CN106250771A - A kind of encryption method for Android program code - Google Patents
A kind of encryption method for Android program code Download PDFInfo
- Publication number
- CN106250771A CN106250771A CN201610602134.XA CN201610602134A CN106250771A CN 106250771 A CN106250771 A CN 106250771A CN 201610602134 A CN201610602134 A CN 201610602134A CN 106250771 A CN106250771 A CN 106250771A
- Authority
- CN
- China
- Prior art keywords
- code
- aes
- client
- encrypted
- encrypted code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of encryption method for Android program code, described method includes: according to AES, key code is encrypted to generate encrypted code by server end when there being loading demand, and described encrypted code is sent to client;Described client call loads described encrypted code;Described encrypted code is deleted when described client runs complete described encrypted code.The method according to the invention, key code will not be resident locally for a long time, greatly reduces decoding personnel and obtains the probability of key code so that the safety of key code effectively improves.
Description
Technical field
The present invention relates to computer software technical field, in particular relate to a kind of encryption side for Android program code
Method.
Background technology
Along with the development of Android (Android) operating system, the range of application of android system is constantly expanded
Exhibition.Application program for android system have also been obtained expansion greatly, and increasing Android program is developed also
Put into application.Owing to Android program major part is by java written in code, and decompiling java code difficulty is the lowest.Therefore it is
The developer of protection Android application program and the legitimate rights and interests of user, need to pacify the code of Android program
Full protection.
In the prior art, conventional code security means of defence is Code obfuscation.I.e. use insignificant variable and side
Religious name makes program hard to understand, reduces the readability of program, increases and decodes difficulty.But program code depends under this approach
Mark is so had to follow, still can be with cracking programs as long as taking a certain time.
Further, prior art also uses the mode of dynamic link library, move on to move by JNI technology by key code
In state chained library, thus key code is realized encipherment protection.But, for this method, the personnel of cracking can pass through dis-assembling
Dynamic link library file (file of the entitled .so of suffix) obtains program encryption logic, thus cracks key code.
Therefore, in order to improve the protection safety degree of Android program code further, need a kind of for Android program
The encryption method of code.
Summary of the invention
In order to improve the protection safety degree of Android program code further, the invention provides a kind of for Android
The encryption method of program code, described method includes:
It is encrypted to generate encrypted code to key code according to AES by server end when there being loading demand,
And described encrypted code is sent to client;
Described client call loads described encrypted code;
Described encrypted code is deleted when described client runs complete described encrypted code.
In one embodiment, key code is encrypted to generate encrypted code by server end according to AES, its
In, described AES is corresponding with described client, must not change AES and visitor in once encryption interaction cycle
Family end.
In one embodiment, key code is encrypted to generate encrypted code by server end according to AES, its
In, use different AESs for different clients.
In one embodiment, key code is encrypted to generate encrypted code by server end according to AES, its
In, AES described in stochastic generation before every time sending described AES, each transmission all uses different AESs.
In one embodiment, AES described in stochastic generation before every time sending described AES, wherein, described clothes
Business device end produces accidental enciphering class and function signature in random insignificant mode.
In one embodiment, described client call loads described encrypted code, and wherein, described client is by reflection machine
System calls described AES.
In one embodiment, add to described in the transmission of described server when described client runs complete described encrypted code
The operation result of close code.
In one embodiment, add to described in the transmission of described server when described client runs complete described encrypted code
The operation result of close code, wherein, described operation result is encrypted and is sent out by the operation result after encryption by described client
Deliver to described server end.
In one embodiment, it is verified after described operation result when described received server-side.
In one embodiment, described AES has effective time restriction.
The method according to the invention, key code will not be resident locally for a long time, greatly reduces decoding personnel and obtains pass
The probability of key code so that the safety of key code effectively improves.
The further feature of the present invention or advantage will illustrate in the following description.Further, the present invention Partial Feature or
Advantage will be become apparent by description, or be appreciated that by implementing the present invention.The purpose of the present invention and part
Advantage can be realized by step specifically noted in description, claims and accompanying drawing or be obtained.
Accompanying drawing explanation
Accompanying drawing is for providing a further understanding of the present invention, and constitutes a part for description, with the reality of the present invention
Execute example to be provided commonly for explaining the present invention, be not intended that limitation of the present invention.In the accompanying drawings:
Fig. 1 is method flow diagram according to an embodiment of the invention;
Fig. 2 is Part Methods flow chart according to an embodiment of the invention.
Detailed description of the invention
Embodiments of the present invention are described in detail, whereby the enforcement personnel of the present invention below with reference to drawings and Examples
Can fully understand how application technology means are to solve technical problem for the present invention, and reach the process that realizes of technique effect and depend on
It is embodied as the present invention according to the above-mentioned process that realizes.If each embodiment it should be noted that do not constitute conflict, in the present invention
And each feature in each embodiment can be combined with each other, the technical scheme formed all protection scope of the present invention it
In.
Along with the development of android system, increasing Android program is developed and puts into application.Due to
Android program major part is by java written in code, and decompiling java code difficulty is the lowest.Therefore to protection Android application
The developer of program and the legitimate rights and interests of user, need the code to Android program to carry out security protection.
In the prior art, conventional code security means of defence is Code obfuscation.I.e. use insignificant variable and side
Religious name makes program hard to understand, reduces the readability of program, increases and decodes difficulty.But program code depends under this approach
Mark is so had to follow, still can be with cracking programs as long as taking a certain time.
Further, prior art also uses the mode of dynamic link library, move on to move by JNI technology by key code
In state chained library, thus key code is realized encipherment protection.But, for this method, the personnel of cracking can pass through dis-assembling
Dynamic link library file (file of the entitled .so of suffix) obtains program encryption logic, thus cracks key code.
In order to improve the protection safety degree of Android program code further, the present invention proposes a kind of for Android
The encryption method of program code.
Concrete, for the local code (hard code) of the Android end shortcoming in terms of security protection, in the present invention one
In embodiment, based on Android Dynamic loading technique, do not leave the key code of encryption in this locality, add there being key code
During (execution) demand of load:
According to AES, key code is encrypted to generate encrypted code by server end, and encrypted code is sent out
Deliver to client;
Client call loads encrypted code;
Encrypted code is deleted when client runs complete encrypted code.
In whole flow process, the storage position of encrypted code (key code of encryption) is mainly at server.Client is only
Just obtain encrypted code (key code of encryption) when needing to load key code, do not preserve pass in other moment clients
Key code.This makes the degree of safety of key code be greatly improved.Further, key code cryptographically transmits, and, add
Close algorithm be also from server end.This prevents cracker intercept and capture transmission data thus obtain the possibility of key code
Property.
Next flow process is specifically performed based on what accompanying drawing described one embodiment of the invention in detail.Shown in the flow chart of accompanying drawing
Step can perform in the computer system comprising such as one group of computer executable instructions.Although illustrating in flow charts
The logical order of each step, but in some cases, can perform with the order being different from herein shown or described by
Step.
In one embodiment, as it is shown in figure 1, sent by client when there being key code to load demand and add
Carry request (step S110);Received server-side load request (step S120);Then according to AES to client needs
The key code loaded is encrypted to generate encrypted code (step S121);Encrypted code is sent to client by server end
(step S122);Client receives encrypted code (step S132).
After client receives encrypted code, load operating (calling) encrypted code operates (step expected from performing
S140).Concrete, encrypted code is loaded in virtual machine execution by Dynamic loading technique by client.
Finally, when client runs complete encrypted code, all of encrypted code (step in client is deleted
S160).So, encrypted code would not be resident locally for a long time, greatly reduces decoding personnel and obtains the possibility of encrypted code
Property so that the safety of key code effectively improves.
Further, in step S121, server end is asked with proposing encryption for the AES of cryptography key code
Ask client corresponding, AES and client must not be changed in once encryption interaction cycle.Thus maintain whole
The AES coupling of individual encryption period, it is to avoid the key code outflow caused due to data transmission errors.
Further, in step S121, use different AESs for different clients.Avoid multiple client
End uses same AES, does not so interfere with other clients when single client data leaks, thus reduces pass
The probability that key code is decrypted.
Further, although by Dynamic loading technique, one embodiment of the invention ensure that encrypted code will not be long-time
It is present in this locality, if but decoding personnel are found that this cryptographic means, and in program is run, encrypted code is obtained (pull)
To this locality, after research, still there is the risk of decoding.For this problem, in an embodiment of the present invention, have employed at random
The method of encryption.Server end is stochastic generation AES before being encrypted key code every time, uses difference every time
AES.The logic of encryption all randomly generates i.e., every time, the client one_to_one corresponding of this AES and request.
Such that make decoding personnel intercept and capture the encipheror block of certain transmission, after can not cracking based on this encipheror block
Encrypted transmission.
Further, too much realize details to not expose in client, in an embodiment of the present invention, server end with
Random insignificant mode produces accidental enciphering class and function signature.Corresponding, reflected by java in the client
What mechanism was encrypted code calls (in step S140).
Further, decode the encrypted code of transmission to be more effectively prevented from decoding personnel, implement in the present invention one
In example, AES has effective time and limits.Such that make decoding personnel intercept and capture the encrypted code of this transmission in time,
But owing to encipheror module can not be cracked at short notice, until when encrypted code is cracked corresponding AES has been
Have passed through effect duration, the AES finally cracked still cannot be used, and this has just been finally reached the mesh of protection core information
's.
Further, in an embodiment of the present invention, after client runs complete encrypted code, also by encrypted code
Operation result information (key message of this operation) is sent to server end (step S150).Received server-side operation result
The operation (step S151) that information (key message) performs to determine next step.Concrete, in one embodiment, server end pair
Operation result information carries out verifying to determine that this operation is the most successful (step S152).
In order to ensure the safety of operation result information (key message of this operation), in one embodiment, client is first
First operation result information (key message) is encrypted (generating encryption string).Then encryption string is sent to server end (step
Rapid S150).
Further, in one embodiment, first encryption is gone here and there after the operation result information of encryption by received server-side
Verify.Owing to AES is provided with effective time, server end judges that encryption string has exceeded effective time the most, as
Fruit does not has, then encryption string deciphering is obtained operation result information (key message).
Next based on accompanying drawing, one concrete application example is described.As in figure 2 it is shown, at the beginning, first asked by client
Logic bag (dex bag) (step S210).
Received server-side, to after the request of client, generates random algorithm and also generates encryption logic bag (dex bag, key
Code) (step S220).Then server end keeps in AES, client identification (in the present embodiment, moves for the world and sets
Standby mark IMEI) and the request time (step S221) of client, and encryption logic bag (dex bag) is sent to client
(step S222).
Client dynamic load encryption logic bag (dex bag) (step S230), performs load operating by reflex mechanism;Fortune
After row, the operation result information (encryption string) of encryption is sent to server end (step S232) and deletes in client
Encryption logic bag (not this locality preserve) (step S233).
Received server-side to checking source (client identification) after the operation result information of encryption and whether time-out (from
Request time to the time loss received between the current time of encryption string whether beyond AES preset effective time
Between);If not timed out, then decipher (step S241) and return success (step S243) to client;If it times out,
Non-decrypting, return failure information (step S242) to client.
Client information based on server end judges that current operation is the most successful (step S250);If it succeeds, behaviour
Work terminates;Re-operate if it fails, then return the first step.
To sum up, the innovation of the method for the present invention is combining accidental enciphering algorithm and Android end can dynamic load
Hot code the characteristic performed.The method according to the invention, encrypted code will not be resident locally for a long time, greatly reduce decoding
Personnel obtain the probability of encrypted code so that the safety of key code effectively improves.
While it is disclosed that embodiment as above, but described content is only to facilitate understand the present invention and adopt
Embodiment, be not limited to the present invention.Method of the present invention also can have other various embodiments.Without departing substantially from
In the case of essence of the present invention, those of ordinary skill in the art are when making various corresponding change or change according to the present invention
Shape, but these change accordingly or deform the scope of the claims that all should belong to the present invention.
Claims (10)
1. the encryption method for Android program code, it is characterised in that described method includes:
According to AES, key code is encrypted to generate encrypted code by server end when there being loading demand, and will
Described encrypted code is sent to client;
Described client call loads described encrypted code;
Described encrypted code is deleted when described client runs complete described encrypted code.
Method the most according to claim 1, it is characterised in that key code is added by server end according to AES
Close to generate encrypted code, wherein, described AES is corresponding with described client, must not in once encryption interaction cycle
Change AES and client.
Method the most according to claim 2, it is characterised in that key code is added by server end according to AES
Close to generate encrypted code, wherein, use different AESs for different clients.
Method the most according to claim 2, it is characterised in that key code is added by server end according to AES
Close to generate encrypted code, wherein, before sending described AES, AES described in stochastic generation, sends all every time every time
Use different AESs.
Method the most according to claim 4, it is characterised in that before every time sending described AES described in stochastic generation
AES, wherein, described server end produces accidental enciphering class and function signature in random insignificant mode.
6. according to the method according to any one of claim 1-5, it is characterised in that described client call loads described encryption
Code, wherein, described client calls described AES by reflex mechanism.
7. according to the method according to any one of claim 1-6, it is characterised in that add described in complete when the operation of described client
Send the operation result of described encrypted code to described server during close code.
Method the most according to claim 7, it is characterised in that when described client run complete described encrypted code time to
Described server sends the operation result of described encrypted code, and wherein, described operation result is encrypted also by described client
Operation result after encryption is sent to described server end.
9. according to the method described in claim 7 or 8, it is characterised in that when described received server-side is to described operation result
Afterwards it is verified.
10. according to the method according to any one of claim 1-9, it is characterised in that described AES has effective time
Limit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610602134.XA CN106250771A (en) | 2016-07-27 | 2016-07-27 | A kind of encryption method for Android program code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610602134.XA CN106250771A (en) | 2016-07-27 | 2016-07-27 | A kind of encryption method for Android program code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106250771A true CN106250771A (en) | 2016-12-21 |
Family
ID=57604243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610602134.XA Pending CN106250771A (en) | 2016-07-27 | 2016-07-27 | A kind of encryption method for Android program code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106250771A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145533A (en) * | 2018-09-30 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | A kind of method and device using random cipher protection code |
| CN112131536A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Method for preventing Java program from being decompiled |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN104978542A (en) * | 2015-06-11 | 2015-10-14 | 福建天晴数码有限公司 | Secure data storage and data access method and system |
| CN102760219B (en) * | 2011-12-20 | 2015-12-16 | 北京安天电子设备有限公司 | A kind of Android platform software protection system, method and apparatus |
| US20160094555A1 (en) * | 2013-11-24 | 2016-03-31 | Truly Protect Oy | System and methods for executing encrypted managed programs |
| CN105471902A (en) * | 2015-12-29 | 2016-04-06 | 深圳市瑞铭无限科技有限公司 | Data encryption method and system based on issued encryption algorithm |
-
2016
- 2016-07-27 CN CN201610602134.XA patent/CN106250771A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
| CN102760219B (en) * | 2011-12-20 | 2015-12-16 | 北京安天电子设备有限公司 | A kind of Android platform software protection system, method and apparatus |
| US20160094555A1 (en) * | 2013-11-24 | 2016-03-31 | Truly Protect Oy | System and methods for executing encrypted managed programs |
| CN104978542A (en) * | 2015-06-11 | 2015-10-14 | 福建天晴数码有限公司 | Secure data storage and data access method and system |
| CN105471902A (en) * | 2015-12-29 | 2016-04-06 | 深圳市瑞铭无限科技有限公司 | Data encryption method and system based on issued encryption algorithm |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145533A (en) * | 2018-09-30 | 2019-01-04 | 武汉斗鱼网络科技有限公司 | A kind of method and device using random cipher protection code |
| CN109145533B (en) * | 2018-09-30 | 2021-11-26 | 武汉斗鱼网络科技有限公司 | Method and device for protecting code by using random password |
| CN112131536A (en) * | 2020-05-19 | 2020-12-25 | 北京天德科技有限公司 | Method for preventing Java program from being decompiled |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI672648B (en) | Business process method and device, data share system, and storage medium | |
| CN109522726B (en) | Authentication method for applet, server and computer readable storage medium | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| CN110008745B (en) | Encryption method, computer equipment and computer storage medium | |
| CN110311787B (en) | Authorization management method, system, device and computer readable storage medium | |
| CN105812366B (en) | Server, anti-crawler system and anti-crawler verification method | |
| US10311240B1 (en) | Remote storage security | |
| CN106372497B (en) | Application programming interface API protection method and protection device | |
| US11855985B2 (en) | Protected user information verification system | |
| CN104199657A (en) | Call method and device for open platform | |
| CN107103214A (en) | A kind of application program anti-debug method and device applied to android system | |
| CN111585995A (en) | Method and device for transmitting and processing safety wind control information, computer equipment and storage medium | |
| CN106250771A (en) | A kind of encryption method for Android program code | |
| EP2888689B1 (en) | Data verification | |
| CN116455572B (en) | Data encryption method, device and equipment | |
| WO2021027504A1 (en) | Consensus protocol-based information processing method, and related device | |
| CN117009931A (en) | Watermarking and watermarking application methods, devices, equipment and storage medium | |
| CN115941279A (en) | Encryption and decryption method, system and equipment for user identification in data | |
| CN111125734B (en) | Data processing method and system | |
| CN115099767A (en) | Method, equipment and storage medium for carrying out project approval based on block chain | |
| CN108809651B (en) | Key pair management method and terminal | |
| CN108712657B (en) | Barrage verification method, computer equipment and storage medium | |
| CN109347867A (en) | A kind of safety certifying method and system based on http protocol | |
| US9390280B2 (en) | System and method for obtaining keys to access protected information | |
| US8880906B2 (en) | Storing encrypted contents in digital archives |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161221 |