Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide it is a kind of prevent H5 source code leak method, computer equipmentAnd storage medium, to solve to hold very much in the exposure of source code logic, the exposure of object properties API Calls and decryption code key insertion source codeThe problem of being easily found, effectively protects H5 source code.
A method of prevent H5 source code from leaking, the method includes the steps:
A, template object is initialized, defines an overall situation function, and return to a global object in the overall situation function;
B, morphological analysis and syntactic analysis are carried out to source code, and function, character string, expression formula and the constant in source code is addedClose processing;
C, encrypted source code is subjected to shell adding encryption, and generates a decryption function;
D, decryption function decrypts shell adding code, decrypts encrypted code, load decryption object simultaneously executes encrypted code, by decryption pairDecrypting as dynamic is clear-text passwords, and executes clear-text passwords.
Wherein, the step A further include:
A1, by the title randomization of the global object and special identifier, and the title of the global object encrypted every time is notIt is same and unique;
Wherein, Key value is randomized when having a variety of Key-Value forms in the global object, and initializing every time, andKey value is unique;
The type of the Value includes: character string interaction template, expression formula interaction template, multiple constants and multiple discriminant functions.
Wherein, the character string interaction template interacts function with a character string including two character strings interaction functions;
Wherein, in described two character string interaction functions, one of function is that function control is flowed in flattening in decoding source codeThe value of case in switch structure, another function are all character strings in decoding source code;In one character string interaction letterIn number, which is decoded pre-set domain name coded string.
Wherein, the step C is specifically included:
C1, encrypted source code is carried out to space and goes annotation process, and encrypted source code is subjected to accidental enciphering;
C2, encrypted character string group array, the position of replacement, the necessary variable of decryption function and decryption functional dependence are generatedNecessary Rule of judgment;
C3, a decryption function is generated, and using the result of the source code of processing as the parameter of decryption function.
Wherein, the step C further include:
C4, by one section of anti-debug code of coding it is encrypted characters string, this section of anti-debug code is embedded into decryption function, whenWhen code executes, then this section of anti-debug code is gone to, and executed with eval function.
Wherein, include: when being encrypted in the step B to the function in source code
If being inserted into inside function to calculate the code of time difference, when the time that two sections of codes execute being greater than some numerical value,Program will enter in an Infinite Cyclic code;
If being inserted into the template code judged with domain name inside function, obtain with return value, and passes through its true and false property determining programWhether execute;
If to function body Structural Transformation being the control stream flattening of switch structure, function body sentence it is order random-ising, and insertEnter some non-executable codes, code that is executable but not influencing its result, complicates control flow, automatically generate switch languageThe case value of sentence, which is put into array, and the array is encrypted, is processed into unreadable character string.
Wherein, include: when being encrypted in the step B to the expression formula in source code
It extracts in JavaScript and intersperses expression formula, all expression formulas of interspersing are replaced with into square brackets expression formula, it will be rightThe attribute of elephant calls the form for being converted to character string;
The expression solution in source code is extracted, expression formula is converted into expression formula interaction template function call or discriminant functionThe form of calling, the lvalue and r value that participate in expression formula are the parameter of function.
Wherein, include: when being encrypted in the step B to the character string in source code
The character string in JavaScript is extracted, all text string extractings are come out, and these character strings are put into array, andThe array is encrypted, unreadable character string is processed into;
Include: when being encrypted in the step B to the constant in source code
The constant in source code is extracted, all constants are entered and left and replace with template into template object, and by original constantThe form of object accesses attribute.
A kind of computer equipment, including memory and processor, the memory are stored with computer program, the processingDevice realizes the step of above-mentioned method when executing the computer program.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processorThe step of above-mentioned method is realized when row.
A kind of method, computer equipment and storage medium for preventing H5 source code from leaking, has the advantages that
(1) by randomization global object's title and control stream randomization, it is one that encryption, which can all have different encryption files, every timeKind polymorphic form;
(2) template object dynamic is decrypted when passing through operation, solves the problems, such as to be easy to be found in decryption code key insertion source code;
(3) all constants, character string, expression formula are hidden completely, and core logic and core code are all protected, and hide attributeAPI Calls, encrypted code structure is complicated, and code can not almost be read;
(4) domain name protection, anti-debug protection are carried out under particular surroundings (browser).
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer and more explicit, right as follows in conjunction with drawings and embodimentsThe present invention is further described.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and do not have toIt is of the invention in limiting.
A kind of method for preventing H5 source code from leaking provided by the present application, can be applied in terminal.Wherein, terminal can with butIt is not limited to various personal computers, laptop, mobile phone, tablet computer, vehicle-mounted computer and portable wearable device.ThisThe terminal of invention uses multi-core processor.Wherein, the processor of terminal can be central processing unit (Central ProcessingUnit, CPU), graphics processor (Graphics Processing Unit, GPU), video processing unit (VideoAt least one of Processing Unit, VPU) etc..
In one embodiment, as shown in Figure 1, providing a kind of flow diagram of method for preventing H5 source code from leaking,It is applied to be illustrated for above-mentioned terminal in this way, comprising the following steps:
S100, initialization template object, define an overall situation function, and a global object is returned in the overall situation function;
Specifically, template object is initialized, an overall situation function is defined, a global object is returned in this overall situation function,And global object's title is randomized, special identifier, will not generate conflict with the function name in source code, variable name, while using slowTechnology is deposited, the global object's title encrypted every time is different and unique, there are many Key-Value forms in this object, andAnd initialization Key value randomization every time, Key value is unique, and Value is broadly divided into following several types:
(1) Value is two character string interactions function (character string interaction template), and one of function is function in decoding source codeThe value of case in switch structure in flattening is flowed in control, another function is all character strings in decoding source code.Two wordsAn object is returned in symbol string interaction function, includes the form of a Key-Value in this object, Value is then a letterNumber, the main function of this function is: transcoding character string, xor operation, splicing character string, cutting character string simultaneously finally obtain oneA array for having character string is obtained character string from array and is returned by the subscript inside each function parameter, this functionIt is present in global object, main function is dynamically to decode character by character string stencil function when program operationString.
(2) Value is multiple expression formula functions (expression formula interaction template), and expression formula function calculates the value being passed into,And directly return the result, wherein expression formula function includes: addition function, SUbtractive function, multiplication function, division function, is equal to letterNumber, not equal to function, greater than function, less than function and function is negated, main function is to hide the expression formula in source code,And be converted to the form of function call.
(3) Value is multiple types of a constant, and Value value is to extract all constants in source code, and value is unique, reduces in source codeThe number that constant occurs, main function are the constants hidden in source code.
(4) Value is multiple discriminant functions, and the main body of this function is a three mesh operations, and function returns to three mesh operationsAs a result, three mesh operations the result is that call another function in the object, and in addition the parameter of this function is transmitted toIn one function, main function is the service logic for complicating this global object.
(5) Value is character string interaction function (character string interaction template), this function will mainly be presetDomain name coded string be decoded, then in the domain name (web browser of website where the dynamic acquisition current browser pageUnder environment), the domain name encoded in advance is decoded, the value for returning to a bool type, main function are then comparedIt is that the dynamic domain name that obtains carries out domain name judgement.
S200, morphological analysis and syntactic analysis are carried out to source code, and by the function in source code, character string, expression formula and oftenNumber is encrypted;
Wherein, in particular circumstances (in web browser environment) by carrying out morphological analysis, grammer point to JavaScript source codeThe function in JavaScript is extracted in analysis, the code of a calculating time difference is inserted into inside certain functions, when two sections of codes are heldThe capable time is greater than some numerical value, and program will enter in an Infinite Cyclic code, and code, which is effectively protected, to be prevented from being debugged.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the letter in JavaScript is extractedNumber is inserted into the template code (being limited in browser) of domain name judgement inside certain functions, obtains a return value, leads toIt crosses and judges whether its true and false property confirmation program continues to execute, do not execute then one random number of current function auto-returned, effectivelyCode is protected not usurped by illegal website.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the letter in JavaScript is extractedNumber, to function body Structural Transformation be switch structure control stream flattening, function body sentence it is order random-ising, be inserted into simultaneouslySome codes that cannot be executed code, can execute but not influence its result, complicate control flow, automatically generateThe case value of switch sentence, these values is put into array, and this array is encrypted, and is processed into unreadable characterString, applies character string interaction template and (this encrypted character string is put into character string interaction template function, is used simultaneouslyThe character string interaction template function or discriminant function of template object do equivalence replacement to the case value in switch structure, andAnd the corresponding subscript in array of each character string is recorded, using this subscript as the parameter of stencil function and discriminant function), withReach and obscures source code logic and purpose is hidden to the case value of switch.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, interspersing in JavaScript is extractedAll expression formulas of interspersing are replaced with square brackets expression formula by expression formula, and the attribute calling of object is thus converted to characterThe form of string is hidden with the character string for reaching extraction.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the character in JavaScript is extractedString, all text string extractings are come out, these character strings are put into array, and this array is encrypted, are processed into notReadable character string, apply character string interaction template (this encrypted character string is put into character string interaction template function,The character string interaction template function or discriminant function for using template object simultaneously, do the case value in switch structure equivalentReplacement, and record the corresponding subscript in array of each character string, using this subscript as stencil function and discriminant functionParameter), purpose is gone here and there to reach to hide character.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the expression formula fortune in source code is extractedIt calculates, applies expression formula interaction template and (expression formula is converted to what expression formula interaction template function call or discriminant function calledForm, participate in expression formula lvalue and r value be function parameter) main purpose be hide source code in expression formula.
Wherein, by carrying out morphological analysis, syntactic analysis to JavaScript source code, the constant in extraction source code willAll constant enters and leaves into template object, and original constant is replaced with to the form of template object access attribute, to reach pointFrom constant in source code, the purpose of constant is hidden.
S300, encrypted source code is carried out to shell adding encryption, and generates a decryption function;
Specifically include step:
S310, encrypted source code is carried out to space and goes annotation process, and encrypted source code is carried out at accidental encipheringReason, the mode of the accidental enciphering processing, which specifically includes, to be encoded source code, is converted, being cut and replacement processing;
S320, encrypted character string group array, the position of replacement, the necessary variable of decryption function and decryption functional dependence are generatedNecessary Rule of judgment;
S330, a decryption function is generated, and using the result of the source code of processing as the parameter of decryption function;
S340, by one section of anti-debug code of coding it is encrypted characters string, this section of anti-debug code is embedded into decryption function,When code executes, then this section of anti-debug code is gone to, and executed with eval function.
It specifically, is encrypted characters string by one section of anti-debug code of coding in web browser environment, this section is anti-Debugging code is embedded into decryption function, when code executes, can go to this section of anti-debug code, and with eval functionIt executes, wherein eval function can only view current anti-debug code, anti-debug when executing code inside debuggingCode periphery code can not be checked, code is effectively protected and is not debugged and checks.
S400, decryption function decrypt shell adding code, decrypt encrypted code, and load decryption object simultaneously executes encrypted code,Decryption object dynamic is decrypted as clear-text passwords, and executes clear-text passwords.
The present invention executes logic by changing code, hides that API Calls, the string that hides character by template, to pass through template hiddenConstant is hidden, expression formula is hidden by template and changes source code and is shown, is protected core logic and core code all,Encrypted code structure is complicated, and code can not almost be read, and by randomization global object's title and controls stream randomization,Encryption can all have different encryption files every time, be a kind of polymorphic form, and template object dynamic is decrypted when passing through operation, solve solutionBe easy to the problem of being found in close code key insertion source code, at the same under special environment (browser end) increase anti-debug technology andDomain name binding technology is added by template, effectively protects H5 source code.
It should be understood that although each step in the flow chart of Fig. 1 is successively shown according to the instruction of arrow, thisA little steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly state otherwise herein, these stepsIt executes there is no the limitation of stringent sequence, these steps can execute in other order.Moreover, at least part in Fig. 1Step may include that perhaps these sub-steps of multiple stages or stage are executed in synchronization to multiple sub-stepsIt completes, but can execute at different times, the execution sequence in these sub-steps or stage, which is also not necessarily, successively to be carried out,But it can be executed in turn or alternately at least part of the sub-step or stage of other steps or other steps.
In one embodiment, to more fully understand the application, prevent H5 source code from leaking the present invention also provides a kind ofThe encryption principle schematic diagram of method, as shown in Fig. 2, by carrying out morphological analysis, syntactic analysis to JavaScript source code, thereafterFunction, character string, constant and expression formula in JavaScript source code is encrypted, wherein in web browser environmentIn, by extracting the function in JavaScript, it is inserted into the template code of domain name judgement inside certain functions, obtains oneA return value, judges whether its true and false property, program continue to execute, and does not execute one random number of current function auto-returned, effectivelyProtect code not usurped by illegal website;In JavaScript language environment, by making the letter in JavaScript source codeNumber, character string, constant and expression formula control levelling are smooth, and ambiguity function name variable name encrypts character string, carries out to constantReplacement, operator carry out equivalence replacement, and to carry out code compaction (go to space, go to annotate) after, by source code accidental enciphering (compileCode converts, and cuts, replacement) processing, generate encrypted character string group array, the position of replacement, the necessary variable of decryption functionWith decryption functional dependence necessary Rule of judgment, and generate a decryption function, and using the result of the source code of processing as decrypt letterSeveral parameters carries out a shell adding processing to encrypted source code by the way that encrypted source code is carried out accidental enciphering again, fromAnd obtain encrypted code.
Wherein, in web browser environment, it is encrypted characters string by one section of anti-debug code of coding, this section is demodulatedExamination code is embedded into decryption function, when code executes, can go to this section of anti-debug code, and held with eval functionRow.Eval function can only view current anti-debug code, anti-debug code periphery when executing code inside debuggingCode can not be checked, code is effectively protected and is not debugged and checks.
In one embodiment, to more fully understand the application, prevent H5 source code from leaking the present invention also provides a kind ofThe schematic illustration of method code shell adding, as shown in figure 3, after carrying out space by code, remove annotation, then by source code accidental enciphering(coding converts, and cuts, replacement) processing generates thereafter encrypted word for example, the code of non-shell adding is carried out shell adding processingString group array, the position of replacement, the necessary variable of decryption function and the necessary Rule of judgment for decrypting functional dependence are accorded with, and generates oneDecryption function, and using the result of the source code of processing as the parameter of decryption function, it is random by carrying out encrypted source code againEncryption, that is, adding one layer of shell program in machine code, again on the basis of code replaces program to obtain executable program, whereinProgram is not normally functioning when going to anti-debug code under web browser environment.
In one of the embodiments, as shown in figure 4, providing a kind of encrypted code of method for preventing H5 source code from leakingThe flow diagram of execution, comprising the following steps:
S01, beginning;
S02, encrypted code is executed;
S03, decryption function is executed, and decrypts encrypted source code;Wherein, the necessary variable of decryption function and decryption functional dependenceNecessary Rule of judgment execute decryption function, specifically, the position that source code is replaced is found by subscript, and pass through necessary ginsengNumber is restored.
S04, load decryption object simultaneously go to decrypted code;
S05, decryption object dynamic is decrypted as plaintext code;
S06, judge whether to go to normal code;If so, S07 is thened follow the steps, it is no to then follow the steps S08.
S07, normal program operation;
S08, judge whether to go to anti-debug code;If so, S11 is thened follow the steps, it is no to then follow the steps S09.
Wherein, under web browser environment, by being inserted into the code of a calculating time difference inside certain functions, whenThe time that two sections of codes execute is greater than some numerical value, and program will enter in an Infinite Cyclic code, i.e. execution step S11;It is encrypted characters string by one section of anti-debug code of coding, this section of anti-debug code is embedded into decryption function, when code is heldWhen row, this section of anti-debug code can be gone to, i.e. execution step S11.
S09, domain name inspection code is gone to;
S10, judge whether domain name is consistent;If so, S11 is thened follow the steps, it is no to then follow the steps S12.
S11, program are operating abnormally;
S12, end.
In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structureFigure can be as shown in Figure 5.The computer equipment includes processor, the memory, network interface, display connected by system busScreen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment is depositedReservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer journeySequence.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculatingThe network interface of machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor withRealize a kind of method for preventing H5 source code from leaking.The display screen of the computer equipment can be liquid crystal display or electric inkDisplay screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible to outside computer equipmentKey, trace ball or the Trackpad being arranged on shell can also be external keyboard, Trackpad or mouse etc..
It will be understood by those skilled in the art that structure shown in Fig. 5, only part relevant to application scheme is tiedThe block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipmentIt may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be withRelevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computerIn read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,To any reference of memory, storage, database or other media used in each embodiment provided herein,Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM(PROM), electrically programmable ROM(EPROM), electrically erasable ROM(EEPROM) or flash memory.Volatile memory may includeRandom-access memory (ram) or external cache.By way of illustration and not limitation, RAM is available in many forms,Such as static state RAM(SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancingType SDRAM(ESDRAM), synchronization link (Synchlink) DRAM(SLDRAM), memory bus (Rambus) direct RAM(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodimentIn each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lanceShield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneouslyIt cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the artIt says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the applicationRange.Therefore, the scope of protection shall be subject to the appended claims for the application patent.