Nothing Special   »   [go: up one dir, main page]

CN109145619A - A kind of Android application resource reinforcement means and system - Google Patents

A kind of Android application resource reinforcement means and system Download PDF

Info

Publication number
CN109145619A
CN109145619A CN201810914429.XA CN201810914429A CN109145619A CN 109145619 A CN109145619 A CN 109145619A CN 201810914429 A CN201810914429 A CN 201810914429A CN 109145619 A CN109145619 A CN 109145619A
Authority
CN
China
Prior art keywords
application program
reinforcement
program
file
reinforcement application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810914429.XA
Other languages
Chinese (zh)
Inventor
夏立宁
张大健
纪崇廉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Original Assignee
CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd filed Critical CHINA FINANCIAL CERTIFICATION AUTHORITY CENTER Co Ltd
Priority to CN201810914429.XA priority Critical patent/CN109145619A/en
Publication of CN109145619A publication Critical patent/CN109145619A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a kind of Android application resource reinforcement means and system, the purpose of the present invention is to provide a kind of Android application resource reinforcement means and systems, by doing the encryption process to the core document in Android application program, the safety of Android application program is improved.This method comprises: doing the encryption process for the core document in former application program, reinforcement application program is formed;The startup item of reinforcement application program is modified, so that taking the lead in starting shell program in machine code before the operation of reinforcement application program;When the operation of reinforcement application program, library file is called to decrypt with reduction core file the file dynamic of encryption by shell program in machine code;By core document dynamically load in the current process of reinforcement application program, so that reinforcement application normal program operation.The system includes the method that above-mentioned technical proposal is mentioned, in the application program applied to H5 technological development.

Description

A kind of Android application resource reinforcement means and system
Technical field
The present invention relates to software information security technology area more particularly to a kind of Android application resource reinforcing sides Method and system.
Background technique
In recent years, smart phone rapid proliferation in the world, in occupation of more and more mobile phone market shares, Android system is the smart phone operation based on Linux, open source code that Google announced to release on November 5th, 2007 System.So far, Android has become most popular one of mobile terminal open platform.
With being continuously increased for Android number of applications, more and more Android application programs are using H5's Development technique, compares primary exploitation, and the development scheme of H5 is suitable for those pages and frequently replaces (such as: Taobao's homepage various activities Show by turns), it needs often to show big section text (such as: news, strategy), page formatting is relatively enriched (such as: overstriking, font Multiplicity) application program.In application program using H5 development scheme, core code will focus on the H5 page and corresponding In JS scripted code, these codes are put into the catalogue under one's name of application program APK packet as resource.Only due to APK packet itself It is to take simple compression processing, therefore attacker is easy to get the application program of H5 exploitation by way of decompression Resource file, in this way, the core code of H5 application is just directly exposed in face of attacker, caused consequence is answering of being attacked It can be implanted advertisement, back door easily with program, even with the behaviors such as stealing privacy of user data, maliciously deducting fees, given User causes loss.
Summary of the invention
The purpose of the present invention is to provide a kind of Android application resource reinforcement means and systems, by right Core document in Android application program is done the encryption process, and improves the safety of Android application program.
To achieve the goals above, an aspect of of the present present invention provides a kind of Android application resource reinforcement means, packet It includes:
It is done the encryption process for the core document in former application program, forms reinforcement application program;
The startup item of reinforcement application program is modified, so that taking the lead in starting shell program in machine code before the operation of reinforcement application program;
When the operation of reinforcement application program, library file is called to decrypt the file dynamic of encryption by shell program in machine code With reduction core file;
By core document dynamically load in the current process of reinforcement application program, so that reinforcement application program is normally transported Row.
Specifically, it is done the encryption process for the core document in former application program, forms the method packet of reinforcement application program It includes:
Core document is extracted from former application program, compress and obtains encryption file after encrypting;
Core document in former application program is replaced with into encryption file, forms reinforcement application program.
Preferably, the core document includes H5 core code and correlated resources file.
Preferably, the startup item of modification reinforcement application program, so that taking the lead in starting shell generation before the operation of reinforcement application program The method of coded program includes:
The configuration file attribute item in reinforcement application program is modified, sets shell program in machine code as the starting of reinforcement application program Module.
Preferably, core document dynamically load is realized into reinforcement application program in the current process of reinforcement application program The method of normal operation includes:
The resource path for modifying reinforcement application program is directed toward, after making reinforcement application program at runtime and capable of calling reduction Core document.
Optionally, core document dynamically load is realized into reinforcement application program in the current process of reinforcement application program It operates normally further include:
Exit shell program in machine code example.
Compared with prior art, Android application resource reinforcement means provided by the invention has below beneficial to effect Fruit:
In the reinforcement means of Android application resource provided by the invention, by the core in former application program File is done the encryption process, and can directly acquire the content of core document by installation kit to avoid attacker, and then ensure that and be based on The safety of the application program of H5 technological development;In view of reinforcement application program operation when can not to encrypted core document into Row identifying call, for this purpose, startup item of the present invention by modification reinforcement application program, so that energy before the operation of reinforcement application program It enough takes the lead in starting shell program in machine code, and calls library file to decrypt the core document dynamic of encryption using shell program in machine code, Obtained core document is restored there are in the temp directory of reinforcement application program, so that core document can be reinforced application program Current process loaded, realize reinforcement application program normal operation.
As it can be seen that the present invention ensure that reinforcing by being encrypted to core document to reduce the risk that keystone resources leak The safety of application program, while the normal operation in order to realize reinforcement application program, the present invention pass through modification reinforcement application journey The startup item of sequence calls library file to decrypt encrypted core document dynamic, and then makes to add to take the lead in starting shell program in machine code Gu core document can be directly got from temp directory after application program operation, since this process is nothing for a user Sense, therefore, using Android application resource reinforcement means provided by the invention, software security can promoted User experience is not lost simultaneously.
Another aspect of the present invention provides Android application resource hardened system, including sequentially connected encryption list Member, startup item modification unit, shell program in machine code unit, library file unit and loading unit;
The encryption unit is used to do the encryption process for the core document in former application program, forms reinforcement application journey Sequence;
The startup item modification unit is used to modify the startup item of reinforcement application program, so that reinforcement application program runs it Before take the lead in starting shell program in machine code;
The shell program in machine code unit is used to pass through shell program in machine code cell call library text when the operation of reinforcement application program Part unit decrypts with reduction core file the file dynamic of encryption;
The loading unit is used for by core document dynamically load in the current process of reinforcement application program, so as to reinforce Application program operates normally.
Specifically, the encryption unit includes encrypting module and addition processing module, and the encrypting module is added by described Add processing module to modify unit with the startup item to connect;
The encrypting module is for extracting core document from former application program, compressing and obtaining encryption file after encrypting;
The addition processing module is used to replacing with the core document in former application program into encryption file, is formed to reinforce and be answered Use program.
Preferably, further including the control unit being connect with the loading unit, described control unit is for working as reinforcement application When normal program operation, controls the shell program in machine code unit and exit example.
Compared with prior art, the beneficial effect of Android application resource hardened system provided by the invention with it is upper The beneficial effect for stating the Android application resource reinforcement means of technical solution offer is identical, and this will not be repeated here.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes a part of the invention, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow diagram of Android application resource reinforcement means in the embodiment of the present invention one;
Fig. 2 is the structural block diagram of Android application resource hardened system in the embodiment of the present invention two.
Appended drawing reference:
1- encryption unit, 2- startup item modify unit;
3- shell program in machine code unit, 4- library file unit;
5- loading unit, 6- control unit;
11- encrypting module, 12- add processing module.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, implement below in conjunction with the present invention Attached drawing in example, technical scheme in the embodiment of the invention is clearly and completely described.Obviously, described embodiment Only a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field Art personnel all other embodiment obtained without creative labor belongs to the model that the present invention protects It encloses.
Embodiment one
Fig. 1 is the flow diagram of Android application resource reinforcement means in the embodiment of the present invention one.Please refer to figure 1, the present embodiment provides a kind of Android application resource reinforcement means, comprising:
It is done the encryption process for the core document in former application program, forms reinforcement application program;Modify reinforcement application journey The startup item of sequence, so that taking the lead in starting shell program in machine code before the operation of reinforcement application program;When the operation of reinforcement application program, lead to Crossing shell program in machine code calls library file to decrypt with reduction core file the file dynamic of encryption;Core document dynamic is added It is loaded in the current process of reinforcement application program, so that reinforcement application normal program operation.
In the reinforcement means of Android application resource provided in this embodiment, by the core in former application program Heart file is done the encryption process, and can directly acquire the content of core document by installation kit to avoid attacker, and then ensure that base In the safety of the application program of H5 technological development;It can not be to encrypted core document when in view of the operation of reinforcement application program Identifying call is carried out, for this purpose, startup item of the present embodiment by modification reinforcement application program, so that reinforcement application program runs it Before can take the lead in starting shell program in machine code, and call library file to the core document dynamic resolution of encryption using shell program in machine code Close, the core document restored is there are in the temp directory of reinforcement application program, so that core document can be reinforced application The current process of program is loaded, and realizes the normal operation of reinforcement application program.
As it can be seen that the present embodiment ensure that and add by being encrypted to core document to reduce the risk that keystone resources leak Gu the safety of application program, while the normal operation in order to realize reinforcement application program, the present embodiment is answered by modifying to reinforce With the startup item of program, library file is called to decrypt encrypted core document dynamic to take the lead in starting shell program in machine code, in turn Core document can be directly got from temp directory after running reinforcement application program, for a user due to this process Be it is noninductive, therefore, using Android application resource reinforcement means provided in this embodiment, software peace can promoted User experience is not lost while full property.
It is understood that being done the encryption process in above-described embodiment for the core document in former application program, is formed and added Gu the method for application program includes: to extract core document from former application program, compresses and obtain encryption file after encrypting;It will be former Core document in application program replaces with encryption file, forms reinforcement application program.
When it is implemented, these core documents are compressed in a file after extracting core document in former application program It is interior, then this document folder is encrypted using Encryption Algorithm to obtain encryption file;Later, by being searched in former application program Core document, and encrypted file is replaced with it, form reinforcement application program.Illustratively, the core in above-described embodiment Heart file includes H5 core code and correlated resources file, wherein correlated resources file include JS scripted code, display picture and Configuration file etc..
In addition, the startup item of reinforcement application program is modified in above-described embodiment, so that the antecedent of reinforcement application program operation The method for first starting shell program in machine code includes: the configuration file attribute item modified in reinforcement application program, sets shell program in machine code For the starting module of reinforcement application program.
When it is implemented, passing through the apk packet of decompiling reinforcement application program, plaintext is obtained AndroidManifest.xml file, the configuration item for then finding the inside are modified, that is, are modified The android:name attribute of AndroidManifest.xml configuration file Application Shipping Options Page, is revised as shell generation Application title in coded program, in this way when starting reinforcement application program, it will shell program in machine code is first carried out Application, realization shell program in machine code take the lead in starting.
Further, in above-described embodiment by core document dynamically load in the current process of reinforcement application program, realize The method of the normal operation of reinforcement application program includes: to modify the resource path direction of reinforcement application program, makes reinforcement application journey Sequence can call the core document after reduction at runtime.
It should be noted that being directed toward by the resource path of modification current application, resource path is adjusted to temp directory The reduction core file of middle storage, such reinforcement application program at runtime can be by obtaining the core stored in temp directory File completes corresponding parsing function, and then realizes the normal operation of reinforcement application program, solves in the prior art Reinforcement application program cannot parse the technical issues of encryption file.Wherein, the amending method that resource path is directed toward is to pass through reflection Mode obtains " android.app.LoadedApk " object of reinforcement application program, obtains its domain " mResDir " later, then The value for modifying this domain is the core document path values of reduction, and the direction modification of resource path can be completed.
It is well known that the core document in temp directory is merely able to be accessed by the reinforcement application program of itself, other are answered It can not be accessed with program, therefore not will cause the leakage of core document, without core document in worry temp directory Safety issue.In addition, shell program in machine code example is exited, to application after the normal operation of reinforcement application program Using effect will not reduce user experience as former application program for family.
Embodiment two
Fig. 1 and Fig. 2 are please referred to, the present embodiment provides a kind of Android application resource hardened systems, including successively connect Encryption unit 1, startup item modification unit 2, shell program in machine code unit 3, library file unit 4 and the loading unit 5 connect;
Encryption unit is done the encryption process with 1 in for the core document in former application program, forms reinforcement application program;
Startup item modification unit 2 is used to modify the startup item of reinforcement application program, so that before the operation of reinforcement application program It takes the lead in starting shell program in machine code;
Shell program in machine code unit 3 is used to call library file by shell program in machine code unit 3 when the operation of reinforcement application program Unit 4 decrypts with reduction core file the file dynamic of encryption;
Loading unit 5 is used for by core document dynamically load in the current process of reinforcement application program, is answered so as to reinforce Use normal program operation.
Encryption unit 1 includes encrypting module 11 and addition processing module 12, and encrypting module 11 passes through addition processing module 12 It is connect with startup item modification unit 2;
Encrypting module 11 is for extracting core document from former application program, compressing and obtaining encryption file after encrypting;
Addition processing module 12 is used to replacing with the core document in former application program into encryption file, forms reinforcement application Program.
It further include the control unit 6 being connect with loading unit 5, control unit 6 is used to work as reinforcement application normal program operation When, control shell program in machine code unit 3 exits example.
Compared with prior art, the beneficial effect of Android application resource hardened system provided in an embodiment of the present invention Fruit is identical as the beneficial effect of Android application resource reinforcement means that above-described embodiment one provides, and this will not be repeated here.
It will appreciated by the skilled person that realizing that all or part of the steps in foregoing invention method is can to lead to Program is crossed to instruct relevant hardware and complete, above procedure can store in computer-readable storage medium, the program When being executed, each step including above-described embodiment method, and the storage medium may is that ROM/RAM, magnetic disk, CD, Storage card etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (9)

1. a kind of Android application resource reinforcement means characterized by comprising
It is done the encryption process for the core document in former application program, forms reinforcement application program;
The startup item of reinforcement application program is modified, so that taking the lead in starting shell program in machine code before the operation of reinforcement application program;
When the operation of reinforcement application program, library file is called to decrypt to go back the file dynamic of encryption by shell program in machine code Former core document;
By core document dynamically load in the current process of reinforcement application program, so that reinforcement application normal program operation.
2. the method according to claim 1, wherein being done at encryption for the core document in former application program Reason, the method for forming reinforcement application program include:
Core document is extracted from former application program, compress and obtains encryption file after encrypting;
Core document in former application program is replaced with into encryption file, forms reinforcement application program.
3. the method according to claim 1, wherein the core document includes H5 core code and correlated resources File.
4. the method according to claim 1, wherein the startup item of modification reinforcement application program, is answered so that reinforcing Include: with the method for taking the lead in starting shell program in machine code before program operation
The configuration file attribute item in reinforcement application program is modified, sets shell program in machine code as the starting mould of reinforcement application program Block.
5. the method according to claim 1, wherein the working as in reinforcement application program by core document dynamically load Preceding process, the method for realizing the normal operation of reinforcement application program include:
The resource path for modifying reinforcement application program is directed toward, and the core after reduction can be called by making reinforcement application program at runtime File.
6. according to the method described in claim 5, it is characterized in that, by core document dynamically load working as in reinforcement application program Preceding process realizes the normal operation of reinforcement application program further include:
Exit shell program in machine code example.
7. a kind of Android application resource hardened system, which is characterized in that including sequentially connected encryption unit, starting Item modification unit, shell program in machine code unit, library file unit and loading unit;
The encryption unit is used to do the encryption process for the core document in former application program, forms reinforcement application program;
The startup item modification unit is used to modify the startup item of reinforcement application program, so that the antecedent of reinforcement application program operation First start shell program in machine code;
The shell program in machine code unit is used to pass through shell program in machine code cell call library file list when the operation of reinforcement application program Member decrypts with reduction core file the file dynamic of encryption;
The loading unit is used for by core document dynamically load in the current process of reinforcement application program, so that reinforcement application Normal program operation.
8. system according to claim 7, which is characterized in that the encryption unit includes encrypting module and addition processing mould Block, the encrypting module are modified unit with the startup item by the addition processing module and are connect;
The encrypting module is for extracting core document from former application program, compressing and obtaining encryption file after encrypting;
The addition processing module is used to replacing with the core document in former application program into encryption file, forms reinforcement application journey Sequence.
9. system according to claim 7, which is characterized in that it further include the control unit being connect with the loading unit, Described control unit is used for when reinforcement application normal program operation, is controlled the shell program in machine code unit and is exited example.
CN201810914429.XA 2018-08-13 2018-08-13 A kind of Android application resource reinforcement means and system Pending CN109145619A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810914429.XA CN109145619A (en) 2018-08-13 2018-08-13 A kind of Android application resource reinforcement means and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810914429.XA CN109145619A (en) 2018-08-13 2018-08-13 A kind of Android application resource reinforcement means and system

Publications (1)

Publication Number Publication Date
CN109145619A true CN109145619A (en) 2019-01-04

Family

ID=64792554

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810914429.XA Pending CN109145619A (en) 2018-08-13 2018-08-13 A kind of Android application resource reinforcement means and system

Country Status (1)

Country Link
CN (1) CN109145619A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918872A (en) * 2019-01-28 2019-06-21 中国科学院数据与通信保护研究教育中心 Android application reinforcement means
CN113157324A (en) * 2021-03-19 2021-07-23 山东英信计算机技术有限公司 Starting method, device and equipment of computer equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101284676B1 (en) * 2012-02-28 2013-08-23 건국대학교 산학협력단 Cryptography-based copy protection system and method for android apps
CN104408337A (en) * 2014-11-18 2015-03-11 刘鹏 Reinforcement method for preventing reverse of APK (Android package) file
CN106295370A (en) * 2016-08-19 2017-01-04 北京奇虎科技有限公司 A kind of method and apparatus of the dynamic link library (DLL) file reinforcing installation kit
CN106650330A (en) * 2016-12-22 2017-05-10 合肥国信车联网研究院有限公司 Android application software reinforcement protection method based on DexClassloader
CN106708571A (en) * 2016-12-13 2017-05-24 北京奇虎科技有限公司 Resource file loading method and device and source file reinforcing method and device
CN107480477A (en) * 2017-07-21 2017-12-15 四川长虹电器股份有限公司 Mobile terminal product copy-right protection method based on html5 technologies

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101284676B1 (en) * 2012-02-28 2013-08-23 건국대학교 산학협력단 Cryptography-based copy protection system and method for android apps
CN104408337A (en) * 2014-11-18 2015-03-11 刘鹏 Reinforcement method for preventing reverse of APK (Android package) file
CN106295370A (en) * 2016-08-19 2017-01-04 北京奇虎科技有限公司 A kind of method and apparatus of the dynamic link library (DLL) file reinforcing installation kit
CN106708571A (en) * 2016-12-13 2017-05-24 北京奇虎科技有限公司 Resource file loading method and device and source file reinforcing method and device
CN106650330A (en) * 2016-12-22 2017-05-10 合肥国信车联网研究院有限公司 Android application software reinforcement protection method based on DexClassloader
CN107480477A (en) * 2017-07-21 2017-12-15 四川长虹电器股份有限公司 Mobile terminal product copy-right protection method based on html5 technologies

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918872A (en) * 2019-01-28 2019-06-21 中国科学院数据与通信保护研究教育中心 Android application reinforcement means
CN113157324A (en) * 2021-03-19 2021-07-23 山东英信计算机技术有限公司 Starting method, device and equipment of computer equipment and readable storage medium

Similar Documents

Publication Publication Date Title
US9038910B2 (en) Method and apparatus for executing user action commands
CN107967139B (en) Hot updating method and device for game
CN104063225B (en) Screen locking theme development method and device
CN104239757A (en) Application program reversing-preventing method and device and operation method and terminal
CN112565026B (en) Test frame generation method, device and equipment
CN105224401A (en) Scheduled task control method and device
CN109992284A (en) Method and device for providing hot update program and electronic equipment
CN103677948A (en) Starter and start method
CN109145619A (en) A kind of Android application resource reinforcement means and system
KR101734663B1 (en) Method for preventing reverse engineering of android application and apparatus for performing the method
CN104318139B (en) Intelligent terminal and the method processing data message thereof
CN106778088A (en) Dynamic loading method based on Hook technologies
CN112214250B (en) Application program component loading method and device
CN111144878A (en) Instruction generation method and instruction generation device
CN109766123B (en) Application program packaging method and device
US8863121B2 (en) Method and terminal for loading picture resources by JAVA virtual machine
CN106775879B (en) VR application installation-free method and system based on android system client
CN113157337A (en) Application program starting method and device, terminal equipment and storage medium
CN109711154A (en) A kind of hook framework technology based on Android application apk file
BRPI0708498A2 (en) method for displaying content on a mobile communication terminal that hosts a security personal authenticator, and security personal authenticator for a mobile communication terminal
CN115801279A (en) File secure transmission method and device
CN111475763B (en) Webpage running method and device, storage medium and equipment
CN110399160B (en) Channel package packaging method, device, server and storage medium
CN110704157B (en) Application starting method, related device and medium
CN113420313A (en) Program safe operation and encryption method and device, equipment and medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104

RJ01 Rejection of invention patent application after publication