CN108199827B - Client code integrity checking method, storage medium, electronic device and system - Google Patents
Client code integrity checking method, storage medium, electronic device and system Download PDFInfo
- Publication number
- CN108199827B CN108199827B CN201810017880.1A CN201810017880A CN108199827B CN 108199827 B CN108199827 B CN 108199827B CN 201810017880 A CN201810017880 A CN 201810017880A CN 108199827 B CN108199827 B CN 108199827B
- Authority
- CN
- China
- Prior art keywords
- client
- hash value
- server
- disk
- content
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 65
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 7
- 230000010354 integration Effects 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 abstract description 17
- 238000001514 detection method Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 20
- 230000008439 repair process Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 239000012634 fragment Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a storage medium, electronic equipment and a system for verifying the integrity of a client code, and relates to the technical field of man-machine identification, wherein the method comprises the steps of integrating a plurality of sets of hash algorithms in a client; when a client is started, randomly using one or more sets of hash algorithms to calculate a hash value for the content of each component stored in a disk at the client; and uploading the hash value obtained by calculation to a server to judge the correctness of the hash value, if the hash value is wrong, ending the operation of the client, if the hash value is correct, judging whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk, if the content is inconsistent, ending the operation of the client, and if the content is consistent, continuing to operate the client. The invention can realize effective detection whether the client code is modified.
Description
Technical Field
The invention relates to the technical field of man-machine identification, in particular to a method, a storage medium, electronic equipment and a system for verifying integrity of a client code.
Background
The client software is released to the user computer, and is installed and used on the user computer, and the user computer has all the components and resource files of the client software. When the client software runs, the required executable file and the required components are loaded into the memory to be executed, and the code of the executable file and the components is specifically executed in the memory.
However, an illegal person such as a hacker may modify the code executed in the memory of the client by some means, so as to complete some illegal functions, for example, the client software may have some limit functions based on security considerations, and for the limit functions, the client may correspondingly have some judgment codes for judging whether the current function can be used, however, the hacker may modify the judgment codes of the client, so that the client may use the limit functions, and particularly for the game client, the hacker may modify the amount of coins in the game, so as to implement a "plug-in" function of unlimited coins. Therefore, when the client executes, it is important to detect whether the code running in the memory of the client is modified.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a method for verifying the integrity of a client code, which can effectively detect whether the client code is modified.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
integrating a plurality of sets of hash algorithms in a client;
when a client is started, randomly using one or more sets of hash algorithms to calculate a hash value for the content of each component stored in a disk at the client;
uploading the hash value obtained by calculation to a server to judge the correctness of the hash value, if the hash value is wrong, ending the operation of the client, and if the hash value is correct, ending the operation of the client
And judging whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk, if not, ending the operation of the client, and if so, continuing to operate the client.
On the basis of the technical proposal, the device comprises a shell,
calculating the content of each component stored in the disk of the client by using a hash algorithm integrated in the client to obtain a hash value, encrypting the calculated hash value and sending the encrypted hash value to the client;
the server receives the hash value sent by the client and judges the correctness after decrypting the hash value;
and the server stores a hash value obtained by calculating each component stored in the disk by using a plurality of sets of hash algorithms integrated by the client.
On the basis of the technical scheme, after the client is started and connected with the server, the client and the server both generate a public key and a private key by using an asymmetric algorithm, meanwhile, the generated public key is exchanged between the client and the server, the client and the server generate a secret key by using the newly obtained public key and the original private key, and the secret keys generated by the client and the server are the same.
On the basis of the technical scheme, the client encrypts a hash value sent to the server by using the generated key and combining an AES encryption algorithm;
the server decrypts the encrypted hash value using the generated key in combination with the AES encryption algorithm.
On the basis of the technical proposal, the device comprises a shell,
loading all components stored in a disk at a client into a memory, and calculating a hash value by using a hash algorithm;
and comparing whether the content of the component loaded into the memory when the client runs is consistent with the content of the component stored in the disk, and loading all the components stored in the disk of the client into the memory again.
The invention also provides a storage medium having stored thereon a computer program which, when executed by a processor, implements the method described above.
The invention also provides an electronic device, which comprises a memory and a processor, wherein the memory stores a computer program running on the processor, and the processor executes the computer program to realize the method.
The invention also provides a system for verifying the integrity of the code of the client, which comprises the following components:
the integration module is used for integrating a plurality of sets of hash algorithms in the client;
the computing module is used for randomly using one or more sets of hash algorithms to compute a hash value for the content of each component stored in the disk by the client when the client is started;
and the judging module is used for uploading the calculated hash value to the server to judge the correctness of the hash value, if the hash value is wrong, the operation of the client is ended, if the hash value is correct, whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk is judged, if the content of the component is inconsistent, the operation of the client is ended, and if the content of the component is consistent, the client is continuously operated.
On the basis of the technical scheme, a hash algorithm integrated in the client is used for calculating the content of each component stored in the disk of the client to obtain a hash value, and the calculated hash value is encrypted and then sent to the client; and the server receives the hash value sent by the client and judges the correctness after decrypting the hash value.
On the basis of the technical scheme, the server stores a hash value obtained by calculating each component stored in the disk by using a plurality of sets of hash algorithms integrated by the client.
Compared with the prior art, the invention has the advantages that: the method comprises the steps that multiple sets of hash algorithms are integrated in a client, when the client is started, one or more sets of hash algorithms are randomly used for calculating a hash value of the content of a component, stored in a disk, of the client, and sending the calculated hash value to a server for judging correctness, if the hash value is correct, whether the content of the component, loaded into a memory when the client runs, is consistent with the content, stored in the disk, of the component is judged, and the integrity of a client code is effectively judged by adopting a 2-time verification mode.
Drawings
FIG. 1 is a flow chart of a method for verifying integrity of a client code according to the present invention;
fig. 2 is a schematic structural diagram of an electronic device according to the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
Referring to fig. 1, an embodiment of the present invention provides a method for verifying integrity of a client code, including:
s1: and integrating a plurality of sets of hash algorithms in the client. The hash algorithm is a common computer algorithm. In the subsequent process, hash value calculation is performed on all components of the client, the calculation result is reported to the server for correctness judgment, and then some hackers can fill some random data in the modified file, so that collision is finally generated, and the calculated hash value of the file modified by the hackers is the same as the hash value of the file not modified, so that in order to prevent the file from being circumvented by the hackers, a plurality of sets of hash algorithms are integrated in the client, and the method specifically comprises the following steps: the hash algorithm of MD5 (message digest algorithm), the hash algorithm of HMAC (hashed message authentication code), RSHASH algorithm, JSHASH algorithm, and APHASH algorithm are all open source public, so they are easy to integrate into the client.
S2: when the client is started, one or more sets of hash algorithms are randomly used for calculating the hash value of the content of each component stored in the disk of the client. That is, for each component, one or more sets of hash algorithms integrated in the client are randomly used to calculate the hash value of the content of the component, and since the specific algorithm operation needs to be performed in the memory, in the actual operation process, the hash value calculation is performed by using the hash algorithm after all components stored in the disk of the client are loaded into the memory, and the specific implementation includes:
s201: storing a component list in the client, wherein the component list comprises each component stored in the disk by the client, and the component list can be obtained by traversing the installation directory of the client after the client is started.
S202: and the client reads the files of all the components in the disk into the memory. The embodiment of the invention reads the file by using a system function fopen and a function fread.
FILE*pFile=fopen("xx.dll","rb");
Dll is the name of the opened file, rb indicates that the file is opened in a binary mode, and the return value is the handle pFile of the file; followed by
fseek(pFile,0,SEEK_END);
Namely, a fseek function is called to move a reading pointer of the file to the tail part of the file; followed by
Long Size=ftell(pFile);
Calling a system function ftell to obtain the Size of the file; followed by
har*buffer=(char*)malloc(Size);
Calling a system function malloc to allocate a section of memory, wherein the allocated size is the size of a file; followed by
fread(buffer,1,Size,pFile)
Calling a system function fread to read the content of the whole file into a distributed memory; followed by
fclose(pFile)
Namely calling a system function fclose to close the file handle;
so far, all the components of the client in the memory are loaded into the memory.
S203: and calculating the hash value by randomly using one or more sets of hash algorithms for each component in turn. For example, the hash value is calculated using the hash algorithm of MD5
HashresultMd5=MD5.Create(buffer,Size);
That is, the MD5 result is calculated by calling the interface Create of the MD5 function to calculate the content of the read file, where the parameter buff is the memory of the read file, and the parameter size is the size of the read file.
Calculation using the hash algorithm APHASH
HashresultAphash=Aphash.Create(buffer,Size);
The Aphash result of the read file content is calculated by calling an interface Create of an Aphash function, wherein the parameter buf is the memory of the read file, and the parameter size is the size of the read file.
Finally, 2 hash results can be obtained by using 2 hash algorithms for the same component.
S3: and uploading the hash value obtained by calculation to a server to judge the correctness of the hash value, if the hash value is wrong, ending the operation of the client, if the hash value is correct, judging whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk, if the content is inconsistent, ending the operation of the client, and if the content is consistent, continuing to operate the client. The method comprises the steps that a hash value obtained after each component stored in a disk of a client is calculated by using a plurality of sets of hash algorithms integrated by the client is stored in a server, each component of the client is calculated by using each set of hash algorithm integrated into the client, and then the calculated result is guaranteed, so that the correct result is stored in the server for judgment no matter which hash algorithm is used for calculating the component of the client. The integrity check of the client code of the embodiment of the invention has two judgment processes, wherein the first time is to carry out all checks on the components of the client in the disk, if the checks are correct, the component codes of the client stored in the disk are correct and are not modified, when the client runs, the components stored in the disk are loaded into the memory to run, at the moment, the integrity of the components loaded into the memory is judged again, whether the components are modified by illegal persons is detected, and the components loaded into the memory to run are compared with the complete components stored in the disk.
In order to further ensure the security of data transmission, when a hash algorithm integrated in a client is used for calculating the content of each component stored in a disk of the client, a hash value is obtained, and the calculated hash value is encrypted and then sent to the client; and the server receives the hash value sent by the client and judges the correctness after decrypting the hash value. For the encryption mode, after the client is started and connected with the server, the client and the server both generate a public key and a private key by using an asymmetric algorithm, the generated public key is exchanged between the client and the server, the client and the server generate a secret key by using the newly obtained public key and the original private key, and the secret keys generated by the client and the server are the same.
Correspondingly, the client encrypts the hash value sent to the server by using the generated key and combining an AES encryption algorithm; the server decrypts the encrypted hash value using the generated key in combination with the AES encryption algorithm.
Specifically, for the public key and the private key generated by the client:
1. generating a random number, wherein the corresponding code is addrata ═ rand (); namely, a random number Randdata is generated by calling a system function rand.
2. Generating Md5 value as private key according to random number, the corresponding code is:
ClientPrivatekey=Md5.Create(Randdata)
that is, the Md5 value of the random number is calculated by calling the interface Md5.create of the Md5 function, thereby obtaining private key data.
3. And (3) calculating a public key, wherein the corresponding code is as follows:
ClientPublickey=RSA.CreatePair(ClientPrivatekey);
create a public key, namely, call the create pairing key interface RSA.
And generating the public key and the private key of the client.
For server generated public and private keys:
1. generating a random number, wherein the corresponding code is addrata ═ rand (); namely, a random number Randdata is generated by calling a system function rand.
2. Generating Md5 value as private key according to random number and user ID number, the corresponding code is:
ServerPrivatekey=Md5.Create(Randdata+Uid)
that is, the Md5 value is calculated for the spliced random number and the user ID number by calling the interface Md5.Create of the Md5 function, thereby obtaining private key data.
3. And (3) calculating a public key, wherein the corresponding code is as follows:
ServerPublickey=RSA.CreatePair(ServerPrivatekey);
create a public key, namely, call the create pairing key interface RSA.
And generating the public key and the private key of the server.
4. The public key is exchanged between the client and the server. The server sends the public key ServerPublickey of the server to the client. The client sends the public key ClientPublinkey of the client to the server.
5. The client generates a shared secret key, and the corresponding codes are as follows: ShareKey is rsa. createsharekey (ServerPublickey, ClientPrivatekey).
6. The server generates a shared secret key, and the corresponding codes are as follows: ShareKey is rsa. createsharekey (ClientPublickey, ServerPrivatekey).
So far, both the client and the server complete the generation of the key ShareKey, and the key ShareKey of the client and the server is the same.
The client side encrypts a hash value sent to the server by using the generated key and combining a DES encryption algorithm, and the method specifically comprises the following steps:
Encryptbuff=AES.encrypt(“xx1.dll”+“MD5”+HashresultMd5+“APHASH”+HashresultAphash,ShareKey);
encryption interface of encryption algorithm AES, and name of component is xx1. dll. The embodiment of the invention specifically uses the algorithm name 'MD 5', the calculation result HashresultMd5, the algorithm name 'APHASH' and the calculation result HashresultAphanh thereof to be packed together for encryption, wherein the parameter ShareKey is the shared key obtained by the calculation, and finally the encrypted result Encrypttbuff is obtained.
The server decrypts the encrypted hash value using the generated key in combination with the AES encryption algorithm. Specifically, the method comprises the following steps:
“xx1.dll”+“MD5”+HashresultMd5+“APHASH”+HashresultAphash=AES.decrypt(Encryptbuff,ShareKey);
the interface AES, decrypt is the decryption algorithm interface of AES, Encrypttbuff is the encryption result reported by the client, ShareKey is the shared key obtained by the server and the client by negotiation calculation before, and the server finally decrypts to obtain the original data.
The server obtains the component according to the client "xx 1. dll", so as to inquire the component in a database, and then searches whether the result of the MD5 is consistent with HashresultMd5 reported by the client through the HASH algorithm name "MD 5", if not, the client is illegal, and similarly, the server compares whether the result of the "APHASH" of the component is consistent again, and if not, the component is illegal.
And comparing whether the content of the component loaded into the memory when the client runs is consistent with the content of the component stored in the disk, and loading all the components stored in the disk of the client into the memory again. Therefore, all components in the disk are loaded into the memory for 2 times in total, namely, the memory has 2 copies of disk files, and since the address loaded into the memory for the second time is different from the address loaded into the memory for the first time, relocation information is inconsistent, the second loaded component is installed with the base address loaded for the first time to repair, so that the relocated values are consistent even if 2 different initial addresses of the memory are loaded, and subsequent memory comparison is facilitated. Specifically, the method comprises the following steps:
1. and reading the DLL file of the component into the memory.
2. Acquiring a memory initial address of a first component DLL loaded by a program:
HMODULE hStartAddress=GetModuleHandle(“xx.dll”);
the initial address of the loaded component in the memory is obtained by calling a system function GetModuleHandle, wherein the parameter is filled in the name of the component, and the return value is the initial address of the memory.
3. The relocation information for the second loaded component is repaired. The specific repair relocation needs to be repaired according to the starting address of the first load in the memory, so that the codes of the 2 parts of component DLLs loaded in the memory are consistent.
The format of each component DLL file is fixed, the Windows system specifies the format of each component DLL, and the embodiment of the invention analyzes the DLL files according to the specified format and repairs the data of the relocation table.
(1) And acquiring DOS (disk operating system) header information of the DLL file of the second loading component.
PIMAGE_DOS_HEADER pDosHeader=(PIMAGE_DOS_HEADER)pbyFileBuff;
(2) And obtaining NT header information of the DLL file of the second loading component.
PIMAGE_NT_HEADERS pNtHeaders=(PIMAGE_NT_HEADERS)((DWORD)pbyFileBuff+pDosHeader->e_lfanew);
(3) The memory address of the relocation table and the size of the relocation table are obtained from the NT header.
dwBaseReloc=pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress;
Wherein dwBaseReloc is the starting address of the memory.
dwBaseRelocSize=pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
Where dwBaseRelocSize is the size of the relocation table.
(4) And calculating an offset value which needs to be supplemented when the relocation is repaired.
According to the relocation principle, the memory address of the second loaded component DLL is inconsistent with the memory address of the first part, and therefore, if the relocation of the second loaded DLL is consistent with the first part, the deviation needs to be calculated according to the memory address of the first part.
dwOffset=hStartAddress-pNtHeaders->OptionalHeader.ImageBase;
Wherein the memory start address of the first loaded component is subtracted from the memory start address of the second loaded component to obtain the dwOffset that needs to be repaired.
(5) The relocation table is traversed to fix the relocation. That is, the loaded component DLL file is traversed, an offset value is appended to each piece of data it relocates, and each relocation is made up of one block.
PIMAGE_BASE_RELOCATION pBaseReloc=(PIMAGE_BASE_RELOCATION)(pbyMem+pStModule->dwBaseReloc);
The first relocated block is acquired.
for(i=0;pBaseReloc->SizeOfBlock!=0&&i<pStModule->dwBaseRelocSize;i+=pBaseReloc->SizeOfBlock){
A for loop is written to facilitate each relocation block.
unsigned short*pui=(unsigned short*)(pBaseReloc+1);
PIMAGE_BASE_RELOCATION pstNext=(PIMAGE_BASE_RELOCATION)((unsigned char*)pBaseReloc+pBaseReloc->SizeOfBlock);
There are multiple relocation data in each block, so repair of each data is required
while((unsigned char*)pui<(unsigned char*)pstNext){
if((pui[0]>>12)==3){
unsigned int*puReloc=(unsigned int*)(pbyMem+pBaseReloc->VirtualAddress+(pui[0]&0x0fff));
puReloc[0]+=dwOffset;
An offset value calculated previously is added to each relocation data.
}
pui++;
}
The next block is traversed.
pBaseReloc=pstNext;
}
At this point, the client completes repairing the relocation table for the second loaded component DLL.
The comparison of whether the content loaded to the component in the memory when the client runs is consistent with the content stored in the disk of the component is specifically as follows:
since a component DLL is composed of a plurality of segments, wherein a code segment is used for storing all codes, the component DLL also comprises other segments such as a data segment, and the data segment is changed in real time, the code segment is mainly checked, and the codes are the main bodies of execution logic in the component DLL. The concrete implementation is as follows:
by obtaining the format of the component DLL memory, 2 format headers of the component DLL are obtained, one is DOS header information and one is NT header information, so that the initial address and the size of the code segment in the memory can be obtained from the NT header information.
dwBaseCode=pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_CODE].VirtualAddress;
Where dwBaseCode is the code segment start address of the memory.
dwBaseRelocSize=pNtHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_CODE].Size;
Where dwbasedie is the size of the code fragment.
By the same method, the memory initial addresses and the sizes of the code segments of the 2 parts of the component DLL can be obtained, whether the memory data in the 2 parts of the code segments are consistent or not is directly compared, if the memory data in the 2 parts of the code segments are inconsistent, the code segments are illegal, and if the memory data in the 2 parts of the code segments are legal, the code segments are legal.
For(int I=0;I<dwBaseCodeSize;i++){
A for loop is written for comparison and the loop size is the size of the code fragment.
If(dwBaseCode1[i]!=dwBaseCode2[i])
{
The statement is inconsistent and considered illegal.
}
}
If the comparison is complete, all coincidences are declared legal.
The same method is used for carrying out the comparison method on each DLL of the client component, so that the completeness of the client code is judged again.
The client code integrity verification method of the embodiment of the invention integrates multiple sets of hash algorithms in a client, when the client is started, one or more sets of hash algorithms are randomly used to calculate the hash value of the content of the component stored in a disk of the client, the calculated hash value is sent to a server to judge the correctness, if the hash value is correct, whether the content of the component loaded into a memory when the client runs is consistent with the content of the component stored in the disk is judged, a 2-time verification mode is adopted to realize effective judgment of the integrity of the client code, and the calculation of the hash value of the client component is completed at the client, so that the calculation consumption of the server is effectively reduced.
In addition, corresponding to the above method for verifying integrity of client code, the present invention further provides a storage medium, where a computer program is stored on the storage medium, and when being executed by a processor, the computer program implements the steps of the method for verifying integrity of client code according to the above embodiments. The storage medium includes various media capable of storing program codes, such as a usb disk, a removable hard disk, a ROM (Read-Only Memory), a RAM (Random Access Memory), a magnetic disk, or an optical disk.
Referring to fig. 2, in correspondence to the above method for verifying integrity of client codes, the present invention further provides an electronic device, which includes a memory and a processor, where the memory stores a computer program running on the processor, and the processor executes the computer program to implement the method for verifying integrity of client codes according to the above embodiments.
The embodiment of the invention also provides a client code integrity verification system based on the client code integrity verification method, which comprises an integration module, a calculation module and a judgment module.
The integration module is used for integrating a plurality of sets of hash algorithms in the client; the computing module is used for randomly using one or more sets of hash algorithms to compute a hash value for the content of each component stored in the disk by the client when the client is started; the judgment module is used for uploading the calculated hash value to the server to judge the correctness of the hash value, if the hash value is wrong, the operation of the client is ended, if the hash value is correct, whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk is judged, if the content of the component is inconsistent, the operation of the client is ended, and if the content of the component is consistent, the client is continuously operated.
Calculating the content of each component stored in the disk of the client by using a hash algorithm integrated in the client to obtain a hash value, encrypting the calculated hash value and sending the encrypted hash value to the client; and the server receives the hash value sent by the client and judges the correctness after decrypting the hash value. And the server stores a hash value obtained by calculating each component stored in the disk by using a plurality of sets of hash algorithms integrated by the client.
In the system for verifying the integrity of the client code, the integration module integrates multiple sets of hash algorithms in the client, when the client is started, the calculation module randomly uses one or more sets of hash algorithms to calculate the hash value of the content of the component stored in the disk of the client, sends the calculated hash value to the server to judge the correctness, judges whether the content of the component loaded into the memory when the client runs is consistent with the content of the component stored in the disk if the content of the component is correct, adopts a 2-time verification mode to realize effective judgment of the integrity of the client code, and completes the calculation of the hash value of the component of the client at the client, thereby effectively reducing the calculation consumption of the server.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (6)
1. A method for verifying integrity of a client code is characterized by comprising the following steps:
integrating a plurality of sets of hash algorithms in a client;
when a client is started, randomly using one or more sets of hash algorithms to calculate a hash value for the content of each component stored in a disk at the client;
encrypting the obtained hash value and uploading the encrypted hash value to a server, wherein the server stores the hash value obtained by calculating each component stored in a disk by using a plurality of sets of hash algorithms integrated by the client, the server receives and decrypts the hash value sent by the client to judge the correctness, if the hash value is wrong, the operation of the client is ended, and if the hash value is correct, the operation of the client is ended
Loading all components stored in a disk of a client into a memory and then repairing a relocation table;
and judging whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk, if not, ending the operation of the client, and if so, continuing to operate the client.
2. The method of claim 1, wherein the integrity of the client code is verified by: when the client is started and connected with the server, the client and the server both generate a public key and a private key by using an asymmetric algorithm, the generated public key is exchanged between the client and the server, the client and the server generate a secret key by using the newly obtained public key and the original private key, and the secret keys generated by the client and the server are the same.
3. The client-side code integrity checking method of claim 2, wherein: the client encrypts a hash value sent to the server by using the generated key and combining an AES encryption algorithm;
the server decrypts the encrypted hash value using the generated key in combination with the AES encryption algorithm.
4. A computer-readable storage medium having a computer program stored thereon, characterized in that: the computer program, when executed by a processor, implements the method of any of claims 1 to 3.
5. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program that runs on the processor, characterized in that: the processor, when executing the computer program, implements the method of any of claims 1 to 3.
6. A client code integrity verification system, comprising:
the integration module is used for integrating a plurality of sets of hash algorithms in the client;
the computing module is used for randomly using one or more sets of hash algorithms to compute a hash value for the content of each component stored in the disk by the client when the client is started;
the judgment module is used for encrypting the calculated hash value and uploading the encrypted hash value to the server, wherein the server stores the hash value calculated by each component stored in the disk by using a plurality of sets of hash algorithms integrated by the client, the server receives the hash value sent by the client, decrypts the hash value and judges the correctness, if the hash value is wrong, the operation of the client is ended, and if the hash value is correct, all components stored in the disk by the client are loaded into the memory and then the relocation table is repaired; and judging whether the content of the component loaded into the memory during the operation of the client is consistent with the content of the component stored in the disk, if not, ending the operation of the client, and if so, continuing to operate the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810017880.1A CN108199827B (en) | 2018-01-09 | 2018-01-09 | Client code integrity checking method, storage medium, electronic device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810017880.1A CN108199827B (en) | 2018-01-09 | 2018-01-09 | Client code integrity checking method, storage medium, electronic device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108199827A CN108199827A (en) | 2018-06-22 |
| CN108199827B true CN108199827B (en) | 2021-09-07 |
Family
ID=62588745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810017880.1A Active CN108199827B (en) | 2018-01-09 | 2018-01-09 | Client code integrity checking method, storage medium, electronic device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108199827B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109078331B (en) * | 2018-07-19 | 2021-09-21 | 广州华多网络科技有限公司 | Analog key detection method and device, computer equipment and storage medium |
| CN109453522B (en) * | 2018-11-09 | 2022-06-14 | 火烈鸟网络(广州)股份有限公司 | Game operation safety detection method and device, storage medium and electronic equipment |
| CN109510825A (en) * | 2018-11-13 | 2019-03-22 | 许昌许继软件技术有限公司 | Dynamic base encryption method and device and the anti-abduction method and apparatus of dynamic base |
| CN109800579B (en) * | 2018-12-25 | 2020-12-25 | 苏州科达科技股份有限公司 | Software integrity checking method and device and electronic equipment |
| CN111859435B (en) * | 2020-07-29 | 2023-06-23 | 北京千丁互联科技有限公司 | Data security processing method and device |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100489730C (en) * | 2005-12-23 | 2009-05-20 | 联想(北京)有限公司 | Method and system for real time detecting process integrity |
| CN101783801B (en) * | 2010-01-29 | 2013-04-24 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN102065098A (en) * | 2010-12-31 | 2011-05-18 | 网宿科技股份有限公司 | Method and system for synchronizing data among network nodes |
| CN103297429B (en) * | 2013-05-23 | 2016-12-28 | 北京大学 | A kind of embedded upgrade file transmission method |
| WO2016131473A1 (en) * | 2015-02-16 | 2016-08-25 | Nec Europe Ltd. | Method and system for verifying information of a data item in a plurality of different data items |
| CN106055936B (en) * | 2016-05-18 | 2018-12-04 | 深圳大学 | Executable program data packet encrypting/decrypting method and device |
| CN105959729A (en) * | 2016-06-29 | 2016-09-21 | 武汉斗鱼网络科技有限公司 | Method and system for carrying out statistics on online user number in live broadcast platform |
| CN107196870B (en) * | 2017-07-20 | 2021-07-20 | 哈尔滨工业大学 | DPDK-based traffic dynamic load balancing method |
-
2018
- 2018-01-09 CN CN201810017880.1A patent/CN108199827B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108199827A (en) | 2018-06-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110378139B (en) | Data key protection method, system, electronic equipment and storage medium | |
| CN108199827B (en) | Client code integrity checking method, storage medium, electronic device and system | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| US10439804B2 (en) | Data encrypting system with encryption service module and supporting infrastructure for transparently providing encryption services to encryption service consumer processes across encryption service state changes | |
| US9367701B2 (en) | Systems and methods for maintaining integrity and secrecy in untrusted computing platforms | |
| CN106991298B (en) | Access method of application program to interface, authorization request method and device | |
| JP5362114B2 (en) | Secure USB storage medium generation and decoding method, and medium on which a program for generating a secure USB storage medium is recorded | |
| WO2020192406A1 (en) | Method and apparatus for data storage and verification | |
| KR20080030359A (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
| CN104836784B (en) | A kind of information processing method, client and server | |
| CN109657479B (en) | Data leakage prevention method and computer readable storage medium | |
| US20180204004A1 (en) | Authentication method and apparatus for reinforced software | |
| CN111611552B (en) | License authorization method and device based on combination of software and hardware | |
| KR102364649B1 (en) | APPARATUS AND METHOD FOR AUTHENTICATING IoT DEVICE BASED ON PUF | |
| CN110096849A (en) | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing | |
| CN113434853A (en) | Method for burning firmware to storage device and controller | |
| CN109150811B (en) | Method and device for realizing trusted session and computing equipment | |
| KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
| US8499357B1 (en) | Signing a library file to verify a callback function | |
| US11216571B2 (en) | Credentialed encryption | |
| CN114189337A (en) | Firmware burning method, device, equipment and storage medium | |
| JP2023542099A (en) | Wireless terminal and interface access authentication method in Uboot mode of wireless terminal | |
| CN113703911A (en) | Virtual machine migration method, device, equipment and storage medium | |
| CN112115430A (en) | Apk reinforcement method, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240812 Address after: No. 0836, Unit 109, No. 62 Chengyi North Street, Software Park Phase III, Xiamen City, Fujian Province 361000 Patentee after: Xiamen Feiying Cloud Technology Co.,Ltd. Country or region after: China Address before: 430000 East Lake Development Zone, Wuhan City, Hubei Province, No. 1 Software Park East Road 4.1 Phase B1 Building 11 Building Patentee before: WUHAN DOUYU NETWORK TECHNOLOGY Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |