A method for protecting a harmony system ABC program code

By decompiling and obfuscating the HarmonyOS ABC program files, obfuscated assembly instruction code blocks are generated and the file structure is updated, solving the problems of shallow protection levels and stability in existing technologies, and achieving efficient program code protection.

CN122389005APending Publication Date: 2026-07-14BEIJING BANGCLE TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING BANGCLE TECH CO LTD
Filing Date
2026-02-27
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing technologies, the protection methods for the HarmonyOS ABC program code rely on fixed obfuscation rules, resulting in a shallow protection layer that is easily reverse-engineered and may affect program stability and compatibility.

Method used

By decompiling and parsing the ABC program file, Panda assembly instructions and related information are obtained, obfuscated and transformed to generate obfuscated assembly instruction code blocks, and storage space is added to the end of the file. Function instruction address offsets and file structure information are updated to generate a protected HAP installation package.

Benefits of technology

It significantly enhances the ABC program's resistance to reverse engineering, increases the cost of reverse engineering and the risk of misjudgment, while ensuring normal program operation and system compatibility, making it suitable for the release of HarmonyOS applications with high security levels.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122389005A_ABST
    Figure CN122389005A_ABST
Patent Text Reader

Abstract

The present application relates to the technical field of program protection, and more particularly to a protection method for ABC program code of a Hongmeng system. The method comprises the following steps: extracting an ABC program file from a HAP installation package, performing decompilation analysis on the ABC program file, implementing instruction obfuscation and reconstruction at a Panda assembly instruction level, migrating the obfuscated instructions to a newly added instruction storage space, updating function instruction address offsets and related symbol information, and finally completing reconstruction of file structure and verification information, thereby improving the security protection capability of application code without affecting normal operation of the program. The present application performs equivalent reconstruction and deep obfuscation on the instruction structure, execution path and data flow of the ABC program at the Panda assembly instruction level, thereby cutting off the restorability of the original instructions and function call semantics without affecting the normal operation of the program, and significantly improving the overall protection capability of the Hongmeng system application against static and dynamic reverse analysis.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of program protection technology, and in particular to a method for protecting the HarmonyOS ABC program code. Background Technology

[0002] With the widespread application of the HarmonyOS operating system in smart terminals, the Internet of Things, and distributed application scenarios, the security and intellectual property protection of applications are becoming increasingly prominent. HarmonyOS applications are typically released as HAP installation packages, which contain ABC program files that carry core business logic and key algorithms. Once these files are illegally analyzed or tampered with, application functions can be copied, logic can be cracked, or security mechanisms can be bypassed, posing significant technical and commercial risks to developers.

[0003] In existing technologies, protection methods for ABC program code are mostly concentrated at the source code level or higher intermediate representation layer, such as code compression, symbol renaming, or simple instruction rearrangement. These methods often rely on fixed obfuscation rules, resulting in a relatively shallow protection level. Function structures, call relationships, and key string information can still be reconstructed relatively completely using decompilation tools, making it difficult to effectively resist reverse engineering targeting low-level execution instructions. Furthermore, some solutions do not fully consider instruction execution dependencies during code protection, easily introducing execution exceptions or compatibility issues, affecting the stable operation of applications on different devices and system versions. Summary of the Invention

[0004] Therefore, it is necessary to provide a method for protecting the HarmonyOS ABC program code to solve at least one of the above-mentioned technical problems.

[0005] To achieve the above objective, a method for protecting the HarmonyOS ABC program code is provided, the method comprising the following steps: Step S1: Extract the ABC program files from the HAP installation package to be released; Step S2: Decompile and parse the ABC program file to obtain the Panda assembly instructions corresponding to the functions, as well as the class names, function names, and string data related to function execution; Step S3: Obfuscate and transform the Panda assembly instructions to generate obfuscated assembly instruction code blocks; Step S4: Clear the assembly instruction storage space in the ABC program file and add instruction storage space at the end of the ABC program file to store the obfuscated assembly instruction code block; Step S5: Update the function instruction address offset in the ABC program file so that the function execution points to the newly added instruction storage space, and obfuscate the class names, function names or string data related to the function execution; Step S6: Update the file structure information and verification information in the ABC program file, and repackage the updated ABC program file to generate a protected HAP installation package.

[0006] The beneficial effects of this invention are as follows: I. This invention decompiles and analyzes the ABC program files in the HAP installation package, directly affecting the Panda assembly instruction level. It reconstructs and migrates the function instruction storage space, simultaneously updating the function instruction address offsets and file structure information, causing the actual executable instructions to detach from the original instruction layout. By implementing invalidation and semantic destruction processing on the original instruction storage area, it severs the effective execution association between the original instructions and the function call flow, making it difficult for reverse engineering methods based on static disassembly, control flow reconstruction, or execution entry point analysis to recover the true execution logic. This method does not rely on simple encryption or symbol hiding, but rather creates substantial interference to attackers at the program execution path and file structure level, significantly improving the overall resistance to reverse engineering analysis of the ABC program during the release phase.

[0007] Second, this invention introduces a refined analysis mechanism based on operand characteristics and execution dependencies during instruction obfuscation. It decomposes the target instruction into multiple sub-functional units with intermediate execution results and establishes constrained data transfer relationships through temporary data carrying resources, constructing an equivalent substitution instruction combination for multi-instruction collaborative execution. Under the premise of satisfying the execution constraints of preceding and subsequent instructions, the substitution instructions are rearranged and inserted, ensuring that the final generated assembly instruction code block remains semantically consistent with the original instructions, but is highly non-intuitive in terms of instruction form, execution path, and data flow structure. This solution effectively increases the cost of reverse analysis and reduces the risk of misjudgment without affecting normal program operation and system compatibility, achieving a balance between security and stability. It is particularly suitable for HarmonyOS application deployment scenarios with high security requirements. Attached Figure Description

[0008] Figure 1 A flowchart illustrating the steps of a method for protecting the ABC program code of the HarmonyOS system; Figure 2 for Figure 1 A detailed flowchart illustrating the implementation steps of step S3. Figure 3 for Figure 1 A detailed flowchart illustrating the implementation steps of step S4. Figure 4 This is a flowchart illustrating the main program protection method for the HarmonyOS ABC program code proposed in this application. The realization of the objective, functional features and advantages of the present invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation

[0009] The technical method of the present invention will now be clearly and completely described with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of the present invention. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without inventive effort are within the scope of protection of the present invention.

[0010] Furthermore, the accompanying drawings are merely illustrative of the invention and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and therefore repeated descriptions of them will be omitted. Some block diagrams shown in the drawings are functional entities and do not necessarily correspond to physically or logically independent entities. These functional entities can be implemented in software, in one or more hardware modules or integrated circuits, or in different network and / or processor methods and / or microcontroller methods.

[0011] It should be understood that although the terms "first," "second," etc., may be used herein to describe various units, these units should not be limited by these terms. These terms are used merely to distinguish one unit from another. For example, without departing from the scope of the exemplary embodiments, a first unit may be referred to as a second unit, and similarly, a second unit may be referred to as a first unit. The term "and / or" as used herein includes any and all combinations of one or more of the associated listed items.

[0012] To achieve the above objectives, please refer to Figures 1 to 4 A method for protecting the HarmonyOS ABC program code, the method comprising the following steps: Step S1: Extract the ABC program files from the HAP installation package to be released; In one embodiment, the overall process can be referred to Figure 4 The HAP installation package to be released is a HarmonyOS application installation file that has been compiled but not yet released and signed. First, the HAP installation package to be processed is stored in a specified directory on the local computer or the build server. This directory is used for subsequent installation package parsing and file extraction operations.

[0013] Subsequently, the HAP installation package is structurally analyzed using a parsing tool. Specifically, the HAP installation package is read as a standard compressed file to obtain its internal file directory structure, and the file list within the installation package is traversed sequentially. During the traversal, the file types related to the application bytecode are identified, and ABC program files are filtered out based on file extensions or file header identifiers.

[0014] In one specific implementation, when a file with the suffix ".abc" is detected inside the installation package, the file is identified as the target ABC program file. In another implementation, when the ABC file does not exist as an independent file, but is embedded as a binary resource in a specific directory or resource block inside the installation package, its storage location is located by reading the corresponding resource index information, and the corresponding binary data is completely parsed out. For example, the HAP package is decompressed, and the ets / modules.abc file is extracted to obtain the main program.

[0015] After determining the storage location of the ABC program file, the ABC program file is copied or exported from the HAP installation package to the preset working directory, while keeping its original binary structure unchanged, so that the ABC program file can be decompiled, analyzed, and obfuscated in the future.

[0016] After the extraction operation is completed, the integrity of the exported ABC program file is verified. For example, by comparing the file length, file header identifier or internal structure information, it is confirmed that the extracted ABC program file is consistent with the original content in the HAP installation package, thus completing the process of extracting the ABC program file from the HAP installation package to be released.

[0017] Step S2: Decompile and parse the ABC program file to obtain the Panda assembly instructions corresponding to the functions, as well as the class names, function names, and string data related to function execution; In one embodiment, the file header and segment structure information of the ABC program file are read to identify different data areas in the file used to store program instructions, constant data, and symbol information, and corresponding data index relationships are established. By parsing the file structure, the instruction storage area used to describe the program execution logic is located as the target area for subsequent assembly instruction parsing.

[0018] Subsequently, the instruction storage area is parsed segment by segment. Based on the instruction encoding rules defined in the ABC program file, the binary program instructions are converted into a recognizable Panda assembly instruction sequence. During the conversion process, the parsed Panda assembly instructions are grouped according to function boundary information, so that each group of Panda assembly instructions corresponds to a specific function execution unit, thereby obtaining the correspondence between functions and Panda assembly instructions.

[0019] While parsing Panda assembly instructions, the symbol information area and constant pool data in the ABC program file are further parsed. Specifically, by reading the class definition table, function definition table, and string constant table, the class name, function name, and string data associated with function execution are obtained, and the association mapping relationship between the class name, function name, string data, and corresponding functions is established.

[0020] In one specific implementation, the string data includes string content used for log output, exception prompts, business identifiers, or parameter passing; the class name and function name include identification information used to describe the program structure and calling relationships. Through unified parsing of the above information, each function corresponds to a complete parsing result of its Panda assembly instructions, related class name, function name, and string data.

[0021] After completing the decompilation and parsing, the obtained Panda assembly instruction data, as well as class names, function names, and string data related to function execution, are stored in a structured form as the basis for subsequent instruction obfuscation, symbol obfuscation, and instruction reordering operations, thereby completing the decompilation and parsing process of the ABC program file.

[0022] In another embodiment, taking the main program ets / modules.abc file as an example, the self-developed decompilation tool is used to disassemble the modules.abc main program to find class names such as com.example.test_so.entry.ets.entryability.EntryAbility, function name onBackground, string testTag, %{public}s, AbilityonBackground, etc., and the corresponding Panda assembly instructions.

[0023] Step S3: Obfuscate and transform the Panda assembly instructions to generate obfuscated assembly instruction code blocks; In one embodiment, a complete instruction list is extracted from the Panda assembly instruction sequence corresponding to the function to be processed, in the original execution order, and this instruction list is loaded into the obfuscation module. The obfuscation module performs type identification on each Panda assembly instruction to distinguish different instruction categories such as arithmetic instructions, logical instructions, jump instructions, data loading instructions, and return instructions.

[0024] In one specific implementation, the Panda assembly instructions undergo equivalent substitution. For example, for multiple equivalent instruction combinations used to perform the same calculation or data operation function, the non-original instruction sequence is selected for replacement, so that the generated assembly instructions remain semantically consistent but differ from the original instructions in instruction structure and arrangement.

[0025] In another specific implementation, instruction reordering is performed on the Panda assembly instructions. Specifically, without affecting the data dependencies between instructions and the execution logic, the positions of instructions whose execution order can be interchanged are adjusted, and jump or placeholder instructions to maintain the execution flow are inserted at necessary positions, so that the overall instruction order is inconsistent with the original instruction order.

[0026] In another specific implementation, non-functional interference instructions are inserted into the Panda assembly instruction sequence corresponding to the function to be protected. These non-functional interference instructions are used to perturb the instruction sequence structure without changing the semantics of the target function or the execution result, thereby increasing the number of instructions and the complexity of the execution path. Specifically, these non-functional interference instructions include, but are not limited to, no-operation instructions, redundant register load and release instructions, equivalent operation instructions, or short-flow jump instructions; these instructions do not participate in effective business logic operations during virtual machine interpretation and execution, nor do they affect the final value of the registers.

[0027] During the obfuscation and transformation process, all newly added, replaced, or rearranged Panda assembly instructions are uniformly verified to ensure that register usage relationships, stack states, and function return paths remain correct. For instructions involving jump relationships, the relative position identifier of the jump target is also updated synchronously to ensure that the function can execute according to the expected flow during operation.

[0028] After obfuscation and transformation, the processed Panda assembly instructions are reorganized into continuous assembly instruction code blocks, which are then numbered or labeled to establish a correspondence with the original functions. The resulting obfuscated assembly instruction code blocks serve as input data for subsequent instruction storage redirection and function entry point rebinding, thus completing the obfuscation and transformation of Panda assembly instructions.

[0029] In another embodiment, some Panda assembly instructions, such as string access instruction lda.str and function call instruction callthis, are obfuscated and modified.

[0030] Step S4: Clear the assembly instruction storage space in the ABC program file and add instruction storage space at the end of the ABC program file to store the obfuscated assembly instruction code block; In one embodiment, the ABC program file to be processed is loaded into a file parsing tool, which parses the overall structure of the ABC program file and identifies the original instruction segment used to store the assembly instructions for the function Panda. This instruction segment is typically associated with a function table, instruction offset table, or code segment index information, and is used to locate and execute the corresponding assembly instructions during program runtime.

[0031] After identifying the original assembly instruction storage space, a cleanup process is performed on that space. Specifically, the Panda assembly instruction data within the original instruction storage area is overwritten, set to null, or marked as invalid instructions, so that this area no longer carries valid executable logic during program execution. During the cleanup process, only the instruction content is manipulated, without changing the relative positional relationships of other data segments in the ABC program file, thereby avoiding affecting the overall structural stability of the file.

[0032] After clearing the original instruction storage space, a new instruction storage space is generated at the end of the ABC program file. Specifically, without disrupting the original file header and data area structure, a contiguous storage area is appended to the end of the file, and a space is allocated to this new area for storing assembly instructions. The capacity of the new instruction storage space is reserved based on the total length of the obfuscated Panda assembly instruction code blocks, ensuring that all obfuscated instructions can be written completely.

[0033] Subsequently, the obfuscated assembly instruction code blocks generated in step S3 are written into the newly added instruction storage space in a predetermined order. During the writing process, the obfuscated instruction code blocks are arranged sequentially and their boundaries are aligned so that the obfuscated instruction code blocks corresponding to each function form continuous and locatable storage units in the newly added instruction storage space.

[0034] In another embodiment, to facilitate the redirection of the subsequent function execution entry point, a corresponding starting position identifier is recorded for each obfuscated Panda assembly instruction code block in the newly added instruction storage space. The starting position identifier is maintained in the form of a logical index or mapping relationship and is temporarily stored in an intermediate mapping table associated with the ABC program file structure. It is used to update the instruction address offset information of the target function based on the starting position identifier in subsequent steps, so that the function execution flow can correctly jump to the corresponding obfuscated instruction code block.

[0035] In another embodiment, the 0x38-byte space starting at offset address 0x1da6 of the original assembly instruction storing the onBackground function is overwritten and filled with 0s, thus clearing the protected original instruction. An additional space is added at offset address 0x4cbc at the end of the ABC file structure to store the obfuscated and modified assembly instruction of length 0x8d bytes.

[0036] Step S5: Update the function instruction address offset in the ABC program file so that the function execution points to the newly added instruction storage space, and obfuscate the class names, function names or string data related to the function execution; In one embodiment, the function metadata structure in the ABC program file is parsed to obtain the instruction entry information corresponding to each function in the function table or method table. The instruction entry information includes at least the starting offset address or instruction index of the instruction referenced when the function is executed, which is used to instruct the virtual machine to load and execute Panda assembly instructions from the specified location when the function is called.

[0037] Subsequently, based on the starting position identifier of the obfuscated assembly instruction code block in the newly added instruction storage space recorded in step S4, the instruction address offset corresponding to the original function is updated. In specific implementation, the instruction address offset that originally pointed to the original instruction storage space is replaced with the offset address that points to the corresponding obfuscated instruction code block in the newly added instruction storage space, so that when the function is called, it directly jumps to the newly added instruction storage space to execute the obfuscated assembly instructions.

[0038] In one specific implementation, before updating the instruction address offset, the function call relationship is verified to confirm that there are no residual references pointing to the cleared original instruction storage space in the function call chain; after the instruction address offset is updated, the integrity of the update result is verified to ensure that each function has a unique and valid instruction entry pointing to the newly added instruction storage space.

[0039] After updating the function instruction address offset, obfuscation is performed on the relevant symbolic data involved in the function execution. This symbolic data includes, but is not limited to, the class name, function name, and string constants referenced during function execution. Specifically, class names and function names are renamed and mapped, replacing them with semantically meaningless or randomly generated identifiers. The corresponding symbolic reference relationships in the ABC program file are updated synchronously to ensure correct parsing during program execution.

[0040] In one embodiment, the string constants used during function execution are encoded, split, or rearranged, and then restored to their original string content through decoding logic before or during function execution, so that the true semantic information of the string cannot be directly obtained during static analysis.

[0041] After obfuscating class names, function names, and string data, the symbol table, constant pool, or index table of the ABC program file is updated consistently to ensure that the obfuscated symbol identifiers are correctly associated with the function execution logic, thus avoiding program malfunctions due to symbol mismatches.

[0042] In another embodiment, the field storing the function at address 0x059d in the ABC file structure is replaced with the original instruction offset address 0x1da6 using a new space address offset of 0x4cbc. This updates the onBackground assembly instruction to the obfuscated instruction. The function name onBackground at address offset 0x0723 in the ABC file structure is obfuscated, and a random string iQjG5wLgPxVU of the same length as the name is generated. This random string is then overwritten at address offset 0x0723. In the ABC file structure, add the SO dependency library named @app:com.example.test_so / entry / bcevchk, the string decryption function name _0, and the newly added export name libentry to the class com.example.test_so.entry.ets.entryability.EntryAbility. In the ABC file structure, add the class name Lcom.example.test_so / entry / ets / log / IWhNzGdH for the newly added simulated obfuscation instruction, the function names func_main_0 and B corresponding to class IWhNzGdH, and the assembly code that implements the instruction obfuscation function to the table representing class information.

[0043] Step S6: Update the file structure information and verification information in the ABC program file, and repackage the updated ABC program file to generate a protected HAP installation package.

[0044] In one embodiment, the file structure of the ABC program file is re-parsed to obtain structural description information related to the instruction storage space, function table, symbol table, and constant area. Since the original assembly instruction storage space has been cleared and a new instruction storage space has been added at the end of the file in the previous steps, the structural fields in the file structure that describe the starting position, length range, and segment order of the instruction area need to be updated synchronously to ensure that the file structure information is consistent with the current actual storage layout.

[0045] In one specific implementation, the instruction area size information is updated according to the ABC file format specification to include the storage space occupied by the newly added obfuscated assembly instruction code blocks. Invalid spaces in the original instruction area are marked as non-executable or free regions, thereby preventing erroneous access to cleared instructions at runtime. Simultaneously, consistency checks are performed on structure fields involving function entry points, instruction area indexes, or offset references to ensure they all point to valid instruction storage space.

[0046] After updating the file structure information, the verification information for the ABC program file is regenerated. This verification information reflects the data integrity of the ABC program file in its current state, meeting the system's consistency verification requirements during loading or installation. Specifically, based on the updated file content, verification fields related to the file as a whole or its segments are recalculated, and the new verification results are written to the corresponding verification storage location to replace the original verification information.

[0047] In one embodiment, after the verification information is updated, an integrity verification process is performed on the updated ABC program file to simulate the system loading or parsing process, confirming that the file structure information matches the verification information and that there are no structural anomalies, verification failures, or loading interruptions.

[0048] After updating the ABC program files, the updated ABC program files are repackaged into the original HAP installation package structure. Specifically, the corresponding ABC program files in the original HAP installation package are replaced with the updated ABC program files, while keeping other resource files, configuration files, and directory structure within the HAP installation package unchanged.

[0049] After replacing the ABC program files, the HAP installation package is repackaged, and the verification or signature information at the installation package level is updated to ensure that the regenerated HAP installation package meets the HarmonyOS system's requirements for the integrity and security of application installation packages.

[0050] In another embodiment, in the ABC file structure, the sizes of the modified method_idx and class_idxs tables are updated, and the file size represented at offset 0x0010 is changed from 0x3a40 to 0x5611. The checksum value at offset 0x0008 in the newly generated ABC file is changed from 0xE36B0F74 to 0x346CBCCB. The modified ABC file is replaced, and the libs / arm64-v8a / libbcevchk.so and libs / x86_64 / libbcevchk.so library files are added to the HAP to generate a protected new HAP package.

[0051] As an example of the present invention, reference is made to Figure 2 As shown, step S3 in this example includes: Step S31: Classify and parse the Panda assembly instructions according to their function type, distinguishing between data access instructions, function call instructions, and control transfer instructions, to obtain the classified Panda assembly instructions; Step S32: Based on the classified Panda assembly instructions, select at least one type of target instruction as the obfuscation object, and analyze the operand characteristics and execution dependencies of the target instruction; Step S33: Based on the operand characteristics and execution dependencies of the target instruction, construct a Panda assembly instruction combination that is functionally equivalent to the target instruction to replace the target instruction and obtain the replacement instruction combination; Step S34: Reorder the alternative instruction combinations or insert instructions to generate an assembly instruction code block.

[0052] In one embodiment, instructions used to read or write local variables, object fields, or array elements are identified as data access instructions; instructions used for function jumps or method calls are identified as function call instructions; and instructions used for conditional judgments, branch jumps, or loop control are identified as control transfer instructions, thereby obtaining a categorized set of Panda assembly instructions.

[0053] Taking an instruction for reading a value from a local variable and storing it in a register as an example, we analyze the types of operands involved in the instruction and its data dependencies with the preceding and following instructions, and confirm that the execution result of the instruction depends only on the specified variable and does not affect other control flows.

[0054] The original single data read instruction is replaced with a combination of multiple instructions. This is achieved by first loading the variable value into a temporary register and then transferring it to the target register via an intermediate register. This allows for equivalent instruction substitution without altering the program's semantics, resulting in a replacement instruction combination.

[0055] The alternative instruction combination is obfuscated, for example, by adjusting the execution order of the alternative instructions or inserting redundant instructions that have no actual business impact without affecting the execution result, so that the generated assembly instruction code block is structurally significantly different from the original instruction sequence.

[0056] Preferably, step S33 includes: Based on the operand characteristics of the target instruction, determine the register resources and data transfer relationships of the target instruction during execution; Based on execution dependencies, determine the execution constraints between the target instruction and its preceding and following instructions; Provided that the execution constraints are met, the target instruction is split into at least two sub-functional instruction units with intermediate execution results; For each sub-functional instruction unit, multiple Panda assembly instructions are constructed to form a combination of alternative instructions that are equivalent to the target instruction in terms of execution result.

[0057] In one embodiment, when the target instruction needs to read source data from a specified register and write the execution result to another register, the relationship between the source register, the target register, and the intermediate data transfer between registers is clarified to determine the register usage method of the target instruction.

[0058] Based on the position of the target instruction in the function instruction sequence, analyze its data dependencies and execution order requirements with preceding and subsequent instructions. For example, confirm whether the execution result of the target instruction is directly used by subsequent instructions, and whether the target instruction depends on data generated by preceding instructions, thereby determining the execution constraints that must not be changed during the replacement process.

[0059] Under the premise of satisfying the above execution constraints, the target instruction is divided into at least two sub-functional instruction units. For example, the data acquisition and result writing operation that was originally completed in one go can be divided into two sub-functional instruction units: "acquire intermediate data" and "transmit intermediate data", so that each sub-functional instruction unit produces a clear intermediate execution result.

[0060] Based on this, multiple Panda assembly instructions are constructed for the aforementioned sub-functional instruction units, enabling coordinated execution. For example, by introducing a temporary register, the first instruction first retrieves and stores intermediate data, and then subsequent instructions transfer the intermediate data to the target register, thus forming a combination of alternative instructions. This combination of alternative instructions maintains the same overall execution result as the original target instruction, but differs significantly in instruction structure and execution path.

[0061] Preferably, based on execution dependencies, the execution constraints between the target instruction and its preceding and following instructions are determined as follows: Based on the position of the target instruction in the Panda assembly instruction sequence, traverse forward along the instruction execution order to obtain at least one instruction that is preceding the target instruction and has a data read / write relationship with the target instruction, and use it as the preceding instruction; Based on the position of the target instruction in the Panda assembly instruction sequence, traverse backwards along the instruction execution order to obtain at least one instruction that is located after the target instruction and depends on the execution result of the target instruction, and use it as the subsequent instruction; Based on the preceding and following instructions, constraint analysis is performed on the data transfer relationship and execution order relationship of the target instruction in the instruction sequence to determine the execution constraints that the target instruction must maintain when performing instruction substitution.

[0062] In one embodiment, the position of the target instruction in the Panda assembly instruction sequence is used as a reference, and the analysis is performed forward according to the actual execution order of the instructions. During the traversal, each preceding instruction is checked to see if there is an assignment, pass, or calculation relationship between the preceding instructions and the registers or operands used by the target instruction.

[0063] For example, if a preceding instruction provides an initial value to a register that the target instruction will use, or generates an intermediate operation result required by the target instruction, then the preceding instruction is identified as an instruction with a data relationship with the target instruction, and its position in the instruction sequence and the corresponding data dependency relationship are recorded.

[0064] Furthermore, based on the position of the target instruction in the instruction sequence, the system traverses backward along the instruction execution order to analyze the dependency of each subsequent instruction following the target instruction on the execution result of the target instruction.

[0065] For example, if a subsequent instruction needs to read the register result generated by the target instruction, or perform conditional judgments, branch selections, or flow jump control based on the execution result of the target instruction, then this subsequent instruction is identified as a dependent instruction that depends on the execution result of the target instruction. After obtaining the preceding and following instructions, a comprehensive analysis is performed on the data transfer relationships and execution order relationships of the target instruction within the entire instruction sequence. Specifically, it clarifies which data must be generated by the preceding instructions before the target instruction is executed, and which execution results must be used by subsequent instructions after the target instruction is executed, thereby determining the data generation order and result visibility that must not be changed during instruction replacement or refactoring.

[0066] Preferably, under the premise of satisfying execution constraints, splitting the target instruction into at least two sub-functional instruction units with intermediate execution results includes: Under the premise of execution constraints, the overall function of the target instruction is decomposed, and the core operation part used to generate the execution result is distinguished from the auxiliary operation part used to transmit the execution status, so as to obtain the decomposition result; Based on the decomposition results, the target instruction is divided into at least two sub-functional units that are executed sequentially. The first sub-functional unit is used to generate intermediate execution results, and the second sub-functional unit is used to complete the remaining functions based on the intermediate execution results. Allocate temporary data carrying resources for intermediate execution results and establish the transmission relationship between intermediate execution results and each sub-functional unit; The execution order of sub-functional units is constrained and verified based on the transitive relationship.

[0067] In one embodiment, the overall function of the target instruction is analyzed under defined execution constraints. For example, the target instruction includes both computational processing of the source operands and the operation of writing the computation result into the target register. Based on this functional characteristic, the target instruction is decomposed into a core operation part and an auxiliary operation part, wherein the core operation part is used to complete data computation, and the auxiliary operation part is used to complete result transmission and state update, thereby obtaining the decomposition result.

[0068] Subsequently, based on the decomposition results, the target instruction is divided into at least two sequentially executed sub-functional instruction units. For example, the first sub-functional unit is used to perform calculations on the data in the source register to generate the corresponding intermediate execution result; the second sub-functional unit is used to read the intermediate execution result and write it into the target register or for updating the execution status visible to subsequent instructions, so as to complete the remaining functions of the target instruction.

[0069] After generating intermediate execution results, temporary data carrying resources are allocated to the intermediate execution results. The temporary data carrying resources include temporary registers or temporary data units supported by the virtual machine. Based on the temporary data carrying resources, a data transfer relationship between the intermediate execution results and the first sub-functional unit and the second sub-functional unit is established so that the subsequent sub-functional units can accurately obtain the execution results of the previous sub-functional unit.

[0070] Finally, based on the established transmission relationship, the execution order of each sub-functional unit is verified to ensure that the first sub-functional unit must be executed before the second sub-functional unit, and that the constraints of the preceding and subsequent instructions on the data and execution order are not violated.

[0071] Preferably, allocating temporary data carrying resources for intermediate execution results and establishing the transmission relationship of intermediate execution results between various sub-functional units includes: Based on the decomposition results, identify the data type characteristics and lifecycle range of the intermediate execution results; Based on the characteristics and lifecycle of the data type, select a temporary data carrier resource that is compatible with the target instruction execution environment for the intermediate execution results; Establish read-write associations between temporary data carrying resources and sub-functional units to enable the transfer of intermediate execution results between adjacent sub-functional units; Consistency constraints are applied to the access order of intermediate execution results in temporary data storage resources.

[0072] In one embodiment, based on the aforementioned decomposition results, intermediate execution results are analyzed to identify their data type characteristics and lifecycle range. For example, if an intermediate execution result is an integer operation result and is only valid between two adjacent sub-functional units formed by the decomposition of the current target instruction, without needing to cross further instruction boundaries or function ranges, then it is determined that the intermediate execution result has the characteristics of short lifecycle and local visibility.

[0073] Subsequently, based on the data type characteristics and lifecycle of the intermediate execution results, a temporary data carrying resource matching the target instruction execution environment is selected for the intermediate execution results.

[0074] For example, if the current register resources meet the usage conditions, a temporary register that is not occupied by the preceding and subsequent instructions is selected to carry the intermediate execution result; if the register resources are limited, a temporary data unit provided by the virtual machine execution environment is selected as the data carrying resource to avoid affecting the execution logic and state of the original instruction sequence.

[0075] After determining the temporary data carrier resource, a clear data association is established between the temporary data carrier resource and each sub-functional unit. Specifically, after the first sub-functional unit completes its execution, it writes the intermediate execution result it generates into the corresponding temporary data carrier resource. During execution, the second sub-functional unit retrieves the intermediate execution result from the temporary data carrier resource to complete subsequent functional processing, thereby achieving the orderly transfer of intermediate execution results between adjacent sub-functional units. Finally, consistency constraints are applied to the access order of intermediate execution results in the temporary data carrier resource. For example, write operations must be completed before read operations, and irrelevant read / write operations on the temporary data carrier resource are prohibited between two sub-functional unit executions to prevent intermediate execution results from being overwritten or tampered with.

[0076] Preferably, based on data type characteristics and lifecycle, the temporary data carrier resources selected for intermediate execution results that are compatible with the target instruction execution environment include: Based on the data type characteristics of the intermediate execution results, determine the requirements of the intermediate execution results for data precision, access method, and access granularity; Based on the lifecycle of intermediate execution results, determine the duration of the intermediate execution results within the instruction execution flow; Based on data requirements and duration, candidate data carrier resources that meet the execution environment constraints are selected from the data carrier resources, and temporary data carrier resources for carrying intermediate execution results are determined from the candidate data carrier resources.

[0077] In one embodiment, when the intermediate execution result is integer or Boolean data, it usually only needs to meet the basic numerical representation precision requirements and be used by subsequent sub-functional units in a single or limited number of times; when the intermediate execution result is object reference or string index data, it is necessary to ensure that the reference relationship remains consistent during subsequent access and meet the parsing requirements in the multi-step execution process.

[0078] Based on the above data type characteristics, it can be determined whether the intermediate execution result is suitable to be carried by register-type resources, or whether it needs to rely on a temporary data carrying unit with the ability to ensure the consistency of the execution environment.

[0079] The intermediate execution result is only valid between two adjacent sub-functional units formed by splitting the target instruction, and is no longer referenced by subsequent instructions after the second sub-functional unit has been executed. Based on this lifecycle, it can be determined that the intermediate execution result does not need to be retained for a long time, nor does it need to be transmitted across function boundaries or exception handling paths, thereby reducing the requirements for the continuous effectiveness of data carrying resources.

[0080] When register resources are not occupied by preceding or following instructions, free general-purpose registers can be included as candidate data carrier resources. When register resources are limited or there is a risk of register reuse conflicts, temporary data units maintained by the virtual machine execution environment will be used as candidate data carrier resources. At the same time, data carrier resources that may conflict with exception handling mechanisms, garbage collection processes, or concurrent execution semantics will be excluded.

[0081] Without disrupting the constraints of instruction execution and control flow, register-type resources with lower access overhead are prioritized. When this condition cannot be met, temporary data carriers with controllable lifecycles and limited scope of operation are selected as alternatives. As an example of this invention, refer to... Figure 3 As shown, step S4 in this example includes: Step S41: Obtain the functions to be protected in the ABC program file; Step S42: Locate the original Panda assembly instruction storage area corresponding to the function to be protected in the ABC program file, and determine the starting position and length range of the storage area; Step S43: Perform invalidation processing on the original Panda assembly instruction storage area, so that the instructions in the original Panda assembly instruction storage area will no longer be executed during program execution; Step S44: Extend the generation instruction storage space at the end of the ABC program file to store the obfuscated assembly instruction code block.

[0082] In one embodiment, the ABC program file to be processed is structurally parsed, and the target functions that need to be protected are identified based on the function metadata table or method index information. The functions to be protected can be filtered according to security policy configuration, function call frequency, business sensitivity level or developer pre-marking information, and the entry offset address and instruction length information of the corresponding functions are recorded.

[0083] Based on the obtained entry information of the function to be protected, the original Panda assembly instruction storage area corresponding to the function to be protected is located in the ABC program file; by parsing the function instruction index table, code segment mapping relationship or instruction offset mapping table, the starting position and continuous length range of the Panda assembly instruction storage area in the file are determined to form the original instruction storage area location information.

[0084] The original Panda assembly instruction storage area is invalidated, specifically by: making the original Panda assembly instructions unexecutable without changing the overall structural integrity of the ABC program file, so that they are no longer scheduled for execution by the virtual machine or execution engine during program execution; the invalidation method may include at least one of the following methods: instruction placeholder replacement, invalid opcode filling, jump masking, or execution entry redirection, thereby invalidating the original instruction storage area at the logical execution level.

[0085] A new instruction storage space is generated at the end of the ABC program file. By adjusting the length of the file code segment or appending an extended code segment, a storage area is provided for the subsequently generated obfuscated Panda assembly instruction code block. The newly added instruction storage space is independent of the original instruction storage area in the file address space, and its starting offset position is recorded.

[0086] Preferably, step S43 includes: Based on the execution entry information of the function to be protected, the execution association of the original Panda assembly instruction storage area in the function call flow is identified. Specifically, the identification of the execution association of the original Panda assembly instruction storage area in the function call flow is as follows: Based on the execution entry information of the function to be protected, determine the starting execution position corresponding to the function in the function call flow; Following the instruction execution order corresponding to the starting execution position, the instructions in the original Panda assembly instruction storage area are traversed and analyzed to identify the instruction sequence directly associated with the function to be protected; During the traversal analysis, it is checked whether there are instruction jump, return or indirect call relationships in the original Panda assembly instruction storage area, and the execution path characteristics of the instruction sequence in the function call flow are determined accordingly. Based on the execution path characteristics, the execution association between the original Panda assembly instruction storage area and the function to be protected in the call flow is determined; By executing the association relationship, the starting position and length of the original Panda assembly instruction storage area are determined; Under the premise that the original Panda assembly instruction storage area length and the original Panda assembly instruction boundary structure remain unchanged, the original Panda assembly instructions are replaced with pseudo-instruction sequences. Identify and verify the regional invalidity of the Panda assembly instruction storage area after replacement.

[0087] In one embodiment, the starting execution position corresponding to the function to be protected is first determined based on the execution entry information of the function to be protected in the function call flow; the starting execution position can be obtained through a function index table, a method offset table, or debugging symbol information.

[0088] Subsequently, the instructions in the original Panda assembly instruction storage area are traversed and analyzed along the instruction execution order corresponding to the starting execution position to identify the instruction sequence directly associated with the function to be protected. During the traversal, the existence of jump instructions, return instructions or indirect call instructions in the original Panda assembly instruction storage area is detected by analyzing the instruction type, operand dependency and control flow relationship, and the execution path characteristics of the instruction sequence in the function call flow are determined accordingly.

[0089] Based on the execution path characteristics, the execution association between the original Panda assembly instruction storage area and the function to be protected in the call flow is established, and the starting position and length range of the storage area are determined accordingly.

[0090] After confirming the instruction storage area, while keeping the original Panda assembly instruction boundary structure unchanged, the original instructions are replaced with pseudo-instruction sequences, such as combinations of interrupt-type instructions, thereby making the original instructions invalid during program execution.

[0091] Specifically, the execution interruption instructions are not instructions used to trigger exceptions or interrupt virtual machine execution. Instead, they refer to control flow instructions or combinations of instructions used during the interpretation and execution of Panda assembly instructions to interrupt the original instruction execution path and change the function call flow. These instructions, through unconditional jumps, conditionally constant branch jumps, early returns, or indirect call redirections, cause the execution flow to shift before reaching the original Panda assembly instruction storage area, thereby blocking the actual execution of the original instruction storage area and rendering it logically unreachable at runtime. Without changing the ABC program file structure and instruction boundary rules, replacing the original Panda assembly instruction sequence with these execution interruption instructions can effectively interrupt and redirect the original instruction execution path while maintaining the integrity of the function call relationship.

[0092] Finally, the replaced Panda assembly instruction storage area is verified to ensure that it cannot be scheduled for execution in the execution environment and to maintain the structural integrity of the instruction storage area, thus completing the area failure handling.

[0093] Preferably, under the premise that the original Panda assembly instruction storage area length and the original Panda assembly instruction boundary structure remain unchanged, the replacement of the original Panda assembly instructions with pseudo-instruction sequences includes: Based on the starting position and length of the original Panda assembly instruction storage area, the original Panda assembly instructions are divided into critical function instruction units and non-critical function instruction units, while keeping the boundaries and offsets of each instruction unchanged. For each instruction unit, a pseudo-instruction sequence is selected for replacement. This selected sequence includes instruction combinations that do not change the memory region length but disrupt the original execution semantics. The replacement specifically involves: For critical functional instruction units, the instruction format and operand layout are preserved during replacement; For non-critical function instruction units, replace them with obfuscated instruction combinations, including illegal jump placeholders, invalid operands, or interrupt-type instructions, to form unpredictable execution sequences; Set order constraints and access rules for the replaced Panda assembly instructions.

[0094] In one embodiment, the instructions in the storage area are divided into critical function instruction units and non-critical function instruction units according to the starting position and length of the original Panda assembly instruction storage area, while keeping the boundary and offset of each instruction unchanged, so as to ensure that the replacement operation does not destroy the original storage layout.

[0095] Subsequently, for each instruction unit, a pseudo-instruction sequence is selected for replacement: For critical functional instruction units, the replacement operation retains the original instruction format and operand layout, so that while the length of the storage area remains unchanged, the original execution semantics are destroyed but the format integrity is maintained. For non-critical function instruction units, they are replaced with obfuscated instruction combinations, including illegal jump placeholders, invalid operands, or interrupt-type instructions, forming unpredictable execution sequences and increasing the difficulty of code disassembly and analysis; After the replacement is completed, sequence constraints and access rules are set for the Panda assembly instructions in the storage area to ensure that the program cannot directly execute the original instructions during operation, while maintaining the structural integrity and boundary consistency of the storage area.

[0096] Of particular importance, step S5 includes: Locate the function instruction address offset field of each function to be protected in the ABC program file and obtain the current offset value; Update the function instruction address offset to the address offset of the newly added instruction storage space, so that the function execution flow points to the obfuscated assembly instruction code block; Obfuscate the class names, function names, and string data related to the protected functions, including generating random strings with the same length as the original names and overwriting the original values; During the process of updating instruction address offsets and obfuscated name data, the logical consistency of relevant entries in the ABC file structure is maintained to ensure the correctness of program access and execution at runtime. Verify the obfuscated instruction address and name data.

[0097] In one embodiment, the function instruction address offset field of each function to be protected in the ABC program file is located, and the current offset value is obtained. The offset field includes record information indicating the function execution start address or the storage location of the instruction block within the ABC file. By parsing the function table or symbol table of the ABC file, the instruction address offset of the function to be protected in the original file is obtained.

[0098] Secondly, the function instruction address offset is updated to the address offset of the newly added instruction storage space, so that the function execution flow jumps to the obfuscated assembly instruction code block at runtime. Specifically, based on the location of the newly added assembly instruction storage area at the end of the ABC file, a new offset value is calculated and overwrites the instruction address offset field in the original function table to ensure that the obfuscated instruction sequence is executed when the function is called.

[0099] Subsequently, the class names, function names, and string data related to the functions to be protected are obfuscated. The obfuscation process includes generating a random string with the same length as the original name, and then using the generated random string to overwrite the corresponding class names, function names, and string data in the ABC file, thereby destroying the original readability and increasing the difficulty of decompiling.

[0100] During the process of updating instruction address offsets and obfuscated name data, the logical consistency of relevant entries in the ABC file structure is maintained. This maintenance includes updating the verification information and index relationships in the function table, class table, and symbol table to ensure that the program can correctly access function entry points and related data during runtime.

[0101] Finally, the obfuscated instruction address offset field and name data are verified. Verification includes confirming the correctness of function execution pointing to the obfuscated instruction code block, and verifying that the obfuscated class names, function names, and string data do not cause logical errors in the ABC file structure, thus ensuring the program can execute correctly at runtime.

[0102] Of particular importance is that updating the function instruction address offset to the address offset of the newly added instruction storage space includes: Determine the field in the ABC file structure used to store the address offset of the function instruction and its current value; Retrieve the starting address and length information of the newly added instruction storage space in the ABC file; Calculate the offset of the newly added instruction storage space relative to the function instruction address offset field, and verify that the offset is valid within the file range; The original value of the function instruction address offset field is updated to the address offset value of the newly added instruction storage space, so that the function execution flow points to the obfuscated assembly instruction code block.

[0103] In one embodiment, a field in the ABC file structure used to store the address offset of the function instruction and its current value are determined for the function to be protected. This field may be located in a function table or a symbol table and is used to indicate the storage location of the function execution entry point in the ABC file.

[0104] Secondly, obtain the starting address and length information of the newly added instruction storage space in the ABC file. This newly added instruction storage space is located at the end of the file and is used to store the obfuscated assembly instruction code block.

[0105] Then, the offset of the newly added instruction storage space relative to the function instruction address offset field is calculated, and the calculated offset is validated to ensure that the offset is within the range of the ABC file structure and will not overwrite other file data.

[0106] Finally, the original value of the function instruction address offset field is updated to the address offset value of the newly added instruction storage space, so that the function to be protected jumps to the obfuscated assembly instruction code block when the program is executed, thereby achieving the redirection of the function execution flow.

[0107] Therefore, the embodiments should be considered as exemplary and non-limiting in all respects, and the scope of the invention is defined by the appended claims rather than the foregoing description. Thus, all variations falling within the meaning and scope of the equivalents of the application are intended to be included within the invention.

[0108] The above description is merely a specific embodiment of the present invention, enabling those skilled in the art to understand or implement the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features of the invention herein.

Claims

1. A method for protecting the ABC program code of the HarmonyOS system, characterized in that, Includes the following steps: Step S1: Extract the ABC program files from the HAP installation package to be released; Step S2: Decompile and parse the ABC program file to obtain the Panda assembly instructions corresponding to the functions, as well as the class names, function names, and string data related to function execution; Step S3: Obfuscate and transform the Panda assembly instructions to generate obfuscated assembly instruction code blocks; Step S4: Clear the assembly instruction storage space in the ABC program file and add instruction storage space at the end of the ABC program file to store the obfuscated assembly instruction code block; Step S5: Update the function instruction address offset in the ABC program file so that the function execution points to the newly added instruction storage space, and obfuscate the class names, function names or string data related to the function execution; Step S6: Update the file structure information and verification information in the ABC program file, and repackage the updated ABC program file to generate a protected HAP installation package.

2. The method for protecting the HarmonyOS ABC program code according to claim 1, characterized in that, Step S3 includes the following steps: Step S31: Classify and parse the Panda assembly instructions according to their function type, distinguishing between data access instructions, function call instructions, and control transfer instructions, to obtain the classified Panda assembly instructions; Step S32: Based on the classified Panda assembly instructions, select at least one type of target instruction as the obfuscation object, and analyze the operand characteristics and execution dependencies of the target instruction; Step S33: Based on the operand characteristics and execution dependencies of the target instruction, construct a Panda assembly instruction combination that is functionally equivalent to the target instruction to replace the target instruction and obtain the replacement instruction combination; Step S34: Reorder the alternative instruction combinations or insert instructions to generate an assembly instruction code block.

3. The method for protecting the HarmonyOS ABC program code according to claim 2, characterized in that, Step S33 includes: Based on the operand characteristics of the target instruction, determine the register resources and data transfer relationships of the target instruction during execution; Based on execution dependencies, determine the execution constraints between the target instruction and its preceding and following instructions; Provided that the execution constraints are met, the target instruction is split into at least two sub-functional instruction units with intermediate execution results; For each sub-functional instruction unit, multiple Panda assembly instructions are constructed to form a combination of alternative instructions that are equivalent to the target instruction in terms of execution result.

4. The method for protecting the HarmonyOS ABC program code according to claim 3, characterized in that, Based on execution dependencies, the specific execution constraints between the target instruction and its preceding and following instructions are determined as follows: Based on the position of the target instruction in the Panda assembly instruction sequence, traverse forward along the instruction execution order to obtain at least one instruction that is preceding the target instruction and has a data read / write relationship with the target instruction, and use it as the preceding instruction; Based on the position of the target instruction in the Panda assembly instruction sequence, traverse backwards along the instruction execution order to obtain at least one instruction that is located after the target instruction and depends on the execution result of the target instruction, and use it as the subsequent instruction; Based on the preceding and following instructions, constraint analysis is performed on the data transfer relationship and execution order relationship of the target instruction in the instruction sequence to determine the execution constraints that the target instruction must maintain when performing instruction substitution.

5. The method for protecting the HarmonyOS ABC program code according to claim 3, characterized in that, Under the premise of satisfying execution constraints, the target instruction is split into at least two sub-functional instruction units with intermediate execution results, including: Under the premise of execution constraints, the overall function of the target instruction is decomposed, and the core operation part used to generate the execution result is distinguished from the auxiliary operation part used to transmit the execution status, so as to obtain the decomposition result; Based on the decomposition results, the target instruction is divided into at least two sub-functional units that are executed sequentially. The first sub-functional unit is used to generate intermediate execution results, and the second sub-functional unit is used to complete the remaining functions based on the intermediate execution results. Allocate temporary data carrying resources for intermediate execution results and establish the transmission relationship between intermediate execution results and each sub-functional unit; The execution order of sub-functional units is constrained and verified based on the transitive relationship.

6. The method for protecting the HarmonyOS ABC program code according to claim 5, characterized in that, Allocating temporary data carrying resources for intermediate execution results and establishing the transmission relationship of intermediate execution results between various sub-functional units includes: Based on the decomposition results, identify the data type characteristics and lifecycle range of the intermediate execution results; Based on the characteristics and lifecycle of the data type, select a temporary data carrier resource that is compatible with the target instruction execution environment for the intermediate execution results; Establish read-write associations between temporary data carrying resources and sub-functional units to enable the transfer of intermediate execution results between adjacent sub-functional units; Consistency constraints are applied to the access order of intermediate execution results in temporary data storage resources.

7. The method for protecting the HarmonyOS ABC program code according to claim 6, characterized in that, Based on data type characteristics and lifecycle, temporary data storage resources compatible with the target instruction execution environment are selected for intermediate execution results, including: Based on the data type characteristics of the intermediate execution results, determine the requirements of the intermediate execution results for data precision, access method, and access granularity; Based on the lifecycle of intermediate execution results, determine the duration of the intermediate execution results within the instruction execution flow; Based on data requirements and duration, candidate data carrier resources that meet the execution environment constraints are selected from the data carrier resources, and temporary data carrier resources for carrying intermediate execution results are determined from the candidate data carrier resources.

8. The method for protecting the HarmonyOS ABC program code according to claim 1, characterized in that, Step S4 includes the following steps: Step S41: Obtain the functions to be protected in the ABC program file; Step S42: Locate the original Panda assembly instruction storage area corresponding to the function to be protected in the ABC program file, and determine the starting position and length range of the storage area; Step S43: Perform invalidation processing on the original Panda assembly instruction storage area, so that the instructions in the original Panda assembly instruction storage area will no longer be executed during program execution; Step S44: Extend the generation instruction storage space at the end of the ABC program file to store the obfuscated assembly instruction code block.

9. The method for protecting the HarmonyOS ABC program code according to claim 8, characterized in that, Step S43 includes: Based on the execution entry information of the function to be protected, the execution association of the original Panda assembly instruction storage area in the function call flow is identified. Specifically, the identification of the execution association of the original Panda assembly instruction storage area in the function call flow is as follows: Based on the execution entry information of the function to be protected, determine the starting execution position corresponding to the function in the function call flow; Following the instruction execution order corresponding to the starting execution position, the instructions in the original Panda assembly instruction storage area are traversed and analyzed to identify the instruction sequence directly associated with the function to be protected; During the traversal analysis, it is checked whether there are instruction jump, return or indirect call relationships in the original Panda assembly instruction storage area, and the execution path characteristics of the instruction sequence in the function call flow are determined accordingly. Based on the execution path characteristics, the execution association between the original Panda assembly instruction storage area and the function to be protected in the call flow is determined; By executing the association relationship, the starting position and length of the original Panda assembly instruction storage area are determined; Under the premise that the original Panda assembly instruction storage area length and the original Panda assembly instruction boundary structure remain unchanged, the original Panda assembly instructions are replaced with pseudo-instruction sequences. Identify and verify the regional invalidity of the Panda assembly instruction storage area after replacement.

10. The method for protecting the HarmonyOS ABC program code according to claim 9, characterized in that, Under the premise that the original Panda assembly instruction storage area length and the original Panda assembly instruction boundary structure remain unchanged, the pseudo-instruction sequence replacement of the original Panda assembly instructions includes: Based on the starting position and length of the original Panda assembly instruction storage area, the original Panda assembly instructions are divided into critical function instruction units and non-critical function instruction units, while keeping the boundaries and offsets of each instruction unchanged. For each instruction unit, a pseudo-instruction sequence is selected for replacement. This selected sequence includes instruction combinations that do not change the length of the memory region but disrupt the original execution semantics. The replacement specifically involves: For critical functional instruction units, the instruction format and operand layout are preserved during replacement; For non-critical function instruction units, replace them with obfuscated instruction combinations, including illegal jump placeholders, invalid operands, or interrupt-type instructions, to form unpredictable execution sequences; Set order constraints and access rules for the replaced Panda assembly instructions.