A kind of obfuscation method and device for executable application

Abstract

The invention provides a confusing method and device of executable application, wherein the method comprises the following steps: A, reversely analyzing executable codes need to be confused, so as to obtain a reversely analyzed instruction sequence; B, applying instruction abstract and statistic analysis to the reversely analyzed instruction sequence, coding based on the result of the statistic analysis in order to generate a LZW coding schedule; C, recoding binary flow of the executable codes need to be confused based on the LZW coding schedule, so as to generate a confused instruction sequence; D, packaging the confused instruction sequence, and packing into the confused executable application. By utilizing the confusing method and device of executable application, the ability of automated tools for identifying the confusing method can be reduced, thereby increasing the difficulty of reading codes and cracking applications for attackers.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to an executable application obfuscation method and device. Background technique [0002] In the field of information security technology, in order to protect executable applications or codes, obfuscation techniques are generally used to reorganize and process released executable applications, so that the processed code can perform the same function as the pre-processed code, but the obfuscation The final code is difficult to be decompiled, even if the decompilation is successful, it will be difficult to read, and it is difficult to obtain the true semantics of the program. [0003] In the existing technology, a lot of research has been done in the field of obfuscation technology at home and abroad, and some feasible technical methods have also been proposed, and corresponding obfuscation tools have been constructed. At present, the main obfuscation methods mai...

AI Technical Summary

Problems solved by technology

Although the above methods in the prior art can meet the application confusion index, they still have certain limitations:

[0009] Application software obfuscation tools such as ProGuard and APKProtect are source code-based obfuscation methods, which need to be protected on the basis of obtaining the developer's source code. Therefore, major software manufacturers and application stores cannot directly obfuscate the released executable programs

[0010] 2. Static confusion is difficult to prevent dynamic debugging

[0011] Traditional obfuscation algorithms are mostly static obfuscation techniques. After obfuscation through traditional methods, although it can increase the difficulty of reading for attackers, most of the program code can still be understood, and it is also difficult to resist dynamic debugging by tools such as IDA.

[0012] 3. The obfuscation method is easy to be found

However, due to the distinctive characteristics of traditional obfuscation tools and hardening tools, they can be quantitatively distinguished by various indicators such as randomness and entropy. a certain degree of threat

Images