CN105760721A

Movatterモバイル変換

Info

Publication number: CN105760721A
Application number: CN201610067648.XA
Authority: CN
Inventors: 刘敏
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2016-01-29
Filing date: 2016-01-29
Publication date: 2016-07-13
Anticipated expiration: 2036-01-29
Also published as: CN105760721B

Abstract

The invention discloses a software hardening method and system. The method comprises the steps of analyzing a software development kit (SDK), and determining a display port; hiding other ports, except the display port, in the SDK, and hiding the port content in the display port; saving the port content in the display port in another place so as to acquire the corresponding port content from the another place when the display port is called; repackaging the corrected SDK to generate a hardened SDK. By the adoption of the method and system, software protection is achieved, software safety is improved, and the rights of developers and users are protected.

Description

Translated fromChinese

一种软件加固方法和系统A software reinforcement method and system

技术领域technical field

本发明涉及安全技术领域，特别是涉及一种软件加固方法和系统。The invention relates to the field of security technology, in particular to a software reinforcement method and system.

背景技术Background technique

安卓(Android)平台发展迅速，已经逐渐成为了移动终端的最普及的操作系统，同时基于其中的软件应用数目也十分巨大，与其他移动终端操作系统相比，安卓系统为应用开发者提供了更多的功能接口，其中很多系统底层接口，提高了系统的可扩展性，但同时也为恶意软件提供了便利，针对安卓系统的木马等恶意软件也更容易被实现，目前已有的针对安卓系统的恶意软件可以通过伪装的方式，骗取用户安装并授予一定的权限，之后滥用这些权限在后台执行一些特定行为，包括窃取用户隐私骗取资费等行为。然而与之并生的安全问题却始终没有得到良好的解决，安全威胁越来越多，且威胁程度也在逐步加深，无论对开发者还是用户都带来了不良的影响。The Android (Android) platform has developed rapidly and has gradually become the most popular operating system for mobile terminals. At the same time, the number of software applications based on it is also very large. Compared with other mobile terminal operating systems, the Android system provides more for application developers. Many functional interfaces, many of which are the underlying interfaces of the system, improve the scalability of the system, but at the same time provide convenience for malicious software. Malware such as Trojan horses targeting the Android system are also easier to implement. Malicious software can deceive users to install and grant certain permissions by disguising, and then abuse these permissions to perform certain actions in the background, including stealing user privacy to defraud tariffs and other behaviors. However, the accompanying security problems have not been well resolved. There are more and more security threats, and the threat level is gradually deepening, which has brought adverse effects on both developers and users.

而且对于一些正常的安卓系统应用，也存在通过非法拷贝、逆向工程、反编译、调试、破解、二次打包、内存截取等手段来威胁安卓系统的安全，不仅危害了使用用户，也给正常应用开发者造成严重的损害。Moreover, for some normal Android system applications, there are also threats to the security of the Android system through illegal copying, reverse engineering, decompilation, debugging, cracking, secondary packaging, memory interception, etc., which not only endangers users, but also threatens normal applications. serious damage to the developer.

发明内容Contents of the invention

鉴于上述问题，提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的一种软件加固方法和系统。In view of the above problems, the present invention is proposed to provide a software hardening method and system for overcoming the above problems or at least partially solving the above problems.

依据本发明的一个方面，提供了一种软件加固方法，包括：According to one aspect of the present invention, a method for strengthening software is provided, including:

对软件开发工具包SDK进行解析，确定显示接口；Analyze the software development kit SDK to determine the display interface;

隐藏所述SDK中除所述显示接口之外的其它接口，以及，隐藏所述显示接口中的接口内容；以及，Hide other interfaces in the SDK except the display interface, and hide the content of the interface in the display interface; and,

将所述显示接口中的接口内容另存，以在所述显示接口被调用时从另存位置处获取对应的接口内容；Save the interface content in the display interface, so as to obtain the corresponding interface content from the saved location when the display interface is called;

将修改后的SDK重打包生成加固SDK。Repackage the modified SDK to generate a hardened SDK.

依据本发明的另一个方面，提供了一种软件加固系统，包括：According to another aspect of the present invention, a software hardening system is provided, including:

解析模块，用于对软件软件开发工具包SDK进行解析，确定显示接口；The parsing module is used for parsing the software software development kit SDK to determine the display interface;

第一隐藏模块，用于隐藏所述SDK中除所述显示接口之外的其它接口；The first hiding module is used to hide other interfaces in the SDK except the display interface;

第二隐藏模块，用于隐藏所述显示接口中的接口内容；The second hiding module is used to hide the interface content in the display interface;

另存模块，用于将所述显示接口中的接口内容另存，以在所述显示接口被调用时从另存位置处获取对应的接口内容；A save module, configured to save the interface content in the display interface, so as to obtain the corresponding interface content from the save location when the display interface is called;

生成模块，用于将修改后的SDK重打包生成加固SDK。The generation module is used to repackage the modified SDK to generate a hardened SDK.

本发明实施例公开了一种软件加固方案，可以只对业务执行过程中所需求的接口进行显示，也即可以只向用户暴露显示接口(不含显示接口中的接口内容)，在保证SDK正常运行和调用的同时，实现了对软件的保护，有效阻止了恶意软件对关键信息的非法获取，以及针对软件的破解、反编译、二次打包和木马植入等多种恶意行为，提高了软件的安全性，保护了开发者和使用者的权益。The embodiment of the present invention discloses a software reinforcement solution, which can only display the interfaces required in the process of business execution, that is, only expose the display interface (excluding the interface content in the display interface) to the user, and ensure that the SDK is normal. While running and calling, it realizes the protection of the software, effectively prevents malicious software from illegally obtaining key information, and various malicious behaviors such as software cracking, decompilation, secondary packaging, and Trojan horse implantation, etc. The security protects the rights and interests of developers and users.

上述说明仅是本发明技术方案的概述，为了能够更清楚了解本发明的技术手段，而可依照说明书的内容予以实施，并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂，以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本发明的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

图1是本发明实施例一中一种软件加固方法的步骤流程图；FIG. 1 is a flow chart of the steps of a software hardening method in Embodiment 1 of the present invention;

图2是本发明实施例二中一种软件加固方法的步骤流程图；FIG. 2 is a flow chart of steps of a software hardening method in Embodiment 2 of the present invention;

图3是本发明实施例三中一种软件加固系统的结构框图；FIG. 3 is a structural block diagram of a software hardening system in Embodiment 3 of the present invention;

图4是本发明实施例三中一种优选的软件加固系统的结构框图。FIG. 4 is a structural block diagram of a preferred software hardening system in Embodiment 3 of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例，然而应当理解，可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反，提供这些实施例是为了能够更透彻地理解本公开，并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

实施例一Embodiment one

参照图1，示出了本发明实施例一中一种软件加固方法的步骤流程图。在本实施例中，所述软件加固方法可以包括：Referring to FIG. 1 , it shows a flowchart of steps of a software hardening method in Embodiment 1 of the present invention. In this embodiment, the software hardening method may include:

步骤102，对软件开发工具包SDK进行解析，确定显示接口。Step 102, analyzing the software development kit SDK to determine the display interface.

SoftwareDevelopmentKit，SDK，软件开发工具包：一般都是一些软件工程师为特定的软件包、软件框架、硬件平台、操作系统等建立应用软件时的开发工具的集合。SoftwareDevelopmentKit, SDK, software development kit: Generally, it is a collection of development tools used by some software engineers to build application software for specific software packages, software frameworks, hardware platforms, operating systems, etc.

SDK可以随对应的应用软件的安装包一起下发给用户，目前，在将SDK随对应的应用软件的安装包一起下发给用户时，SDK中的所有接口，及接口中的内容都是暴露在外的(显示)。在本实施例中，可以根据应用软件或者开发者实际所需要的接口，有选择的只对实际所需要的接口进行显示，也即，可以对软件开发工具包SDK进行解析，将所述实际所需要的接口确定为显示接口，以供用户使用。The SDK can be delivered to the user together with the installation package of the corresponding application software. At present, when the SDK is delivered to the user together with the installation package of the corresponding application software, all interfaces in the SDK and the contents of the interface are exposed. out (display). In this embodiment, according to the actual required interfaces of application software or developers, only the actually required interfaces can be selectively displayed, that is, the software development kit SDK can be analyzed, and the actual required interfaces can be displayed. The required interface is determined as a display interface for the user to use.

步骤104，隐藏所述SDK中除所述显示接口之外的其它接口，以及，隐藏所述显示接口中的接口内容。Step 104, hide other interfaces in the SDK except the display interface, and hide interface content in the display interface.

在本实施例中，可以只针对所述显示接口进行显示，也即，除所述显示接口之外的其它接口和所述显示接口中的接口内容都可以是隐藏不可见的。In this embodiment, only the display interface may be displayed, that is, other interfaces except the display interface and interface content in the display interface may be hidden and invisible.

其中，可以采用任意一种适当的方式对所述其它接口和所述显示接口中的接口内容进行隐藏。例如，可以对所述显示接口中的接口内容进行加密处理，以实现对所述接口内容的隐藏；又或者，可以对所述显示接口中的接口内容打乱后重排，以实现对所述接口内容的隐藏；又或者，可以抽取所述显示接口中的部分接口内容，并删除抽取的部分接口内容，以实现对接口内容的隐藏，本实施例对此不作限制。Wherein, any appropriate manner may be used to hide the content of the other interfaces and the interface in the display interface. For example, the interface content in the display interface can be encrypted to realize the hiding of the interface content; or, the interface content in the display interface can be disturbed and rearranged to realize the The hiding of the interface content; or, part of the interface content in the display interface may be extracted, and the extracted part of the interface content may be deleted, so as to realize the hiding of the interface content, which is not limited in this embodiment.

步骤106，将所述显示接口中的接口内容另存，以在所述显示接口被调用时从另存位置处获取对应的接口内容。Step 106, save the interface content in the display interface, so as to obtain the corresponding interface content from the saved location when the display interface is called.

在本实施例中，为了保证所述显示接口在被调用时的正常执行，可以将所述显示接口中的接口内容(也即，接口内容本身)另存至其他任意适当位置处，在所述显示接口被调用时可以从所述另存位置处获取所述接口内容。In this embodiment, in order to ensure the normal execution of the display interface when it is called, the interface content in the display interface (that is, the interface content itself) can be saved to any other appropriate location, and the display interface When the interface is called, the content of the interface can be obtained from the storage location.

步骤108，将修改后的SDK重打包生成加固SDK。Step 108, repackage the modified SDK to generate a hardened SDK.

在本实施例中，重打包生成的加固SDK中只会暴露显示接口，其它的接口以及具体的接口中的内容都是不可见的，无法直接进行调用。在保证SDK正常使用的同时有效阻止了恶意软件对关键信息的获取，由于恶意软件无法获取到其它接口的信息以及所述显示接口中的接口内容，进而所述恶意软件也就无法实现针对软件的破解、反编译、二次打包和木马植入等恶意行为，有效保证了软件的安全性，保护了开发者和使用者的权益。In this embodiment, only the display interface is exposed in the hardened SDK generated by repackaging, and other interfaces and the content in the specific interface are invisible and cannot be called directly. While ensuring the normal use of the SDK, the malicious software is effectively prevented from obtaining key information. Since the malicious software cannot obtain the information of other interfaces and the interface content in the display interface, the malicious software cannot realize the Malicious behaviors such as cracking, decompilation, secondary packaging, and Trojan implantation effectively ensure the security of the software and protect the rights and interests of developers and users.

实施例二Embodiment two

参照图2，示出了本发明实施例二中一种软件加固方法的步骤流程图。在本实施例中，所述软件加固方法可以但不仅限于应用于安卓系统，所述方法具体可以包括：Referring to FIG. 2 , it shows a flowchart of steps of a software hardening method in Embodiment 2 of the present invention. In this embodiment, the software reinforcement method may be, but not limited to, applied to the Android system, and the method may specifically include:

步骤202，对软件开发工具包SDK进行解析，确定显示接口。Step 202, analyzing the software development kit SDK to determine the display interface.

在本实施例中，可以根据待执行业务类型确定所述显示接口；其中，所述显示接口至少为一个。例如，在针对某一应用软件，根据待执行业务类型可以确定待使用的接口为：程序初始化接口、订单查询接口和订单生成接口，则，可以将所述SDK中的程序初始化接口、订单查询接口和订单生成接口确定为所述显示接口，以提供给用户进行调用。而，除所述显示接口外的其它接口以及所述显示接口中的具体的接口内容都可以隐藏，防止被恶意获取。In this embodiment, the display interface may be determined according to the type of service to be executed; wherein, there is at least one display interface. For example, for a certain application software, according to the type of business to be executed, it can be determined that the interfaces to be used are: program initialization interface, order query interface and order generation interface, then the program initialization interface and order query interface in the SDK can be and the order generation interface are determined as the display interface to be provided to the user for calling. However, other interfaces except the display interface and specific interface content in the display interface can be hidden to prevent malicious acquisition.

步骤204，隐藏所述SDK中除所述显示接口之外的其它接口，以及，隐藏所述显示接口中的接口内容。Step 204, hide other interfaces in the SDK except the display interface, and hide interface content in the display interface.

在本实施例中，可以采用任意一种适当的方式对所述其它接口和所述显示接口中的接口内容进行隐藏。In this embodiment, any appropriate manner may be used to hide the content of the other interface and the interface in the display interface.

以隐藏所述显示接口中的接口内容为例，可以但不仅限于对所述确定的显示接口中的接口内容进行加密隐藏。具体实现时，可以对所述显示接口中的接口内容进行加密处理，以及，在加密内容中插入保护代码。其中，所述保护代码包括：反编译工具的崩溃代码；其中，当触发所述崩溃代码时，结束工作流程。Taking hiding the interface content in the display interface as an example, it may be, but not limited to, encrypt and hide the interface content in the determined display interface. During specific implementation, the interface content in the display interface may be encrypted, and a protection code may be inserted into the encrypted content. Wherein, the protection code includes: a crash code of a decompilation tool; where, when the crash code is triggered, the workflow ends.

步骤206，将所述显示接口中的接口内容另存，以在所述显示接口被调用时从另存位置处获取对应的接口内容。Step 206: Save the interface content in the display interface as a separate file, so as to obtain the corresponding interface content from the saved location when the display interface is called.

在本实施例中，可以将接口内容另存至任意适当的位置。优选的，可以将所述显示接口中的接口内容另存至设定队列中，以在调用时从所述设定队列中获取所述接口内容。In this embodiment, the content of the interface may be saved to any appropriate location. Preferably, the interface content in the display interface can be stored in a setting queue, so as to obtain the interface content from the setting queue when calling.

其中，所述设定队列可以包括：类加载器下的队列。以类加载器ClassLoader(ClassLoader可以用来加载Java类到Java虚拟机中。与普通程序不同的是。Java程序(class文件)并不是本地的可执行程序。当运行Java程序时，首先运行JVM(JavaVirtualMachine，Java虚拟机)，然后再把Javaclass加载到JVM里头运行，负责加载Javaclass的这部分就叫做ClassLoader。ClassLoader主要对类的请求提供服务，例如，当JVM(JavaVirtualMachine，Java虚拟机)需要某类时，它根据名称向ClassLoader要求这个类，然后由ClassLoader返回这个类的class对象)为例，所述设定队列可以是DexPathList。在系统调用时，一般会对ClassLoader中的DexPathList进行遍历，以获取需要的类。在本实施例中，可以将所述接口内容另存至所述DexPathList中，这样，在需要调用接口内容时可以直接从DexPathList中遍历获取，无需额外对另存的接口内容的位置进行指示，也即，在本实施例中，不存在针对另存的接口内容的位置的指示信息，进一步增加了恶意软件(或非法用户)获取信息的难度，进一步提高了软件的安全性。Wherein, the setting queue may include: a queue under the class loader. The class loader ClassLoader (ClassLoader can be used to load Java classes into the Java virtual machine. Unlike ordinary programs, Java programs (class files) are not local executable programs. When running Java programs, first run the JVM ( JavaVirtualMachine, Java virtual machine), and then load the Javaclass into the JVM to run. The part responsible for loading the Javaclass is called ClassLoader. ClassLoader mainly provides services for class requests. For example, when the JVM (JavaVirtualMachine, Java virtual machine) needs a certain class , it requests this class from ClassLoader according to the name, and then the class object of this class is returned by ClassLoader) as an example, the set queue can be DexPathList. When the system calls, it generally traverses the DexPathList in the ClassLoader to obtain the required classes. In this embodiment, the interface content can be saved in the DexPathList, so that when the interface content needs to be called, it can be directly traversed and obtained from the DexPathList without additionally indicating the location of the saved interface content, that is, In this embodiment, there is no indication information for the location of the additionally saved interface content, which further increases the difficulty for malicious software (or illegal users) to obtain information, and further improves the security of the software.

需要说明的是，所述设定队列包括但不仅限于：DexPathList；同样的，所述类加载器包括但不仅限于：ClassLoader。It should be noted that, the setting queue includes but not limited to: DexPathList; similarly, the class loader includes but not limited to: ClassLoader.

步骤208，将修改后的SDK重打包生成加固SDK。Step 208, repackage the modified SDK to generate a hardened SDK.

步骤210，对所述加固SDK进行签名。Step 210, sign the hardened SDK.

出于安全性的目的，在本实施例中，可以对所述加固SDK进行签名。在对所述加固SDK进行使用前，可以检查所述加固SDK的签名是否与其预先设定的签名一致，如果不一致，或者没有签名，则可以认为文件已被篡改，可以拒绝该文件的安装和运行。For the purpose of security, in this embodiment, the hardened SDK can be signed. Before using the hardened SDK, check whether the signature of the hardened SDK is consistent with its preset signature, if not, or if there is no signature, it can be considered that the file has been tampered with, and the installation and operation of the file can be refused .

其中，对所述加固SDK进行签名具体可以通过如下方式实现：下发所述加固SDK，由用户使用其身份标识对所述加固SDK进行签名；或者，利用用户上传的身份标识对所述加固SDK进行签名。Wherein, the signing of the hardened SDK can be specifically implemented in the following manner: issuing the hardened SDK, and the user signs the hardened SDK with his identity; or, uses the identity uploaded by the user to sign the hardened SDK. to sign.

在本实施例中，为了进一步提高最终重打包生成的加固SDK的安全性，在对所述显示接口中的接口内容进行加密隐藏时，具体可以包括：对所述显示接口中的接口内容进行加密处理，以及，在加密内容中插入保护代码。其中，所述保护代码包括但不仅限于：反编译工具的崩溃代码。当触发所述崩溃代码时，可以直接结束工作流程。例如，当重打包生成的加固SDK被恶意脱壳软件脱壳或被反编译工具恶意破解时，会触发所述崩溃代码，当所述崩溃代码被触发时，可以直接结束恶意脱壳软件或被反编译工具的工作流程，进而保护所述重打包生成的加固SDK，进而保证软件的安全性。In this embodiment, in order to further improve the security of the reinforced SDK generated by the final repackaging, when encrypting and hiding the interface content in the display interface, it may specifically include: encrypting the interface content in the display interface processing, and inserting protection codes in encrypted content. Wherein, the protection code includes but not limited to: the crash code of the decompilation tool. When the crash code is triggered, the workflow can be ended directly. For example, when the hardened SDK generated by repackaging is unpacked by a malicious unpacking software or maliciously cracked by a decompilation tool, the crash code will be triggered. When the crash code is triggered, the malicious unpacking software can be terminated directly or the The working process of the decompilation tool, and then protect the hardened SDK generated by the repackaging, and then ensure the security of the software.

此外，由于加固后生成的加固SDK可能无法被静态和动态扫描，有可能会被一些恶意代码利用，因此可以先对上传的SDK进行安全扫描，保证不对存在安全隐患的SDK进行加固处理，此时需要获取相关开发信息和加固参数，以用于对SDK进行安全扫描，对恶意文件及时处理。In addition, since the hardened SDK generated after hardening may not be statically and dynamically scanned, it may be used by some malicious codes. Therefore, you can first perform a security scan on the uploaded SDK to ensure that SDKs with security risks are not hardened. At this time Relevant development information and hardening parameters need to be obtained for security scanning of the SDK and timely processing of malicious files.

其中，一种可行的针对SDK的安全扫描方式可以如下：从SDK中提取出指定的特征信息；其中，所述指定的特征信息包括但不仅限于：包名、版本号、数字签名、Dex文件和ELF文件、Android安装包目录下各文件的MD5值等。在预置的安全识别库中查找与指定的单个特征信息或其组合相匹配的特征记录；其中，安全识别库中包含特征记录及特征记录对应的安全级别，每条特征记录中包含单个特征信息或特征信息的组合。将查找到的特征记录对应的安全级别进行输出。当查找出的安全级别低于预设的安全级别，则可以向SDK的上传者提示安全检测结果，并提示无法进行加固。Wherein, a feasible security scanning method for the SDK may be as follows: extract specified characteristic information from the SDK; wherein, the specified characteristic information includes but not limited to: package name, version number, digital signature, Dex file and ELF files, MD5 values of each file in the Android installation package directory, etc. Search for feature records that match the specified single feature information or its combination in the preset security identification library; wherein, the security identification library contains feature records and the security level corresponding to the feature records, and each feature record contains a single feature information or a combination of feature information. Output the security level corresponding to the found feature record. When the found security level is lower than the preset security level, the uploader of the SDK can be prompted with the security detection result, and a prompt that hardening cannot be performed.

综上所述，本实施例所述的软件加固方法，可以只对业务执行过程中所需求的接口进行显示，也即可以只向用户暴露显示接口(不含显示接口中的接口内容)，在保证SDK的正常运行和调用的同时，实现了对软件的保护，有效阻止了恶意软件对关键信息的非法获取，以及针对软件的破解、反编译、二次打包和木马植入等多种恶意行为，提高了软件的安全性，保护了开发者和使用者的权益。To sum up, the software reinforcement method described in this embodiment can only display the interfaces required in the service execution process, that is, only the display interface (excluding the interface content in the display interface) can be exposed to the user. While ensuring the normal operation and calling of the SDK, it also realizes the protection of the software, effectively preventing malicious software from illegally obtaining key information, as well as various malicious behaviors such as software cracking, decompilation, secondary packaging, and Trojan horse implantation. , which improves the security of the software and protects the rights and interests of developers and users.

需要说明的是，对于前述的方法实施例，为了简单描述，故将其都表述为一系列的动作组合，但是本领域技术人员应该知悉，本发明并不受所描述的动作顺序的限制，因为依据本发明，某些步骤可以采用其他顺序或者同时进行。其次，本领域技术人员也应该知悉，说明书中所描述的实施例均属于优选实施例，所涉及的动作并不一定是本发明所必需的。It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action sequence, because Certain steps may be performed in other orders or simultaneously in accordance with the present invention. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the present invention.

实施例三Embodiment three

基于与上述方法实施例同一发明构思，参照图3，示出了本发明实施例三中一种软件加固系统的结构框图。在本实施例中，所述软件加固系统包括：Based on the same inventive concept as the above method embodiment, referring to FIG. 3 , it shows a structural block diagram of a software hardening system in Embodiment 3 of the present invention. In this embodiment, the software hardening system includes:

解析模块302，用于对软件开发工具包SDK进行解析，确定显示接口。The parsing module 302 is configured to parse the software development kit SDK and determine the display interface.

第一隐藏模块304，用于隐藏所述SDK中除所述显示接口之外的其它接口。The first hiding module 304 is configured to hide other interfaces in the SDK except the display interface.

第二隐藏模块306，用于隐藏所述显示接口中的接口内容。The second hiding module 306 is configured to hide interface content in the display interface.

另存模块308，用于将所述显示接口中的接口内容另存，以在所述显示接口被调用时从另存位置处获取对应的接口内容。The saving module 308 is configured to save the interface content in the display interface, so as to obtain the corresponding interface content from the saved location when the display interface is called.

生成模块310，用于将修改后的SDK重打包生成加固SDK。A generating module 310, configured to repackage the modified SDK to generate a hardened SDK.

可见，在本实施例中，重打包生成的加固SDK中只会暴露显示接口，其它的接口以及具体的接口中的内容都是隐藏的，在保证SDK正常使用的同时有效阻止了恶意软件对关键信息的获取，由于恶意软件无法获取到其它接口的信息以及所述显示接口中的接口内容，进而所述恶意软件也就无法实现针对软件的破解、反编译、二次打包和木马植入等恶意行为，有效保证了重打包软件的安全性，保护了开发者和使用者的权益。It can be seen that in this embodiment, only the display interface is exposed in the reinforced SDK generated by repackaging, and other interfaces and the content in the specific interface are hidden. This effectively prevents malicious software from affecting the key while ensuring the normal use of the SDK. Information acquisition, because the malware cannot obtain the information of other interfaces and the content of the interface in the display interface, and then the malware cannot implement malicious programs such as software cracking, decompilation, secondary packaging, and Trojan horse implantation. This behavior effectively guarantees the security of repackaged software and protects the rights and interests of developers and users.

参照图4，示出了本发明实施例三中一种优选的软件加固系统的结构框图。Referring to FIG. 4 , it shows a structural block diagram of a preferred software hardening system in Embodiment 3 of the present invention.

优选的，所述系统还包括：签名模块312，用于在所述生成模块将修改后的SDK重打包生成加固SDK之后，对所述加固SDK进行签名。进一步优选的，所述签名模块312具体可以用于下发所述加固SDK，由用户使用其身份标识对所述加固SDK进行签名；或者，利用用户上传的身份标识对所述加固SDK进行签名。Preferably, the system further includes: a signature module 312, configured to sign the hardened SDK after the generation module repackages the modified SDK to generate a hardened SDK. Further preferably, the signature module 312 can specifically be used to deliver the hardened SDK, and the user signs the hardened SDK with his identity; or, uses the identity uploaded by the user to sign the hardened SDK.

优选的，所述确定模块302具体可以用于根据待执行业务类型确定所述SDK中用于显示的显示接口；其中，所述显示接口至少为一个。Preferably, the determination module 302 can be specifically configured to determine the display interface used for display in the SDK according to the type of service to be executed; wherein, there is at least one display interface.

优选的，所述解析定模块302，具体可以用于对软件开发工具包SDK进行解析，根据待执行业务类型确定所述显示接口；其中，所述显示接口至少为一个。Preferably, the analyzing and determining module 302 can specifically be used to analyze the software development kit SDK, and determine the display interface according to the type of service to be executed; wherein, there is at least one display interface.

优选的，所述另存模块308，具体可以用于将所述显示接口中的接口内容另存至设定队列中。Preferably, the saving module 308 can be specifically configured to save the interface content in the display interface to the setting queue.

优选的，所述第二隐藏模块306，具体可以用于对所述显示接口中的接口内容进行加密隐藏。在具体实现时，可以对所述显示接口中的接口内容进行加密处理，以及，在加密内容中插入保护代码。其中，所述保护代码包括：反编译工具的崩溃代码；其中，当触发所述崩溃代码时，结束工作流程。Preferably, the second hiding module 306 can be specifically configured to encrypt and hide the interface content in the display interface. During specific implementation, the interface content in the display interface may be encrypted, and a protection code may be inserted into the encrypted content. Wherein, the protection code includes: a crash code of a decompilation tool; where, when the crash code is triggered, the workflow ends.

其中，所述设定队列包括但不仅限于：类加载器下的队列。Wherein, the setting queue includes but not limited to: the queue under the class loader.

进一步优选的，所述设定队列可以包括：DexPathList；所述类加载器可包括：ClassLoader。Further preferably, the setting queue may include: DexPathList; the class loader may include: ClassLoader.

此外，由于加固后生成的加固SDK可能无法被静态和动态扫描，有可能会被一些恶意代码利用，因此可以先对上传的SDK进行安全扫描，保证不对存在安全隐患的SDK进行加固处理，此时需要获取相关开发信息和加固参数，以用于对SDK进行安全扫描，对恶意文件及时处理。例如，可以通过如下模块实现对SDK的安全扫描：扫描模块，用于从SDK中提取出指定的特征信息；其中，所述指定的特征信息包括但不仅限于：包名、版本号、数字签名、Dex文件和ELF文件、Android安装包目录下各文件的MD5值等。以及，在预置的安全识别库中查找与指定的单个特征信息或其组合相匹配的特征记录；其中，安全识别库中包含特征记录及特征记录对应的安全级别，每条特征记录中包含单个特征信息或特征信息的组合。以及，将查找到的特征记录对应的安全级别进行输出。以及，当查找出的安全级别低于预设的安全级别，则可以向SDK的上传者提示安全检测结果，并提示无法进行加固。In addition, since the hardened SDK generated after hardening may not be statically and dynamically scanned, it may be used by some malicious codes. Therefore, you can first perform a security scan on the uploaded SDK to ensure that SDKs with security risks are not hardened. At this time Relevant development information and hardening parameters need to be obtained for security scanning of the SDK and timely processing of malicious files. For example, the security scanning of the SDK can be realized through the following modules: the scanning module is used to extract specified feature information from the SDK; wherein, the specified feature information includes but is not limited to: package name, version number, digital signature, Dex file and ELF file, MD5 value of each file in the Android installation package directory, etc. And, search for feature records that match the specified single feature information or its combination in the preset security identification library; wherein, the security identification library contains feature records and the security level corresponding to the feature records, and each feature record contains a single Feature information or a combination of feature information. And, output the security level corresponding to the found feature record. And, when the found security level is lower than the preset security level, the uploader of the SDK can be prompted with the security detection result, and can be prompted that hardening cannot be performed.

综上所述，本实施例所述的软件加固系统，可以只对业务执行过程中所需求的接口进行显示，也即可以只向用户暴露显示接口(不含显示接口中的接口内容)，在保证了SDK的正常运行和调用的同时，实现了对软件的保护，有效阻止了恶意软件对关键信息的非法获取，以及针对软件的破解、反编译、二次打包和木马植入等多种恶意行为，提高了软件的安全性，保护了开发者和使用者的权益。To sum up, the software hardening system described in this embodiment can only display the interfaces required in the business execution process, that is, it can only expose the display interface (excluding the interface content in the display interface) to the user. While ensuring the normal operation and calling of the SDK, it also realizes the protection of the software, effectively preventing malicious software from illegally obtaining key information, as well as various malicious software such as cracking, decompilation, secondary packaging, and Trojan horse implantation. Behaviors improve software security and protect the rights and interests of developers and users.

对于上述装置实施例而言，由于其与方法实施例基本相似，所以描述的比较简单，相关之处参见方法实施例的部分说明即可。For the above-mentioned device embodiments, because they are basically similar to the method embodiments, the description is relatively simple, and for related parts, please refer to part of the description of the method embodiments.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述，构造这类系统所要求的结构是显而易见的。此外，本发明也不针对任何特定编程语言。应当明白，可以利用各种编程语言实现在此描述的本发明的内容，并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中，说明了大量具体细节。然而，能够理解，本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中，并未详细示出公知的方法、结构和技术，以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地，应当理解，为了精简本公开并帮助理解各个发明方面中的一个或多个，在上面对本发明的示例性实施例的描述中，本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而，并不应将该公开的方法解释成反映如下意图：即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说，如下面的权利要求书所反映的那样，发明方面在于少于前面公开的单个实施例的所有特征。因此，遵循具体实施方式的权利要求书由此明确地并入该具体实施方式，其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解，可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件，以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外，可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述，本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外，本领域的技术人员能够理解，尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征，但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如，在下面的权利要求书中，所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现，或者以在一个或者多个处理器上运行的软件模块实现，或者以它们的组合实现。本领域的技术人员应当理解，可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的一种软件加固设备中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如，计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上，或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到，或者在载体信号上提供，或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in a software-hardened device according to an embodiment of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制，并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中，不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中，这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本发明公开了A1、一种软件加固方法，包括：The invention discloses A1. A method for strengthening software, comprising:

A2、根据A1所述的方法，所述对软件开发工具包SDK进行解析，确定显示接口，包括：A2. According to the method described in A1, the software development kit SDK is analyzed to determine the display interface, including:

对软件开发工具包SDK进行解析，根据待执行业务类型确定所述显示接口；其中，所述显示接口至少为一个。Analyzing the software development kit SDK, and determining the display interface according to the type of service to be executed; wherein, there is at least one display interface.

A3、根据A1所述的方法，所述将所述显示接口中的接口内容另存，包括：A3. According to the method described in A1, the described method of saving the interface content in the display interface includes:

将所述显示接口中的接口内容另存至设定队列中。Save the interface content in the display interface to the setting queue.

A4、根据A1所述的方法，所述隐藏所述显示接口中的接口内容，包括：A4. According to the method described in A1, the hiding of the interface content in the display interface includes:

对所述显示接口中的接口内容进行加密隐藏。The interface content in the display interface is encrypted and hidden.

A5、根据A4所述的方法，所述对所述显示接口中的接口内容进行加密隐藏，包括：A5. According to the method described in A4, the encryption and hiding of the interface content in the display interface includes:

对所述显示接口中的接口内容进行加密处理，以及，在加密内容中插入保护代码。The interface content in the display interface is encrypted, and the protection code is inserted into the encrypted content.

A6、根据A5所述的方法，所述保护代码包括：反编译工具的崩溃代码；其中，当触发所述崩溃代码时，结束工作流程。A6. According to the method described in A5, the protection code includes: a crash code of a decompilation tool; wherein, when the crash code is triggered, the workflow ends.

A7、根据A1至A6中任一项所述的方法，在所述将修改后的SDK重打包生成加固SDK的步骤之后，所述方法还包括：A7. According to the method described in any one of A1 to A6, after the step of repackaging the modified SDK to generate a reinforced SDK, the method also includes:

对所述加固SDK进行签名。Sign the hardened SDK.

A8、根据A7所述的方法，所述对所述加固SDK进行签名，包括：A8. According to the method described in A7, the signing of the hardened SDK includes:

下发所述加固SDK，由用户使用其身份标识对所述加固SDK进行签名；或者，Issue the hardened SDK, and the user signs the hardened SDK with his identity; or,

利用用户上传的身份标识对所述加固SDK进行签名。Sign the hardened SDK with the ID uploaded by the user.

A9、根据A3所述的方法，所述设定队列包括：类加载器下的队列。A9. According to the method described in A3, the setting the queue includes: a queue under the class loader.

A10、根据A9所述的方法，所述设定队列包括：DexPathList；所述类加载器包括：ClassLoader。A10. According to the method described in A9, the setting queue includes: DexPathList; and the class loader includes: ClassLoader.

本发明还公开了B11、一种软件加固系统，包括：The present invention also discloses B11, a software reinforcement system, comprising:

B12、根据B11所述的系统，所述解析定模块，用于对软件开发工具包SDK进行解析，根据待执行业务类型确定所述显示接口；其中，所述显示接口至少为一个。B12. According to the system described in B11, the analysis module is configured to analyze the software development kit SDK, and determine the display interface according to the type of service to be executed; wherein, there is at least one display interface.

B13、根据B11所述的系统，所述另存模块，用于将所述显示接口中的接口内容另存至设定队列中。B13. In the system according to B11, the saving module is configured to save the interface content in the display interface into a setting queue.

B14、根据B11所述的系统，所述第二隐藏模块，用于对所述显示接口中的接口内容进行加密隐藏。B14. The system according to B11, the second hiding module is configured to encrypt and hide the interface content in the display interface.

B15、根据B14所述的系统，所述第二隐藏模块，用于对所述显示接口中的接口内容进行加密处理，以及，在加密内容中插入保护代码。B15. The system according to B14, the second hidden module is configured to encrypt the interface content in the display interface, and insert a protection code into the encrypted content.

B16、根据B15所述的系统，所述保护代码包括：反编译工具的崩溃代码；其中，当触发所述崩溃代码时，结束工作流程。B16. According to the system described in B15, the protection code includes: a crash code of a decompilation tool; wherein, when the crash code is triggered, the workflow ends.

B17、根据B11至B16中任一项所述的系统，还包括：B17. The system according to any one of B11 to B16, further comprising:

签名模块，用于在所述生成模块将修改后的SDK重打包生成加固SDK之后，对所述加固SDK进行签名。The signature module is used to sign the hardened SDK after the generation module repackages the modified SDK to generate a hardened SDK.

B18、根据B17所述的系统，所述签名模块，用于下发所述加固SDK，由用户使用其身份标识对所述加固SDK进行签名；或者，利用用户上传的身份标识对所述加固SDK进行签名。B18. According to the system described in B17, the signature module is used to issue the hardened SDK, and the user signs the hardened SDK with his identity; or, uses the identity uploaded by the user to sign the hardened SDK. to sign.

B19、根据B13所述的系统，所述设定队列包括：类加载器下的队列。B19. The system according to B13, the setting queue includes: a queue under the class loader.

B20、根据B19所述的系统，所述设定队列包括：DexPathList；所述类加载器包括：ClassLoader。B20. The system according to B19, the set queue includes: DexPathList; the class loader includes: ClassLoader.