentioned protected normal method, so that the instruction code space of the new normal method is The instruction code space of the protected common method is equal, and the instruction code space of the new normal method is completely filled with the null instruction;
  • the key used in the above encryption process can be protected by the protected JAVA application. Generated such that the keys used by each JAVA application are different; for example, the information includes but is not limited to software basic information, APPID, version number, and the like. It is also possible to combine the information of the protected JAVA application with the information of the user authorized to use the JAVA application to generate a key, so that the installation procedure of each user is different, and the unauthorized copying of the installer is prevented.
  • user information includes, but is not limited to, user ID, APPID, version number, UID.
  • various symmetric or asymmetric algorithms may be used.
  • symmetric algorithms include but are not limited to AES, DES, TDES, etc.; asymmetric algorithms include but are not limited to: RSA, ECC). It can be a public or private encryption algorithm, or other data transformation and inverse transformation methods. For example, a specific transformation of code data bytes can be converted into other bytecodes or encrypted data, and the inverse transformation uses the same rules to obtain the original. data.
  • some methods may be further adopted to increase the difficulty of decompilation and static analysis, or dynamic debugging, and the methods include:
  • the anti-debugging technique is to add the relevant code to monitor whether there is debugger debugging in the JAVA application code.
  • the anti-debugging code in the code will monitor whether there is debugger debugging. If there is, stop the decryption and load the running process.
  • Reverse debugging can be done in any process. When it is detected that the debugger is debugging the program, it will stop the decryption and load the running process.
  • the invention can encrypt and protect multiple methods of any class object, and is dynamically decrypted and loaded and executed only when the protected ordinary method is called, and the copy method is erased immediately after the call is completed.
  • the instruction code in the instruction code space (erasing the contents of the entire copy method, that is, the instruction code for erasing the copy method), there is always no complete program code in the memory, so it is difficult for the cracker to recover the program file for decompilation and static Analysis prevents the piracy of JAVA applications.
  • 1 is a flow chart of a method for encrypting protection in the present invention.
  • 2 is a flow chart of a method of performing a call protection in the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION hereinafter, specific embodiments of the present invention will be described by way of examples. For example, to protect the generic method M of class Class A (i.e., a functional unit that implements a particular function), in accordance with an embodiment of the present invention, the following steps are performed:
  • Locate ClassA.M in the JAVA program file (source file). In a specific embodiment of the present invention, positioning is to first find the ClassA class, and then find the M method in ClassA. Positioned by code is ClassA test new ClassA(); test.M method can be obtained. Change the method ClassA.M (the normal method M of the class ClassA to be protected) to the local method. Change the normal method to a local method with the keyword native. The local method is changed after the change.
  • M1 corresponds to the copy unit of function unit M above.
  • M1 corresponds to the copy unit of function unit M above.
  • it is created within the class code of class ClassA, and a common method M1 is generated by the code.
  • the code content of the M method how much space the method occupies is calculated, and the specific size of the code space of the M method is calculated, and when a new common method M1 is generated, the size of the M1 is set. The size of the above M.
  • the M1 is an empty method, and only the declaration of the method is included, the method does not contain code, and the code space of the method body is consistent with the size of the M instruction code space.
  • the steps of generating JNI include: (1) writing JAVA code, indicating the local dynamic link library and local interface method to be accessed; (2) compiling with the javac command. Java class, use (javah -jni java class name) to generate a header file with the extension h; (3) use C / C + + to implement the functions declared in the .h file generated in (2); (4) compile C / C++ implementation code generates dynamic link library (dll/so file); (5) generates jar package for calling; defines interface and so on are included in the above steps.
  • the exported ClassA.M interface is the function declared in the .h file generated in the C/C++ implementation step 2 in the above-mentioned JNI generation step, and the interface name format of the ClassA.M is JAVA. - Plus the package path of the java program plus the function name.
  • the original instruction code in ClassA.M is encrypted and stored in the resources of the JNI library.
  • the encryption method may be a symmetric or asymmetric encryption algorithm, and may be a public or private encryption algorithm, or other data transformation and inverse transformation methods.
  • the original of ClassA.M The instruction code is encrypted and stored in the JNI library by the above encryption method, for example, encrypting the code byte and storing the encrypted character string in the resource. When decryption is performed, the encrypted content of the resource is decrypted according to the same rule.
  • the JAVA application calls ClassA.Ml;

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Description

说 明 书 安卓系统中 JAVA应用程序的保护方法 技术领域 本发明涉及计算机安全领域, 特别是一种保护安卓系统中 JAVA应用程 序的方法。 通过将待保护的 JAVA 类对象的若干方法指令代码进行加密变 换, 在程序运行时根据调用需求对加密的方法代码进行实时的解密运行, 使 得应用程序难以进行反编译和静态分析, 实现了对 JAVA程序的有效保护。 背景技术 安卓系统( Android )是一种以 Linux为基础的开放源码操作系统, 主要 使用于便携设备。安卓系统是当前手机和平板电脑等移动设备中使用的主流 操作系统之一。 安卓系统中的应用程序通常是用 JAVA语言编写, 编译生成 JAVA程序 文件安装后运行。 由于 JAVA属于中间语言, 其编译后的可执行文件中包含 大量源代码的结构和设计信息, 加之安卓系统是基于 Linux的操作系统, 其 开放性和丰富的各种程序分析工具,使得 JAVA程序很容易被反编译和静态 分析, 因此安卓系统中对应用程序的版权保护非常薄弱。 应用程序的安装文 件很易于复制和传播,盗版者可以很方便的在网络上获得并在其它未授权的 设备中安装使用。 即使开发者在应用程序中实现了一些软件保护手段, 诸如 对硬件设备或用户身份的验证和功能绑定,但盗版者仍可以很容易分析应用 程序的运行逻辑, 绕开或去除程序中的相应保护功能, 生成可以自由使用的 破解版本。 目前常见的一种保护方法是采用 "加壳,, 的方式, 即将应用程序的全部 或部分指令进行加密或其它方式的变换,运行时用一个脱壳程序对其进行反 变换后加载到内存中执行。 在脱壳程序中加入一些控制保护措施, 例如对用 户身份的认证, 应用程序的完整性校验等。 这种方法虽然可以防止对应用程 序直接的反编译, 但其 "脱壳操作" 是一次性操作, "脱壳" 后程序的所有 指令代码都在内存中,破解者可以很方便的在程序被脱壳加载后保存下内存 数据, 还原原始程序; 另外, 脱壳程序的功能逻辑是固定的, 易于被解密者 分析破解, 因此这种加壳的方式对应用软件的保护能力不强。 由于以上原因, 目前安卓系统的软件盗版现象十分严重, 付费软件的权 益无法得到保障,导致很多在 iOS系统中很成功的软件放弃安卓系统或者将 软件在安卓系统中以免费加广告的形式发布。 可见, JAVA程序的保护机制 缺失严重制约了安卓系统中的软件市场的发展。 BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to the field of computer security, and more particularly to a method for protecting a JAVA application in an Android system. By encrypting and transforming several method instruction codes of the JAVA class object to be protected, the encrypted method code is decrypted in real time according to the calling requirement during the running of the program, which makes the application difficult to decompile and static analysis, and realizes JAVA. Effective protection of the program. BACKGROUND OF THE INVENTION Android (Android) is a Linux-based open source operating system mainly used in portable devices. Android is one of the mainstream operating systems used in mobile devices such as mobile phones and tablets. The application in Android system is usually written in JAVA language, compiled and generated JAVA program files are installed and run. Because JAVA belongs to the intermediate language, its compiled executable file contains a lot of source code structure and design information, and the Android system is a Linux-based operating system. Its openness and rich variety of program analysis tools make the JAVA program very It is easy to be decompiled and statically analyzed, so the copyright protection of the application in Android is very weak. The application's installation files are easy to copy and distribute, and pirates can easily get it on the network and install it on other unauthorized devices. Even if the developer implements some software protection in the application, such as verification and functional binding of the hardware device or user identity, the pirate can easily analyze the running logic of the application, bypass or remove the corresponding in the program. Protection function, generate a cracked version that can be used freely. One of the common protection methods at present is to use the "packing," method, that is, all or part of the instructions of the application are encrypted or otherwise transformed, and the runtime is reversed by a shelling program. After the transformation, it is loaded into memory and executed. Add some control protection measures to the shelling program, such as authentication of the user's identity, application integrity check, etc. Although this method can prevent direct decompilation of the application, its "hulling operation" is a one-time operation. After the "hulling", all the instruction codes of the program are in the memory, and the cracker can be conveniently placed in the program. After the shell is loaded, the memory data is saved and the original program is restored. In addition, the function logic of the shelling program is fixed, and it is easy for the decrypter to analyze and crack, so the method of packing is not strong enough for the application software. Due to the above reasons, the software piracy phenomenon of the Android system is very serious, and the rights of the paid software cannot be guaranteed. As a result, many successful softwares in the iOS system give up the Android system or release the software in the form of free advertising in the Android system. It can be seen that the lack of protection mechanism of JAVA program seriously restricts the development of the software market in Android system.

发明内容 为了克服现有技术中 JAVA应用程序缺乏安全保护机制的弊端,本发明 提供了一种对安卓系统中 JAVA应用程序进行保护的方法,通过将待保护的 JAVA类对象的若干方法指令代码进行变换存储, 在程序运行时根据调用需 求对加密的方法代码进行实时的解密运行,使得应用程序难以被反编译和静 态分析, 实现了对 JAVA应用程序的有效保护。 在 JAVA语言中,类对象的方法函数有两种类型:普通方法和本地方法。 普通方法是由 JAVA语言编写编译成 JAVA指令代码,运行时由 JAVA虚拟 机 ( JAVA Virtual Machine, JVM )执行; 另一类本地方法( Native Method ), 它是通过 JNI ( JAVA Native Interface, JAVA本地调用) 的接口访问外部的 运行在本地操作系统的库。 JNI实现了 JAVA程序和外部库之间的相互调用, 通常用来为 JAVA程序提供非 JAVA语言实现的功能。 本发明将某个由 JAVA语言实现的类对象的方法数据内容进行加密, 并将其改为对特定的 JNI保护函数接口的调用, 在该 JNI保护函数接口中将解密还原原始的指令 代码, 然后再对已还原的原始指令代码进行调用。 保护 JAVA应用程序的步骤是: SUMMARY OF THE INVENTION In order to overcome the shortcomings of the JAVA application lacking a security protection mechanism in the prior art, the present invention provides a method for protecting a JAVA application in an Android system by using a plurality of method instruction codes of a JAVA class object to be protected. Transform storage, real-time decryption operation of the encrypted method code according to the calling requirement when the program runs, making the application difficult to be decompiled and statically analyzed, and effectively protecting the JAVA application. In the JAVA language, there are two types of method functions for class objects: normal methods and native methods. The normal method is compiled into JAVA instruction code by JAVA language. The runtime is executed by JAVA Virtual Machine (JVM). Another type of native method is Native Method. It is called by JANI Native Interface (JAVA Native Interface). The interface accesses the external library running on the local operating system. JNI implements mutual calls between JAVA programs and external libraries, and is usually used to provide JAVA programs with non-JAVA language implementations. The invention encrypts the method data content of a class object implemented by the JAVA language and changes it to a specific The JNI protection function interface calls the decryption to restore the original instruction code in the JNI protection function interface, and then calls the restored original instruction code. The steps to protect a JAVA application are:

1. 在 JAVA程序文件中定位待保护的功能单元 (比如, 待保护的类对 象的某个普通方法, 用于实现特定功能) , 将其更改为本地方法;1. Locate the functional unit to be protected in the JAVA program file (for example, a common method of the class object to be protected, to implement a specific function), and change it to a local method;

2. 为该类对象创建一个新的普通方法 (即对应于功能单元的副本单 元) , 该新的普通方法是上述被保护的普通方法的副本方法, 令新 的普通方法的指令代码空间与被保护的普通方法的指令代码空间相 等, 并将新的普通方法的指令代码空间全部填充为空指令;2. Create a new normal method (that is, a copy unit corresponding to the functional unit) for the object. The new normal method is the copy method of the above-mentioned protected normal method, so that the instruction code space of the new normal method is The instruction code space of the protected common method is equal, and the instruction code space of the new normal method is completely filled with the null instruction;

3. 生成一个 JNI库(JAVA本地调用库), 导出被保护的普通方法的接 口。 将被保护的普通方法的原始指令代码加密后存储在 JNI库的资 源中。 3. Generate a JNI library (JAVA local call library) that exports the interface to the protected normal method. The original instruction code of the protected normal method is encrypted and stored in the resources of the JNI library.

4. 擦除被保护的普通方法的原始指令代码。 对于其它需要保护的方法, 执行上述相同的步骤。 执行被保护的 JAVA应用程序, 当调用被保护的普通方法时, 由于被保 护的普通方法已被更改为本地方法, 因此 JVM会调用 JNI库中的被保护的 普通方法的接口, 此时, 在 JNI库中执行以下步骤:  4. Erase the original instruction code of the protected normal method. For other methods that require protection, perform the same steps as above. Execute a protected JAVA application. When the protected normal method is called, since the protected normal method has been changed to the local method, the JVM will call the interface of the protected normal method in the JNI library. Perform the following steps in the JNI library:

1. 从 JNI库的资源中找到被保护的普通方法的加密数据, 将该数据解 密后, 填回到副本方法的指令代码空间中; 1. Find the encrypted data of the protected common method from the resources of the JNI library, decrypt the data, and fill it back into the instruction code space of the copy method;

2. 调用、 执行副本方法;  2. Call and execute the copy method;

3. 擦除副本方法的指令代码空间中的指令代码, 即将副本方法整个擦 除;  3. Erase the instruction code in the instruction code space of the copy method, that is, erase the entire copy method;

4. 返回被保护的普通方法的调用。 上述加密过程中所使用的密钥,可以由被保护的 JAVA应用程序的信息 生成, 使得每个 JAVA应用程序所使用的密钥不同; 比如, 所述信息包括但 不限于软件基本信息, APPID, 版本号等。 也可以将由被保护的 JAVA应用 程序的信息和被授权使用该 JAVA应用程序的用户的信息组合后生成密钥, 使得每个用户的安装程序不同, 防止了安装程序的非授权复制使用。 比如, 用户信息包括但不限于用户 ID、 APPID, 版本号、 UID。 上述的加密方法, 可以采用各种对称或非对称算法, 比如, 对称算法包 括但不限于 AES、 DES、 TDES等; 非对称算法包括但不限于: RSA、 ECC )。 可以是公开的或私有的加密算法, 也可以是其它的数据变换与反变换方法, 比如, 对代码数据字节进行特定的变换转换成其他字节码或加密数据, 反变 换采用相同规则获取原始数据。 上述加密和解密执行过程中可以进一步采用一些方法,增加反编译和静 态分析, 或动态调试的难度, 方法包括: 4. Return the call to the protected normal method. The key used in the above encryption process can be protected by the protected JAVA application. Generated such that the keys used by each JAVA application are different; for example, the information includes but is not limited to software basic information, APPID, version number, and the like. It is also possible to combine the information of the protected JAVA application with the information of the user authorized to use the JAVA application to generate a key, so that the installation procedure of each user is different, and the unauthorized copying of the installer is prevented. For example, user information includes, but is not limited to, user ID, APPID, version number, UID. For the above encryption method, various symmetric or asymmetric algorithms may be used. For example, symmetric algorithms include but are not limited to AES, DES, TDES, etc.; asymmetric algorithms include but are not limited to: RSA, ECC). It can be a public or private encryption algorithm, or other data transformation and inverse transformation methods. For example, a specific transformation of code data bytes can be converted into other bytecodes or encrypted data, and the inverse transformation uses the same rules to obtain the original. data. In the above encryption and decryption execution process, some methods may be further adopted to increase the difficulty of decompilation and static analysis, or dynamic debugging, and the methods include:

1. 采用自定义的非标准 JAVA程序文件格式。 比如, 可自行定义文件格式, 比如. sense或其他格式,将内容存储至该文件内, 然后使用时使用自己创 建的加载器来加载此格式的文件。 文件存储加载可采用加密或定义的格 式方式, 因为采用此种文件格式, 一般人不知道文件格式, 不知如何加 载, 从而增加反编译难度。 1. Use a custom non-standard JAVA program file format. For example, you can define a file format, such as . sense or other format, store the content in the file, and then use the loader you created to load the file in this format. The file storage can be loaded in an encrypted or defined format. Because of this file format, the average person does not know the file format and does not know how to load it, thus increasing the difficulty of decompilation.

2. 去除某些不影响程序运行的源程序的信息 (比如变量名) 。 例如, 去除 相关内部变量名, 或者内部一些逻辑代码 (例如 switch等) 进行混淆或 者去除。 当反编译时, 运行到此逻辑部分就中断无法进行下去, 增加复 杂性。  2. Remove some information (such as variable names) that does not affect the source of the program. For example, remove the relevant internal variable name, or some internal logic code (such as switch) to confuse or remove. When decompiled, the interruption to this logical part will not proceed, increasing complexity.

3. 运行 JAVA应用程序时使用反调试技术, 当 JAVA应用程序监测到调试 器正在对本程序进行调试时, 停止解密和加载运行过程。 反调试技术是 在 JAVA应用程序代码里加入监测是否有调试器调试的相关代码, 在运 行 JAVA应用程序时,代码中的反调试代码会监测是否存在调试器调试, 如果有, 则停止解密和加载运行过程。 可在任何过程中进行反调试。 当 监测到调试器正在对本程序进行调试时, 会停止解密和加载运行过程, 停止后无法调试, 增加了调试的难度, 当然也就进一步提高了反编译的 难度。 本发明可以对任意的类对象的多个方法进行加密保护,在程序运行时只 在被保护的普通方法被调用时才被动态地解密和加载执行,并调用完成后立 即擦除其副本方法的指令代码空间中的指令代码 (擦除整个副本方法内容, 即擦除其副本方法的指令代码) , 内存中始终不存在完整的程序代码, 因此 破解者很难恢复出程序文件进行反编译和静态分析,防止了 JAVA应用程序 被盗版的问题。 附图说明 图 1为本发明中加密受保护的方法的流程图。 图 2为本发明中执行调用受保护方法的流程图。 具体实施方式 下面通过实例说明本发明的具体实施方式。 例如要保护类 ClassA的普通方法 M (即实现特定功能的功能单元) , 根据本发明的一个实施例, 进行以下步骤: 3. Use the anti-debugging technology when running the JAVA application. When the JAVA application detects that the debugger is debugging the program, stop the decryption and load the running process. The anti-debugging technique is to add the relevant code to monitor whether there is debugger debugging in the JAVA application code. When running the JAVA application, the anti-debugging code in the code will monitor whether there is debugger debugging. If there is, stop the decryption and load the running process. Reverse debugging can be done in any process. When it is detected that the debugger is debugging the program, it will stop the decryption and load the running process. After the stop, it can't be debugged, which increases the difficulty of debugging, and of course increases the difficulty of decompilation. The invention can encrypt and protect multiple methods of any class object, and is dynamically decrypted and loaded and executed only when the protected ordinary method is called, and the copy method is erased immediately after the call is completed. The instruction code in the instruction code space (erasing the contents of the entire copy method, that is, the instruction code for erasing the copy method), there is always no complete program code in the memory, so it is difficult for the cracker to recover the program file for decompilation and static Analysis prevents the piracy of JAVA applications. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart of a method for encrypting protection in the present invention. 2 is a flow chart of a method of performing a call protection in the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, specific embodiments of the present invention will be described by way of examples. For example, to protect the generic method M of class Class A (i.e., a functional unit that implements a particular function), in accordance with an embodiment of the present invention, the following steps are performed:

1. 在 JAVA程序文件(源文件)中定位 ClassA.M。 居本发明的一个具 体实施方式, 定位就是先找到 ClassA类, 然后在 ClassA中找到 M 方法。 通过代码形式定位则为 ClassA test=new ClassA(); test.M方 法即可获得。将方法 ClassA.M(即要保护的类 ClassA的普通方法 M ) 更改为本地方法。 通过关键字 native将普通方法更改为本地方法, 更改后即为本地方法。 1. Locate ClassA.M in the JAVA program file (source file). In a specific embodiment of the present invention, positioning is to first find the ClassA class, and then find the M method in ClassA. Positioned by code is ClassA test=new ClassA(); test.M method can be obtained. Change the method ClassA.M (the normal method M of the class ClassA to be protected) to the local method. Change the normal method to a local method with the keyword native. The local method is changed after the change.

为类 ClassA创建一个新的普通方法 M1 ( M1即对应于上述功能单元 M的副本单元)。 居本发明的一个实施例, 在类 ClassA的类代码 内创建, 通过代码生成一个普通方法 Ml。 令新的普通方法 Ml的指 令代码空间与 ClassA.M的指令代码空间相等。根据本发明的一个实 施例, 才艮据 M方法的代码内容来计算该方法占有多少空间, 通过计 算得出 M方法的代码空间具体大小, 在生成新的普通方法 Ml时, 就设置 Ml的大小为上述 M的大小。 然后将 Ml的指令空间全部填 充为空指令。 根据本发明的一个实施例, 该 Ml 为空方法, 只包含 方法的声明, 方法体内不包含代码, 方法体的代码空间与 M指令代 码空间大小一致。 Create a new normal method for class ClassA M1 (M1 corresponds to the copy unit of function unit M above). In one embodiment of the present invention, it is created within the class code of class ClassA, and a common method M1 is generated by the code. Let the new normal method Ml's instruction code space be equal to the ClassA.M instruction code space. According to an embodiment of the present invention, according to the code content of the M method, how much space the method occupies is calculated, and the specific size of the code space of the M method is calculated, and when a new common method M1 is generated, the size of the M1 is set. The size of the above M. Then fill all the instruction space of Ml as a null instruction. According to an embodiment of the present invention, the M1 is an empty method, and only the declaration of the method is included, the method does not contain code, and the code space of the method body is consistent with the size of the M instruction code space.

生成一个 JNI库, 导出 ClassA.M接口。 具体而言, 根据本发明的一个具体实施例,生成 JNI的步骤包括:( 1 )编写 JAVA 代码,注明要访问的本地动态连接库和本地接口方法;(2 )使用 javac 命令编译所编写的 java类, 使用 (javah -jni java类名)生成扩展名为 h的头文件; (3 )使用 C/C++实现(2 ) 中生成的. h文件中声明的各 函数; (4 )编译 C/C++实现代码生成动态连接库(dll/so文件); (5 ) 生成 jar包供调用; 定义接口等都包含在上述步骤中。 根据本发明的一个具体实施例, 导出 ClassA.M接口即是上述生成 JNI步骤中的用 C/C++实现步骤 2中生成的. h文件中声明的各函数, ClassA.M的接口名称格式为 JAVA—再加上 java程序的 package路径 再加函数名组成。 将 ClassA.M中的原始指令代码加密后存储在 JNI库的资源中。加密 方法可以是对称或非对称加密算法,可以是公开或私有的加密算法, 也可以是其它的数据变换与反变换方法。 此外, 将 ClassA.M的原始 指令代码通过上述加密方式加密存储至 JNI库的资源中, 例如对代 码的字节进行加密然后将加密后的字符串存放在资源中, 当需解密 时, 根据相同规则解密出资源的加密内容。 Generate a JNI library and export the ClassA.M interface. Specifically, in accordance with an embodiment of the present invention, the steps of generating JNI include: (1) writing JAVA code, indicating the local dynamic link library and local interface method to be accessed; (2) compiling with the javac command. Java class, use (javah -jni java class name) to generate a header file with the extension h; (3) use C / C + + to implement the functions declared in the .h file generated in (2); (4) compile C / C++ implementation code generates dynamic link library (dll/so file); (5) generates jar package for calling; defines interface and so on are included in the above steps. According to a specific embodiment of the present invention, the exported ClassA.M interface is the function declared in the .h file generated in the C/C++ implementation step 2 in the above-mentioned JNI generation step, and the interface name format of the ClassA.M is JAVA. - Plus the package path of the java program plus the function name. The original instruction code in ClassA.M is encrypted and stored in the resources of the JNI library. The encryption method may be a symmetric or asymmetric encryption algorithm, and may be a public or private encryption algorithm, or other data transformation and inverse transformation methods. In addition, the original of ClassA.M The instruction code is encrypted and stored in the JNI library by the above encryption method, for example, encrypting the code byte and storing the encrypted character string in the resource. When decryption is performed, the encrypted content of the resource is decrypted according to the same rule.

5. 擦除 ClassA.M的指令代码, 即删除 ClassA.M方法的指令代码。 对于其它需要保护的方法, 执行上述相同的步骤。 执行被保护的 JAVA应用程序, 当调用其中的普通方法 ClassA.M时, 由于 ClassA.M 以及被修改为本地方法, 因此 JVM 会调用 JNI 库中的 ClassA.M接口, 在 JNI库中执行以下步骤:  5. Erase the instruction code of ClassA.M, ie delete the instruction code of the ClassA.M method. For other methods that require protection, perform the same steps as above. Execute the protected JAVA application. When calling the normal method ClassA.M, because the ClassA.M and the local method are modified, the JVM will call the ClassA.M interface in the JNI library, and perform the following steps in the JNI library. :

1.从 JNI库的资源中找到 ClassA.M的加密数据 (加密时, 存储的资源 位置会变成已知位置, 根据此位置即可找到加密数据), 对加密数据进 行解密。 然后将解密后的数据填回。 具体而言, 数据填回的方式为: 找 到 ClassA.Ml的方法位置,然后将解密数据写入 ClassA.Ml的指令代码 空间中; 1. Find the encrypted data of ClassA.M from the resources of the JNI library (when encrypting, the stored resource location becomes a known location, and the encrypted data can be found according to this location), and the encrypted data is decrypted. Then fill in the decrypted data. Specifically, the way to fill in the data is: find the location of the method of ClassA.Ml, and then write the decrypted data into the instruction code space of ClassA.Ml;

2. JAVA应用程序调用 ClassA.Ml ; 2. The JAVA application calls ClassA.Ml;

3.擦除 ClassA.Ml指令代码; 3. Erase the ClassA.Ml instruction code;

4.返回 ClassA.M调用。 4. Return to the ClassA.M call.

Claims

权 利 要 求 书 claims 1、 一种保护安卓系统中 JAVA应用程序的方法, 其特征在于, 在 JAVA应用程序源文件中定位待保护的功能单元,将所述功能单元更 改为本地方法; 1. A method of protecting JAVA applications in Android systems, characterized by locating the functional unit to be protected in the JAVA application source file and changing the functional unit to a local method; 创建所述功能单元的副本单元,使得所述副本单元的指令代码空间与所 述功能单元的指令代码空间相等; Create a copy unit of the functional unit such that the instruction code space of the copy unit is equal to the instruction code space of the functional unit; 将所述副本单元的指令代码空间全部填充为空指令; Fill the instruction code space of the copy unit entirely with empty instructions; 生成 JAVA本地调用库, 导出所述功能单元的接口; Generate a JAVA local call library and export the interface of the functional unit; 将所述功能单元的原始指令代码加密后存储在所述 JNI库的资源中; 擦除所述功能单元中的原始指令代码。 Encrypt the original instruction code of the functional unit and store it in the resource of the JNI library; Erase the original instruction code in the functional unit. 2、 根据权利要求 1所述的保护安卓系统中 JAVA应用程序的方法, 其 特征在于, 2. The method of protecting JAVA applications in the Android system according to claim 1, characterized by: 当调用所述功能单元时, 通过 Java虚拟机调用 JAVA本地调用库中的 所述功能单元的接口, 在所述 JAVA本地调用库中执行以下步骤: When the functional unit is called, the interface of the functional unit in the JAVA local call library is called through the Java virtual machine, and the following steps are performed in the JAVA local call library: 从所述 JAVA本地调用库的资源中找到所述功能单元的加密数据,将所 述数据解密; Find the encrypted data of the functional unit from the resources of the JAVA local call library, and decrypt the data; 将解密后的数据填回到所述副本单元的指令代码空间中; Fill the decrypted data back into the instruction code space of the copy unit; 调用、 执行所述副本单元; Call and execute the copy unit; 擦除所述副本单元的指令代码空间中的指令代码; Erase the instruction code in the instruction code space of the replica unit; 返回所述功能单元的调用。 Returns the call to the functional unit. 3、 根据权利要求 1、 2所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 所述加密过程中所使用的密钥, 由所述 JAVA应用程序的信息 生成。 3. The method of protecting a JAVA application in an Android system according to claims 1 and 2, characterized in that the key used in the encryption process is generated from the information of the JAVA application. 4、 根据权利要求 1、 2所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 所述加密过程中所使用的密钥, 由所述 JAVA应用程序的信息 和被授权使用所述 JAVA应用程序的用户的信息组合后生成密钥。 4. The method of protecting a JAVA application in an Android system according to claims 1 and 2, characterized in that the key used in the encryption process is composed of the information of the JAVA application and the person authorized to use it. The JAVA application's user information is combined to generate a key. 5、 根据权利要求 1-4所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 加密方法是对称或非对称算法, 或者是公开的或私有的加密算 法, 或者是其它的数据变换与反变换方法。 5. The method of protecting JAVA applications in the Android system according to claims 1-4, characterized in that the encryption method is a symmetric or asymmetric algorithm, or a public or private encryption algorithm, or other data transformation with the inverse transformation method. 6、 根据权利要求 1-5所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 在上述加密或解密过程中, 采用自定义的非标准 JAVA程序文 件格式。 6. The method of protecting JAVA applications in the Android system according to claims 1-5, characterized in that, in the above-mentioned encryption or decryption process, a customized non-standard JAVA program file format is used. 7、 根据权利要求 1-5所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 在上述加密或解密过程中, 去除不影响所述 JAVA应用程序运 行的源程序的信息。 7. The method of protecting JAVA applications in the Android system according to claims 1-5, characterized in that, during the above-mentioned encryption or decryption process, source program information that does not affect the operation of the JAVA application is removed. 8、 根据权利要求 1-5所述的保护安卓系统中 JAVA应用程序的方法, 其特征在于, 在上述解密过程中, 在运行所述 JAVA应用程序时, 当监测到 正在对所述 JAVA应用程序进行调试时, 停止解密和加载运行过程。 8. The method of protecting a JAVA application in an Android system according to claims 1-5, characterized in that, during the above-mentioned decryption process, when running the JAVA application, when it is detected that the JAVA application is being processed When debugging, stop the decryption and loading running process.
PCT/CN2013/075444 2012-05-12 2013-05-10 Method for protecting java application programs in android system Ceased WO2013170724A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210145806.0A CN102708322B (en) 2012-05-12 2012-05-12 The guard method of JAVA application program in Android system
CN201210145806.0 2012-05-12

Publications (1)

Publication Number Publication Date
WO2013170724A1 true WO2013170724A1 (en) 2013-11-21

Family

ID=46901073

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/075444 Ceased WO2013170724A1 (en) 2012-05-12 2013-05-10 Method for protecting java application programs in android system

Country Status (2)

Country Link
CN (1) CN102708322B (en)
WO (1) WO2013170724A1 (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102708322B (en) * 2012-05-12 2016-02-24 北京深思数盾科技有限公司 The guard method of JAVA application program in Android system
CN103093136B (en) * 2012-12-27 2015-05-27 飞天诚信科技股份有限公司 Method enabling java application to access to intelligent secret key device
CN103970514B (en) * 2013-01-28 2018-04-06 腾讯科技(深圳)有限公司 The information acquisition method and device of Android application program installation kit
CN104077504B (en) * 2013-03-25 2017-04-19 联想(北京)有限公司 Method and device for encrypting application program
CN103218551B (en) 2013-05-03 2016-04-06 飞天诚信科技股份有限公司 A kind of method protecting java program
CN103413073B (en) * 2013-07-09 2016-01-20 北京深思数盾科技有限公司 A kind of method and apparatus protecting JAVA executable program
CN103413075B (en) * 2013-07-10 2016-05-04 北京深思数盾科技股份有限公司 A kind of method and apparatus of protecting JAVA executable program by virtual machine
CN103413076B (en) * 2013-08-27 2016-03-02 北京理工大学 A kind of Android application program divides the method for block protection
CN103902859A (en) * 2013-12-25 2014-07-02 武汉安天信息技术有限责任公司 Code protecting method and system based on hook technology in JAVA
CN104866740A (en) * 2014-02-25 2015-08-26 北京娜迦信息科技发展有限公司 Static analysis preventing method and device for files
CN104951674B (en) * 2014-03-28 2018-01-23 中国银联股份有限公司 Information concealing method for application program
CN105227565B (en) * 2015-10-13 2019-02-22 北京娜迦信息科技发展有限公司 The method and apparatus that anti-reversing for Android system cracks shared object file
CN106886717A (en) * 2015-12-15 2017-06-23 中国移动通信集团公司 A kind of method and device with the shelling of shell software
CN106096404B (en) * 2016-08-18 2019-05-21 北京深思数盾科技股份有限公司 A kind of data guard method and system
CN106599629B (en) * 2016-12-16 2021-08-06 Tcl科技集团股份有限公司 A kind of Android application program reinforcement method and device
CN107122631A (en) * 2017-04-26 2017-09-01 北京洋浦伟业科技发展有限公司 The transparent encryption method and device of a kind of script file
CN107391973A (en) * 2017-07-17 2017-11-24 北京深思数盾科技股份有限公司 A kind of function guard method and device
CN107220528A (en) * 2017-07-21 2017-09-29 北京深思数盾科技股份有限公司 The protection of java applet and operation method, device and terminal
CN107480478B (en) * 2017-08-14 2019-08-13 钟尚亮 A kind of encryption method and operation method of JAVA application program
CN108399319B (en) * 2017-09-30 2021-07-16 平安科技(深圳)有限公司 Source code protection method, application server and computer readable storage medium
CN107908933B (en) * 2017-11-08 2020-08-28 北京顶象技术有限公司 A String Encryption Method Based on Intermediate Language
CN108197440A (en) * 2017-11-28 2018-06-22 五八有限公司 A kind of Code obfuscation method, equipment and computer readable storage medium
CN109211239B (en) * 2018-08-30 2022-09-16 中体彩科技发展有限公司 A related product positioning system
CN109325343B (en) * 2018-09-17 2021-08-10 北京深思数盾科技股份有限公司 Java program execution method and device
CN110008693A (en) * 2019-04-12 2019-07-12 深圳市趣创科技有限公司 Security application encrypts ensuring method and device and system and storage medium
CN110309630B (en) * 2019-06-28 2023-05-30 南京冰鉴信息科技有限公司 Java code encryption method and device
CN110502874B (en) * 2019-07-19 2021-05-25 西安理工大学 Android App reinforcement method based on file self-modification
CN110598402A (en) * 2019-09-09 2019-12-20 杭州天宽科技有限公司 Operation security system based on android application
US11194695B2 (en) * 2020-01-07 2021-12-07 Supercell Oy Method for blocking external debugger application from analysing code of software program
CN113434882A (en) * 2021-06-30 2021-09-24 平安普惠企业管理有限公司 Communication protection method and device of application program, computer equipment and storage medium
CN115114595A (en) * 2022-08-29 2022-09-27 北京中安星云软件技术有限公司 Method and system for running Java encrypted jar packet based on JNI

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1064164A (en) * 1992-03-17 1992-09-02 湖南省科技情报所 The encryption method of floppy disk of anti-high-level copy software reproducer
US7634521B1 (en) * 2006-04-27 2009-12-15 Symantec Corporation Technique for scanning stealthed, locked, and encrypted files
CN102043920A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Access quarantine method of public file in data divulgence protection system
CN102708322A (en) * 2012-05-12 2012-10-03 北京深思洛克软件技术股份有限公司 Method for protecting JAVA application programs in Android system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1064164A (en) * 1992-03-17 1992-09-02 湖南省科技情报所 The encryption method of floppy disk of anti-high-level copy software reproducer
US7634521B1 (en) * 2006-04-27 2009-12-15 Symantec Corporation Technique for scanning stealthed, locked, and encrypted files
CN102043920A (en) * 2010-12-29 2011-05-04 北京深思洛克软件技术股份有限公司 Access quarantine method of public file in data divulgence protection system
CN102708322A (en) * 2012-05-12 2012-10-03 北京深思洛克软件技术股份有限公司 Method for protecting JAVA application programs in Android system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YANG, YONGYI ET AL.: "Research of Software Protection Based on Android Platform.", SCIENCEPAPER ONLINE, 24 October 2011 (2011-10-24), pages 1 - 8 *

Also Published As

Publication number Publication date
CN102708322B (en) 2016-02-24
CN102708322A (en) 2012-10-03

Similar Documents

Publication Publication Date Title
WO2013170724A1 (en) Method for protecting java application programs in android system
Bahmani et al. {CURE}: A security architecture with {CUstomizable} and resilient enclaves
Hunt et al. Ryoan: A distributed sandbox for untrusted computation on secret data
Liljestrand et al. {PAC} it up: Towards pointer integrity using {ARM} pointer authentication
Criswell et al. Virtual ghost: Protecting applications from hostile operating systems
Lie et al. Implementing an untrusted operating system on trusted hardware
CN102598017B (en) Improve the system and method for its tamper-proof capabilities of Java bytecode
CN107771335B (en) protected area
US8756434B2 (en) System and method for executing an encrypted binary from a memory pool
CN111865909A (en) SGX side channel attack defense method, system, medium, program and application
CN112639778A (en) Pointer authentication and dynamic switching between pointer authentication schemes
US9756048B2 (en) System and methods for executing encrypted managed programs
Zhao et al. vSGX: virtualizing SGX enclaves on AMD SEV
WO2018192025A1 (en) Method for protecting executable program on android platform
CN103955438A (en) Process memory protecting method based on auxiliary virtualization technology for hardware
CN102576391A (en) Software license embedded in shell code
Protsenko et al. Dynamic self-protection and tamperproofing for android apps using native code
CN105608391A (en) Multi-ELF (Executable and Linkable Format)-file protection method and system
CN106228041B (en) A kind of code protection method for Android precompile
Jang et al. Retrofitting the partially privileged mode for TEE communication channel protection
Shinde et al. Podarch: Protecting legacy applications with a purely hardware tcb
Zhang et al. COVER: Enhancing virtualization obfuscation through dynamic scheduling using flash controller-based secure module
Davoli et al. Comprehensive Kernel Safety in the Spectre Era: Mitigations and Performance Evaluation
Zhang et al. Stackvault: Protection from untrusted functions
Tan Control-Flow Security for Microcontroller-Based Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13790316

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13790316

Country of ref document: EP

Kind code of ref document: A1