[go: up one dir, main page]

CN119150325A - Encryption method and device for codes, storage medium and program product - Google Patents

Encryption method and device for codes, storage medium and program product Download PDF

Info

Publication number
CN119150325A
CN119150325A CN202411375185.4A CN202411375185A CN119150325A CN 119150325 A CN119150325 A CN 119150325A CN 202411375185 A CN202411375185 A CN 202411375185A CN 119150325 A CN119150325 A CN 119150325A
Authority
CN
China
Prior art keywords
code
encrypted
encryption
character stream
package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202411375185.4A
Other languages
Chinese (zh)
Inventor
李航
张在贵
王帅阳
关锋
李桂森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Jinan data Technology Co ltd
Original Assignee
Inspur Jinan data Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Jinan data Technology Co ltd filed Critical Inspur Jinan data Technology Co ltd
Priority to CN202411375185.4A priority Critical patent/CN119150325A/en
Publication of CN119150325A publication Critical patent/CN119150325A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Technology Law (AREA)
  • Multimedia (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a code encryption method and device, a storage medium and a program product, and relates to the field of computers, wherein the code encryption method comprises the steps of packaging codes to be encrypted to obtain a first code packet; the method comprises the steps of compiling and generating an encryption packet based on an encryption function, calling the encryption packet to encrypt the character stream to be encrypted through the encryption function under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, and generating an encrypted second code packet.

Description

Encryption method and device for codes, storage medium and program product
Technical Field
Embodiments of the present application relate to the field of computers, and in particular, to a method and apparatus for encrypting a code, a storage medium, and a program product.
Background
Source code protection refers to encrypting, obfuscating, or otherwise protecting code by various technical means to prevent the code from reverse engineering, theft, or disclosure. With the increasing popularity of software piracy and technology competition, the importance of source code protection is increasing.
For cross-platform languages (such as java), there are many methods and means for decompiling code files on the market, but server products are often not expected to be able to view the code source code developed on the server at will by clients or peers as delivery type products, so that the developed code needs to be encrypted and protected.
The existing encryption method is mainly a code confusion mode, and the code is hard to understand by renaming classes, methods, fields and the like, but the function of the byte code is not changed. The disadvantage is that the code can still be decompiled and the logical function of the source code can still be understood through careful investigation. The above approach therefore does not allow an efficient way of encrypting the code to protect it.
Therefore, the prior art has the technical problem that the encryption effect of the codes is poor.
Disclosure of Invention
The embodiment of the application provides a code encryption method and device, a storage medium and a program product, which are used for at least solving the technical problem of poor code encryption effect in the related technology.
According to one embodiment of the application, a code encryption method is provided, and the method comprises the steps of packaging codes to be encrypted to obtain a first code packet, compiling and generating an encryption packet based on an encryption function, and calling the encryption packet to encrypt the character stream to be encrypted through the encryption function under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, so that an encrypted second code packet is generated.
As an alternative scheme, before the encryption package is called to encrypt the character stream through the encryption function to generate an encrypted second code package, the method further comprises the steps of reading all character streams corresponding to the first code package, determining the character stream meeting expected encryption conditions from all the character streams according to code paths where codes to be encrypted are located, and determining the character stream meeting expected encryption conditions as the character stream to be encrypted, wherein the expected encryption conditions are used for indicating that code paths where codes associated with the character streams are located are expected code paths.
The method comprises the steps of obtaining an encryption password associated with an encryption function, performing exclusive OR operation on the character stream to be encrypted by using the encryption password to obtain an encrypted character stream, and compiling the encrypted character stream to generate the second code packet.
The method comprises the steps of selecting the length of an encryption password as a group, carrying out exclusive OR operation on each bit of characters of the character stream to be encrypted, generating each bit of encrypted characters corresponding to each bit of characters of the character stream to be encrypted, and determining the encrypted character stream based on each bit of encrypted characters.
As an alternative, the method further comprises deploying the encryption package in a proxy library in an application, wherein the application is used for encrypting the code to be encrypted.
As an alternative scheme, before the codes to be encrypted are packaged to obtain a first code package, the method further comprises the steps of obtaining java codes to be encrypted, wherein the java codes to be encrypted are used for development of delivery server codes, determining the java codes to be encrypted as the codes to be encrypted, and encoding the encryption function by using a C language before compiling the encryption function to generate the encryption package.
According to another embodiment of the application, a code encryption device is provided, which comprises a packing unit, a compiling unit and an encryption unit, wherein the packing unit is used for packing codes to be encrypted to obtain a first code packet, the compiling unit is used for compiling and generating an encryption packet based on an encryption function, and the encryption unit is used for calling the encryption packet to encrypt the character stream to be encrypted through the encryption function under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, so that an encrypted second code packet is generated.
The device further comprises a reading module, a first determining module and a second determining module, wherein the reading module is used for reading all character streams corresponding to the first code packet before the encrypted second code packet is generated by the encryption function to encrypt the character streams by calling the encryption packet, the first determining module is used for determining character streams meeting expected encryption conditions from all character streams according to code paths where codes to be encrypted are located before the encrypted second code packet is generated by calling the encryption packet to encrypt the character streams by the encryption function, and determining the character streams meeting the expected encryption conditions as the character streams to be encrypted, wherein the expected encryption conditions are used for indicating that code paths where codes associated with the character streams are located are expected code paths.
The encryption unit comprises a first acquisition module, an exclusive-or module and a compiling module, wherein the first acquisition module is used for acquiring an encryption password associated with the encryption function, the exclusive-or module is used for carrying out exclusive-or operation on the character stream to be encrypted by using the encryption password to obtain an encrypted character stream, and the compiling module is used for compiling the encrypted character stream to generate the second code packet.
The exclusive-or module comprises an exclusive-or sub-module and a determining sub-module, wherein the exclusive-or sub-module is used for exclusive-or operation with each bit of characters of the character stream to be encrypted by taking the length of the encryption password as a group, and generates each bit of encrypted characters corresponding to each bit of characters of the character stream to be encrypted, and the determining sub-module is used for determining the encrypted character stream based on each bit of encrypted characters.
As an alternative, the device further comprises a deployment module, configured to deploy the encryption package in a proxy library in an application program after compiling and generating the encryption package based on the encryption function, where the application program is used for encrypting the code to be encrypted.
The device further comprises a second acquisition module, a second determination module and an encoding module, wherein the second acquisition module is used for acquiring java codes to be encrypted before the codes to be encrypted are packaged to obtain a first code package, the java codes to be encrypted are used for delivering server code development, the second determination module is used for determining jaya codes to be encrypted as the codes to be encrypted before the codes to be encrypted are packaged to obtain the first code package, and the encoding module is used for encoding the encryption function by using a C language before the encryption function is compiled to generate the encryption package.
According to a further embodiment of the application, there is also provided a computer readable storage medium having stored therein a computer program, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
According to a further embodiment of the application there is also provided an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
According to yet another embodiment of the present application, there is also provided a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method described in the various embodiments of the application.
According to the embodiment of the application, a first code packet is obtained by packing the code to be encrypted, an encryption packet is generated by compiling based on an encryption function, and the encryption packet is called under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, so that the character stream to be encrypted is encrypted through the encryption function, and an encrypted second code packet is generated, thereby achieving the aim of avoiding decompilation and reading of the code, realizing the technical effect of improving the encryption quality of the code, and solving the technical problem of poor encryption effect of the code.
Drawings
Fig. 1 is a block diagram of a hardware structure of an encryption method of a code according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of encrypting code according to an embodiment of the application;
FIG. 3 is a schematic diagram of a method of encrypting a code according to an embodiment of the present application;
FIG. 4 is a schematic diagram of a method of encrypting a code according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a method of encrypting a code according to an embodiment of the present application;
fig. 6 is a block diagram of an encryption apparatus of a code according to an embodiment of the present application.
Detailed Description
Embodiments of the present application will be described in detail below with reference to the accompanying drawings in conjunction with the embodiments.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
The method embodiments provided in the embodiments of the present application may be executed in a computer terminal or similar computing device. Taking a computer terminal as an example, fig. 1 is a block diagram of a hardware structure of a computer terminal of a code encryption method according to an embodiment of the present application. As shown in fig. 1, the computer terminal may include one or more (only one is shown in fig. 1) processors 102 (the processor 102 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA) and a memory 104 for storing data, wherein the computer terminal may further include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those skilled in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the computer terminal described above. For example, the computer terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program of application software and a module, such as a computer program corresponding to a method for determining a mapping relationship in an embodiment of the present application, and the processor 102 executes the computer program stored in the memory 104 to perform various functional applications and data processing, that is, implement the above-mentioned method. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory remotely located relative to the processor 102, which may be connected to the computer terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. The specific example of the network described above may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission device 106 includes a network adapter (Network Interface Controller, simply referred to as a NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
As an alternative, the encryption method of the code comprises the following specific steps:
s202, packaging codes to be encrypted to obtain a first code packet;
S204, compiling and generating an encryption packet based on the encryption function;
S206, calling the encryption packet to encrypt the character stream to be encrypted through the encryption function under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, and generating an encrypted second code packet.
Alternatively, in this embodiment, the encryption method of the code may be, but not limited to, applied to a java source code protection scenario. Java source code protection refers to encrypting, obfuscating or otherwise protecting Java code by various technical means to prevent the code from reverse engineering, theft or leakage. With the increasing popularity of software piracy and technology competition, the importance of source code protection is increasing. As java is a cross-platform language, a plurality of methods and means for decompiling the cIass file of java exist on the market, but a server product is used as a delivery type product, customers or peers do not want to be able to check java source codes developed on the server at will, so that the developed codes need to be encrypted and protected, and a proper decryption means is needed in the running process to ensure that the program can run smoothly.
Optionally, the encryption method mainly comprises the following steps:
The tool used can be ProGuard, zelixKlassMaster, etc., and the method is that the confusion technology makes the code difficult to understand by renaming classes, methods and fields, etc., but the function of the byte code is not changed. This is one of the most common and effective ways of protection, and has the disadvantage that the code can still be decompiled, and the logical function of the source code can still be understood through careful study.
The packaging and packing mode can reduce the risk of directly accessing the source code to a certain extent by packing the code into a Jar or War file. But still can be decompiled for reading by tools.
The dynamic code loading mode is used for hiding codes, dynamically loading the codes from a server during code execution, and reducing the locally stored code quantity, but copying jar packets when the codes are loaded, so as to decompil the codes. The code cannot be protected in an efficient manner of encryption.
Based on the above problems, the present embodiment provides a code encryption method, which can solve the problem that the java item code is decompiled and read by a client or a peer in the delivering server product. By using the method, the java code can be greatly protected from leakage.
Alternatively, in the present embodiment, the code to be encrypted may be, but not limited to, a delivery server code, and may be, but not limited to, a java code.
Optionally, in this embodiment, the code to be encrypted is packaged to obtain the first code packet. It will be appreciated that the code to be decrypted is packaged as a jar packet or a war packet.
If the code is not required to be encrypted, the code is directly operated, and only a classpath is required to be specified, java-jar is used, a classpath environment variable is followed by jar or war packet paths, and a main function name is used for operating java items.
Alternatively, in the present embodiment, the encryption package is generated based on the encryption function, and compiled. It should be noted that the encryption function may be, but is not limited to, a function written in C language, for exclusive-or-operating the input character stream with respect to its position. Setting an encryption password, performing exclusive OR operation on the character stream by taking the length of the password as a group and each bit of the password, and generating a new character stream output.
Optionally, in this embodiment, the obtaining the character stream to be encrypted corresponding to the first code packet may, but is not limited to, include first reading all the character streams corresponding to the first code packet, and determining, from the all the character streams to be encrypted that need to be encrypted according to the code path.
Optionally, in this embodiment, when the character stream to be encrypted corresponding to the first code packet is obtained, the encryption packet is called, so that the character stream to be encrypted is encrypted by the encryption function, and an encrypted second code packet is generated.
Further by way of example, taking a java code as an example, compiling a java code to generate a jar or war package, calling an encryption package by using a JNI technology to read the content of the encryption package, encrypting a character stream in the jar package or war package generated by compiling by an encryption algorithm, and generating a new jar package, wherein the jar package cannot view the content of the source code by a decompilation means.
According to the embodiment of the application, a first code packet is obtained by packing the code to be encrypted, an encryption packet is generated by compiling based on an encryption function, and the encryption packet is called under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, so that the character stream to be encrypted is encrypted through the encryption function, and an encrypted second code packet is generated, thereby achieving the aim of avoiding decompilation and reading of the code and further achieving the technical effect of improving the encryption quality of the code.
As an alternative, before the invoking the encryption packet to encrypt the character stream by the encryption function to generate the encrypted second code packet, the method further includes:
reading all character streams corresponding to the first code packet;
And determining a character stream meeting expected encryption conditions from all the character streams according to the code path of the code to be encrypted, and determining the character stream meeting the expected encryption conditions as the character stream to be encrypted, wherein the expected encryption conditions are used for indicating that the code path of the code associated with the character stream is an expected code path.
Optionally, in this embodiment, the manner of reading the character stream may include, but is not limited to, opening a code package file by using a file operation function provided by a programming language, obtaining a file handle, reading the content of the code package file line by line or character by using the reading function through the file handle, processing the read character stream, such as printing to a console, storing in a variable, and the like, closing the file by using the file operation function after the reading is completed, and releasing resources.
It should be noted that the specific implementation may vary according to the programming language and the file format used, and an appropriate reading method may be selected according to the specific situation, which is not limited in this embodiment.
Optionally, in this embodiment, the code path where the code associated with the character stream is located is first determined, only the character stream portion conforming to the matching path is determined as the code to be encrypted, then encrypted later, and the corresponding second code packet is determined in combination with the unencrypted character stream.
Optionally, in this embodiment, the expected encryption condition is used to indicate that, in addition to the code path where the code associated with the character stream is located is the expected code path, but not limited to, indicating that the access frequency of the code associated with the character stream is greater than the preset frequency threshold, so as to achieve the purpose of encrypting only the important codes with higher access frequency in all the character streams.
Optionally, in this embodiment, the expected encryption condition may also, but not limited to, indicate that the external API call belongs, so as to achieve the purpose of encrypting the code of the external API call with emphasis, so as to protect the API key from being revealed.
Optionally, in this embodiment, the expected encryption condition may also, but is not limited to, indicate that the expected version is met, so as to achieve the purpose of encrypting the code of the specific version, so as to improve flexibility and controllability of code encryption.
Optionally, in this embodiment, the expected encryption condition may also, but is not limited to, indicate that the abnormal behavior is met, so as to encrypt the abnormal code that meets the abnormal behavior, so as to avoid exposing the hidden defect of the program after the part of the abnormal code is leaked.
Optionally, in this embodiment, the expected encryption condition may also, but is not limited to, indicating that the key word or the key field is carried, so as to achieve a batch encryption operation on the code with the key word or the key field, thereby achieving the flexibility and efficiency of code encryption.
It should be noted that the above-described expected encryption conditions may be used alone or in combination to provide more comprehensive security protection and efficiency improvement. The present embodiment is not particularly limited to the order of use and the number of combinations when a plurality of expected encryption conditions are used in combination.
By the embodiment of the application, the code path where the code associated with the character stream is located is judged, and only the character stream part conforming to the matching path is determined as the code to be encrypted, so that the aim of lambda liveness control of code encryption is achieved, and the technical effects of improving the flexibility and efficiency of code encryption are realized.
As an optional solution, encrypting the character stream to be encrypted to generate an encrypted second code packet, including:
acquiring an encryption password associated with the encryption function;
Performing exclusive or operation on the character stream to be encrypted by using the encryption password to obtain an encrypted character stream;
compiling the encrypted character stream to generate the second code packet.
Alternatively, in the present embodiment, an exclusive-or (XOR) operation is one of algorithms commonly used in encryption and decryption. In the exclusive-or encryption, data is encrypted by exclusive-or operation of a data bit with a key bit, and then decrypted by the same operation.
Optionally, in this embodiment, an encryption password associated with the encryption function is predefined for performing an exclusive-or operation with the data. The encryption function performs exclusive-or operation on the input character stream and the key to generate an encrypted character stream.
It should be noted that the decryption function is similar to the encryption function, since the exclusive-or operation is reversible, the same key and the same exclusive-or operation can be used to restore the data.
According to the embodiment of the application, the character stream to be encrypted is subjected to exclusive OR operation through the encryption password associated with the encryption function, so that the character stream is encrypted, and the encrypted code packet is generated by compiling based on the encryption password, thereby achieving the aim of effectively encrypting the code, and further realizing the technical effect of improving the encryption quality of the code.
As an alternative, the performing an exclusive-or operation on the character stream to be encrypted by using the encryption password to obtain an encrypted character stream, including:
Performing exclusive OR operation on the length of the encryption password serving as a group and each bit of character of the character stream to be encrypted to generate each bit of encrypted character corresponding to each bit of character of the character stream to be encrypted;
And determining the encrypted character stream based on the encrypted characters of each bit.
Optionally, in this embodiment, the length of the encryption password is taken as a group, and an exclusive-or operation is performed on each bit of character of the character stream to be encrypted, so as to generate each bit of encrypted character corresponding to each bit of character of the character stream to be encrypted.
By way of further illustration, an alternative schematic diagram of the encryption of characters by an exclusive or operation is shown in fig. 3, wherein an original stream (i.e. an original character stream) is subjected to an exclusive or operation of an encryption cipher to obtain an encrypted stream (i.e. an encrypted character stream). It should be noted that, an alternative schematic diagram of implementing character decryption by an exclusive or operation is shown in fig. 4, where an encrypted stream (i.e., an encrypted character stream) is subjected to an exclusive or operation of a decryption password (the same encryption password) to obtain an original stream (i.e., an original character stream).
According to the embodiment of the application, the character stream to be encrypted is subjected to exclusive OR operation through the encryption password associated with the encryption function, so that the character stream is encrypted, and the encrypted code packet is generated by compiling based on the encryption password, thereby achieving the aim of effectively encrypting the code, and further realizing the technical effect of improving the encryption quality of the code.
As an alternative, after compiling and generating the encrypted packet based on the encryption function, the method further includes:
and deploying the encryption package in a proxy library in an application program, wherein the application program is used for encrypting the code to be encrypted.
Alternatively, in this embodiment, taking the code Java code as an example, a Java Virtual Machine (JVM) proxy library, which is specified by the proxy library for the developer, may be loaded at the time of JVM startup, for performing tasks such as performance monitoring, memory analysis, and the like. Proxy libraries are used for advanced purposes such as debugging, performance analysis, etc., providing a capability to modify JVM behavior at runtime.
It can be understood that the encryption package is deployed in the proxy library in the application program, and when the application program is started, the quick and efficient encryption of the code is realized by loading and calling the encryption package from the proxy library.
As an alternative, before the code to be encrypted is packaged to obtain the first code packet, the method further includes:
Obtaining a java code to be encrypted, wherein the java code to be encrypted is used for delivering server code development;
Determining the java code to be encrypted as the code to be encrypted;
before compiling the generated encryption package based on the encryption function, the method further comprises:
the encryption function is encoded using the C language.
Optionally, in this embodiment, taking a java code as an example, before obtaining the first code packet, obtaining a java code to be encrypted, where the java code to be encrypted is used for development of a delivery server code, and determining the java code to be encrypted as the code to be encrypted.
Optionally, in this embodiment, the encryption function is encoded using the C language before compiling to generate the encrypted packet.
It should be noted that java is a cross-platform language, while C is a non-cross-platform language, and it is very difficult to decrypt it. Therefore, the encryption function based on the C language codes encrypts the character stream of the java language, so that the encrypted code packet is difficult to crack, and the technical effect of improving the encryption quality of the code is achieved.
As an alternative scheme, the code encryption method is applied to the loading and decryption scene of the java code. Under the scene, after the development of the java project is completed, the codes are packaged into a jar package or a war package, if the java project is not encrypted and operated, a classpath is only required to be designated, and the java-jar is used followed by a classpath environment variable, and the jar or the war package path and the main function name are used for operating the java project.
If encryption is performed, an encryption function is written by using a c language, a decryption function is generated by compiling, the encryption and decryption of the libc package are respectively performed by compiling, the c language is a non-cross-platform language, so that great difficulty is brought to decryption of the libc package, the jar or war package generated by compiling the java code is called by using a JNI technology, the jar package content is read by using the encryption technology, after the character stream in the jar package is encrypted by an encryption algorithm, a new jar package is generated, at the moment, the jar package cannot view the content of the source code by a decompilation means, when the jar package is loaded by jvm, the decryption operation is carried out on the jar package code conforming to the rule by loading the decryption operation of the decrypy/so, and the jar package code is loaded into a memory for operation.
Optionally, in this scenario, an encryption and decryption algorithm function is written by using a c language, an exclusive-or operation is mainly performed on an input character stream by using an encryption algorithm for the position of the input character stream, an encryption password can be set, the character stream uses the length of the password as a group and performs an exclusive-or operation on each bit of the password to generate a new character stream output, a java function is responsible for reading a jar packet as the character stream in the encryption process, encrypting or completely encrypting a key part code according to the option, and regenerating the jar packet from the encryption stream returned by the c language by calling an encryption function from the jni to the c language.
By way of further illustration, a java code encryption relationship flow chart is shown in fig. 5, and includes reading a packed jar packet as a string, judging whether encryption is required according to a code path, if so, encrypting the corresponding string by group or, and returning the string to generate an encrypted jar packet.
The main flow of the decryption function is to exclusive-or the read character stream according to the same cipher stream as the encryption function, return the character stream, and input the character stream into jvm memories.
Optionally, in this scenario, agentlib in the Java-jar-agent is for loading a specific library in the Java application to perform a specific task or to provide additional functionality with respect to the way the program is started.
In Java, the-agentIib option allows the developer to specify a Java Virtual Machine (JVM) proxy library that can be loaded at the JVM start-up for performing certain tasks, such as performance monitoring, memory analysis, etc. Proxy libraries are commonly used for advanced purposes such as debugging, performance analysis, etc., which provide a capability to modify JVM behavior at runtime. Designating agentlib as a decrypt.so package deployed on a server can enable a decryption function to be loaded first when a program is started, and in the process of loading jar packages, a path can be judged first, and only a character stream part conforming to a matching path can pass through the decryption function. The schematic diagrams of the encryption and decryption function recovery meta-character stream are shown in fig. 3 and 4, the left side of the diagram is a one-bit character encryption and recovery flow, and the right side is a character stream encryption and recovery process principle with the length of 8.
In this scenario, based on the above code encryption method, firstly, encryption is performed on the jar packet generated by compiling to generate an encrypted packet, specifically, the jar packet is read as a character stream by using java code reading, the character stream is encrypted by using an encrypt.so packet of a JNI call libc, the encrypted character stream is generated into an encrypted packet, and the encrypted jar packet and the decrypted packet decrypt.so packet are put into a server. And secondly, in the process of program operation, firstly loading a decryption packet decrypt. So when jvm is loaded, carrying out decryption operation on the character stream according to a matching principle, and then loading the decrypted character stream into a memory for normal operation of the program.
It can be understood that the java language developed project is used on the delivery server product, the jar package of the project is encrypted, and the jar package is decrypted by jvm when the java language developed project is used, so that the program can run normally. The method comprises the steps of carrying out encryption operation on a jar packet generated by compiling to generate an encryption packet, specifically using java code reading to read the jar packet as a character stream, using a JNI to call an encrypt.so packet of libc to encrypt the character stream, generating the encryption packet from the encrypted character stream, and placing the encryption jar packet and the decryption packet encrypt.so packet into a server. And secondly, in the process of program operation, firstly loading a decryption packet decrypt. So when jvm is loaded, carrying out decryption operation on the character stream according to a matching principle, and then loading the decrypted character stream into a memory for normal operation of the program.
By the embodiment provided by the application, firstly, the integrity and confidentiality of the code are protected, and malicious attackers are prevented from acquiring code logic and key information through decompilation and other means. For example, in the J ava application, the encrypted code may avoid that the transaction algorithm and user data processing logic are easily stolen, reducing fraud risk. The possibility of exploiting security vulnerabilities due to code leakage is reduced. Even if an attacker obtains a partial code fragment, it is difficult to understand and utilize the entire code hierarchy due to the presence of encryption.
Secondly, the malicious code plagiarism of competitors can be effectively prevented, the development result of the competitors is protected from being stolen, and the developer is encouraged to put more effort into innovation and research.
Third, malicious code injection and tampering can be prevented to some extent. Under the condition of complex network environment, system breakdown and abnormality caused by external malicious code modification can be reduced. For example, in enterprise-level server applications, the encrypted code can ensure stable operation of the server and prevent service interruption caused by tampering of the code. The method is beneficial to establishing a reliable software running environment, enhancing the trust degree of users on a software system and improving the market public praise and user satisfaction of the software.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
The embodiment also provides a code encryption device, which is used for implementing the foregoing embodiments and preferred embodiments, and is not described in detail. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 6 is a block diagram of an encryption apparatus of a code according to an embodiment of the present application, as shown in fig. 6, the apparatus including:
the packaging unit is used for packaging the codes to be encrypted to obtain a first code packet;
the compiling unit is used for compiling and generating an encryption packet based on the encryption function;
And the encryption unit is used for calling the encryption packet under the condition that the character stream to be encrypted corresponding to the first code packet is acquired, so as to encrypt the character stream to be encrypted through the encryption function and generate an encrypted second code packet.
Alternatively, in this embodiment, the encryption method of the code may be, but not limited to, applied to a java source code protection scenario. Java source code protection refers to encrypting, obfuscating or otherwise protecting Java code by various technical means to prevent the code from reverse engineering, theft or leakage. With the increasing popularity of software piracy and technology competition, the importance of source code protection is increasing. As java is a cross-platform language, a plurality of methods and means for decompiling the cIass file of java exist on the market, but a server product is used as a delivery type product, customers or peers do not want to be able to check java source codes developed on the server at will, so that the developed codes need to be encrypted and protected, and a proper decryption means is needed in the running process to ensure that the program can run smoothly.
Optionally, the encryption method mainly comprises the following steps:
The tool used can be ProGuard, zelixKlassMaster, etc., and the method is that the confusion technology makes the code difficult to understand by renaming classes, methods and fields, etc., but the function of the byte code is not changed. This is one of the most common and effective ways of protection, and has the disadvantage that the code can still be decompiled, and the logical function of the source code can still be understood through careful study.
The packaging and packing mode can reduce the risk of directly accessing the source code to a certain extent by packing the code into a J a r or Wa r file. But still can be decompiled for reading by tools.
The dynamic code loading mode is used for hiding codes, dynamically loading the codes from a server during code execution, and reducing the locally stored code quantity, but copying the jar package when the codes are loaded, so as to decompil the codes. The code cannot be protected in an efficient manner of encryption.
Based on the above problems, the present embodiment provides a code encryption method, which can solve the problem that the java item code is decompiled and read by a client or a peer in the delivering server product. By using this method, the j ava code can be largely protected from leakage.
Alternatively, in the present embodiment, the code to be encrypted may be, but not limited to, a delivery server code, and may be, but not limited to, a java code.
Optionally, in this embodiment, the code to be encrypted is packaged to obtain the first code packet. It will be appreciated that the code to be decrypted is packaged as a jar packet or a war packet.
If the code is not required to be encrypted, the code is directly operated, and only a classpath is required to be specified, java-jar is used, a classpath environment variable is followed by jar or war packet paths, and a main function name is used for operating java items.
Alternatively, in the present embodiment, the encryption package is generated based on the encryption function, and compiled. It should be noted that the encryption function may be, but is not limited to, a function written in C language, for exclusive-or-operating the input character stream with respect to its position. Setting an encryption password, performing exclusive OR operation on the character stream by taking the length of the password as a group and each bit of the password, and generating a new character stream output.
Optionally, in this embodiment, the obtaining the character stream to be encrypted corresponding to the first code packet may, but is not limited to, include first reading all the character streams corresponding to the first code packet, and determining, from the all the character streams to be encrypted that need to be encrypted according to the code path.
Optionally, in this embodiment, when the character stream to be encrypted corresponding to the first code packet is obtained, the encryption packet is called, so that the character stream to be encrypted is encrypted by the encryption function, and an encrypted second code packet is generated.
Further, taking a java code as an example, compiling a java code to generate a jar or war package, calling an encryption package by using a JNI technology to read the content of the encryption package, encrypting a character stream in the jar package or war package generated by compiling by an encryption algorithm, and generating a new jar package, wherein the jar package cannot view the content of the source code by a decompilation method.
According to the embodiment of the application, a first code packet is obtained by packing the code to be encrypted, an encryption packet is generated by compiling based on an encryption function, and the encryption packet is called under the condition that the character stream to be encrypted corresponding to the first code packet is obtained, so that the character stream to be encrypted is encrypted through the encryption function, and an encrypted second code packet is generated, thereby achieving the aim of avoiding decompilation and reading of the code and further achieving the technical effect of improving the encryption quality of the code.
As an alternative, the apparatus further comprises:
the reading module is used for reading all character streams corresponding to the first code packet before the encrypted second code packet is generated by calling the encrypted packet to encrypt the character streams through the encryption function;
and the first determining module is used for determining the character stream meeting the expected encryption condition from all the character streams according to the code path where the codes to be encrypted are located before the encryption packet is called to encrypt the character stream through the encryption function to generate an encrypted second code packet, and determining the character stream meeting the expected encryption condition as the character stream to be encrypted, wherein the expected encryption condition is used for indicating that the code path where the codes associated with the character stream are located is the expected code path.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
As an alternative, the encryption unit includes:
The first acquisition module is used for acquiring the encryption passwords associated with the encryption functions;
The exclusive-or module is used for carrying out exclusive-or operation on the character stream to be encrypted by using the encryption password to obtain an encrypted character stream;
and the compiling module is used for compiling the encrypted character stream to generate the second code packet.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
As an alternative, the exclusive-or module includes:
The exclusive-or sub-module is used for carrying out exclusive-or operation on each bit of characters of the character stream to be encrypted by taking the length of the encryption password as a group, and generating each bit of encrypted characters corresponding to each bit of characters of the character stream to be encrypted;
And the determining submodule is used for determining the encrypted character stream based on the encrypted characters of each bit.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
As an alternative, the apparatus further comprises:
the deployment module is used for deploying the encryption package in a proxy library in an application program after the encryption package is generated based on the encryption function, wherein the application program is used for encrypting the code to be encrypted.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
As an alternative, the apparatus further comprises:
the second acquisition module is used for acquiring the java code to be encrypted before the code to be encrypted is packaged to obtain a first code package, wherein the java code to be encrypted is used for delivering server code development;
the second determining module is used for determining the java code to be encrypted as the code to be encrypted before the code to be encrypted is packaged to obtain a first code package;
the apparatus further comprises:
And the encoding module is used for encoding the encryption function by using the C language before compiling and generating the encryption packet based on the encryption function.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
From the description of the above embodiments, it will be clear to a person skilled in the art that the method according to the above embodiments may be implemented by means of software plus the necessary general hardware platform, but of course also by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present application.
It should be noted that each of the above modules may be implemented by software or hardware, and the latter may be implemented by, but not limited to, the above modules all being located in the same processor, or each of the above modules being located in different processors in any combination.
Embodiments of the present application also provide a computer readable storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the method embodiments described above when run.
In an exemplary embodiment, the computer readable storage medium may include, but is not limited to, a U disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, etc. various media in which a computer program may be stored.
An embodiment of the application also provides an electronic device comprising a memory having stored therein a computer program and a processor arranged to run the computer program to perform the steps of any of the method embodiments described above.
In an exemplary embodiment, the electronic device may further include a transmission device connected to the processor, and an input/output device connected to the processor.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program product which, when executed by a processor, implements the steps of the method described in the various embodiments of the application.
Specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the exemplary implementation, and this embodiment is not described herein.
It will be appreciated by those skilled in the art that the modules or steps of the application described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, they may be implemented in program code executable by computing devices, so that they may be stored in a storage device for execution by computing devices, and in some cases, the steps shown or described may be performed in a different order than that shown or described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps of them may be fabricated into a single integrated circuit module. Thus, the present application is not limited to any specific combination of hardware and software.
The above description is only of the preferred embodiments of the present application and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the principle of the present application should be included in the protection scope of the present application.

Claims (10)

1.一种代码的加密方法,其特征在于,包括:1. A code encryption method, characterized by comprising: 对待加密的代码进行打包,得到第一代码包;Packing the code to be encrypted to obtain a first code package; 基于加密函数,编译生成加密包;Based on the encryption function, compile and generate the encryption package; 在获取到所述第一代码包对应的待加密字符流的情况下,调用所述加密包,以通过所述加密函数,对所述待加密字符流进行加密,生成加密后的第二代码包。When the character stream to be encrypted corresponding to the first code package is obtained, the encryption package is called to encrypt the character stream to be encrypted through the encryption function to generate an encrypted second code package. 2.根据权利要求1所述的方法,其特征在于,在所述调用所述加密包,以通过所述加密函数,对所述字符流进行加密,生成加密后的第二代码包之前,所述方法还包括:2. The method according to claim 1, characterized in that before calling the encryption package to encrypt the character stream through the encryption function to generate an encrypted second code package, the method further comprises: 读取所述第一代码包对应的全部字符流;Read all character streams corresponding to the first code package; 根据所述待加密的代码所处的代码路径,从所述全部字符流中确定出符合预期加密条件的字符流,并将所述符合预期加密条件的字符流确定为所述待加密字符流,其中,所述预期加密条件用于指示字符流关联的代码所处的代码路径为预期代码路径。According to the code path where the code to be encrypted is located, a character stream that meets the expected encryption conditions is determined from all the character streams, and the character stream that meets the expected encryption conditions is determined as the character stream to be encrypted, wherein the expected encryption condition is used to indicate that the code path where the code associated with the character stream is located is the expected code path. 3.根据权利要求1所述的方法,其特征在于,所述对所述待加密字符流进行加密,生成加密后的第二代码包,包括:3. The method according to claim 1, wherein encrypting the character stream to be encrypted to generate an encrypted second code packet comprises: 获取所述加密函数关联的加密密码;Obtaining an encryption password associated with the encryption function; 使用所述加密密码对所述待加密字符流进行异或操作,得到加密后的字符流;Using the encryption password to perform an XOR operation on the character stream to be encrypted to obtain an encrypted character stream; 对所述加密后的字符流进行编译,生成所述第二代码包。The encrypted character stream is compiled to generate the second code package. 4.根据权利要求3所述的方法,其特征在于,所述使用所述加密密码对所述待加密字符流进行异或操作,得到加密后的字符流,包括:4. The method according to claim 3, characterized in that the step of using the encryption password to perform an XOR operation on the character stream to be encrypted to obtain an encrypted character stream comprises: 以所述加密密码的长度为一组,和所述待加密字符流的每一位字符进行异或操作,生成所述待加密字符流的每一位字符对应的每一位加密后字符;Taking the length of the encryption password as a group, performing an XOR operation with each character of the character stream to be encrypted, generating each encrypted character corresponding to each character of the character stream to be encrypted; 基于所述每一位加密后字符,确定所述加密后的字符流。Based on each encrypted character, the encrypted character stream is determined. 5.根据权利要求1至4任一项所述的方法,其特征在于,在所述基于加密函数,编译生成加密包之后,所述方法还包括:5. The method according to any one of claims 1 to 4, characterized in that after compiling and generating the encryption package based on the encryption function, the method further comprises: 将所述加密包部署在应用程序中的代理库,其中,所述应用程序用于加密所述待加密的代码。The encryption package is deployed in a proxy library in an application program, wherein the application program is used to encrypt the code to be encrypted. 6.根据权利要求1至4任一项所述的方法,其特征在于,6. The method according to any one of claims 1 to 4, characterized in that: 在所述对待加密的代码进行打包,得到第一代码包之前,所述方法还包括:Before packaging the code to be encrypted to obtain the first code package, the method further includes: 获取待加密的java代码,其中,所述待加密的java代码用于交付型服务器代码开发;Obtaining a Java code to be encrypted, wherein the Java code to be encrypted is used for delivery server code development; 将所述待加密的java代码确定为所述待加密的代码;Determine the java code to be encrypted as the code to be encrypted; 在所述基于加密函数,编译生成加密包之前,所述方法还包括:Before compiling and generating an encryption package based on the encryption function, the method further includes: 使用C语言,编码所述加密函数。Use C language to encode the encryption function. 7.一种代码的加密装置,其特征在于,包括:7. A code encryption device, characterized in that it comprises: 打包单元,用于对待加密的代码进行打包,得到第一代码包;A packaging unit, used for packaging the code to be encrypted to obtain a first code package; 编译单元,用于基于加密函数,编译生成加密包;A compilation unit, used to compile and generate an encryption package based on the encryption function; 加密单元,用于在获取到所述第一代码包对应的待加密字符流的情况下,调用所述加密包,以通过所述加密函数,对所述待加密字符流进行加密,生成加密后的第二代码包。The encryption unit is used to call the encryption package when the character stream to be encrypted corresponding to the first code package is obtained, so as to encrypt the character stream to be encrypted through the encryption function and generate an encrypted second code package. 8.一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机程序,其中,所述计算机程序被处理器执行时实现所述权利要求1至6中任一项所述的方法的步骤。8. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, wherein the computer program implements the steps of the method according to any one of claims 1 to 6 when executed by a processor. 9.一种电子设备,包括存储器、处理器以及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现所述权利要求1至6中任一项所述的方法的步骤。9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method described in any one of claims 1 to 6 when executing the computer program. 10.一种计算机程序产品,包括计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述方法的步骤。10. A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 6 are implemented.
CN202411375185.4A 2024-09-29 2024-09-29 Encryption method and device for codes, storage medium and program product Pending CN119150325A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202411375185.4A CN119150325A (en) 2024-09-29 2024-09-29 Encryption method and device for codes, storage medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202411375185.4A CN119150325A (en) 2024-09-29 2024-09-29 Encryption method and device for codes, storage medium and program product

Publications (1)

Publication Number Publication Date
CN119150325A true CN119150325A (en) 2024-12-17

Family

ID=93809386

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202411375185.4A Pending CN119150325A (en) 2024-09-29 2024-09-29 Encryption method and device for codes, storage medium and program product

Country Status (1)

Country Link
CN (1) CN119150325A (en)

Similar Documents

Publication Publication Date Title
EP3387813B1 (en) Mobile device having trusted execution environment
CN107977553B (en) Method and device for security hardening of mobile application
CN101908119B (en) Method and device for processing dynamic link library (DLL) file
CN104321782B (en) The safety execution of web applications
US9135434B2 (en) System and method for third party creation of applications for mobile appliances
US7549147B2 (en) Security framework for protecting rights in computer software
CN105683990B (en) Method and apparatus for protecting dynamic base
CN109784007B (en) Byte code encryption method, byte code decryption method and terminal
US20160203087A1 (en) Method for providing security for common intermediate language-based program
CN102576391A (en) Software license embedded in shell code
Piao et al. Server‐based code obfuscation scheme for APK tamper detection
CN110826031B (en) Encryption method, device, computer equipment and storage medium
CN111159658B (en) Byte code processing method, system, device, computer equipment and storage medium
CN104298932A (en) Method and device for calling SO file
CN111191195A (en) Method and device for protecting APK
CN107273723A (en) A kind of Android platform applied software protection method based on so file shell addings
CN107430650A (en) Computer program is protected to resist reverse-engineering
CN109784072B (en) Security file management method and system
CN107220528A (en) The protection of java applet and operation method, device and terminal
CN114329357A (en) Method and device for protecting code security
CN112597453A (en) Program code encryption and decryption method and device
CN119150325A (en) Encryption method and device for codes, storage medium and program product
CN107403103B (en) File decryption method and device
KR101907846B1 (en) Apparatus, method for encryption using dependency integrity check of androids and other similar systems
Kumbhar et al. Hybrid Encryption for Securing SharedPreferences of Android Applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination