Software tampering detection method, device, system, electronic equipment and storage medium

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
By using analog circuit and program integrity verification methods, the problem of controllers lacking security hardware expansion modules is solved, enabling software tamper detection and secure startup of controllers without security hardware expansion modules or hardware security modules.

CN115438347BActive Publication Date: 2026-06-12CHONGQING CHANGAN TECH CO LTD

View PDF -1 Cites 0 Cited by

Patent Information

Authority / Receiving Office: CN · China
Patent Type: Patents(China)
Current Assignee / Owner: CHONGQING CHANGAN TECH CO LTD
Filing Date: 2022-08-18
Publication Date: 2026-06-12

Application Information

Patent Timeline

18 Aug 2022

Application

12 Jun 2026

Publication

CN115438347B

IPC: G06F21/57; G06F21/64; G06F21/55; G06F9/4401

CPC: G06F21/575; G06F21/64; G06F21/554; G06F9/4401

AI Tagging

Application Domain

Digital data protectionBootstrapping

Explore More Agents

Novelty Search
Search existing technologies and assess novelty
↗
FTO
Analyze whether a product may infringe others' patents
↗
Design FTO
Check prior-design risk for exterior design
↗
Drafting
Draft patent application text based on a technical solution
↗
Find Solutions with TRIZ
Generate feasible solution to solve your technical challenge
↗

Similar Technology Patents

Get free access to AI patent search and analysis

Check patentability, review prior art and ask IP Agent with full patent context.

Smart Images

Figure CN115438347B_ABST

Patent Text Reader

Abstract

The application discloses a software tampering detection method, device and system, electronic equipment and a storage medium. The method comprises the following steps: based on a time starting point, a first signal is sent by a monitoring unit, and the time starting point is an arbitrary time point; the first signal is received, and the first signal with a corresponding program response is sent to a checking unit, wherein the program is a start boot program; the integrity of the program is checked by the checking unit, a checking result is obtained, and based on the checking result, a second signal is sent to the monitoring unit by the checking unit; whether the second signal conforms to a checking form is judged by the monitoring unit, and a judgment result is output; and software tampering detection is realized according to the judgment result. The application can realize the software tampering detection function of the controller without a security hardware expansion module and a hardware security module, and further realizes the safe start of the controller.

Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a method, apparatus, system, electronic device, and storage medium for detecting software tampering, and belongs to the technical field. Background Technology

[0002] The invention patent CN202110045398.0, titled "Security Protection Method for Controllers, Main Chip of Controllers and Controllers", describes how, with the development of various intelligent system technologies (e.g., intelligent connected vehicle systems), controllers of intelligent systems (e.g., intelligent cockpit controllers, motor controllers, etc.) face increasing security threats. One such security threat is the illegal tampering with the bootloader in the controller and using the tampered bootloader to start the controller, thereby causing various components in the system to malfunction.

[0003] Specifically, such as Figure 1 As shown, the conventional methods for implementing secure startup of the controller are mainly based on the main chip 12 in the controller 13. The main chip 12, such as a main chip containing a Secure Hardware Extension (SHE) module or a main chip containing a Hardware Security Module (HSM), is generally implemented by integrating a corresponding security module 10 (e.g., a low-configuration security module such as an SHE module or a high-configuration security module such as an HSM module) on the chip where its microcontroller unit 11 (MCU) is located. The security module 10, as an on-chip peripheral device of the microcontroller unit 11, can transfer the control of the encryption key from the software domain to the hardware domain, thereby protecting these keys from software attacks.

[0004] The method for implementing secure startup of the controller based on the aforementioned main chip 12 typically includes the following steps:

[0005] (1) The microcontroller unit of the main chip obtains the encryption key and key signature pre-stored in the main chip;

[0006] (2) The microcontroller unit of the main chip generates a verification signature based on the encryption key. Then the security module compares the key signature and the verification signature. If the key signature and the verification signature are consistent, the controller is securely started.

[0007] It is worth noting that, in practice, not all controllers have a main chip containing a security hardware expansion module or a hardware security module. If a controller lacks a main chip with a security hardware expansion module or a hardware security module, its secure boot function will be difficult to implement.

[0008] Therefore, a new controller security protection scheme is needed to ensure the implementation of functions such as safe controller startup. Summary of the Invention

[0009] In view of this, the present invention provides a software tampering detection method, apparatus, system, electronic device and storage medium, which can realize the software tampering detection function of controllers without security hardware expansion modules and hardware security modules, thereby realizing the secure startup of the controller.

[0010] The first objective of this invention is to provide a method for detecting software tampering.

[0011] The second objective of this invention is to provide a software tampering detection device.

[0012] The third objective of this invention is to provide a software tampering detection system.

[0013] A fourth objective of this invention is to provide an electronic device.

[0014] The fifth object of the present invention is to provide a storage medium.

[0015] The first objective of this invention can be achieved by adopting the following technical solution:

[0016] A method for detecting software tampering, the method comprising:

[0017] Based on a time start point, a first signal is sent through the monitoring unit, where the time start point can be any time point;

[0018] Upon receiving the first signal, the first signal containing the corresponding program response is sent to the verification unit, wherein the program is the startup boot program;

[0019] The integrity of the program is verified by the verification unit to obtain the verification result, and based on the verification result, a second signal is sent to the monitoring unit through the verification unit.

[0020] The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result.

[0021] Based on the judgment results, software tampering detection is achieved.

[0022] Furthermore, the step of verifying the integrity of the program through the verification unit, obtaining a verification result, and sending a second signal to the monitoring unit through the verification unit based on the verification result specifically includes:

[0023] Calculate the first integrity metric of the program;

[0024] The second integrity metric of the program is obtained by verifying the signature using the Pub_Key of the program.

[0025] Determine whether the first integrity metric value and the second integrity metric value are equal, and output the verification result;

[0026] If the verification results are equal, a second signal is sent to the monitoring unit through the verification unit.

[0027] Furthermore, the algorithm for calculating the first integrity metric of the program includes a cyclic redundancy check algorithm and a digest algorithm.

[0028] Furthermore, the second signal includes one of a square wave electrical signal, a sine wave electrical signal, and a triangular wave electrical signal;

[0029] The verification method includes one of the following: a preset time is a rising edge, a preset time is a falling edge, a preset time period is a high level, a preset time period is a low level, and a preset period value.

[0030] Furthermore, the first signal is a type of signal;

[0031] The process of detecting software tampering based on the judgment result specifically includes:

[0032] If the judgment result is consistent, it means that the software has not been tampered with;

[0033] If the judgment result is inconsistent, it means that the software has been tampered with.

[0034] Furthermore, the first signal is one of several types of signals;

[0035] The process of detecting software tampering based on the judgment result specifically includes:

[0036] If the judgment result is satisfactory, then based on the number of types of signals, return to the monitoring unit to send the next first signal and execute subsequent operations;

[0037] If the judgment result is inconsistent, it means that the software has been tampered with;

[0038] If the judgment results for all types of signals are consistent, it means that the software has not been tampered with.

[0039] The second objective of this invention can be achieved by adopting the following technical solution:

[0040] A software tampering detection device, the device comprising:

[0041] The first transmitting module is used to transmit a first signal through a monitoring unit based on a time start point, wherein the time start point is any time point;

[0042] The second sending module is used to receive the first signal and send the first signal with a corresponding program response to the verification unit, wherein the program is a startup boot program.

[0043] The third sending module is used to verify the integrity of the program through the verification unit, obtain the verification result, and send a second signal to the monitoring unit through the verification unit based on the verification result.

[0044] The judgment module is used to determine whether the second signal conforms to the verification form through the monitoring unit and output the judgment result.

[0045] The detection module is used to detect software tampering based on the judgment results.

[0046] The third objective of this invention can be achieved by adopting the following technical solution:

[0047] A software tampering detection system, the system comprising a monitoring unit, a verification unit, and a controller, wherein the monitoring unit is connected to the verification unit, and the controller is connected to both the monitoring unit and the verification unit;

[0048] The controller is used to implement the software tampering detection method described above.

[0049] The fourth objective of this invention can be achieved by adopting the following technical solution:

[0050] An electronic device includes a processor and a memory for storing a processor-executable program, wherein when the processor executes the program stored in the memory, it implements the above-described software tampering detection method.

[0051] The fifth objective of this invention can be achieved by adopting the following technical solution:

[0052] A storage medium storing a program, which, when executed by a processor, implements the above-described software tampering detection method.

[0053] The present invention has the following advantages over the prior art:

[0054] This invention employs an analog circuit-based approach and a program integrity verification method to achieve software tamper detection in controllers without security hardware expansion modules or hardware security modules, thereby enabling secure controller startup. The analog circuit-based approach allows for signal extraction, signal transformation, and improved signal anti-interference capabilities. The program integrity verification method enables verification of the corresponding program even without security hardware expansion modules or hardware security modules. Attached Figure Description

[0055] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the structures shown in these drawings without creative effort.

[0056] Figure 1 This is a structural block diagram of a controller with a safety module, which is the background technology of this invention.

[0057] Figure 2 This is a flowchart illustrating the software tampering detection method of Embodiment 1 of the present invention.

[0058] Figure 3 This is a simplified flowchart of the software tampering detection method according to Embodiment 1 of the present invention.

[0059] Figure 4 This is the core flowchart of the software tampering detection method in Embodiment 1 of the present invention.

[0060] Figure 5 The startup process diagram of the controller in Embodiment 1 of the present invention.

[0061] Figure 6 An example diagram of the integrity algorithm of the verification program in Embodiment 1 of the present invention.

[0062] Figure 7 An example diagram of the electrical signal verification method in Embodiment 1 of the present invention.

[0063] Figure 8 This is a structural block diagram of the software tampering detection device according to Embodiment 2 of the present invention.

[0064] Figure 9 This is a structural block diagram of the software tampering detection system of Embodiment 3 of the present invention.

[0065] Figure 10 This is a structural block diagram of the electronic device according to Embodiment 4 of the present invention. Detailed Implementation

[0066] To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative effort are within the scope of protection of the present invention.

[0067] Example 1:

[0068] This embodiment provides a software tampering detection method, which is applied to an intelligent connected vehicle system, wherein the intelligent connected vehicle system includes an intelligent cockpit controller and a motor controller; specifically, this method is based on the intelligent cockpit controller of the vehicle, wherein the intelligent cockpit controller of the vehicle includes three boot programs (hereinafter referred to as programs); the three programs constitute a complete boot software for starting the intelligent cockpit controller of the vehicle (hereinafter referred to as controller).

[0069] like Figures 2-5 As shown, the software tampering detection method in this embodiment includes the following steps:

[0070] S201. Based on the time starting point, the first signal is sent through the monitoring unit.

[0071] In this embodiment, the first signal is one of three types of signals: Type 1, Type 2, and Type 3. The three programs are the first program, the second program, and the third program. The controller will only start after the first, second, and third programs have run sequentially. Specifically, the three types of signals correspond one-to-one with the three programs: Type 1 corresponds to the first program, Type 2 corresponds to the second program, and Type 3 corresponds to the third program. The time starting point is any time point 'a', which can be selected by relevant personnel based on the actual operation time.

[0072] It is worth noting that the number of signal types can be changed according to the number of programs or the execution process of the startup software; when the first signal is input to the controller, if the controller has a corresponding program for the first signal, the controller will generate a corresponding program response; if the controller does not have a corresponding program for the first signal, the controller will stop the startup; the first signal is an electrical signal.

[0073] Step S201 is as follows: The controller calls the monitoring unit, and then takes any time point a as the time starting point of the Type 1 signal, and sends the Type 1 signal through the I / O interface based on this time starting point.

[0074] S202. Receive the first signal and send the first signal with corresponding program response to the verification unit.

[0075] Step S202 is as follows: The controller receives a Type 1 signal through the I / O interface. If the controller has a first program response, it sends the Type 1 signal with the first program response to the verification unit; if the controller does not have a first program response, it stops the startup.

[0076] S203. The integrity of the program is verified by the verification unit to obtain the verification result, and based on the verification result, a second signal is sent to the monitoring unit through the verification unit.

[0077] In this embodiment, the controller verifies the integrity of the program through the verification unit, obtains the verification result, and sends a second signal (i.e., response value) to the monitoring unit based on the verification result.

[0078] Furthermore, such as Figure 6 As shown, the integrity of the program is verified by a verification unit to obtain the verification result, including the following steps:

[0079] S2031. Calculate the first integrity metric of the first procedure.

[0080] In step S2031, the algorithm for calculating the first integrity metric value of the first program includes a cyclic redundancy check algorithm (CRC check) and a digest algorithm (MD5, SHA, MAC, etc.).

[0081] S2032. By verifying the Pub_Key signature in the first procedure, the second integrity metric value of the first procedure is obtained.

[0082] In step S2032, the signature verification algorithm used is RSA2048.

[0083] S2033. Determine whether the first integrity metric value and the second integrity metric value are equal, and output the verification result.

[0084] Furthermore, based on the verification result, a second signal is sent to the monitoring unit through the verification unit. Specifically, if the verification results are the same, a second signal is sent to the monitoring unit through the verification unit.

[0085] Furthermore, the second signal is a distinguishable electrical signal, including one of a square wave electrical signal, a sine wave electrical signal, and a triangular wave electrical signal.

[0086] In this embodiment, after obtaining the verification result, the controller sends the verification result to the verification unit, which includes an analog circuit.

[0087] S204. The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result.

[0088] Furthermore, such as Figure 7 As shown, the verification format includes one of the following: preset time is rising edge, preset time is falling edge, preset time period is high level, preset time period is low level, and preset period value; wherein, the verification format is set by the monitoring unit.

[0089] In step S204, the monitoring unit judges the second signal received by the I / O interface at the corresponding time node of each type of signal.

[0090] S205. Based on the judgment result, implement software tampering detection.

[0091] In this embodiment, the controller detects software tampering based on the judgment result.

[0092] Furthermore, based on the judgment results, software tampering detection is implemented, specifically including:

[0093] If the judgment result is satisfactory, then based on the number of types of signals, return to the monitoring unit to send the next first signal and execute step S202;

[0094] If the judgment result is not met, a reset signal sent by the monitoring unit will be received to stop the startup and perform a reset, which means that the software has been tampered with.

[0095] If the judgment results of all types of signals are in compliance, the software runs safely, thereby enabling the controller to start safely, which means that the software has not been tampered with.

[0096] The next first signal is a type 2 signal. It is worth noting that the next first signal can only be issued after the judgment result is met, and so on.

[0097] In another embodiment, the software tampering detection method is implemented based on a motor controller.

[0098] In other embodiments, the software tampering detection method is applicable to other intelligent systems.

[0099] Those skilled in the art will understand that all or part of the steps in the methods of the above embodiments can be implemented by a program instructing related hardware, and the corresponding program can be stored in a computer-readable storage medium.

[0100] It should be noted that although the method operations of the above embodiments are described in a specific order in the accompanying drawings, this does not require or imply that these operations must be performed in that specific order, or that all the operations shown must be performed to achieve the desired result. On the contrary, the order of execution of the described steps may be changed. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step, and / or one step may be broken down into multiple steps.

[0101] Example 2:

[0102] like Figure 8 As shown, this embodiment provides a software tampering detection device, which includes a first sending module 801, a second sending module 802, a third sending module 803, a judgment module 804, and a detection module 805. The specific functions of each module are as follows:

[0103] The first transmitting module 801 is used to transmit a first signal through a monitoring unit based on a time start point, wherein the time start point is any time point;

[0104] The second sending module 802 is used to receive the first signal and send the first signal with a corresponding program response to the verification unit, wherein the program is a startup boot program.

[0105] The third sending module 803 is used to verify the integrity of the program through the verification unit, obtain the verification result, and send a second signal to the monitoring unit through the verification unit based on the verification result.

[0106] The judgment module 804 is used to determine whether the second signal conforms to the verification form through the monitoring unit and output the judgment result.

[0107] The detection module 805 is used to detect software tampering based on the judgment result.

[0108] Example 3:

[0109] like Figure 9 As shown, this embodiment provides a software tampering detection system, which includes a monitoring unit 901, a verification unit 902, and a controller 903; wherein: the monitoring unit 901 is connected to the verification unit 902, and the controller 903 is connected to the monitoring unit 901 and the verification unit 902; the controller 903 is used to implement the software tampering detection method of Embodiment 1 above, as follows:

[0110] Based on a time start point, a first signal is sent through the monitoring unit, where the time start point can be any time point;

[0111] Upon receiving the first signal, the first signal containing the corresponding program response is sent to the verification unit, wherein the program is the startup boot program;

[0112] The integrity of the program is verified by the verification unit to obtain the verification result, and based on the verification result, a second signal is sent to the monitoring unit through the verification unit.

[0113] The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result.

[0114] Based on the judgment results, software tampering detection is achieved.

[0115] Example 4:

[0116] This embodiment provides an electronic device, which can be a computer, such as... Figure 10As shown, it includes a processor 1002, a memory, an input device 1003, a display device 1004, and a network interface 1005 connected via a system bus 1001. The processor 1002 provides computing and control capabilities. The memory includes a non-volatile storage medium 1006 and internal memory 1007. The non-volatile storage medium 1006 stores an operating system, computer programs, and a database. The internal memory 1007 provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium 1006. When the computer program is executed by the processor 1002, it implements the software tampering detection method of Embodiment 1 described above, as follows:

[0117] Based on a time start point, a first signal is sent through the monitoring unit, where the time start point can be any time point;

[0118] Upon receiving the first signal, the first signal containing the corresponding program response is sent to the verification unit, wherein the program is the startup boot program;

[0119] The integrity of the program is verified by the verification unit to obtain the verification result, and based on the verification result, a second signal is sent to the monitoring unit through the verification unit.

[0120] The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result.

[0121] Based on the judgment results, software tampering detection is achieved.

[0122] Example 5:

[0123] This embodiment provides a storage medium, which is a computer-readable storage medium, storing a computer program. When the computer program is executed by a processor, it implements the software tampering detection method of Embodiment 1 above, as follows:

[0124] Based on a time start point, a first signal is sent through the monitoring unit, where the time start point can be any time point;

[0125] Upon receiving the first signal, the first signal containing the corresponding program response is sent to the verification unit, wherein the program is the startup boot program;

[0126] The integrity of the program is verified by the verification unit to obtain the verification result, and based on the verification result, a second signal is sent to the monitoring unit through the verification unit.

[0127] The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result.

[0128] Based on the judgment results, software tampering detection is achieved.

[0129] It should be noted that the computer-readable storage medium in this embodiment can be a computer-readable signal medium or a computer-readable storage medium, or any combination thereof. The computer-readable storage medium can be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof.

[0130] In this embodiment, the computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in connection with an instruction execution system, apparatus, or device. In this embodiment, the computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying a computer-readable program. Such propagated data signals can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. The computer-readable signal medium can also be any computer-readable storage medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program contained on the computer-readable storage medium can be transmitted using any suitable medium, including but not limited to: wires, optical cables, RF (radio frequency), etc., or any suitable combination thereof.

[0131] The computer-readable storage medium described above can be used to write computer programs for executing this embodiment in one or more programming languages or combinations thereof. These programming languages include object-oriented programming languages—such as Java, Python, and C++—and conventional procedural programming languages—such as C or similar programming languages. The program can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (e.g., via the Internet using an Internet service provider).

[0132] In summary, this invention can realize software tamper detection function for controllers without security hardware expansion modules and hardware security modules, thereby achieving secure startup of the controller.

[0133] The above description is merely a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any equivalent substitutions or modifications made by those skilled in the art within the scope disclosed in the present invention, based on the technical solution and inventive concept of the present invention, shall fall within the scope of protection of the present invention.

Claims

1. A method for detecting software tampering, characterized in that, The method includes: Based on a time start point, a first signal is sent through the monitoring unit, where the time start point is any time point; upon receiving the first signal, a first signal indicating the presence of a corresponding program response is sent to the verification unit, where the program is a startup boot program; The integrity of the program is verified by a verification unit to obtain a verification result. Based on the verification result, a second signal is sent to the monitoring unit through the verification unit. Specifically, this includes: calculating a first integrity metric of the program; verifying the program's Pub_Key to obtain a second integrity metric; determining whether the first and second integrity metric are equal and outputting the verification result; if the verification result is equal, sending a second signal to the monitoring unit through the verification unit; the algorithm for calculating the first integrity metric of the program includes a cyclic redundancy check algorithm and a digest algorithm. The monitoring unit determines whether the second signal conforms to the verification form and outputs the judgment result. Based on the judgment results, software tampering detection is achieved.

2. The software tampering detection method according to claim 1, characterized in that, The second signal includes one of a square wave electrical signal, a sine wave electrical signal, and a triangular wave electrical signal; The verification method includes one of the following: a preset time is a rising edge, a preset time is a falling edge, a preset time period is a high level, a preset time period is a low level, and a preset period value.

3. The software tampering detection method according to claim 1, characterized in that, The first signal is a type of signal; The process of detecting software tampering based on the judgment result specifically includes: If the judgment result is consistent, it means that the software has not been tampered with; If the judgment result is inconsistent, it means that the software has been tampered with.

4. The software tampering detection method according to claim 1, characterized in that, The first signal is one of several types of signals; The process of detecting software tampering based on the judgment result specifically includes: If the judgment result is satisfactory, then based on the number of types of signals, return to the monitoring unit to send the next first signal and execute subsequent operations; If the judgment result is inconsistent, it means that the software has been tampered with; If the judgment results for all types of signals are consistent, it means that the software has not been tampered with.

5. A software tampering detection device, characterized in that, The software tampering detection method according to any one of claims 1-4; the apparatus comprises: The first transmitting module is used to transmit a first signal through a monitoring unit based on a time start point, wherein the time start point is any time point; The second sending module is used to receive the first signal and send the first signal with a corresponding program response to the verification unit, wherein the program is a startup boot program. The third sending module is used to verify the integrity of the program through the verification unit, obtain the verification result, and send a second signal to the monitoring unit through the verification unit based on the verification result. The judgment module is used to determine whether the second signal conforms to the verification form through the monitoring unit and output the judgment result. The detection module is used to detect software tampering based on the judgment results.

6. A software tampering detection system, characterized in that, The system includes a monitoring unit, a verification unit, and a controller. The monitoring unit is connected to the verification unit, and the controller is connected to both the monitoring unit and the verification unit. The controller is used to implement the software tampering detection method according to any one of claims 1-4.

7. An electronic device comprising a processor and a memory for storing a processor-executable program, characterized in that, When the processor executes the program stored in the memory, it implements the software tampering detection method according to any one of claims 1-4.

8. A storage medium storing a program, characterized in that, When the program is executed by the processor, it implements the software tampering detection method according to any one of claims 1-4.