CN113221149B - Firmware encryption method, device, firmware decryption method and computer equipment - Google Patents
Firmware encryption method, device, firmware decryption method and computer equipment Download PDFInfo
- Publication number
- CN113221149B CN113221149B CN202110586968.7A CN202110586968A CN113221149B CN 113221149 B CN113221149 B CN 113221149B CN 202110586968 A CN202110586968 A CN 202110586968A CN 113221149 B CN113221149 B CN 113221149B
- Authority
- CN
- China
- Prior art keywords
- firmware
- block
- plaintext
- sub
- blocks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000004806 packaging method and process Methods 0.000 claims abstract description 7
- 230000011218 segmentation Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012216 screening Methods 0.000 claims description 8
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a firmware encryption method, a device, a firmware decryption method, a computer device and a readable storage medium, wherein the firmware encryption method comprises the following steps: obtaining a block value of a Flash memory of the target device; dividing the firmware plaintext block according to the block value to obtain a plurality of firmware sub plaintext blocks; encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks; and packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target device. According to the firmware encryption method, the block value of the Flash memory of the target device is used for dividing the firmware plaintext block, so that the size of each subsequent ciphertext block is equal to the block value, and therefore, the updated firmware data packet can only be read out of the ciphertext block by the target device through the corresponding block value and decrypted, and the safety of the firmware transmitted to the target device can be improved, and the user experience is improved.
Description
Technical Field
The present invention relates to the field of encryption technologies, and in particular, to a firmware encryption method, a firmware decryption method, a computer device, and a readable storage medium.
Background
With the acceleration of updating and updating of electronic products, system upgrade or product function maintenance upgrade, including firmware upgrade, is often performed. As an important software program of an electronic product, once an error occurs in the updating process, the electronic product may become unusable, so that when a firmware upgrade data packet is transmitted to a device, encryption is required to avoid security problems such as midway tampering. However, in the conventional firmware encryption method, the entire firmware is generally encrypted in a clear file manner, so that the security is not high.
Disclosure of Invention
In view of the above, the present invention provides a firmware encryption method, a device, a firmware decryption method, a computer device, and a readable storage medium, so as to improve the security of firmware transmitted to a target device and improve the user experience.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a firmware encryption method, comprising:
obtaining a block value of a Flash memory of the target device;
dividing the firmware plaintext block according to the block value to obtain a plurality of firmware sub plaintext blocks;
encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks;
and packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target device.
Preferably, in the firmware encryption method, the encrypting each of the firmware sub-plaintext blocks by using a preset encryption algorithm includes:
reading the firmware sub-plaintext blocks according to the segmentation sequence, and encrypting the firmware sub-plaintext blocks by using a preset encryption algorithm;
judging whether the block is the last unencrypted sub-plaintext block of the firmware;
when the last unencrypted firmware sub-plaintext block is determined, comparing the size of the last firmware sub-plaintext block with the block value;
when the size of the last firmware sub-plaintext block is larger than the block value, assigning the size of the last firmware sub-plaintext block to be twice the block value;
when the size of the last firmware sub-plaintext block is smaller than the block value, assigning the size of the last firmware sub-plaintext block as the block value;
and encrypting the last assigned firmware sub-plaintext block by using a preset encryption algorithm.
Preferably, in the firmware encryption method, the encrypting each of the firmware sub-plaintext blocks by using a preset encryption algorithm includes:
reading the storage information of all the firmware sub-plaintext blocks, and screening out the firmware sub-plaintext blocks with inconsistent sizes with the block values according to the storage information;
assigning a size of the firmware sub-plaintext block that is greater than the block value to twice the block value;
assigning a size of a firmware sub-plaintext block that is less than the block value as the block value;
and encrypting all the firmware sub-plaintext blocks by using a preset encryption algorithm.
Preferably, in the firmware encryption method, the preset encryption algorithm includes at least one algorithm of AES256 encryption algorithm, base64 encryption algorithm, AES128 encryption algorithm and WRS encryption algorithm.
The invention also provides a firmware decryption method, which comprises the following steps:
receiving an upgrade firmware data packet, and judging whether the upgrade firmware data packet is an encryption data packet or not;
when the encrypted data packet is determined, acquiring a block value of a Flash memory;
reading ciphertext blocks of the upgrading firmware data packet according to the block values, and performing preset decryption algorithm processing on each ciphertext to obtain a plurality of firmware sub-plaintext blocks;
and splicing the plurality of the firmware sub-plaintext blocks into a firmware plaintext block.
Preferably, the firmware decryption method further includes:
and checking the firmware plaintext block, and executing the firmware plaintext block to perform firmware upgrading operation after the checking is passed.
Preferably, in the firmware decrypting method, the preset decrypting algorithm includes at least one algorithm of AES256 decrypting algorithm, base64 decrypting algorithm, AES128 decrypting algorithm and WRS decrypting algorithm.
The invention also provides a firmware encryption apparatus, comprising:
the block value acquisition module is used for acquiring the block value of the Flash memory of the target device;
the firmware plaintext segmentation module is used for carrying out segmentation processing on the firmware plaintext blocks according to the block values to obtain a plurality of firmware sub-plaintext blocks;
the sub-plaintext encryption module is used for encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks;
and the firmware packet transmission module is used for packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target equipment.
The invention also provides a computer device comprising a memory and a processor, the memory storing a computer program which when run on the processor performs the firmware encryption method or the firmware decryption method.
The present invention also provides a readable storage medium storing a computer program which when run on a processor performs the firmware encryption method, or the firmware decryption method.
The invention provides a firmware encryption method, which comprises the following steps: obtaining a block value of a Flash memory of the target device; dividing the firmware plaintext block according to the block value to obtain a plurality of firmware sub plaintext blocks; encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks; and packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target device. According to the firmware encryption method, the block value of the Flash memory of the target device is used for dividing the firmware plaintext block, so that the size of each subsequent ciphertext block is equal to the block value, and therefore, the updated firmware data packet can only be read out of the ciphertext block by the target device through the corresponding block value and decrypted, and the safety of the firmware transmitted to the target device can be improved, and the user experience is improved.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the present invention, the drawings that are required for the embodiments will be briefly described, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope of the present invention. Like elements are numbered alike in the various figures.
Fig. 1 is a flowchart of a firmware encryption method provided in embodiment 1 of the present invention;
FIG. 2 is a flow chart of encryption of a sub-plaintext block of firmware provided by embodiment 2 of the present invention;
FIG. 3 is a flowchart of a firmware sub-plaintext block encryption according to an embodiment 3 of the present invention;
fig. 4 is a flowchart of a firmware decryption method provided in embodiment 4 of the present invention;
FIG. 5 is a flowchart of another firmware decrypting method provided in embodiment 4 of the present invention;
fig. 6 is a schematic structural diagram of a firmware encryption apparatus according to embodiment 5 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments.
The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present invention.
The terms "comprises," "comprising," "including," or any other variation thereof, are intended to cover a specific feature, number, step, operation, element, component, or combination of the foregoing, which may be used in various embodiments of the present invention, and are not intended to first exclude the presence of or increase the likelihood of one or more other features, numbers, steps, operations, elements, components, or combinations of the foregoing.
Furthermore, the terms "first," "second," "third," and the like are used merely to distinguish between descriptions and should not be construed as indicating or implying relative importance.
Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which various embodiments of the invention belong. The terms (such as those defined in commonly used dictionaries) will be interpreted as having a meaning that is the same as the context of the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein in connection with the various embodiments of the invention.
Example 1
Fig. 1 is a flowchart of a firmware encryption method provided in embodiment 1 of the present invention, the method includes the following steps:
step S11: and obtaining the block value of the Flash memory of the target device.
In the embodiment of the present invention, the target devices include devices such as routers and gateways that are connected to an update server through a network, and since the update speed of electronic products is increased, these devices need to be frequently updated by a system and the functions of the products are maintained and updated, which will involve firmware upgrade. After receiving the updated firmware data packet issued by the server, the target device generally stores the updated firmware data packet in a Flash memory (a non-volatile memory), and finally, the programming data of the updated firmware is also stored in the programming area of the Flash memory. In the process of issuing the upgrade firmware data packet, the encryption mode can ensure that the plaintext of the firmware in the upgrade firmware data packet is not intercepted halfway, thereby revealing partial information of the target equipment.
In the embodiment of the invention, on the server side of the issuing firmware, the block value of the Flash memory of the target device, namely the block value of the Flash memory, can be obtained in advance. The block value of the Flash memory of the target device may be stored in a server in a list form, or may be obtained by an instruction after being connected to the target device through a network, which is not limited herein.
Step S12: and dividing the firmware plaintext block according to the block value to obtain a plurality of firmware sub plaintext blocks.
In the embodiment of the invention, after the block value of the Flash memory of the target device is obtained, the firmware plaintext block to be transmitted to the target device can be subjected to the segmentation processing according to the block value, wherein the segmentation processing can be realized by using an algorithm or an application program, for example, the application program for performing the segmentation processing can be preset in a server, and after the block value and the firmware plaintext block are obtained, the block value and the firmware plaintext block can be input into the application program, so that the application program can cut the firmware plaintext block according to the block value, and a plurality of firmware sub-plaintext blocks can be obtained.
Step S13: and encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks.
In the embodiment of the invention, each firmware sub-plaintext block is encrypted by a preset encryption algorithm to obtain a plurality of ciphertext blocks, and the size of each ciphertext block is equal to a block value. The preset encryption algorithm comprises at least one algorithm of an AES256 encryption algorithm, a base64 encryption algorithm, an AES128 encryption algorithm and a WRS encryption algorithm. After the sub-plaintext blocks of the firmware are cut, each sub-plaintext block of the firmware can be marked with a serial number, and the sub-plaintext blocks of the firmware with different marks can be encrypted by different encryption algorithms, so that the security is further improved. The rules of the encryption algorithm corresponding to the different marks can be formulated in advance and stored in the server and the target device.
Step S14: and packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target device.
In the embodiment of the invention, after a plurality of ciphertext blocks are obtained after encryption, the update server packages the ciphertext blocks into an upgrade firmware data packet, and transmits the upgrade firmware data packet to the target device through a network, so that the target device can read the ciphertext blocks in the upgrade firmware data packet according to the block values of the target device, and decrypt the upgrade firmware data packet by using a stipulated decryption algorithm to obtain corresponding firmware sub-plaintext blocks, and finally obtain the upgrade firmware.
In the embodiment of the invention, the block value of the Flash memory of the target device is used for dividing the firmware plaintext block, so that the size of each subsequent ciphertext block is equal to the block value, and therefore, the upgrading firmware data packet can only read out the ciphertext block in the upgrading firmware data packet by the target device through the corresponding block value and decrypt the ciphertext block, thereby improving the safety of the firmware transmitted to the target device and improving the user experience.
Example 2
Fig. 2 is a flowchart of firmware sub-plaintext block encryption according to embodiment 2 of the present invention, where the method includes the following steps:
step S21: and reading the firmware sub-plaintext blocks according to the segmentation sequence, and encrypting the firmware sub-plaintext blocks by using a preset encryption algorithm.
In the embodiment of the invention, encryption can be performed according to the sequence of dividing the firmware plaintext blocks by using the block values, that is, when dividing the firmware plaintext blocks by using the block values, each obtained firmware sub-plaintext block can be encrypted by using a preset algorithm.
Step S22: and judging whether the block is the last unencrypted firmware sub-plaintext block.
Step S23: and when the last unencrypted firmware sub-plaintext block is determined, comparing the size of the last firmware sub-plaintext block with the block value.
When the last unencrypted firmware sub-plaintext block is segmented, the size of the firmware sub-plaintext block is compared with a block value, so that whether the size of the firmware sub-plaintext block is larger than the block value or smaller than the block value is judged, the sizes of all ciphertext blocks are standardized, and the target device can read the ciphertext blocks conveniently.
In the embodiment of the present invention, the process of comparing the size of the last sub-plaintext block with the block value may be implemented by an algorithm or an application program, which is not limited herein.
Step S24: and when the size of the last firmware sub-plaintext block is larger than the block value, assigning the size of the last firmware sub-plaintext block to be twice the block value.
Step S25: and when the size of the last firmware sub-plaintext block is smaller than the block value, assigning the size of the last firmware sub-plaintext block as the block value.
Step S26: and encrypting the last assigned firmware sub-plaintext block by using a preset encryption algorithm.
In the embodiment of the invention, the size of the final firmware sub-plaintext block is equal to the block value or is twice the block value in an assignment mode, so that the firmware sub-plaintext block is normalized, and the target equipment can conveniently recognize. The assignment process may be implemented by an application, which is not limited herein.
Example 3
Fig. 3 is a flowchart of firmware sub-plaintext block encryption according to embodiment 3 of the present invention, where the method includes the following steps:
step S31: and reading the storage information of all the firmware sub-plaintext blocks, and screening the firmware sub-plaintext blocks with the sizes inconsistent with the block values according to the storage information.
In the embodiment of the invention, after a plurality of firmware sub-plaintext blocks are obtained by segmentation, the storage information of all the firmware sub-plaintext blocks can be read, so that the size information of each firmware sub-plaintext block is obtained. And then screening out the firmware sub-plaintext blocks with the sizes inconsistent with the block values in a screening mode. The screening process may be implemented by an algorithm or an application program, which is not limited herein.
Step S32: and assigning the size of the firmware sub-plain text block larger than the block value to be twice the block value.
Step S33: and assigning the size of the firmware sub-plain text block smaller than the block value as the block value.
Step S34: and encrypting all the firmware sub-plaintext blocks by using a preset encryption algorithm.
Example 4
Fig. 4 is a flowchart of a firmware decryption method provided in embodiment 4 of the present invention, the method includes the following steps:
step S41: and receiving an upgrade firmware data packet, and judging whether the upgrade firmware data packet is an encryption data packet.
Step S42: and when the data packet is determined to be the encrypted data packet, acquiring a block value of the Flash memory.
Step S43: and reading ciphertext blocks of the upgrading firmware data packet according to the block values, and performing preset decryption algorithm processing on each ciphertext to obtain a plurality of firmware sub-plaintext blocks.
Step S44: and splicing the plurality of the firmware sub-plaintext blocks into a firmware plaintext block.
Fig. 5 is a flowchart of another firmware decryption method provided in embodiment 4 of the present invention, and the method further includes the following steps:
step S45: and checking the firmware plaintext block, and executing the firmware plaintext block to perform firmware upgrading operation after the checking is passed.
In the embodiment of the invention, besides the verification processing can be performed on the firmware plaintext block, the verification processing can also be performed on the firmware sub plaintext block, and when the verification of the firmware sub plaintext block fails, the corresponding ciphertext block can be re-acquired from the server, which is not limited herein.
Example 5
Fig. 6 is a schematic structural diagram of a firmware encryption apparatus according to embodiment 5 of the present invention.
The firmware encryption apparatus 600 includes:
a block value obtaining module 610, configured to obtain a block value of a Flash memory of a target device;
a firmware plaintext segmentation module 620, configured to segment a firmware plaintext block according to the block value, to obtain a plurality of firmware sub-plaintext blocks;
a sub-plaintext encryption module 630, configured to encrypt each of the firmware sub-plaintext blocks by using a preset encryption algorithm, so as to obtain a plurality of ciphertext blocks;
and the firmware packet transmission module 640 is configured to package the plurality of ciphertext blocks into an upgrade firmware data packet and transmit the upgrade firmware data packet to the target device.
In the embodiment of the present invention, the more detailed functional description of each module may refer to the content of the corresponding portion in the foregoing embodiment, which is not described herein.
The invention further provides a computer device comprising a memory and a processor, the memory being operable to store a computer program, the processor being operable to cause the computer device to perform the above method or the functions of the respective modules in the firmware encryption apparatus by running the computer program.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to the use of the computer device (such as audio data, phonebooks, etc.), and the like. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.
The present embodiment also provides a computer storage medium storing a computer program used in the above computer device.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, of the flow diagrams and block diagrams in the figures, which illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules or units in various embodiments of the invention may be integrated together to form a single part, or the modules may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a smart phone, a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. A firmware encryption method, comprising:
obtaining a block value of a Flash memory of the target device;
dividing the firmware plaintext block according to the block value to obtain a plurality of firmware sub plaintext blocks;
encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks;
packaging the ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target equipment;
wherein said encrypting each of said firmware sub-plaintext blocks using a predetermined encryption algorithm comprises:
reading the storage information of all the firmware sub-plaintext blocks, and screening out the firmware sub-plaintext blocks with inconsistent sizes with the block values according to the storage information;
assigning a size of the firmware sub-plaintext block that is greater than the block value to twice the block value;
assigning a size of a firmware sub-plaintext block that is less than the block value as the block value;
and encrypting all the firmware sub-plaintext blocks by using a preset encryption algorithm.
2. The firmware encryption method of claim 1, wherein encrypting each of the firmware sub-plaintext blocks using a predetermined encryption algorithm comprises:
reading the firmware sub-plaintext blocks according to the segmentation sequence, and encrypting the firmware sub-plaintext blocks by using a preset encryption algorithm;
judging whether the block is the last unencrypted sub-plaintext block of the firmware;
when the last unencrypted firmware sub-plaintext block is determined, comparing the size of the last firmware sub-plaintext block with the block value;
when the size of the last firmware sub-plaintext block is larger than the block value, assigning the size of the last firmware sub-plaintext block to be twice the block value;
when the size of the last firmware sub-plaintext block is smaller than the block value, assigning the size of the last firmware sub-plaintext block as the block value;
and encrypting the last assigned firmware sub-plaintext block by using a preset encryption algorithm.
3. The firmware encryption method of claim 1, wherein the preset encryption algorithm includes at least one of AES256 encryption algorithm, base64 encryption algorithm, AES128 encryption algorithm, and WRS encryption algorithm.
4. A firmware decryption method, comprising:
receiving an upgrade firmware data packet, and judging whether the upgrade firmware data packet is an encryption data packet or not; wherein the encrypted data packet is obtained by the firmware encryption method of any one of claims 1 to 3;
when the encrypted data packet is determined, acquiring a block value of a Flash memory;
reading ciphertext blocks of the upgrading firmware data packet according to the block values, and performing preset decryption algorithm processing on each ciphertext to obtain a plurality of firmware sub-plaintext blocks;
and splicing the plurality of the firmware sub-plaintext blocks into a firmware plaintext block.
5. The firmware decryption method of claim 4, further comprising:
and checking the firmware plaintext block, and executing the firmware plaintext block to perform firmware upgrading operation after the checking is passed.
6. The firmware decryption method of claim 4, wherein the preset decryption algorithm comprises at least one of AES256 decryption algorithm, base64 decryption algorithm, AES128 decryption algorithm, and WRS decryption algorithm.
7. A firmware encryption apparatus, comprising:
the block value acquisition module is used for acquiring the block value of the Flash memory of the target device;
the firmware plaintext segmentation module is used for carrying out segmentation processing on the firmware plaintext blocks according to the block values to obtain a plurality of firmware sub-plaintext blocks;
the sub-plaintext encryption module is used for encrypting each firmware sub-plaintext block by using a preset encryption algorithm to obtain a plurality of ciphertext blocks;
the firmware packet transmission module is used for packaging the plurality of ciphertext blocks into an upgrade firmware data packet and transmitting the upgrade firmware data packet to the target equipment;
wherein, the sub plaintext encryption module comprises:
the screening unit is used for reading the storage information of all the firmware sub-plaintext blocks and screening the firmware sub-plaintext blocks with the sizes inconsistent with the block values according to the storage information;
a first assignment unit, configured to assign a size of a firmware sub-plain text block larger than the block value to twice the block value;
a second assignment unit, configured to assign a size of a firmware sub-plain text block smaller than the block value to the block value;
and the encryption unit is used for encrypting all the firmware sub-plaintext blocks by using a preset encryption algorithm.
8. A computer device comprising a memory and a processor, the memory storing a computer program that, when run on the processor, performs the firmware encryption method of any one of claims 1 to 3 or the firmware decryption method of any one of claims 4 to 6.
9. A readable storage medium, characterized in that it stores a computer program which, when run on a processor, performs the firmware encryption method of any one of claims 1 to 3, or the firmware decryption method of any one of claims 4 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110586968.7A CN113221149B (en) | 2021-05-27 | 2021-05-27 | Firmware encryption method, device, firmware decryption method and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110586968.7A CN113221149B (en) | 2021-05-27 | 2021-05-27 | Firmware encryption method, device, firmware decryption method and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113221149A CN113221149A (en) | 2021-08-06 |
| CN113221149B true CN113221149B (en) | 2024-02-09 |
Family
ID=77098868
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110586968.7A Active CN113221149B (en) | 2021-05-27 | 2021-05-27 | Firmware encryption method, device, firmware decryption method and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113221149B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114266055B (en) * | 2022-03-02 | 2022-05-27 | 山东华翼微电子技术股份有限公司 | Multi-core firmware secure storage method and system |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457718A (en) * | 2013-05-28 | 2013-12-18 | 香港应用科技研究院有限公司 | Partial ciphertext update using variable-length segment and fixed grouping |
| CN104205117A (en) * | 2014-04-10 | 2014-12-10 | 华为技术有限公司 | Device file encryption and decryption method and device |
| CN105706099A (en) * | 2013-11-06 | 2016-06-22 | 三菱电机株式会社 | Software update device, and software update program |
| CN108985111A (en) * | 2017-06-01 | 2018-12-11 | 慧荣科技股份有限公司 | Data storage device and firmware encryption and decryption method |
| CN111031536A (en) * | 2019-12-26 | 2020-04-17 | 大连市共进科技有限公司 | Method and device for transmitting burning file and 5G small base station burning equipment |
| CN111832011A (en) * | 2020-07-09 | 2020-10-27 | 郑州信大捷安信息技术股份有限公司 | IAP-based firmware security upgrading method and device |
| CN112015455A (en) * | 2020-10-29 | 2020-12-01 | 上海银基信息安全技术股份有限公司 | Firmware upgrading method and device, electronic equipment and storage medium |
| CN112100624A (en) * | 2020-08-24 | 2020-12-18 | 泰斗微电子科技有限公司 | Firmware protection method and device and terminal equipment |
| CN112148334A (en) * | 2020-11-03 | 2020-12-29 | 广州彩熠灯光股份有限公司 | Firmware upgrading method, device, system, terminal, lamp and storage medium |
| CN112148337A (en) * | 2020-09-09 | 2020-12-29 | 杭州涂鸦信息技术有限公司 | Firmware upgrading method and device |
| CN112732318A (en) * | 2021-01-12 | 2021-04-30 | 武汉光庭信息技术股份有限公司 | Singlechip firmware upgrading method |
| CN112822199A (en) * | 2021-01-18 | 2021-05-18 | 吾征智能技术(北京)有限公司 | OTA (over the air) upgrading method and system based on protocol conversion |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924607B (en) * | 2010-08-27 | 2013-01-23 | 华为终端有限公司 | Firmware processing method based on firmware air transmission technology, device and system thereof |
-
2021
- 2021-05-27 CN CN202110586968.7A patent/CN113221149B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103457718A (en) * | 2013-05-28 | 2013-12-18 | 香港应用科技研究院有限公司 | Partial ciphertext update using variable-length segment and fixed grouping |
| CN105706099A (en) * | 2013-11-06 | 2016-06-22 | 三菱电机株式会社 | Software update device, and software update program |
| CN104205117A (en) * | 2014-04-10 | 2014-12-10 | 华为技术有限公司 | Device file encryption and decryption method and device |
| CN108985111A (en) * | 2017-06-01 | 2018-12-11 | 慧荣科技股份有限公司 | Data storage device and firmware encryption and decryption method |
| CN111031536A (en) * | 2019-12-26 | 2020-04-17 | 大连市共进科技有限公司 | Method and device for transmitting burning file and 5G small base station burning equipment |
| CN111832011A (en) * | 2020-07-09 | 2020-10-27 | 郑州信大捷安信息技术股份有限公司 | IAP-based firmware security upgrading method and device |
| CN112100624A (en) * | 2020-08-24 | 2020-12-18 | 泰斗微电子科技有限公司 | Firmware protection method and device and terminal equipment |
| CN112148337A (en) * | 2020-09-09 | 2020-12-29 | 杭州涂鸦信息技术有限公司 | Firmware upgrading method and device |
| CN112015455A (en) * | 2020-10-29 | 2020-12-01 | 上海银基信息安全技术股份有限公司 | Firmware upgrading method and device, electronic equipment and storage medium |
| CN112148334A (en) * | 2020-11-03 | 2020-12-29 | 广州彩熠灯光股份有限公司 | Firmware upgrading method, device, system, terminal, lamp and storage medium |
| CN112732318A (en) * | 2021-01-12 | 2021-04-30 | 武汉光庭信息技术股份有限公司 | Singlechip firmware upgrading method |
| CN112822199A (en) * | 2021-01-18 | 2021-05-18 | 吾征智能技术(北京)有限公司 | OTA (over the air) upgrading method and system based on protocol conversion |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113221149A (en) | 2021-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3190543A1 (en) | Method of dynamically encrypting fingerprint data and related fingerprint sensor | |
| CN109948347B (en) | Data storage method and device, server and readable storage medium | |
| EP2996278B1 (en) | Remapping constant points in a white-box implementation | |
| EP3099002A1 (en) | Diversifying control flow of white-box implementation | |
| CN102105883A (en) | Electronic device and method of software or firmware updating of an electronic device | |
| CN109829294A (en) | A kind of firmware validation method, system, server and electronic equipment | |
| CN112417491B (en) | Method for acquiring and recovering data encryption key of solid state disk and method for reading and writing data | |
| US9357102B2 (en) | Systems and methods of securing operational information associated with an imaging device | |
| US11720693B2 (en) | System and method for securely transferring data | |
| CN113221149B (en) | Firmware encryption method, device, firmware decryption method and computer equipment | |
| US20210035018A1 (en) | Apparatus for verifying integrity of AI learning data and method therefor | |
| EP4084484B1 (en) | Method and device for encryption of video stream, communication equipment, and storage medium | |
| US9218235B2 (en) | Systems and methods of verifying operational information associated with an imaging device | |
| CN109189450A (en) | A kind of method and device of server firmware upgrading | |
| EP2940917A1 (en) | Behavioral fingerprint in a white-box implementation | |
| US20210143978A1 (en) | Method to secure a software code performing accesses to look-up tables | |
| US10567159B2 (en) | CMAC computation using white-box implementations with external encodings | |
| CN114444027A (en) | Software signature implanting method, software signature verifying device, electronic equipment and medium | |
| CN113596031B (en) | Cable modem, information protection method, and readable storage medium | |
| FI3672141T3 (en) | Method for verifying the integrity and decryption of an encrypted message, associated cryptomodule and terminal | |
| US11522707B2 (en) | System and method for detecting compromised devices | |
| EP4218197B1 (en) | Method for securing an execution of a cryptographic process | |
| CN116451257B (en) | Encryption method and system for database data and electronic equipment | |
| EP3881214B1 (en) | Change-tolerant method of generating an identifier for a collection of assets in a computing environment | |
| US20220284113A1 (en) | System and method for securely transferring data using encryption keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |