Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and system for preventing reverse analysis of ELF program

A reverse analysis and procedural technology, applied in the field of information security, can solve problems such as harm, danger, and insecurity, and achieve the effect of high security, guaranteed strength, and resistance to supply chain attacks

Active Publication Date: 2021-08-06
NARI INFORMATION & COMM TECH
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This is very unsafe and dangerous for systems or devices in key areas
In addition, it is also harmful to the protection of intellectual property rights.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for preventing reverse analysis of ELF program
  • Method, device and system for preventing reverse analysis of ELF program
  • Method, device and system for preventing reverse analysis of ELF program

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] Such as image 3 As shown, a method for preventing an ELF program from being reversely analyzed is provided in the embodiment of the present invention, comprising the following steps:

[0060] (1) After the ELF program is compiled and generated, use its own information to generate a cascade key after transformation; use the cascade key to encrypt the key header and information of the ELF program to form encrypted ELF program;

[0061] (2) When executing the encrypted ELF program, it is loaded, decrypted and executed by the kernel

[0062] Described step (1) specifically comprises the following steps:

[0063] 1.1 Modify the file identification of the ELF program, and change the original '\177ELF' to '\177ENC', so that the kernel decryption process can be performed according to this mark to distinguish and load, and it is compatible with the original normal ELF file format.

[0064] 1.2 Use the header information of the ELF program file as input, and after processing ...

Embodiment 2

[0078] An embodiment of the present invention provides a device for preventing an ELF program from being reversely analyzed, including:

[0079] The encryption module is used to generate a cascade key using its own information after transformation after the ELF program is compiled and generated; use the cascade key to encrypt the key header and information of the ELF program to form an encrypted The ELF program;

[0080] The decryption module is used to load, decrypt and execute the encrypted ELF program through the kernel when executing the encrypted ELF program.

[0081] Optionally, the method for forming the encrypted ELF program includes the following steps:

[0082] Modify the file identifier of the ELF program for differential loading processing, compatible with the original normal ELF file format;

[0083] Use the header information of the ELF program file as input, and after processing and transforming, a set of character strings are obtained as the key key1 for subs...

Embodiment 3

[0096] An embodiment of the present invention provides a system for preventing an ELF program from being reversely analyzed, including a storage medium and a processor;

[0097] The storage medium is used to store instructions;

[0098] The processor is configured to operate according to the instructions to execute the steps of the method according to any one of Embodiment 1.

[0099] Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, a device and a system for preventing reverse analysis of an ELF program, and the method comprises the steps: generating a cascade key after the ELF program is compiled and generated and is transformed by using the information of the ELF program; carrying out encryption processing on a key head and information of the ELF program by utilizing the cascade secret key to form an encrypted ELF program; and when the encrypted ELF program is executed, loading, decrypting and executing the encrypted ELF program through a kernel. According to the method, the problem that the ELF execution program is reversed is effectively solved, program logic leakage is avoided, and the risk that the system and the device are attacked is reduced.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a method, device and system for preventing an ELF program from being reversely analyzed. Background technique [0002] ELF is the abbreviation of Executable and Linkable Format, which is the file format of the executable program on the Linux system. Although the ELF file is binary, it has a clear format definition. There are a large number of reverse analysis tools that can directly analyze the ELF file, extract the file header, code segment, data segment, etc., to analyze the implementation logic of the program, or modify the program. The key logic to achieve the purpose of attacking the system. [0003] In engineering, the method of directly publishing ELF format files is generally used to release external programs. During the release process of the program, it may be obtained illegally, reversed and analyzed to spy on its internal code logic. This i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/14G06F21/60H04L29/06H04L29/08
CPCG06F21/14G06F21/602H04L63/0435H04L63/1441H04L67/06H04L67/1095
Inventor 祁龙云罗黎明刘寅刘苇吕小亮徐项帅孙连文杨维永朱世顺李向南魏兴慎黄天明徐志超张鸿鹏杨康乐闫珺孙柏颜金建龙
Owner NARI INFORMATION & COMM TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products