+

CN118350065B - Important code protection method, system, storage medium and electronic equipment - Google Patents

Important code protection method, system, storage medium and electronic equipment Download PDF

Info

Publication number
CN118350065B
CN118350065B CN202410775281.1A CN202410775281A CN118350065B CN 118350065 B CN118350065 B CN 118350065B CN 202410775281 A CN202410775281 A CN 202410775281A CN 118350065 B CN118350065 B CN 118350065B
Authority
CN
China
Prior art keywords
function code
value
determining
code
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410775281.1A
Other languages
Chinese (zh)
Other versions
CN118350065A (en
Inventor
王鸣明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fengfan Suzhou Audio Techonology Co ltd
Jiangxi Feier Technology Co ltd
Original Assignee
Fengfan Suzhou Audio Techonology Co ltd
Jiangxi Feier Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fengfan Suzhou Audio Techonology Co ltd, Jiangxi Feier Technology Co ltd filed Critical Fengfan Suzhou Audio Techonology Co ltd
Priority to CN202410775281.1A priority Critical patent/CN118350065B/en
Publication of CN118350065A publication Critical patent/CN118350065A/en
Application granted granted Critical
Publication of CN118350065B publication Critical patent/CN118350065B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an important code protection method, a system, a storage medium and electronic equipment, wherein the method comprises the following steps: receiving request information, accessing a target position of a target random access memory according to the request information, arranging a space occupying function code in the target position of the target random access memory, and judging whether a value returned by the space occupying function is a preset value or not; if yes, determining downloading request information through a preset algorithm according to a preset value, and transmitting the downloading request information to a trusted server, so that the trusted server confirms whether the downloading request end is trusted through a preset method; and receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the stub function code with the objective function code, and executing the objective function code. The invention solves the problem that the important codes are easy to leak after the nonvolatile memory is stolen when the codes in the prior art are stored on the nonvolatile memory.

Description

Important code protection method, system, storage medium and electronic equipment
Technical Field
The present invention relates to the field of computer software technologies, and in particular, to a method and system for protecting an important code, a storage medium, and an electronic device.
Background
The embedded system is composed of hardware and software, and is a device capable of operating independently. The software content only comprises a software running environment and an operating system thereof. The hardware content includes various contents including a signal processor, a memory, a communication module, and the like. Compared with a common computer processing system, the embedded system has larger difference, and can not realize the large-capacity storage function, because no large-capacity medium matched with the embedded system exists, most of adopted storage media comprise E-PROM, EEPROM and the like, and the software part takes an API programming interface as the core of a development platform.
Typically, the software of the embedded system is stored in a non-volatile memory NVM (Non Volatile Memory), a general purpose non-volatile memory such as FLASH, ROM, eFuse, or the like. The source code of the embedded system is compiled to generate object code on a specific machine, and the object code is stored in a nonvolatile memory, namely machine language code. However, in this storage mode, after the whole binary target code is read out from the nonvolatile memory by using a specific technical means, the implementation mode of the source code can be presumed through disassembly, so that the important code is stolen.
Disclosure of Invention
Based on the above, the invention aims to provide an important code protection method, an important code protection system, a storage medium and electronic equipment, which aim to solve the problem that the important codes are easy to leak after the nonvolatile memory is stolen when codes in the prior art are stored on the nonvolatile memory.
According to the embodiment of the invention, the important code protection method comprises the following steps:
Receiving request information, accessing a target position of a target random access memory according to the request information, wherein a space occupying function code is arranged in the target position of the target random access memory, and judging whether a value returned by the space occupying function is a preset value or not;
if yes, determining downloading request information through a preset algorithm according to the preset value, and transmitting the downloading request information to a trusted server, so that the trusted server confirms whether a downloading request end is trusted through a preset method;
And receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the occupied function code with the objective function code, and executing the objective function code.
In addition, the important code protection method according to the above embodiment of the present invention may further have the following additional technical features:
further, the step of replacing the stub function code with the objective function code and executing the objective function code includes:
And determining the running condition of the debugger according to the preset sensing equipment, and controlling the target random access memory to be in a power-down state if the debugger is running.
Further, the step of replacing the stub function code with the objective function code and executing the objective function code includes:
and determining the number of times and time of the current time of the objective function code according to the request information, acquiring the space occupying function code through a preset nonvolatile memory when the number of times and time of the real-time mobilization of the objective function code are consistent with the request information, and replacing the objective function code with the space occupying function code.
Further, the step of determining the download request information according to the preset value through a preset algorithm includes:
generating a random number and determining a first hash value through a hash algorithm according to the preset value;
And determining a second hash value through the hash algorithm according to the first hash value and the random number, wherein the first hash value, the random number and the second hash value are the downloading request information.
Further, the preset method comprises the following steps:
Determining a third hash value according to the first hash value and the random number through the hash algorithm, and judging whether the second hash value is consistent with the third hash value or not;
if yes, the download request terminal is trusted, reply data is determined according to the download information, and then the reply data is returned to the download request terminal.
Further, the step of determining reply data according to the download information includes:
Comparing the first hash value with a preset Ha Xiku to determine the objective function code, summing the numbers of all positions of the random number to determine a summation value, and determining a target public key according to the bit value of the summation value;
and determining encryption information through the target public key according to the target function code, determining a verification hash value through a hash algorithm according to the summation value, and forming the reply data by the verification hash value and the encryption information.
Further, the step of determining the objective function code according to the reply data includes:
summing the random numbers to obtain a summation value, determining a verification hash value according to the summation value through the hash algorithm, and judging whether the verification hash value is consistent with the verification hash value or not;
If so, determining a target private key according to the bit value of the summation value, and determining the target function code through the target private key according to the encryption information.
Another object of the present invention is an important code protection system, comprising:
The request judging module is used for receiving the request information, accessing the target position of the target random access memory according to the request information, arranging a space occupying function code in the target position of the target random access memory, and judging whether the value returned by the space occupying function is a preset value or not;
the download request module is used for determining download request information according to a preset algorithm when the value returned by the target random access memory is a preset value, and transmitting the download request information to the trusted server so that the trusted server confirms whether the download request end is trusted or not through a preset method;
And the code replacement module is used for receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the occupied function code with the objective function code and executing the objective function code.
It is another object of an embodiment of the present invention to provide a storage medium having stored thereon a computer program which when executed by a processor implements the steps of the important code protection method described above.
It is a further object of an embodiment of the present invention to provide an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the steps of the important code protection method described above when said program is executed.
The invention stores the occupying function on the target random access memory, namely on the RAM, so that when the target function needs to be called, the target random access memory is accessed to obtain the value replied by the occupying function, so that the knowing target function is not in hardware, and then the receiving server is requested to provide the target function for downloading, after the receiving server confirms that the request end is a safe end, the downloading data is replied, the target function code is obtained according to the downloading data, and the occupying function is replaced, and the calling of the target function is realized. Because the objective function, namely the important function code, is stored on the trusted server, even if the hardware of the embedded system is stolen, the important code still cannot leak, in addition, the safety of the server and the request end is ensured through safety authentication transmission, the important code is prevented from leaking in data transmission, in addition, the objective function is arranged in the random access memory to call and run, and the condition that the objective function is stolen when called is further prevented by setting the objective function in the random access memory to call and run, if the external world steals and reads the objective function code, and by powering off the random access memory, all codes in the random access memory are lost and cannot be retrieved. Therefore, the invention solves the problem that the important codes are easy to leak after the nonvolatile memory is stolen when the codes in the prior art are stored on the nonvolatile memory.
Drawings
FIG. 1 is a flowchart of an important code protection method in a first embodiment of the present invention;
FIG. 2 is a diagram showing the results of an important code protection system according to a second embodiment of the present invention;
Fig. 3 is a schematic structural diagram of an electronic device according to a third embodiment of the present invention;
the invention will be further described in the following detailed description in conjunction with the above-described figures.
Detailed Description
In order that the invention may be readily understood, a more complete description of the invention will be rendered by reference to the appended drawings. Several embodiments of the invention are presented in the figures. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "mounted" on another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Example 1
Referring to fig. 1, a method for protecting important codes in a first embodiment of the present invention is shown, and the method specifically includes steps S01-S03.
S01, receiving request information, accessing a target position of a target random access memory according to the request information, wherein a space occupying function code is arranged in the target position of the target random access memory, and judging whether a value returned by the space occupying function is a preset value or not;
In the implementation, the space occupying function codes are set in the target positions of the target random access memory, so that a section of memory is allocated in the RAM by the compiler for program operation, and the space occupying codes are directly replaced after the target function codes are downloaded, thereby realizing the operation and the call of the target function codes. In addition, by setting the specific stub function code, when the target position of the target random access memory is accessed according to the request information, the stub function returns to a specific value to remind the terminal of executing the call after the target function code is downloaded by the trusted server, and the specific value is used for the security authentication of the subsequent trusted server and the corresponding target function code is confirmed.
S02, if so, determining downloading request information through a preset algorithm according to the preset value, and transmitting the downloading request information to a trusted server, so that the trusted server confirms whether a downloading request end is trusted through a preset method;
Specifically, the step of determining the download request information according to the preset value through a preset algorithm includes: generating a random number and determining a first hash value through a hash algorithm according to the preset value; and determining a second hash value through the hash algorithm according to the first hash value and the random number, wherein the first hash value, the random number and the second hash value are the downloading request information. In addition, the preset method comprises the following steps: determining a third hash value according to the first hash value and the random number through the hash algorithm, and judging whether the second hash value is consistent with the third hash value or not; if yes, the download request terminal is trusted, reply data is determined according to the download information, and then the reply data is returned to the download request terminal. In addition, the step of determining reply data according to the download information includes: comparing the first hash value with a preset Ha Xiku to determine the objective function code, summing the numbers of all positions of the random number to determine a summation value, and determining a target public key according to the bit value of the summation value; and determining encryption information through the target public key according to the target function code, determining a verification hash value through a hash algorithm according to the summation value, and forming the reply data by the verification hash value and the encryption information.
In the implementation, after the return value is determined to be the preset value, the objective function code needs to be downloaded to the server, the first hash value is obtained by generating the random number and carrying out hash operation on the preset value, the second hash value is obtained by carrying out operation on the random number and the first hash value, the random number and the second hash value are sent to the trusted server, so that the trusted server can obtain the third hash value according to the hash operation, when the second hash value is consistent with the third hash value, the hash operation methods representing the trusted server and the request terminal are consistent, and the identity of the request terminal can be confirmed. In addition, when the objective function codes are determined by comparing the first hash value with Ha Xiku, the corresponding relation is determined by the hash value when each objective function code in the trusted server, and when the trusted server is invaded and the request terminal is stolen, even if the objective function codes are stolen, the code is meaningless to a pirate due to the lack of the logical relation between the objective function codes and each running code of the request terminal. In addition, by setting a plurality of independent trusted servers, through a mode that each server stores different parts of an objective function code, the request end downloads different parts of the objective function code from different trusted servers respectively, so that the objective function code can be further protected, even if one of the trusted servers or data in a plurality of trusted service numbers are stolen, the corresponding relation of the objective function code is associated with a hash value, and the hash value itself does not have any information, so that a thief cannot splice the complete objective function code.
In addition, the random numbers are summed to obtain a summation value, and the public key of the data transmission is determined according to the mantissa of the summation value, so that the security of the data transmission is improved by further combining the random numbers, and the aim function code is ensured not to be compromised. In addition, the summation value is hashed to obtain a verification hash value, so that after the request terminal receives the reply data, the request terminal can verify according to the verification hash value, the reply data is ensured to be sent by the trusted terminal, and the receiving and reading of external virus information are avoided.
S03, receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the occupied function code with the objective function code, and executing the objective function code;
Specifically, the step of determining the objective function code according to the reply data includes: summing the random numbers to obtain a summation value, determining a verification hash value according to the summation value through the hash algorithm, and judging whether the verification hash value is consistent with the verification hash value or not; if so, determining a target private key according to the bit value of the summation value, and determining the target function code through the target private key according to the encryption information.
The random numbers are summed to obtain a summation value, and hash operation is carried out on the summation value to obtain a verification hash value, so that the received reply data can be verified to be sent by the trusted server through comparison of the verification hash value and the verification hash value, and external virus information is prevented from being received and read. In addition, the target private key is determined according to the bit value of the summation value to decrypt the encrypted information, so that the safety of the data is improved.
In addition, when the target function is called, determining the running condition of the debugger according to the preset sensing equipment, and if the debugger is running, controlling the target random access memory to be in a power-down state. Because the target function codes are stored in the target random access memory, when the target random access memory is found to be read by external equipment, the power is turned off, so that the target function codes in the target random access memory are lost, the target function codes are prevented from being stored on hardware, and the target function codes are acquired by others through stealing the hardware equipment.
In addition, after the end of the target function call, the target function code is prevented from being leaked by acquiring the stub function code stored in the preset nonvolatile memory to replace the target function code, so that the state thereof is reset.
In summary, according to the important code protection method in the above embodiment of the present invention, the stub function is stored in the target random access memory, that is, stored in the RAM, so that when the target function needs to be called, the stub function is firstly accessed to obtain the value recovered by the stub function, so that it is known that the target function is not in the hardware, and further the trusted server is requested to provide the target function for downloading, after the trusted server confirms that the request end is the secure end, the trusted server replies the downloading data, obtains the target function code according to the downloading data, and replaces the stub function, thereby realizing the call of the target function. Because the objective function, namely the important function code, is stored on the trusted server, even if the hardware of the embedded system is stolen, the important code still cannot leak, in addition, the safety of the server and the request end is ensured through safety authentication transmission, the important code is prevented from leaking in data transmission, in addition, the objective function is arranged in the random access memory to call and run, and the condition that the objective function is stolen when called is further prevented by setting the objective function in the random access memory to call and run, if the external world steals and reads the objective function code, and by powering off the random access memory, all codes in the random access memory are lost and cannot be retrieved. Therefore, the invention solves the problem that the important codes are easy to leak after the nonvolatile memory is stolen when the codes in the prior art are stored on the nonvolatile memory.
Example two
Referring to fig. 2, a block diagram of an important code protection system according to a second embodiment of the present invention is shown, and the important code protection system 200 includes: a request judging module 21, a download requesting module 22, and a code replacing module 23, wherein:
A request judging module 21, configured to receive request information, access a target location of a target random access memory according to the request information, set a space occupying function code in the target location of the target random access memory, and judge whether a value returned by the space occupying function is a preset value;
The download request module 22 is configured to determine download request information according to a preset algorithm when the value returned by the target random access memory is a preset value, and transmit the download request information to the trusted server, so that the trusted server confirms whether the download request end is trusted through a preset method;
And the code replacing module 23 is configured to receive reply data that the trusted server completes confirmation according to the download request information, determine an objective function code according to the reply data, replace the stub function code with the objective function code, and execute the objective function code.
Further, in other embodiments of the present invention, the vital code protection system 200 includes:
and the calling judgment module is used for determining the running condition of the debugger according to the preset sensing equipment, and controlling the target random access memory to be in a power-down state if the debugger is running.
And the code replacement module is used for determining the number of times and time of the current transfer of the objective function code according to the request information, acquiring the occupied function code through a preset nonvolatile memory when the number of times and time of the real-time transfer of the objective function code are consistent with the request information, and replacing the objective function code with the occupied function code.
Further, in other embodiments of the present invention, the download request module 22 includes:
the initial request information determining unit is used for generating a random number and determining a first hash value through a hash algorithm according to the preset value;
And the download request information determining unit is used for determining a second hash value through the hash algorithm according to the first hash value and the random number, wherein the first hash value, the random number and the second hash value are the download request information.
The request verification unit is used for determining a third hash value according to the first hash value and the random number through the hash algorithm and judging whether the second hash value is consistent with the third hash value or not;
And the download reply unit is used for ensuring that the download request terminal is trusted when the second hash value and the third hash value are consistent, determining reply data according to the download information and returning the reply data to the download request terminal.
Further, in other embodiments of the present invention, the code replacement module 23 includes:
The encryption public key determining unit is used for comparing the first hash value with a preset Ha Xiku to determine the objective function code, summing the numbers of all positions of the random number to determine a summation value, and determining an objective public key according to the bit value of the summation value;
And the reply data determining unit is used for determining encryption information through the target public key according to the target function code, determining a verification hash value through a hash algorithm according to the summation value, and forming the reply data by the verification hash value and the encryption information.
The reply data verification unit is used for summing the random numbers to obtain a summation value, determining a verification hash value through the hash algorithm according to the summation value, and judging whether the verification hash value is consistent with the verification hash value or not;
and the decryption calling unit is used for determining a target private key according to the bit value of the summation value when the verification hash value is consistent with the verification hash value, and determining the target function code according to the encryption information through the target private key.
The functions or operation steps implemented when the above modules are executed are substantially the same as those in the above method embodiments, and are not described herein again.
Example III
In another aspect, referring to fig. 3, a schematic diagram of an electronic device according to a third embodiment of the present invention is provided, including a memory 20, a processor 10, and a computer program 30 stored in the memory and capable of running on the processor, where the processor 10 implements the important code protection method as described above when executing the computer program 30.
The processor 10 may be, among other things, a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor or other data processing chip in some embodiments for running program code or processing data stored in the memory 20, e.g. executing an access restriction program or the like.
The memory 20 includes at least one type of readable storage medium including flash memory, a hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 20 may in some embodiments be an internal storage unit of the electronic device, such as a hard disk of the electronic device. The memory 20 may also be an external storage device of the electronic device in other embodiments, such as a plug-in hard disk provided on the electronic device, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), etc. Further, the memory 20 may also include both internal storage units and external storage devices of the electronic device. The memory 20 may be used not only for storing application software of an electronic device and various types of data, but also for temporarily storing data that has been output or is to be output.
It should be noted that the structure shown in fig. 3 does not constitute a limitation of the electronic device, and in other embodiments the electronic device may comprise fewer or more components than shown, or may combine certain components, or may have a different arrangement of components.
The embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the important code protection method as described above.
Those of skill in the art will appreciate that the logic and/or steps represented in the flow diagrams or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing examples illustrate only a few embodiments of the invention, which are described in detail and are not to be construed as limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.

Claims (9)

1. A method of important code protection, the method comprising:
Receiving request information, accessing a target position of a target random access memory according to the request information, wherein a space occupying function code is arranged in the target position of the target random access memory, and judging whether a value returned by the space occupying function is a preset value or not;
if yes, determining downloading request information through a preset algorithm according to the preset value, and transmitting the downloading request information to a trusted server, so that the trusted server confirms whether a downloading request end is trusted through a preset method;
Receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the occupation function code with the objective function code, and executing the objective function code;
the step of determining the download request information through a preset algorithm according to the preset value comprises the following steps:
generating a random number and determining a first hash value through a hash algorithm according to the preset value;
And determining a second hash value through the hash algorithm according to the first hash value and the random number, wherein the first hash value, the random number and the second hash value are the downloading request information.
2. The important code protection method according to claim 1, wherein the step of replacing the stub function code with the objective function code and executing the objective function code includes:
And determining the running condition of the debugger according to the preset sensing equipment, and controlling the target random access memory to be in a power-down state if the debugger is running.
3. The important code protection method according to claim 1, wherein the step of replacing the stub function code with the objective function code and executing the objective function code includes:
and determining the number of times and time of the current time of the objective function code according to the request information, acquiring the space occupying function code through a preset nonvolatile memory when the number of times and time of the real-time mobilization of the objective function code are consistent with the request information, and replacing the objective function code with the space occupying function code.
4. The important code protection method according to claim 1, wherein the preset method is:
Determining a third hash value according to the first hash value and the random number through the hash algorithm, and judging whether the second hash value is consistent with the third hash value or not;
if yes, the download request terminal is trusted, reply data is determined according to the download information, and then the reply data is returned to the download request terminal.
5. The important code protection method of claim 4, wherein the step of determining reply data based on the download information includes:
Comparing the first hash value with a preset Ha Xiku to determine the objective function code, summing the numbers of all positions of the random number to determine a summation value, and determining a target public key according to the bit value of the summation value;
and determining encryption information through the target public key according to the target function code, determining a verification hash value through a hash algorithm according to the summation value, and forming the reply data by the verification hash value and the encryption information.
6. The vital code protection method of claim 5, wherein determining an objective function code from the reply data comprises:
summing the random numbers to obtain a summation value, determining a verification hash value according to the summation value through the hash algorithm, and judging whether the verification hash value is consistent with the verification hash value or not;
If so, determining a target private key according to the bit value of the summation value, and determining the target function code through the target private key according to the encryption information.
7. An important code protection system for implementing the important code protection method according to any one of claims 1 to 6, said system comprising:
The request judging module is used for receiving the request information, accessing the target position of the target random access memory according to the request information, arranging a space occupying function code in the target position of the target random access memory, and judging whether the value returned by the space occupying function is a preset value or not;
the download request module is used for determining download request information according to a preset algorithm when the value returned by the target random access memory is a preset value, and transmitting the download request information to the trusted server so that the trusted server confirms whether the download request end is trusted or not through a preset method;
And the code replacement module is used for receiving reply data of the trusted server for completing confirmation according to the downloading request information, determining an objective function code according to the reply data, replacing the occupied function code with the objective function code and executing the objective function code.
8. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the steps of the important code protection method according to any one of claims 1 to 6.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the vital code protection method according to any of claims 1-6 when the program is executed.
CN202410775281.1A 2024-06-17 2024-06-17 Important code protection method, system, storage medium and electronic equipment Active CN118350065B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410775281.1A CN118350065B (en) 2024-06-17 2024-06-17 Important code protection method, system, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410775281.1A CN118350065B (en) 2024-06-17 2024-06-17 Important code protection method, system, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN118350065A CN118350065A (en) 2024-07-16
CN118350065B true CN118350065B (en) 2024-09-03

Family

ID=91815850

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410775281.1A Active CN118350065B (en) 2024-06-17 2024-06-17 Important code protection method, system, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN118350065B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107004195A (en) * 2014-09-29 2017-08-01 加拿大皇家银行 The safe handling of data
CN111104566A (en) * 2019-12-26 2020-05-05 腾讯科技(深圳)有限公司 Feature index encoding method and device, electronic equipment and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7788502B1 (en) * 2005-03-10 2010-08-31 Xilinx, Inc. Method and system for secure exchange of IP cores
PT2998895T (en) * 2014-09-22 2017-06-15 Denuvo GmbH Technique for enabling nominal flow of an executable file
CN105306434A (en) * 2015-09-11 2016-02-03 北京金山安全软件有限公司 Program file checking method and device, server and terminal
US11461485B2 (en) * 2016-08-12 2022-10-04 ALTR Solutions, Inc. Immutable bootloader and firmware validator
GB2595927A (en) * 2020-06-12 2021-12-15 Nchain Holdings Ltd File verification system and method
CN114329488A (en) * 2021-12-28 2022-04-12 元心信息科技集团有限公司 Kernel function credibility verification method and device, electronic equipment and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107004195A (en) * 2014-09-29 2017-08-01 加拿大皇家银行 The safe handling of data
CN111104566A (en) * 2019-12-26 2020-05-05 腾讯科技(深圳)有限公司 Feature index encoding method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN118350065A (en) 2024-07-16

Similar Documents

Publication Publication Date Title
US9158924B2 (en) Information processing apparatus and information processing method
US7313705B2 (en) Implementation of a secure computing environment by using a secure bootloader, shadow memory, and protected memory
KR101061332B1 (en) Apparatus and method for controlling the use of memory cards
JP4898790B2 (en) Additional implementation of authentication to firmware
US7330118B2 (en) Apparatus and method capable of secure wireless configuration and provisioning
US20110289294A1 (en) Information processing apparatus
US20070028115A1 (en) Method for guaranteeing the integrity and authenticity of flashware for control devices
KR101567620B1 (en) Secure memory management system and method
US20030014663A1 (en) Method for securing an electronic device, a security system and an electronic device
CN112613011B (en) USB flash disk system authentication method and device, electronic equipment and storage medium
KR20180025261A (en) Anti-rollback version upgrade in secured memory chip
EP1334419B1 (en) System and method for verifying the integrity of stored information within an electronic device
KR20110020800A (en) Integrated circuit with security software image and method
CN108334754B (en) Encryption and decryption method and system for embedded system program
KR101437249B1 (en) System and method for loading application classes
US11270003B2 (en) Semiconductor device including secure patchable ROM and patch method thereof
CN103198270A (en) Using a manifest to record presence of valid software and calibration
CN111953634A (en) Access control method and device for terminal equipment, computer equipment and storage medium
US7797553B2 (en) Memory device
CN118350065B (en) Important code protection method, system, storage medium and electronic equipment
US20070005991A1 (en) Method for checking the data integrity of software in control appliances
KR100300794B1 (en) How to enter information on the chip card
CN111611551A (en) Dynamic link library protection method and system based on state cryptographic algorithm
CN115718916A (en) Control method and control device
CA3116935A1 (en) Electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载