349 results about "Reverse analysis" patented technology

The invention discloses a reinforcement protection method, sever and system for android app. The method comprises the following steps: obtaining an initial android package APK of the android app; decompiling the initial APK, extracting protected method codes from the initial APK, and filling an extraction position with nop; encrypting the extracted protected method codes according to an appointed encryption and decryption strategy to generate a reinforcement configuration file; adding the appointed encryption and decryption strategy, the reinforcement configuration file and a reinforcement protection program into the decompiled APK, and compiling to generate a reinforcement APK of the android app. According to the technical scheme provided by the invention, protected methods can be dynamically encrypted and decrypted, and complete dex mapping does not exist in a memory at any moment, so that a complete dex file is prevented from being obtained in a memory dump manner and the probability of repacking and redistribution of the android app due to reverse analysis is greatly reduced.

The invention, which belongs to the technical field of printer consumables, provides a consumable chip and a communication method thereof, and a system and method for communication between a consumable chip and an imaging device. The communication method comprises: command encrypted data sent by an imaging device are decrypted and restored into command data; command processing is carried out basedon the command data and command feedback data are generated; and the command feedback data are encrypted to generate command feedback encrypted data and the command feedback encrypted data are sent to the imaging device, wherein the command feedback encrypted data are decrypted in the imaging device to restore the command feedback data. The consumable chip comprises a decryption unit for carryingout decryption and restoration on command encrypted data sent by an imaging device, an execution chip for carrying out command processing based on the command data and generating command feedback data, and an encryption unit for encrypting the command feedback data, generating command feedback encrypted data, and sending the command feedback encrypted data to the imaging device. The encrypted communication is simple; and a phenomenon of cracking the communication data by reverse analysis of the communication waveform is avoided.

The invention provides an embedded software testing auxiliary system, and aims at providing a software testing auxiliary system which can improve the efficiency of building a testing environment, lower the operation difficulty and improve the usability. According to the technical scheme, an upper computer constructs a testing crosslinking environment of tested equipment and testing equipment, describes bus attributes, an interface control document ICD, testing case preconditions and testing steps, forms control law data according to the preconditions and the testing steps to dispatch testing data, sends, judges and receives the data, and conducts reverse analysis on the received data according to an ICD format; a lower computer cooperates with the upper computer to send the data through adetailed bus, then the data is received, testing cases and design constructed by data simulation and receiving-sending procedure control are automatically executed, and simulation of embedded softwareperipheral equipment and monitoring and detecting of the interaction process of peripheral equipment data are achieved. According to the embedded software testing auxiliary system, the testing casesof controlling a construction testing scene are executed based on the data receiving-sending procedure, and the time for developing a simulation system is shortened.

The invention discloses an intelligent fuzzy testing method and system based on vulnerability learning. The intelligent fuzzy testing system comprises a data preprocessing module, a bug prediction module and a bug-oriented fuzzy testing module, wherein the data preprocessing module is used for performing reverse analysis on a to-be-tested binary program to obtain a control flow chart of the to-be-tested binary program and performing feature extraction on each basic block in the control flow chart to obtain a feature vector of each basic block; the bug prediction module is used for predicting the probability of bugs exiting in each function in the program according to the control flow chart of the to-be-tested binary program; and the bug-oriented fuzzy testing module is used for testing theto-be-tested binary program and calculating input fitness scores by combining a certain input execution path, the probability of bugs existing in a function in the execution path and an execution result; input of a high-fitness score is used as a seed to perform heritable variation to generate next-generation input, and the to-be-tested binary program is tested cyclically till testing is over. Through the intelligent fuzzy testing system, the bugs in the binary program can be mined more efficiently.

The invention relates to an instruction-set-irrelevant binary code similarity detection method based on a neural network. The method mainly includes the steps that binary files are reversely analyzed, and 24 features on the 9 aspects of call relation features, character string features, stack space features, code scale features, path sequence features, path basic features, degree sequence features, degree basic features and map scale features of functions are extracted. Based on expression forms of the features, the similarity degrees of the 24 features of the two to-be-compared functions are calculated through 3 similarity calculation methods and serve as input vectors of an integrated neural network classifier, and predicted values of the overall similarity between the two functions are acquired and ranked. Compared with the prior art, dependence on specific instruction sets is avoided, similarity detection of binary files of different instruction sets can be achieved, accuracy is high, the technology is simple, and popularization is easy.

This invention puts forward a two-way system for an IC design, a system merging an inverse analysis and positive design. At the present market, an IC analyzer is needed to analyze ready-made chips and the inverse analysis technology is invented for it. On the other hand, the positive design technology is to design chips normally from logic description to the final artwork design. Some parts are compensated and compatible and the invention combines the inverse analysis with the positive design technology to a unified system.

The method discloses a method and device for reinforcing a dynamic link library (DLL) file of an installation package. The method includes the steps that the DLL file of the installation package is encrypted, and the encrypted DLL file is obtained; a decryption program corresponding to the encrypted DLL file is generated; the encrypted DLL file and the decryption program are packaged in the installation package. According to the technical scheme, the DLL file is reinforced through the decryption program independent of the DLL file, cracking of the DLL file is difficult to achieve through a reverse analysis method, therefore, the DLL file is effectively protected, and the requirements of a developer for protecting the DLL file are met.

The invention discloses an alternation statement reverse analysis method, a database alternating and backspacing method and a database alternating and backspacing system. The reverse analysis method includes S1, determining objects and alternation commands both involved in an alternation statement and backspacing commands corresponding to the alternation commands; S2, in case of creating/adding of the alternation statement, directly determining a backspacing statement according to the objects and the backspacing commands, and in case of changing/ deleting of the alternation statement, determining changed/ deleted source data/content, and determining the backspacing statement according to the objects, the source data/content and the backspacing commands. The backspacing method includes S10, acquiring input, database version and database authorization of an SQL (structured query language) alternation script; S20, analyzing the SQL alternation script to generate a statement analysis result; S30, based on the statement analysis result, generating the backspacing statement and transforming the backspacing statement into an executable backspacing SQL script file according to the alternation statement reverse analysis method. The backspacing method has the advantages of wide application range, high operability, safety and high automation.

In recent years, a great advancement on the electroencephalogram detection and classification feature extraction technology is obtained, various behavior activities of a person are detected from epilepsy morbidities, in a traditional mode, an electroencephalogram is used for authority brain disease studying and definite diagnosis making, and a classification data resource is used for judging human thinking activities and limb, face and eye activities at present; analysis of the electroencephalogram is more and more important in the fields. The invention provides a new electroencephalogram analysis method; and through analysis on the electroencephalogram, on the basis that the classification accuracy is guaranteed, the reversible analysis method is provided. The method can be finally used for definite diagnosis making of clinical experience, the human brain state stage can be judged, and difficulties of electroencephalogram accurate quantitative analysis are avoided; meanwhile, reverse analysis on quantitative analysis results can be carried out, verification with the clinical medicine experience is finally achieved, and more scientific conclusions are obtained

The invention discloses a software protection method based on API (Application Program Interface) security attribute hiding and attack threat monitoring. The software protection method comprises the following steps: obtaining the original input information record chart of a file to be protected, extracting the execution control flow graph of the file, extracting an API calling point, extracting an API parameter passing code block, extracting an API returned value decryption point, dumping a DLL (Dynamic Link Library), calculating a new API entry address, constructing a springboard function block, inserting an exception instruction in the returned value decryption point, constructing a node, generating a node library, deploying a node network, constructing a node background, constructing a returned value decryption processing function, and reconstructing a PE (Portable Executable) file. From internal and external aspects, software is protected so as to analyze the function of API boundary information in a reverse analysis process from an angle of the reverse engineering of the attackers, the API security attribute which needs to be hidden and a detection node library are put in a program new node, and a new node entry is subjected to encryption processing to further prevent the attackers from carrying out reverse analysis on the protected PE file.

The present invention relates to a vulnerability evaluation method which is in the technical field of software engineering and is based on reverse analysis of executable code. Specially, a gray box detecting method is adopted for the PE format document in the Windows system. The vulnerability information of program is captured with debugging software. The alternated data and decision are dynamically analyzed through analyzing the specific code when the program is away from the safety state by the vulnerability and reversely analyzing the program instruction flow and inputting decision information. The inherent and logical vulnerabilities in the program are evaluated. The harm of vulnerability is confirmed thereby obtaining the purpose of detecting vulnerability. The vulnerability evaluation method of the invention has higher detecting efficiency, and can evaluate the logical vulnerability which is likely to be leaked from being detected in the program more successfully.

The invention provides a protocol field reverse analysis system and method based on BWT. Specific suffix index is constructed, so that specific substring matching only needs to be completed once in each alignment process. Moreover, the alignment algorithm based on suffix index is flexible in design, consumes less space in the index stage, and the length of subsequence is variable, protocol fieldscan be quickly identified. After the fixed field is identified, the invention counts the fields with high frequency through a random multi-stream multi-segment matching method, constructs a grammar tree according to the field position and the number of the fields, extracts the field structure, and thus realizes the inverse of the field format. After being classified, the reverse field is used asthe input of the fuzzy test tool, a large number of deformity test cases is sent to the target communication entity, and at the same time, the debugger is combined with the sniffer to carry out abnormal monitoring on the target communication entity, the abnormality is found and analyzed, so as to subsequently improve the safety of the target communication entity.

The invention discloses an Android malicious software detection method based on a sensitive calling path, and mainly solves the problem that an existing scheme is low in malicious software detection accuracy. According to the scheme, a sensitive target interface API list is constructed through a natural language processing technology; Generating a sensitive calling path set by using the Android application software subjected to reverse analysis; Taking the sensitive calling path as a feature, and establishing an Android sensitive calling path feature library by analyzing a large number of benign software and malicious software data sets; Processing the sensitive calling path set of the sample into a feature vector, and training a classifier model by adopting a supervised machine learning algorithm by utilizing the feature vector; And detecting whether the Android application software with unknown security is malicious software or not by using the trained classifier model. The method ishigh in precision, easy to expand and remarkable in intelligence, and can be used for automatic detection of the mobile terminal and examination and analysis of the Android application market.

The invention provides a confusing method and device of executable application, wherein the method comprises the following steps: A, reversely analyzing executable codes need to be confused, so as to obtain a reversely analyzed instruction sequence; B, applying instruction abstract and statistic analysis to the reversely analyzed instruction sequence, coding based on the result of the statistic analysis in order to generate a Huffman coding tree; C, recoding binary flow of the executable codes need to be confused based on the Huffman coding tree, so as to generate a confused instruction sequence; D, packaging the confused instruction sequence, and packing into the confused executable application. By utilizing the confusing method and device of executable application, the ability of automated tools for identifying the confusing method can be reduced, thereby increasing the difficulty of reading codes and cracking applications for attackers.

The invention discloses a method for protocol automatic reverse analysis of embedded equipment. The method for the protocol automatic reverse analysis of the embedded equipment comprises the following steps that clustering analysis is conducted on information messages, and the information messages of the same type are found; the information messages are compared with the information messages which are the same in type and are already found, the fixed part of the information messages and the changing part of the information messages are found, and the format of the information messages are obtained; timing sequence analysis is conducted on the information message sequence with the information message format being already found, a threshold value is set, and the information messages with the time intervals lower than the threshold value are found and are associated in one set; sensors are used for collecting environment data, timestamps of one set of information message sequence in the associated information messages are compared, and language information is labeled. Meanwhile, the invention further discloses a device for the protocol automatic reverse analysis of the embedded equipment, and the device for the protocol automatic reverse analysis of the embedded equipment comprises the following modules: an information message clustering analysis module, an information message format acquiring module, an information message association module and a semantic information labeling module.

An information processing apparatus has: a memory 13; CPU for executing a program written in the memory 13; a secure module 20; and storage means for storing a plurality of encrypted programs into which a program is divided. The CPU transmits the program stored in the storage means to the secure module 20. The secure module 20 has: means for receiving the program stored in the storage means, means for returning the received program to an executable state; means for writing the program, which has been returned to the executable state, in the memory 13 in a sequence for CPU to execute, and means for deleting the program from the memory 13 by CPU after execution is completed. When executing the program, the information processing apparatus can make reverse analysis by a malicious third party difficult, and enhance security of a load module to be executed.

The invention belongs to the field of numerical control machining methods, and particularly relates to a method for machining bolt holes in a hanging subassembly of an aircraft engine by using mechanical control equipment. The method comprises the following steps of preassembling the hanging subassembly by using an assembling tool; positioning the hanging subassembly on a special machining supporting clamp; performing measurement and reverse analysis and adjusting numerical control machining programs; positioning the subassembly and the clamp on a machine tool in an integrated manner; automatically forming holes by using the machine tool and examining a machining result; preassembling the hanging subassembly by using a small number of bolts; establishing a measuring benchmark on the product under aircraft axes; positioning the product on the special machining supporting clamp and then examining the appearance error and the location degree of the product; performing reverse modeling and analysis by using CATIA (computer-graphics aided three-dimensional interactive application) software; adjusting a normal tolerance point of a curved surface of the subassembly; correcting a hole-forming machining program; and positioning the whole pre-assembled hanging subassembly by using the benchmark of the special machining clamp on the machine tool as a tool setting benchmark and using the measuring benchmark established on the subassembly as an examination point, and then forming the holes on the subassembly in a machining manner.

The invention discloses a secure memory data protection method and device. The method comprises the following steps: (1) splitting memory data to be protected into independent byte data one by one; (2) generating a plurality of false byte data, and mixing into split real data; (3) designing a plurality of encryption and decryption functions for encrypting the data, and numbering the functions in sequence; (4) storing each independent byte data, wherein a storage format includes the following field information; and (5) storing each independent data unit with a redistributed memory, and storing a storage address of each independent data unit into a multilevel pointer. The secure memory data protection method is designed under the consideration of data encryption from an angle of inconvenient HACK reverse analysis, so that the data can be protected more securely, and the method is easy to implement.

The invention discloses a reverse-based intrusion detection system and a reverse-based intrusion detection method and relates to the field of network encryption protocols. The system comprises a data extraction module, a reverse analysis module, an intrusion rule module, a response module and a data management module. The method comprises the following steps: (1) capturing all network data packages running through an Android phone by the data extraction module, sending to a reverse analysis engine, acquiring network processes and user behaviors by the data extraction module to generate a system log and a weblog, and sending the system log and the weblog to the data management module; (2) identifying intrusion behaviors by the reverse analysis engine through the TCP/IP (transmission control protocol /Internet protocol) analysis technology and the apk decompilation reverse technology by combining the system log and the weblog; (3) performing warning and recording on the intrusion behaviors identified by the reverse analysis engine through the response module; (4) storing all information of a user in the data management module so as to facilitate later evidence collection and lookup. The reverse-based intrusion detection system and the reverse-based intrusion detection method disclosed by the invention have safety, timeliness, expandability and advancement.

The invention relates to the field of reverse analysis of computer softwares, in particular to a processor structure and an instruction system representation method based on a multi-dimensional variable description table. The method adopts a multi-layer triple nested table (Table) to construct a structural characteristic library and an instruction system description template of processors, the Table is represented as [<Tp1, Ts1, Ti1>, <Tp2, Ts2, Ti2>, ..., <Tpn, Tsn, Tin>], each triple <Tpn, Tsn, Tin> represents one processor, Tpn performs the classification, indexing and screening on the processors, Tsn provides register structure information, interruption structure information, reset address information and storage space distribution information, Tin provides a machine code, an assemblyexpression and the mapping relation between the machine code and the assembly expression, data in the Table is extracted from an information database of the processors, and the information database ofthe processors can be managed and maintained. The method has strong universality, and can be used for most of the prior processors.

The invention discloses a method for constructing a light gauge welding residual stress field on the basis of small-hole process tested data. The method comprises the following steps of: firstly, testing a residual stress of a weld assembly by adopting a small hole process, carrying out interpolation fitting on the tested stress values, then sequentially substituting each first-order polynomial in a finite element model by using a high-order Chebyshev polynomial as a primary function of representing unknown intrinsic strain causing the welding residual stress, carrying out calculation of elasticity to obtain calculated stress values of coordinate points with same tested stresses, selecting a coefficient enabling the quadratic sum of differences of the calculated stress values and the fitted tested stress values to be minimum as an intrinsic strain coefficient, multiplying the intrinsic strain coefficient by corresponding all order polynomials and then linearly overlapping to be used as an intrinsic strain, and finally obtaining a welding residual stress field through a finite element process. On the basis of the small hole process tested data, the intrinsic strain causing the welding residual stress is constructed by using a thermo-elasticity finite element method and a reverse analysis method, therefore, the distribution of the light gauge welding residual stress field is obtained; and the method is convenient to operate and high in efficiency.