-
Patent Agency Ranking
公开(公告)号:KR101436536B1
公开(公告)日:2014-09-01
申请号:KR1020130070480
申请日:2013-06-19
Applicant: 숭실대학교산학협력단 , 주식회사 안랩
Abstract: The present invention relates to a file server, a program file transmitting method using the same, and a program file falsification preventing system. According to the present invention, the file server includes: a file separating part separating a program file into a general file and a core file composed of a core code to be protected from falsification; an encoding part selectively obfuscating the general file and the core file or encoding the files using a secret key; a communication part transmitting the obfuscated or encoded general file to a user client; and a storage part storing the obfuscated or encoded core file. The communication part transmits the obfuscated or encoded core file to the user client in accordance to a request of the user client. According to the present invention, an obfuscating technique is distributed to a client and a server so that a reverse engineering level increases. Moreover, a falsification detection routine is inserted into a software program distributed from the server so that the reliability of the falsification detection routine increases; and a decoding secret key of the encoded core code is dynamically generated and transmitted to an extra channel such as an SMS so that a key is prevented from being exposed on a network.
Abstract translation: 本发明涉及文件服务器,使用该文件服务器的程序文件发送方法和程序文件伪造防止系统。 根据本发明,文件服务器包括:将程序文件分离成一般文件的文件分离部分和由要保护的核心代码伪造的核心文件; 编码部分选择性地模糊所述一般文件和所述核心文件或使用秘密密钥对所述文件进行编码; 通信部件,将混淆或编码的通用文件发送给用户客户机; 以及存储部分,存储所述混淆或编码的核心文件。 通信部件根据用户客户端的请求将模糊化或编码的核心文件发送给用户客户机。 根据本发明,将混淆技术分配给客户端和服务器,使得逆向工程级别增加。 此外,伪造检测程序被插入到从服务器分发的软件程序中,使得伪造检测程序的可靠性增加; 并且编码的核心码的解密秘密密钥被动态地生成并发送到诸如SMS的附加信道,从而防止密钥暴露在网络上。
-
公开(公告)号:KR101328012B1
公开(公告)日:2013-11-13
申请号:KR1020130095155
申请日:2013-08-12
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/14 , G06F21/125 , G06F21/602
Abstract: The present invention relates to an apparatus for obfuscation of an application code and a method for the same. The apparatus according to the present invention comprises: an input unit for receiving codes used for application; a code division unit for analyzing the input code to divide the analyzed code into important codes, which need to be protected from application forgery or modulation attack, and general codes including calling codes for calling the important code; a code conversion unit for converting the important code into a native code form; an encryption unit for encrypting the important code and inserting the address information of an important code connector which stores each address information of the important code; a control unit for separating the calling code from the general code, registering the separated calling code in a management server, and adding a calling code loading routine for request of the calling code and a vector table loading routine for request of a vector table which includes the vector information of the called important code; and a code combination unit for combining the obfuscated general code and important code to generate application. According to the present invention, important codes among codes constituting the application are converted into native codes, and reverse engineering vulnerability existing in the managed code is complemented by applying the encryption by code protection techniques based on self conversion to the converted important code in order to improve the security against application forgery or modulation. Additionally, the control flow is converted by the dynamic vector, and calling codes for calling the important code, which is converted into the native code, and a vector table for connecting the calling code are separately managed to dynamically load the calling code and the vector table if the application is executed. Thus, the resistance to reverse engineering analysis can be enhanced. [Reference numerals] (AA) Start;(BB) End;(S210) Input the code of an application;(S220) Distinquish important codes from ordinary codes;(S230) Convert the important codes into native codes;(S235) Add a starting routine;(S240) Scramble the identifiers of the converted important codes and ordinary codes;(S245) Obfuscate the converted important codes;(S250) Create the address of a connection unit for important codes;(S255) Separate calling codes from the ordinary codes;(S260) Transmit and register the calling codes;(S270) Add a calling code loading routine and a vector table loading routine to the important codes;(S275) Compile and encode the converted important codes;(S280) Create executable files by compiling the ordinary codes;(S290) Create combined files by combining the executable files and the native codes
Abstract translation: 本发明涉及一种用于混淆应用代码的装置及其方法。 根据本发明的装置包括:输入单元,用于接收用于应用的代码; 用于分析输入代码以将分析的代码划分成需要被保护以防止应用伪造或调制攻击的重要代码的代码分割单元和包括用于调用重要代码的调用代码的一般代码; 用于将重要代码转换成本地代码形式的代码转换单元; 加密单元,用于加密重要代码并插入存储重要代码的每个地址信息的重要代码连接器的地址信息; 控制单元,用于将呼叫代码与一般代码分离,将分离的呼叫代码注册到管理服务器中,以及添加用于请求呼叫代码的呼叫代码加载例程和用于向量表的请求的向量表加载例程,所述向量表包括 被叫重要代码的向量信息; 以及用于组合模糊的一般代码和重要代码以生成应用的代码组合单元。 根据本发明,构成应用的代码中的重要代码被转换为本地代码,并且通过基于自身转换的代码保护技术将加密应用到转换的重要代码来补充托管代码中存在的逆向工程漏洞,以便 提高安全性,防止应用伪造或调制。 另外,通过动态向量转换控制流,分别调用转换为本地代码的呼叫代码和用于连接调用代码的向量表,动态加载调用代码和向量 表如果应用程序被执行。 因此,可以提高对逆向工程分析的抵抗力。 (参考号)(AA)开始;(BB)结束;(S210)输入应用程序的代码;(S220)从普通代码中分离重要代码;(S230)将重要代码转换为本地代码;(S235)添加 (S240)对转换的重要代码和普通代码的标识符进行加扰;(S245)对转换的重要代码进行混淆;(S250)为重要代码创建连接单元的地址;(S255)从普通的代码中分离出来的代码 代码;(S260)发送和注册主叫代码;(S270)向主要代码添加一个调用代码加载例程和一个向量表加载例程;(S275)对转换的重要代码进行编译和编码;(S280)创建可执行文件 编译普通代码;(S290)通过组合可执行文件和本机代码来创建组合文件
-
公开(公告)号:KR101490047B1
公开(公告)日:2015-02-04
申请号:KR1020130115309
申请日:2013-09-27
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/602 , G06F8/44 , G06F21/125 , G06F21/14 , G06F21/60
Abstract: 본 발명은 자가변환 기반 애플리케이션 난독화 장치 및 그 방법에 관한 것이다. 본 발명에 따른 애플리케이션 난독화 장치는 애플리케이션에 사용되는 코드를 입력받는 입력부, 상기 입력된 코드를 분석하여 애플리케이션 위조 내지 변조 공격으로부터 보호될 필요가 있는 중요 코드 및 상기 중요 코드를 호출하기 위한 중요 코드 호출부를 포함하는 일반 코드로 분리하는 코드 분리부, 상기 중요 코드를 암호화하고, 상기 중요 코드 각각의 주소 정보를 저장하고 있는 중요 코드 연결부의 주소 정보를 삽입하는 암호화부, 상기 일반 코드에 더미 코드를 삽입하여 상기 중요 코드 호출부가 상기 더미 코드를 호출하도록 변환하고, 상기 중요 코드의 벡터 정보가 포함된 벡터 테이블을 생성하기 위한 벡터 테이블 생성부를 상기 중요 코드에 삽입하며, 상기 애플리케이션 실행 시에 상기 중요 코드 호출부가 상기 중요 코드를 호출하도록 하는 중요 코드 호출부 변환부를 상기 중요 코드에 삽입하는 제어부, 그리고 상기 일반 코드와 중요 코드를 결합하여 상기 애플리케이션을 생성하는 코드 결합부를 포함한다.
이와 같이 본 발명에 따르면, 애플리케이션을 구성하는 코드를 중요 코드와 일반 코드로 분리하여 서로 다른 환경에서 암호화를 적용함으로써 기존의 매니지드 코드에 존재하는 역공학 취약성을 보완하여 애플리케이션의 위조 내지 변조에 대한 보안성을 높일 수 있다.
또한, 중요 코드를 호출하기 위한 중요 코드 호출부가 애플리케이션의 비실행시에는 더미 코드를 호출하는 형태로 저장되어 있고, 애플리케이션의 실행시 자가변환 기법을 이용해 실제 중요 코드를 호출하도록 변환하기 때문에 공격자의 정적 및 동적 분석을 방지한다.Abstract translation: 本发明涉及一种基于自身修改的应用代码的篡改保护的装置及其方法。 用于根据本发明的应用代码的篡改保护的装置包括接收应用中使用的代码的输入单元,将输入的代码分离成重要代码的代码分离单元和包括重要代码调用的一般代码 通过分析输入的代码,编码单元,其对重要代码进行编码并插入存储每个重要代码的地址信息的重要代码连接部分的地址信息,控制单元和代码组合单元,其通过 将一般代码与重要代码相结合。 根据本发明,通过将包含应用的代码分离成重要代码和一般代码,通过在不同的环境中应用编码方法来改进安全性。
-
公开(公告)号:KR101350390B1
公开(公告)日:2014-01-16
申请号:KR1020130096514
申请日:2013-08-14
Applicant: 숭실대학교산학협력단
CPC classification number: G06F21/14 , G06F21/125 , G06F2221/0748
Abstract: The present invention relates to an apparatus for code obfuscation and a method for the same. The apparatus for code obfuscation of the present invention comprises: an input unit for receiving executable codes of an Android application; a code structure analyzer for analyzing the inputted executable codes to divide into important codes, needed to be protected from application falsification attacks, and general codes except the important codes; a Dalvik to C code converter for converting the important codes into C codes to generate native codes; an obfuscator for obfuscating the native codes and the general codes; a self code protector for each adding falsification detection codes to the obfuscated native codes to encrypt the native codes and each adding loading routines to the encrypted native codes to generate the self-transformed native codes; a code combiner for combining the self-transformed native codes and the obfuscated general codes. According to the present invention, the apparatus reconfigures the important code part of an application to be obfuscated into a CPU command set and converts an important code from a managed code to a native code to eliminate structured code information, one among the reverse engineering vulnerabilities of the managed code, to obfuscate reverse engineering, thereby preventing the reverse engineering. Additionally, a self transformation-based code protection technique and a falsification detection technique are applied to the apparatus so as to protect an important code converted into a native code, thus improving resistance to reverse engineering analysis. [Reference numerals] (AA) Start; (BB) Managed code; (CC) Native code; (DD) End; (S210) Enter an execution code; (S220) Analyze the execution code to divide into important codes and general codes; (S230) Convert the important codes into C codes to generate native codes; (S240) Obfuscate the native codes; (S250) Add falsification detection codes to the obfuscated native codes to encrypt the native codes, and add loading routines to the encrypted native codes to generate self-transformed native codes; (S255) Obfuscate the general codes; (S260) Combine the self-transformed native codes and the obfuscated general codes; (S270) Transmit the combined self-transformed native codes and obfuscated general codes to a client
Abstract translation: 本发明涉及一种用于代码混淆的装置及其方法。 本发明的用于代码混淆的装置包括:用于接收Android应用的可执行代码的输入单元; 一种代码结构分析器,用于分析输入的可执行代码以分成需要被保护以防止应用程序伪造攻击的重要代码,以及除重要代码之外的一般代码; Dalvik至C代码转换器,用于将重要代码转换为C代码以生成本机代码; 用于模糊本地代码和一般代码的混淆器; 一个自我代码保护器,用于每个将伪造检测码添加到模糊的本机代码以加密本地代码,并且每个向加密的本机代码添加加载例程以生成自变换的本机代码; 用于组合自变换本机代码和混淆的一般代码的代码组合器。 根据本发明,该装置将应用程序的重要代码部分重新配置为模糊化为CPU命令集,并将重要代码从托管代码转换为本地代码,以消除结构化代码信息,一个是逆向工程漏洞 托管代码,模糊反向工程,从而防止逆向工程。 另外,将基于自变换的代码保护技术和伪造检测技术应用于设备,以便保护转换成本地代码的重要代码,从而提高对逆向工程分析的抵抗力。 (附图标记)(AA)开始; (BB)托管代码; (CC)本地代码; (DD)结束; (S210)输入执行码; (S220)分析执行代码,分为重要代码和一般代码; (S230)将重要代码转换为C代码生成本地代码; (S240)混淆本地代码; (S250)将伪造检测码添加到模糊的本地代码中以加密本地代码,并将加载例程添加到加密的本机代码以生成自变换的本机代码; (S255)模糊一般代码; (S260)组合自变换本机代码和混淆的一般代码; (S270)将组合的自变换本机代码和模糊化的一般代码发送给客户端
-
公开(公告)号:KR101244930B1
公开(公告)日:2013-03-18
申请号:KR1020120102863
申请日:2012-09-17
Applicant: 숭실대학교산학협력단
CPC classification number: H04L9/3247 , H04L9/0869 , H04L9/14 , H04L9/30
Abstract: PURPOSE: An application signature management server and a management method thereof are provided to improve compatibility with an application in which is processed by a single signature by maintaining a single signature framework for the application. CONSTITUTION: A hash value operating unit(220) transmits operated hash values to an application developer terminal. A signature message generation unit(230) generates a first signature message using the operated hash values, a first personal key, and a first random number. The signature message generation unit generates a final signature message by receiving a second signature message. The second signature message is generated by using the operated hash value, a second personal key, and a second random number. A signature processing unit(240) processes the generated final signature message in an application information message. [Reference numerals] (210) Key generation unit; (220) Hash value operating unit; (230) Signature message generation unit; (240) Signature processing unit; (250) Verification management unit
Abstract translation: 目的:提供一种应用签名管理服务器及其管理方法,以通过维护用于该应用的单个签名框架来提高与通过单个签名处理的应用的兼容性。 构成:散列值操作单元(220)将操作的散列值发送到应用开发者终端。 签名消息生成单元(230)使用所操作的散列值,第一个人密钥和第一随机数来生成第一签名消息。 签名消息生成单元通过接收第二签名消息来生成最终签名消息。 通过使用所操作的散列值,第二个人密钥和第二随机数来生成第二签名消息。 签名处理单元(240)处理应用信息消息中生成的最终签名消息。 (附图标记)(210)密钥生成单元; (220)哈希值操作单元; (230)签名消息生成单元; (240)签名处理单元; (250)验证管理单位
-
-
-
-
Search Results
5
records
(took 0.044 seconds)
