CN107871065B - Method and device for protecting dex file in Dalvik mode - Google Patents
Method and device for protecting dex file in Dalvik mode Download PDFInfo
- Publication number
- CN107871065B CN107871065B CN201610856412.4A CN201610856412A CN107871065B CN 107871065 B CN107871065 B CN 107871065B CN 201610856412 A CN201610856412 A CN 201610856412A CN 107871065 B CN107871065 B CN 107871065B
- Authority
- CN
- China
- Prior art keywords
- file
- data
- dexcode
- class
- dex
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000013500 data storage Methods 0.000 claims description 32
- 230000004224 protection Effects 0.000 claims description 24
- 238000012545 processing Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 12
- 238000007781 pre-processing Methods 0.000 claims description 7
- 230000006870 function Effects 0.000 abstract description 9
- 230000003068 static effect Effects 0.000 description 20
- 238000005516 engineering process Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for protecting a dex file in a Dalvik mode. Since the DexCode data is replaced, an attacker needs to restore the DexCode by actively traversing the loading class to obtain correct DexCode data, but since the useless class is inserted into the original smal file, once the useless class is loaded, the program exits, and therefore the attacker cannot actively traverse the loading class by the way to restore the DexCode. The method and the device realize the function of preventing the dex file in the memory from being transferred to the local, and improve the safety of Android application. The invention also discloses a device for dex files in the Dalvik mode.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method and a device for protecting a dex file in a Dalvik mode.
Background
Since 11 months of 2007, the Android system has become one of the hottest mobile development platforms, the number of application software is rapidly increased, and meanwhile, the application protection technology under the platform is rapidly developed. The application running environment under the Android platform is divided into a Dalvik mode and an ART mode, and although Google has directly deleted the Dalvik mode from the Android L, from the application protection perspective, the application is compatible with the Dalvik mode for a long time in the future, so the protection of the application under the Dalvik mode is also very important.
At present, application protection under an Android platform mainly focuses on protection of dex files, SO files and resource files. The dex file is an executable file type under an Android platform and is composed of a series of data structures, for example, a stringDataOff field in a DexStringId structure is an offset pointing to character string data, and a codeoff field in a DexMethod structure is an offset pointing to DexCode data. The DexCode contains an actual instruction, and because the dex file is a byte code file compiled by java language and is easy to be decompiled, the protection of the dex file is always an important subject of application protection research of an Android platform.
Chinese patent application CN201410064826.4 discloses a method for protecting a dex file, which disassembles the dex file to obtain an intermediate file, i.e., a smali file, then hides an instruction to be protected in the smali file, and assembles the instruction to obtain a protected dex file, so that the content of the protected dex file becomes difficult to identify. However, when the application is running, the hidden instructions will be restored, and it is still easy to dump the dex file to the local.
In addition, although many dex protections extract the dex files from the original dex files at present, the real dex files are restored only when the classes are loaded, an attacker traverses all the classes in the dex files in the memory to try to actively load and repair the dex files, and finally the dex files in the memory can be transferred to the local.
Disclosure of Invention
The invention aims to provide a method and a device for protecting a dex file in a Dalvik mode, which can prevent the dex file in a memory from being transferred to the local so as to improve the safety of Android application.
In order to achieve the above object, the present invention discloses a method for protecting dex files in Dalvik mode, which mainly comprises the following steps:
performing decompiling processing on a dex file to be protected to obtain a smali file;
adding a code for loading an SO file in the smali file;
inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file;
compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process;
replacing all DexCode data in the protected dex file with padding data;
and adding a generated SO file in the application, and when the system loads the class of the protected dex file and the SO file judges that the currently loaded class is the useless class, exiting the application.
Further, after all DexCode data in the protected dex file are replaced by filling data, identifying each DexCode data respectively;
storing all identified DexCode data into a first data storage file;
when the application runs, the generated SO file maps the first data storage file into a memory;
and the system loads the class of the protected dex file, and the SO file restores the DexCode data in the protected dex file if the SO file judges that the currently loaded class is not the useless class.
Further, replacing character string data in the protected dex file with a padding character string after obtaining the protected dex file, and storing the original character string data in a second data storage file;
when the application runs, the generated SO file maps a second data storage file into a memory;
and the system analyzes the dex file, and the SO file modifies the StringDataOff values in all DexStringId structures in the current dex file into the offset value of the corresponding character string data relative to the starting address of the dex file in the memory.
In order to achieve the above object, the present invention discloses a dex file protection device in a Dalvik mode, wherein the dex file protection device comprises a preprocessing module, a data processing module, and a determining module, wherein:
the preprocessing module is used for performing decompiling processing on a dex file to be protected to obtain a smali file;
the data processing module is used for adding codes for loading SO files in the smali files; inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file; compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process; replacing all DexCode data in the protected dex file with padding data; adding a generated SO file in the application;
and the judging module is used for quitting the application when the SO file judges that the currently loaded class is the useless class when the system loads the class of the protected dex file.
Furthermore, the data processing module is further configured to respectively identify each block of DexCode data after all the DexCode data in the protected dex file is replaced with padding data; storing all identified DexCode data into a first data storage file; when the application runs, the generated SO file maps the first data storage file into a memory;
the judging module is also used for restoring DexCode data in the protected dex file when the system loads the class of the protected dex file and the SO file judges that the currently loaded class is not the useless class.
Further, the data processing module is further configured to replace character string data in the protected dex file with a padding character string, store the original character string data in a second data storage file, and map the second data storage file into the memory by the generated SO file when the application runs; the dex file protection device also comprises a restoration module which is used for restoring the character string data in the protected dex file.
Compared with the prior art, the invention has the beneficial effects that: the method inserts at least one useless class into the smali file, compiles the smali file containing the useless classes to obtain a protected dex file, and then replaces all DexCode data in the protected dex file with filling data. Since the DexCode data is replaced, an attacker needs to restore the DexCode by actively traversing the loading class to obtain correct DexCode data, but since the useless class is inserted into the original smal file, once the useless class is loaded, the program exits, and therefore the attacker cannot actively traverse the loading class by the way to restore the DexCode. The method and the device realize the function of preventing the dex file in the memory from being transferred to the local, and improve the safety of Android application.
Drawings
FIG. 1 is a flow chart of a dex file protection method based on Dalvik mode in some embodiments of the invention.
FIG. 2 is a schematic structural diagram of a dex file protection device based on Dalvik model in other embodiments of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.
Although the steps in the present invention are arranged by using reference numbers, the order of the steps is not limited, and the relative order of the steps can be adjusted unless the order of the steps is explicitly stated or other steps are required for the execution of a certain step.
As shown in fig. 1, the present invention discloses a method for protecting dex file in Dalvik mode, which in some embodiments comprises the following steps:
and S01, performing decompiling processing on the dex file to be protected to obtain a smali file.
The dex file is decompiled into a smali file by means of decompilation tools, such as bakmali. jar, jeb, etc.
S02: and adding code for loading the SO file in the smali file.
Specifically, S021: find if there is a class that inherits the Application.
And traversing the smali file obtained in the step S01 to find whether the class inherits the Application. If so, go to step S022, and if not, go to step S023.
S022: it is looked up whether a static initialization code block exists.
And searching whether a static initial code block exists in a class inherited to Application or not, judging whether the static initial code block exists or not, if so, turning to a step S024, and otherwise, turning to the step S023.
S023: a class that inherits the Application is created.
Adding a class inheriting the Application to the smali file, wherein the added code format is as follows:
.class public Lcom/antiy/protect/StubApplication;
.super Landroid/app/Application;
.source"StubApplication.java"
s024: a static initialization code block is added.
Adding a static initialization code block to a class inheriting Application, the added code format being as follows:
.method static constructor<clinit>()V
.locals 1
.end method
s025: and adding code for loading the SO file into the static initialization code block.
Adding codes for loading SO files into the static code blocks, wherein the added codes are in the following format:
static{
const-string v0, "dexprotector"// Note, dexprotector is the SO filename
invoke-static{v0},Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
}
S03: and inserting useless classes into the smali file.
And inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file. An example of adding a class of useless classes named "Lcom/anti/protect/SickClass" is as follows:
.class public Lcom/antiy/protect/SickClass;
.super Ljava/lang/Object;
.source"SickClass.java"
to avoid skipping directly when a garbage class is more static an attacker may jump through the loaded class, the garbage class is preferably randomly generated, bypassing the program exit mechanism.
S04: and compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process.
Jar tool is used for compiling the modified smali file back into a dex file.
S05: all the DexCode data in the protected dex file is replaced with padding data.
For example, when the ins part of the original DexCode data is filled with 0, it can be understood that after the original DexCode data is filled, the checksum and signature values written into the dex file need to be recalculated.
S06: and respectively identifying each DexCode data block.
Preferably, for implementation convenience, each piece of DexCode data is parsed to obtain a class name and a method name to which the DexCode data belongs, and the DexCode data is identified by the class name and the method name.
S07: and saving all identified DexCode data to a first data storage file.
S08: and adding a generated SO file in the application, and when the application runs, mapping the first data storage file into a memory by the generated SO file.
The generated SO file is written by Android NDK, and as can be understood, the file name of the generated SO file is consistent with the file name added to the code for loading the SO file in step S02.
S09: the system loads the class of the protected dex file, the SO file judges whether the currently loaded class is the useless class, and if SO, the application is quitted; otherwise, the DexCode data is restored in the protected dex file.
By means of a hooking technology under an Android platform, a class loading intermediate function of an Android system is hooked, namely a class loading intermediate function Dalvik _ system _ DexFile _ defieClassNative of an SO file hook, whether the currently loaded class is the useless class or not is judged, and if yes, the application is directly quitted.
Since the DexCode data is replaced by the filling data, an attacker needs to restore the DexCode by actively traversing the loading class to obtain correct DexCode data, but since the useless class is inserted into the original smal file, once the useless class is loaded, the program exits, and therefore the attacker cannot actively traverse the loading class by the way to restore the DexCode.
If the currently loaded class is not the useless class, restoring the DexCode data is required to be completed, namely, the address of the corresponding DexCode data in the first data storage file is found according to the identification, such as the name of the currently loaded class and the method name contained in the class, and then the codeoff value in the DexMethod structure in the currently loaded class is modified to be equal to the offset value of the corresponding DexCode data relative to the starting address of the dex file in the memory.
In some embodiments, in order to further improve the security of the Android application, in S07, the DexCode data may be encrypted according to a preset encryption algorithm, such as an existing RC4 algorithm or a custom algorithm, and then stored in the first data storage file. In S08, when the application runs, the generated SO file maps the first data storage file into the memory, and then needs to decrypt the encrypted DexCode data accordingly.
In other embodiments, preferably, in order to further improve the security of the Android application and increase the difficulty of an attacker for unloading the dex file in the memory to the local, in the case that all the DexCode data in the protected dex file is replaced with padding data, the padding string may also be used to replace the string data in the protected dex file, and the original string data is stored in a second data storage file. In S08, when the application runs, the generated SO file maps the second data storage file into the memory, the hooking system parses a dex file function dexFileParse, and modifies stringDataOff values in all the DexStringId structures in the current dex file to an offset value of corresponding string data relative to a dex file start address in the memory, SO as to restore the string data in the protected dex file.
The invention also discloses a protection device for dex files in Dalvik mode, as shown in FIG. 2, the protection device comprises a preprocessing module 10, a data processing module 20, and a judging module 30, specifically:
the preprocessing module 10 is configured to decompile the dex file to be protected into a smali file by using a decompiling tool, such as bakamali. jar, jeb, and the like.
The data processing module 20 comprises the following functions:
(1) and adding code for loading the SO file in the smali file.
Adding code for loading the SO file includes the steps of:
s' 01: find if there is a class that inherits the Application.
And traversing the smali file from the preprocessing module 10 to find whether the class inherits the Application. If so, go to step S '02, and if not, go to step S' 03.
S' 02: it is looked up whether a static initialization code block exists.
And searching whether a static initial code block exists in a class inherited to Application or not, judging whether the static initial code block exists or not, if so, turning to the step S '04, and if not, turning to the step S' 03.
S' 03: a class that inherits the Application is created.
Adding a class inheriting the Application to the smali file, wherein the added code format is as follows:
.class public Lcom/antiy/protect/StubApplication;
.super Landroid/app/Application;
.source"StubApplication.java"
s' 04: a static initialization code block is added.
Adding a static initialization code block to a class inheriting Application, the added code format being as follows:
.method static constructor<clinit>()V
.locals 1
.end method
s' 05: and adding code for loading the SO file into the static initialization code block.
Adding codes for loading SO files into the static code blocks, wherein the added codes are in the following format:
static{
const-string v0, "dexprotector"// Note, dexprotector is the SO filename
invoke-static{v0},Ljava/lang/System;->loadLibrary(Ljava/lang/String;)V
}
(2) The method and the device are used for inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file.
An example of adding a class of useless classes named "Lcom/anti/protect/SickClass" is as follows:
.class public Lcom/antiy/protect/SickClass;
.super Ljava/lang/Object;
.source"SickClass.java"
to avoid skipping directly when a garbage class is more static an attacker may jump through the loaded class, the garbage class is preferably randomly generated, bypassing the program exit mechanism.
(3) And the method is used for compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process.
Jar tool is used for compiling the modified smali file back into a dex file.
(4) For replacing the padding data for all the DexCode data in the protected dex file.
For example, when the ins part of the original DexCode data is filled with 0, it can be understood that after the original DexCode data is filled, the checksum and signature values written into the dex file need to be recalculated.
(5) For respectively identifying each piece of DexCode data.
Preferably, for implementation convenience, each piece of DexCode data is parsed to obtain a class name and a method name to which the DexCode data belongs, and the DexCode data is identified by the class name and the method name.
(6) For saving all identified DexCode data to a first data storage file.
(7) The method comprises the steps of adding a generated SO file in an application, and mapping the first data storage file into a memory by the generated SO file when the application runs.
The generated SO file is written by Android NDK, and as can be understood, the file name of the generated SO file is consistent with the file name added to the code for loading the SO file in step S02.
The judging module 30 is configured to, when the system loads the class of the protected dex file, judge, by the SO file, whether the currently loaded class is the useless class, and if SO, quit the application; otherwise, the DexCode data is restored in the protected dex file.
By means of a hooking technology under an Android platform, a dex file analysis function and a class loading function of an Android system, namely an SO file hook class loading function Dalvik _ system _ DexFile _ defineConsative, are hooked, whether a currently loaded class is the useless class or not is judged, and if yes, the application is directly quitted.
Since the DexCode data is replaced by the filling data, an attacker needs to restore the DexCode by actively traversing the loading class to obtain correct DexCode data, but since the useless class is inserted into the original smal file, once the useless class is loaded, the program exits, and therefore the attacker cannot actively traverse the loading class by the way to restore the DexCode.
If the currently loaded class is not the useless class, the determining module 30 needs to complete the restoration of the DexCode data, that is, find the address of the corresponding DexCode data in the first data storage file according to the identifier, such as the name of the currently loaded class and the method name included in the class, and then modify the codeoff value in the DexMethod structure in the currently loaded class to make the value equal to the offset value of the corresponding DexCode data relative to the start address of the dex file in the memory.
In some embodiments, in order to further improve the security of the Android application, the data processing module 20 may further encrypt the DexCode data according to a preset encryption algorithm, such as an existing RC4 algorithm or a custom algorithm, and then store the encrypted DexCode data in the first data storage file. When the application runs, after the generated SO file maps the first data storage file into the memory, the determining module 30 is further configured to perform corresponding decryption on the encrypted DexCode data.
In other embodiments, preferably, in order to further improve the security of the Android application and increase the difficulty of an attacker for unloading the dex file in the memory to the local, in the case that all the DexCode data in the protected dex file is replaced with padding data, the data processing module 20 may further replace the character string data in the protected dex file with the padding character string, and store the original character string data in a second data storage file. And when the application runs, the generated SO file maps the second data storage file into the memory. The dex file protection device further comprises a restoring module, which is used for restoring the character string data in the protected dex file, namely the system parses the dex file, and the SO file modifies the stringDataOff values in all DexStringId structures in the current dex file into the offset value of the corresponding character string data relative to the starting address of the dex file in the memory.
While the foregoing specification illustrates and describes several embodiments of the invention, it is to be understood, as noted above, that the invention is not limited to the forms disclosed herein, but is not intended to be exhaustive of other embodiments, and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as described herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (14)
1. A method for protecting dex files in Dalvik mode is characterized in that the method comprises the following steps:
performing decompiling processing on a dex file to be protected to obtain a smali file;
adding a code for loading an SO file in the smali file;
inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file;
compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process;
replacing all DexCode data in the protected dex file with padding data;
and adding a generated SO file in the application, and when the system loads the class of the protected dex file and the SO file judges that the currently loaded class is the useless class, exiting the application.
2. The method of protecting a dex file according to claim 1, wherein each block of DexCode data is identified after replacing all the DexCode data in the protected dex file with padding data;
storing all identified DexCode data into a first data storage file;
when the application runs, the generated SO file maps the first data storage file into a memory;
and the system loads the class of the protected dex file, and the SO file restores the DexCode data in the protected dex file if the SO file judges that the currently loaded class is not the useless class.
3. The method for protecting a dex file according to claim 1, wherein the character string data in the protected dex file is replaced by a padding character string after the protected dex file is obtained, and the original character string data is saved in a second data storage file;
when the application runs, the generated SO file maps a second data storage file into a memory;
and the system analyzes the dex file, and the SO file modifies the StringDataOff values in all DexStringId structures in the current dex file into the offset value of the corresponding character string data relative to the starting address of the dex file in the memory.
4. The method of claim 2, wherein the original DexCode data is encrypted according to a preset rule when being saved to a first data storage file, and when the application runs, the generated SO file maps all local DexCode data into a memory and decrypts.
5. The method of protecting a dex file according to claim 2, wherein the method of separately identifying each block of DexCode data comprises the steps of: analyzing each DexCode data respectively to obtain a class name and a method name of the DexCode data; and respectively identifying each piece of DexCode data by using a class name and a method name.
6. The method of protecting a dex file according to claim 1 or the apparatus for protecting a dex file according to claim 4, wherein said garbage classes are randomly generated.
7. The method for protecting a dex file according to claim 2 or the device for protecting a dex file according to claim 4, wherein the method for restoring DexCode data in the protected dex file is to modify the codeoff value in all the DexMethod structures in the class to be the offset value of the corresponding DexCode data relative to the starting address of the dex file in the memory.
8. A dex file protection device under Dalvik mode is characterized in that the dex file protection device comprises a preprocessing module, a data processing module and a judging module, wherein:
the preprocessing module is used for performing decompiling processing on a dex file to be protected to obtain a smali file;
the data processing module is used for adding codes for loading SO files in the smali files; inserting at least one useless class into the smali file, wherein the useless class is not coincident with the class which already exists in the smali file; compiling the smali file containing the useless classes to obtain a protected dex file, wherein the compiling process corresponds to the decompiling process; replacing all DexCode data in the protected dex file with padding data; adding a generated SO file in the application;
and the judging module is used for quitting the application when the SO file judges that the currently loaded class is the useless class when the system loads the class of the protected dex file.
9. The apparatus for protecting a dex file according to claim 8, wherein the data processing module is further configured to identify each piece of DexCode data after replacing all the DexCode data in the protected dex file with padding data; storing all identified DexCode data into a first data storage file; when the application runs, the generated SO file maps the first data storage file into a memory;
the judging module is also used for restoring DexCode data in the protected dex file when the system loads the class of the protected dex file and the SO file judges that the currently loaded class is not the useless class.
10. The dex file protection device of claim 8, wherein the data processing module is further configured to replace string data in the protected dex file with padding strings, and store the original string data in a second data storage file, and when the application runs, the generated SO file maps the second data storage file into the memory; the dex file protection device also comprises a restoration module which is used for restoring the character string data in the protected dex file.
11. The dex file protection device of claim 9, wherein the data processing module is specifically configured to encrypt original DexCode data according to a preset rule when storing the data in a first data storage file, and when the application runs, the generated SO file maps all local DexCode data into a memory and decrypts the local DexCode data.
12. The dex file protection device of claim 9, wherein the data processing module is configured to identify each piece of DexCode data by specifically adopting the following method: analyzing each DexCode data respectively to obtain a class name and a method name of the DexCode data; and respectively identifying each piece of DexCode data by using a class name and a method name.
13. The dex file protection apparatus of claim 8, wherein the garbage classes are randomly generated.
14. The dex file protection device of claim 9, wherein the determining module is specifically configured to restore the DexCode data in the protected dex file by using the following method: and modifying codeoff values in all DexMethod structures in the class into offset values of corresponding DexCode data relative to the starting address of a dex file in the memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610856412.4A CN107871065B (en) | 2016-09-27 | 2016-09-27 | Method and device for protecting dex file in Dalvik mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610856412.4A CN107871065B (en) | 2016-09-27 | 2016-09-27 | Method and device for protecting dex file in Dalvik mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107871065A CN107871065A (en) | 2018-04-03 |
| CN107871065B true CN107871065B (en) | 2019-12-20 |
Family
ID=61752401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610856412.4A Active CN107871065B (en) | 2016-09-27 | 2016-09-27 | Method and device for protecting dex file in Dalvik mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107871065B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108681457B (en) * | 2018-05-11 | 2020-09-01 | 西北大学 | Android application program protection method based on code sinking and residual code interpretation |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
| CN104866734A (en) * | 2014-02-25 | 2015-08-26 | 北京娜迦信息科技发展有限公司 | DEX (Dalvik VM executes) file protecting method and device |
| CN105930745A (en) * | 2016-04-25 | 2016-09-07 | 北京珊瑚灵御科技有限公司 | Android platform-based character string reinforcement method |
| CN105956425A (en) * | 2016-04-28 | 2016-09-21 | 西北大学 | Android application protection method based on smali code obfuscation |
-
2016
- 2016-09-27 CN CN201610856412.4A patent/CN107871065B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102760219A (en) * | 2011-12-20 | 2012-10-31 | 北京安天电子设备有限公司 | Android platform software protecting system, method and equipment |
| CN104866734A (en) * | 2014-02-25 | 2015-08-26 | 北京娜迦信息科技发展有限公司 | DEX (Dalvik VM executes) file protecting method and device |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104392181A (en) * | 2014-11-18 | 2015-03-04 | 北京奇虎科技有限公司 | SO file protection method and device and android installation package reinforcement method and system |
| CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
| CN105930745A (en) * | 2016-04-25 | 2016-09-07 | 北京珊瑚灵御科技有限公司 | Android platform-based character string reinforcement method |
| CN105956425A (en) * | 2016-04-28 | 2016-09-21 | 西北大学 | Android application protection method based on smali code obfuscation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107871065A (en) | 2018-04-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101471589B1 (en) | Method for Providing Security for Common Intermediate Language Program | |
| CN106778103B (en) | Reinforcement method, system and decryption method for preventing reverse cracking of android application program | |
| CN104239757B (en) | Application program reversing-preventing method and device and operation method and terminal | |
| KR101518420B1 (en) | Apparatus and method for managing apk file in a android platform | |
| US20160275019A1 (en) | Method and apparatus for protecting dynamic libraries | |
| US20150095653A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
| CN105426708A (en) | Reinforcing method of application program of Android system | |
| WO2016078130A1 (en) | Dynamic loading method for preventing reverse of apk file | |
| WO2015058620A1 (en) | Method and apparatus for generating installation package corresponding to an application and executing application | |
| CN107273723B (en) | So file shell adding-based Android platform application software protection method | |
| WO2015192637A1 (en) | Method and apparatus for reinforced protection of software installation package | |
| CN108229112A (en) | A kind of operation method and device for protecting application program, application program | |
| US20180181729A1 (en) | Protecting a computer program against reverse engineering | |
| KR101695639B1 (en) | Method and system for providing application security service based on cloud | |
| CN107291485B (en) | Dynamic link library reinforcing method, operation method, reinforcing device and safety system | |
| CN107103214B (en) | Application program anti-debugging method and device applied to Android system | |
| CN110502874B (en) | Android App reinforcement method based on file self-modification | |
| CN107871065B (en) | Method and device for protecting dex file in Dalvik mode | |
| CN109992974B (en) | Method and device for protecting byte code file of virtual machine and readable storage medium | |
| KR101863325B1 (en) | Method and apparatus for preventing reverse engineering | |
| CN111382447A (en) | Installation package encryption method, storage medium and computer equipment | |
| CN110135131B (en) | Encryption method of application program, storage medium and terminal equipment | |
| CN110046496B (en) | Software development method, system, block chain link point equipment and storage medium | |
| CN111522555B (en) | apk file reinforcement method, decryption method and related devices | |
| CN110309655B (en) | Method and device for detecting safety in APP updating process |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 430000 Hubei city Wuhan East Lake New Technology Development Zone 8 Huacheng Road 8 Wuhan software new town industry three phase C20 building Patentee after: Wuhan Antian Information Technology Co., Ltd. Address before: 430000 software industry, No. 1 East Road, software park, East Lake New Technology Development Zone, Hubei, Wuhan 4-1, B4 building, room 12, floor 01 Patentee before: Wuhan Antian Information Technology Co., Ltd. |