Detailed Description
In order that the above-recited objects, features and advantages of the present application will become more readily apparent, a more particular description of embodiments of the application will be rendered by reference to the appended drawings and appended drawings.
In order to facilitate understanding of the technical solution of the embodiments of the present application, technical terms related to the embodiments of the present application will be described first.
Decompilation, also known as inverse compilation, refers to an application that changes an executable file into a high-level language source program. Decompilation was used at the earliest for software migration, and in cases where early computer hardware was incompatible and requires updating iterations, many valuable software faces the situation where the hardware's iteration needs to be rewritten over a large range, thus creating a variety of decompilation techniques. However, as this technology is studied intensively, decompilation is sometimes used for copying source code files illegally, and cases such as piracy and unauthorized modification occur, so that the code protection technology has very important and realistic significance.
Code obfuscation refers to the act of reorganizing and processing program code into a functionally equivalent, but difficult to read and understand form.
Static analysis refers to a method of performing program analysis without running a computer program. And analyzing the engineering codes by checking the multi-dimensions of morphology, grammar, semantics and the like to obtain the program assembly codes or source code files. Then, according to the flow of the program list analysis program, the function to be completed by the device is grasped.
Key code, also referred to as core code, key transactions involved in the system business implementation, critical transactions, or high risk scenario processing transaction logic. If this part is broken, the key logic of the system service is exposed, so that the system is easy to attack.
And the key code identifier is used for marking the key code.
And the key code list is used for recording the position information of the key codes in the source code file.
In order to facilitate understanding of the technical solution provided by the embodiments of the present application, the following description will be given with reference to the accompanying drawings.
Referring to fig. 1, the flowchart of a code processing method according to an embodiment of the present application, as shown in fig. 1, the method may include:
S101: if the source code file is detected to comprise the key code, the client sends a first request message to the server.
In this embodiment, the client may sequentially read the source code file, determine whether the source code file includes a key code, and if so, send a first request packet to the server. The first request message is used for requesting an encryption key aiming at the key code, and the first request message comprises key information. The key information is used for checking the client by the server, is information negotiated in advance by the client and the server, and is used for identifying the client, and specifically may include, but is not limited to, one or more of a client identifier, an IP address, an MAC address, and a token.
Judging whether the source code file comprises a key code or not, specifically judging whether the source code file has a key code identifier or not, and if the source code file has the key code identifier, indicating that the source code file comprises the key code.
In this embodiment, in order to facilitate timely obtaining of location information of key codes in a source code file during subsequent decoding, when it is determined that a key code identifier exists in the source code file, location information of each key code included in the source code file is recorded in a key code list. That is, the key code list includes location information, i.e., a read path, of each key code in the source code file.
S102: and the server checks the key information in the first request message, and if the key information passes the check, the server acquires the first secret key.
After the server receives the first request message sent by the client, key information is obtained by analyzing the first request message, and then the key information is checked, namely the identity of the client is checked. And if the verification is passed, acquiring a first key.
The server side checks the key information, and specifically comprises the following steps: the server judges whether the client identifier is a client identifier which is negotiated in advance, if yes, judges whether the information such as the IP address, the MAC address and the token in the key information is consistent with the locally stored information, and if yes, determines that the key information passes the verification.
The first key is an encryption key pre-negotiated between the client and the server, and the server can store the client identifier and the first key in pairs. And after the verification of the key information is passed by the server side, inquiring the corresponding first key by using the client side identification in the key information.
If the verification is not passed, the server side sends a response message to the client side so as to prompt the client side that the verification is not passed through the response message.
S103: the server generates a first response message, wherein the first response message comprises a first key
S104: the server side sends a first response message to the client side.
After the first key is queried, a first response message is generated according to the first key, and the first response message is sent to the client so that the client encrypts the key code by using the first key.
The first request message may further include a second key to ensure security of the first key, where the second key user encrypts the first key. When the server generates a first response message by using the first key, firstly encrypting the first key by using the second key to obtain an encrypted first key, and further generating the first response message by using the encrypted first key, wherein the first response message comprises the encrypted first key. That is, when the server side and the client side transmit the first secret key, the first secret key is transmitted in a one-time pad mode, so that the security in the first secret key transmission process is improved.
S105: the client receives the first response message and analyzes the first response message to obtain a first key.
S106: the client encrypts the key code by using the first key to obtain the encrypted key code.
In this embodiment, after the client receives the first response message sent by the server, the first response message is parsed to obtain a first key, and then the key code in the source code file is encrypted by using the first key to obtain an encrypted key code, so as to realize protection of the key code. Specifically, the client may encrypt the key code with the first key according to a preset encryption algorithm.
When the first response message includes the encrypted first key, the client analyzes the first response message, and then decrypts the encrypted first key by using the second key to obtain the first key.
The client encrypts the key code by using the first key to obtain the encrypted key code, and the method comprises the following steps: and reading each key code in turn according to the position information in the key code list, and encrypting each key code by using the first key to obtain the encrypted key code.
S107: and the client obtains an executable program file corresponding to the source code file based on the encrypted key code.
After the encrypted key code is obtained, an executable program file corresponding to the source code file is obtained based on the encrypted key code. The executable program file comprises a compiling result corresponding to the encrypted key code, namely a first compiling file. That is, after the encrypted key code is precompiled, a first compiled file is obtained. Specifically, the executable program file corresponding to the source code file may be obtained by:
one is to directly precompiled a source code file including encrypted key code to obtain an executable program file. That is, the executable program file includes the compiling result corresponding to the encrypted key code.
One is to precompiled the source code file to obtain an executable program file, wherein the executable program file comprises the compiling result of the key code, namely a second compiling file; pre-compiling the encrypted key codes to obtain a first compiled file; the second compiled file is replaced with the first compiled file.
In the implementation manner, the key codes included in the source code file are unencrypted key codes, the source code file is precompiled to obtain an executable program file, and then a second compiling file corresponding to the key codes in the executable program file is replaced by a first file compiled by the encrypted key codes, so that the executable program file includes the compiling result of the encrypted key codes, and the code protection is realized.
The client detects the source code file, and if the source code file includes the key code, sends a first request message to the server to request the server for an encryption key used when encrypting the key code through the first request message. The first request message includes key information. After receiving the first request message, the server checks the key information, and if the key information passes the check, the server acquires the encryption key, namely the first key, and sends the first key to the client through the first response message. The client obtains a first key by analyzing the first response message, encrypts the key code by using the first key, and further obtains an executable program file corresponding to the source code file by using the encrypted key code, wherein the executable program file comprises a first compiling file corresponding to the encrypted key code. The technical scheme provided by the application can encrypt the key codes in the source codes, thereby realizing the encryption protection of the key code parts in the executable program files, preventing static analysis, increasing the decompilation difficulty of the codes and realizing the code protection.
The above embodiment describes the protection process of the key code, and the decryption process of the executable program file will be described below with reference to the accompanying drawings. When the key code is encrypted, the client acquires the first key, encrypts the key code by using the first key, and then does not store the first key, so that the security of the key is ensured. When decryption is needed, the server is re-requested.
Referring to fig. 2, the flowchart of a code processing method according to an embodiment of the present application is shown in fig. 2, where the method includes:
s201: and the client sends a second request message to the server.
In this embodiment, when the client loads the executable program file through the specified class loader, it is determined whether the executable program file needs to be decrypted, and if so, a second request message is sent to the server. The second request message is used for requesting a decryption key for the encrypted key code, and the second request message comprises key information. The content specifically included in the key information may be referred to the description related to S101.
The client judges whether the executable program file needs decryption or not, and comprises the following steps: the client judges whether the executable program file has a key code list or not, and if so, the client determines that the executable program file needs to be decrypted.
S202: and the server checks the key information in the second request message, and if the key information passes the check, the server acquires a third key.
In this embodiment, after receiving the second request packet, the server side analyzes the second request packet to obtain the key information, and further verifies the key information. The specific implementation of verifying the key information by the server may be referred to the related description in S102.
Wherein the third key is used to decrypt the encrypted key code. The third key is a key pre-negotiated between the server and the client, and when the verification is passed, the server can query the corresponding third key according to the client identifier. The third key may be the same as or different from the first key, and the present embodiment is not limited herein.
S203: the server generates a second response message, wherein the second response message comprises a third key.
S204: and the server side sends a second response message to the client side.
After inquiring the third secret key, the server side generates a second response message according to the third secret key, and sends the second response message to the client side, and the client side decrypts the encrypted key code by using the third secret key.
S205: and the client receives the second response message and analyzes the second response message to obtain a third key.
S206: and the client decrypts the decompilation result of the first compiled file by using the third key to obtain the key code.
In this embodiment, after the client receives the second response message sent by the server, the second response message is parsed to obtain the third key. Meanwhile, the client decompiles the first compiled file in the executable program file to obtain a decompilation result, and further decrypts the decompilation result by using the third key to obtain the key code. The decompilation result is the encrypted key code.
S207: and the client precompiles the key codes to obtain a second compiling file, and replaces the first compiling file in the executable program file with the second compiling file.
After the encrypted key codes are decrypted, the key codes are obtained, and further the key codes are precompiled to obtain second compiling files, so that the second compiling files are utilized to replace the first compiling files in the executable program files. After the replacement is completed, the executable program file may be loaded using a default class loader.
In the present application, the remote key unit and the decompilation protection unit may be divided based on the description of the server and client functions described above. The remote key unit is used for storing and distributing the negotiation key, and the decompilation protection unit is used for processing the key codes to realize code protection.
The remote key unit operates in a trusted server and comprises a receiver, a verifier, a key memory, a key distributor and a transponder. The decompilation protection unit operates in a local system (e.g., a consumer system) to provide service capabilities in a component manner and may include a key acquirer, a key code reader, an encryption and decryption processor, a compilation replacer, and a key code loader.
To facilitate an understanding of the specific functions of the remote key unit and the decompilation protection unit, the following description will be provided separately.
One) remote key unit
The remote key unit is a service running on a safe trusted server and is used for maintaining key information and transmitting the key in a one-time and one-time mode so as to realize safe storage and distribution of the key.
1. A receiver: is responsible for receiving and analyzing the request message;
The request message comprises information such as a consumer application identifier, an IP address, an MAC address, a token and the like, wherein the information is used for verifying the identity of the client, and the consumer refers to a system needing code protection.
2. And (3) a calibrator: the method is responsible for checking information such as a consumer application identifier, an IP address, an MAC, a token and the like;
3. a key memory: providing a key storage and query function;
the key memory may store (application identifier, key) therein.
4. A key distributor: for sending to the consumer in a secure manner after querying the key from the key store after verification has passed;
5. a transponder: responsible for assembling and returning response messages
Wherein the response message includes the requested key. If the request message also comprises the encryption key, the inquired key is encrypted by using the encryption key, and then the response message is sent to the consumer.
(II) decompilation protection unit
The decompilation protection unit can run in a consumption system and realize the encryption protection and decryption running components of the executable program package based on an encryption and decryption algorithm.
1. Key acquirer: is responsible for interacting with a remote key unit to acquire a negotiation key;
In this embodiment, the key acquirer acquires information such as the application identifier, the IP address, the MAC address, the token and the like which are negotiated in advance, and accesses the remote key unit through the concatenation request message, so as to apply the key to the remote key unit.
After the information is verified, the remote key unit inquires the stored negotiation key, encrypts the negotiation key by utilizing the transmission key carried in the request message, and then sends a response message to the key acquirer. After receiving the response message, the key acquirer analyzes the response message to obtain a negotiation key for subsequent use.
2. Key code reader: the key code identification recognition and key code reading are responsible, and the key code is preprocessed to meet the basic requirements of encryption and decryption operation; reading key codes from the source codes during encryption; reading key codes from the executable program package during decryption;
after the compiling protection is started, the key code reader sequentially reads the source code file, identifies whether the source code file comprises key code identifiers, and if the key code identifiers exist, pre-processes the key codes. Wherein the preprocessing operations include, but are not limited to: annotation deletion, repeated introduction of class deletion, array filling and the like, so that the basic format requirements of encryption and decryption algorithms are met.
After processing is completed, directory information (i.e., storage path) of the key code is added to the key code list.
3. Encryption and decryption processor: is responsible for encryption and decryption processing by utilizing a symmetric/asymmetric algorithm;
In this embodiment, the encryption and decryption processor accesses the key acquirer and the key code reader in sequence to acquire the product in the corresponding processor, and performs encryption/decryption processing on the key code recorded in the key code list according to a preset algorithm.
4. Compiling replacer: the method is responsible for precompiling a source code file, acquiring an executable program file or realizing a replacement function of the executable program file;
in this embodiment, the compile replacer includes precompiled and replacement functions, the operation of which depends on the key code reader and the encryption and decryption processor, and the processing logic is as follows:
(1) Acquiring key code reader products: a key code list;
(2) Precompiled source code files to generate executable program files and directory structures; determining the compiled file position of the file to be processed (the file containing the key code) according to the key code list;
(3) Obtaining an encryption and decryption processor product, writing a compiling result corresponding to the encrypting result back to a path corresponding to the precompiled key code, completing encryption replacement, and updating file replacement information and the replaced path to a key code list;
(4) Updating an executable program file running root file (namely an entry path of the executable program file), adding an executable program file analysis configuration class file path, and setting a class loader priority (namely decryption and running are needed if the executable program file is to be loaded);
(5) The code is repackaged, and the executable program file after the processing is generated by compression.
The replacing function is to replace the compiling file corresponding to the key code in the executable program file by using the compiling result of the encrypted key code.
5. Key code loader: the method is used in the decryption process and is responsible for the analysis and loading functions of files in the executable program package, and the normal operation of the executable program package is supported.
In this embodiment, the key code loader is a key for running the processed executable program file, and depends on the key acquirer and the encryption and decryption processor. Because part of files in the executable program files are encrypted, the default class loader cannot execute operation, a specific class loader needs to be specified, decryption replacement of key codes is realized, and the executable program files meet the operation requirement of the default class loader, and the specific processing procedure is as follows:
(1) Acquiring an operation root file in an executable program file, reading and analyzing the position of a configuration class file, and operating a program in the class file by using a specified class loader;
(2) Reading a configuration file corresponding to an executable program file, and obtaining a key code list;
(3) Invoking a key acquirer and an encryption and decryption processor to acquire a decryption key, reading the result of the last step, and sequentially realizing decryption and replacement according to a key code list;
(4) And executing a default class loader after decrypting the write-back file, and running an executable program package.
From the foregoing, it will be appreciated that the present application includes encryption and decryption processes, and for facilitating understanding of the specific implementation of the two processes, the following description will be given with reference to the accompanying drawings.
Referring to fig. 3, the key code encryption flow chart provided by the embodiment of the application, as shown in fig. 3, includes:
S301: the decompilation protection unit reads the source code file.
S302: the decompilation protection unit judges whether the source code file includes a key code identifier, if yes, executing S303; otherwise, ending.
S303: the decompilation protection unit records a list of key codes.
S304: the decompilation protection unit acquires the key information and the second key, assembles a first request message, and sends the first request message to the remote key unit.
S305: the remote key unit analyzes the first request message to obtain key information and a second key.
S306: the remote key unit verifies the key information, and if the verification is passed, S307 is executed; otherwise, S313 is performed.
S307: the remote key unit obtains a pre-negotiated first key and encrypts the first key using a second key.
S308: the remote key unit splices the first response message and sends the first response message to the decompilation protection unit.
S309: the decompilation protection unit analyzes the first response message and decrypts the first response message by using the second key to obtain the first key.
S310: the decompilation protection unit reads the key code list, encrypts the key code by using the first key, and obtains the encrypted key code.
S311: the decompilation protection unit decompilates a source code file comprising the encrypted key code to obtain an executable program file.
S312: the decompilation protection unit modifies the class loader to enable the modified class loader to run the executable program file.
S313: and sending the error identification to the decompilation protection unit.
S314: and prompting error reporting.
It should be noted that, the specific content of the related implementation in this embodiment may be referred to the corresponding description in the code processing method described in fig. 1, and this embodiment is not repeated here.
Referring to fig. 4, the decryption process of an executable program file provided in an embodiment of the present application may specifically include:
s401: the loading unit runs the executable program file using the specified class loader.
S402: the loading unit judges whether the executable program file has a key code list, if so, the loading unit executes S403; otherwise, S412 is performed;
s403: the load unit invokes the decompilation protection unit.
S404: the decompilation protection unit acquires the key information and the second secret key, assembles a second request message, and sends the second request message to the remote secret key unit.
S405: the remote key unit analyzes the second request message to obtain key information and a second key.
S406: the remote key unit verifies the key information, and if the verification is passed, S407 is executed; otherwise, S413 is performed.
S407: the remote key unit obtains a pre-negotiated third key and encrypts the third key using the second key.
S408: and the remote key unit splices the second response message and sends the second response message to the decompilation protection unit.
S409: the decompilation protection unit analyzes the second response message and decrypts the second response message by using the second key to obtain a third key.
S410: and the decompilation protection unit reads the key code list, and decrypts the decompilation result of the first compiled file by using the third key to obtain the key code.
S411: the decompilation protection unit decompilates the key code to obtain a second compiled file, and replaces the first compiled file in the executable program file with the second compiled file.
S412: the loading unit acquires a default class loader, and runs the executable program file by using the class loader.
S413: and sending the error identification to the decompilation protection unit.
S414: and prompting error reporting.
It should be noted that, for details of implementation in this embodiment, reference may be made to the corresponding description in the embodiment shown in fig. 2, and this embodiment is not repeated here.
Based on the above method embodiments, the present application further provides a code processing apparatus, which will be described below with reference to the accompanying drawings.
Referring to fig. 5, the code processing apparatus provided by the embodiment of the present application, where the apparatus 500 is applied to a client and can implement the function of the decompilation protection unit in fig. 3 or fig. 4, specifically includes:
A sending unit 501, configured to send a first request packet to a server if it is detected that a source code file includes a key code, where the first request packet is used to request an encryption key for the key code, and the first request packet includes key information, where the key information is used to identify the client;
a receiving unit 502, configured to receive a first response packet sent by the server if the server passes the verification on the key information, where the first response packet includes a first key, and the first key is used to encrypt the key code;
A processing unit 503, configured to parse the first response packet, obtain the first key, and encrypt the key code with the first key, to obtain an encrypted key code;
The processing unit 503 is further configured to obtain an executable program file corresponding to the source code file based on the encrypted key code, where the executable program file includes a first compiled file corresponding to the encrypted key code.
In a possible implementation manner, the processing unit 503 is specifically configured to pre-compile a source code file including the encrypted key code to obtain an executable program file; or precompiling the source code file to obtain an executable program file, wherein the executable program file comprises a second compiling file corresponding to the precompiled key code; pre-compiling the encrypted key codes to obtain a first compiled file; the second compiled file is replaced with the first compiled file. In one possible implementation, the request message further includes a second key, where the second key is used to encrypt the first key.
In one possible implementation, the apparatus further includes:
The acquisition unit is used for acquiring the source code file;
The judging unit is used for judging whether a key code identifier exists in the source code file;
The processing unit 503 is further configured to determine that the source code file includes the key code if a key code identifier exists.
In one possible implementation, the apparatus further includes: a storage unit;
and the storage unit is used for recording the position information of each key code included in the source code file in a key code list.
In a possible implementation manner, the processing unit 503 is specifically configured to sequentially read each key code according to the location information in the key code list; and encrypting each key code by using the first key to obtain the encrypted key code.
In a possible implementation, the sending unit 501 is further configured to send, in response to loading the executable program file, a second request packet to the server, where the second request packet is used to request a decryption key for the encrypted key code, and includes the key information;
The receiving unit 502 is further configured to receive a second response packet sent by the server if the server passes the verification on the key information, where the second response packet includes a third key, and the third key is used to decrypt the encrypted key code;
The processing unit 503 is further configured to parse the second response message to obtain the third key, and decrypt a decompilation result of the first compiled file by using the third key to obtain the key code; and precompiling the key codes to obtain a second compiling file, and replacing the first compiling file in the executable program file by the second compiling file.
In a possible implementation manner, the processing unit 503 is specifically configured to determine a storage location of the first compiled file based on a key code list; and reading the first compiling file from the storage position, and decrypting the decompilation result of the first compiling file by using the third key to obtain the key code.
It should be noted that, the implementation of each unit in this embodiment may refer to the related description in the foregoing method embodiment, and this embodiment is not described herein again.
Referring to fig. 6, the structure diagram of another code processing apparatus provided by the embodiment of the present application, where the apparatus 600 is applied to a server and can implement the functions of the remote key unit in fig. 3 or fig. 4, specifically includes:
a receiving unit 601, configured to receive a first request packet sent by a client, where the first request packet is used to request an encryption key for a key code, and the encryption key includes key information;
the processing unit 602 is configured to verify the key information, and if the verification passes, obtain a first key;
and the sending unit 603 is configured to generate a first response packet, and send the first response packet to the client, so that the client encrypts the key code by using the first key in the first response packet.
In a possible implementation manner, the processing unit 602 is specifically configured to query, according to a client identifier in the key information, a first key corresponding to the client identifier.
In a possible implementation manner, the first request message further includes a second key, and the processing unit 602 is specifically configured to encrypt the first key with the second key to obtain an encrypted first key;
the sending unit 603 is specifically configured to send a first response packet to the client, where the first response packet includes the encrypted first key.
In a possible implementation manner, the receiving unit 601 is further configured to receive a second request packet sent by the client, where the second request packet is used to request a decryption key corresponding to the encrypted key code, and the decryption key includes the key information;
The processing unit 602 is further configured to verify the key information, and if the key information passes the verification, obtain a third key, and generate a response message;
the sending unit 603 is further configured to send a second response packet to the client, so that the client decrypts the encrypted key code using the third key in the second response packet.
In one possible implementation, the key information includes one or more of a client identification, an IP address, a MAC address, and a token.
In addition, an embodiment of the present application provides an electronic device, including: a processor, a memory;
The memory is used for storing computer readable instructions or computer programs;
The processor is configured to read the computer readable instructions or the computer program, so as to cause the apparatus to implement the code processing method.
Embodiments of the present application provide a computer readable storage medium comprising instructions or a computer program which, when run on a computer, causes the computer to perform the code processing method described above.
It should be noted that, in the present description, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the system or device disclosed in the embodiments, since it corresponds to the method disclosed in the embodiments, the description is relatively simple, and the relevant points refer to the description of the method section.
It should be understood that in the present application, "at least one (item)" means one or more, and "a plurality" means two or more. "and/or" for describing the association relationship of the association object, the representation may have three relationships, for example, "a and/or B" may represent: only a, only B and both a and B are present, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b or c may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.