發(fā)布時間：2018-03-19 19:54

  本文選題：代碼混淆　切入點：布局混淆　出處：《中國科學(xué)技術(shù)大學(xué)》2017年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)和計算機軟件產(chǎn)業(yè)的快速發(fā)展,軟件的獲取和使用變的更加容易�，F(xiàn)階段,大量的付費軟件被攻擊者破解,并發(fā)布到網(wǎng)絡(luò)上供人們免費使用。而軟件被破解后,攻擊者可能會竊取軟件中的核心代碼或重要信息,使軟件的知識產(chǎn)權(quán)很難得到保障,限制了軟件產(chǎn)業(yè)的快速發(fā)展。近年來,由于Python語言的語法簡潔清晰,擁有功能強大而豐富的類庫,可以大幅提高軟件開發(fā)人員的開發(fā)效率,越來越多的代碼開始使用Python語言來編寫,而Python的字節(jié)碼很容易被現(xiàn)有的反編譯工具破解,導(dǎo)致其中的關(guān)鍵信息被竊取。為了解決上述問題,在調(diào)研了現(xiàn)有的代碼混淆技術(shù)的基礎(chǔ)上,本文基于布局混淆和控制混淆設(shè)計實現(xiàn)了一個Python代碼混淆系統(tǒng),該混淆系統(tǒng)可以增加攻擊者破解Python代碼的難度。主要工作如下:(1)對代碼混淆技術(shù)進行分析。首先,介紹代碼混淆中包含的布局混淆、數(shù)據(jù)混淆、預(yù)防性混淆、控制混淆,并給出了每種混淆下面包括的具體的混淆方法。然后,描述了代碼混淆的四個評價標準,后面將使用這四個標準來對本文設(shè)計的Python代碼混淆系統(tǒng)進行評價。(2)分析本文采用的控制混淆中需要用到的不透明謂詞和壓扁控制流算法。首先,分析了 Logistic和En_Logistic兩個混沌映射中存在的問題,給出了本文設(shè)計的代碼混淆系統(tǒng)中將會使用的分段Logistic混沌映射,它克服了前兩個映射中存在的對初始值不夠敏感和容易產(chǎn)生小區(qū)域聚集現(xiàn)象的缺點。然后,介紹了不透明謂詞的定義,給出了一種使用混沌映射構(gòu)造混沌不透明謂詞的方法。最后,分析了現(xiàn)有的壓扁控制流算法中存在的缺陷。(3)實現(xiàn)本文設(shè)計的Python代碼混淆系統(tǒng)。首先,介紹了該系統(tǒng)中使用到的布局混淆。其次,提出并實現(xiàn)了該系統(tǒng)中需要用到的基于同余方程構(gòu)造的不透明謂詞算法和基于分段Logistic混沌映射構(gòu)造的N態(tài)不透明謂詞算法,并分析了如何在代碼中插入基于同余方程構(gòu)造的不透明謂詞。然后,提出了一種改進的壓扁控制流算法,該算法克服了現(xiàn)有的壓扁控制流算法中存在的缺陷。最后,在該代碼混淆系統(tǒng)中實現(xiàn)了控制混淆和布局混淆的算法。(4)對本文設(shè)計的Python代碼混淆系統(tǒng)進行實驗與分析。使用開源的測試用例在提出的實驗平臺上對本文設(shè)計的代碼混淆系統(tǒng)進行了實驗,并在正確性、安全性、有效性方面對其進行了分析。實驗結(jié)果表明,本文使用布局混淆和控制混淆算法設(shè)計的Python代碼混淆系統(tǒng)能夠保證混淆后代碼的正確性,并且與現(xiàn)有的不透明謂詞生成算法相比具有更好的均衡性,計算不透明謂詞輸出時帶來的額外時間開銷更低,同時具有很高的安全性、強度、耐受力、隱蔽性,能夠有效地增加攻擊者破解代碼的難度,同時也存在一定的時間開銷和空間開銷。
[Abstract]:With the rapid development of Internet technology and computer software industry, the acquisition and use of software becomes easier. At this stage, a large number of paid software has been cracked by attackers and released to the network for free. Attackers can steal core code or important information from software, making it difficult to secure intellectual property rights and limiting the rapid growth of the software industry. Having powerful and rich class libraries can greatly improve the development efficiency of software developers. More and more code is being written in the Python language, and the bytecode of Python can be easily cracked by existing decompilation tools. In order to solve the above problems, this paper studies the existing code confusion technology, and implements a Python code confusion system based on layout confusion and control confusion design. This confusion system can make it more difficult for an attacker to crack Python code. The main work is as follows: 1) analyze the code confusion technology. First, introduce the layout confusion, data confusion, prevention confusion, control confusion, which are included in code confusion. Then, the four evaluation criteria of code confusion are described. The following four criteria will be used to evaluate the Python code confusion system designed in this paper.) the opaque predicates and flattening control flow algorithms used in this paper will be analyzed. The problems in Logistic and En_Logistic chaotic maps are analyzed, and the piecewise Logistic chaotic maps that will be used in the code confusion system designed in this paper are given. It overcomes the shortcomings of the first two mappings, which are insensitive to initial values and easy to produce small region aggregation. Then, the definition of opaque predicates is introduced. A method of constructing chaotic opaque predicates using chaotic mapping is presented. Finally, the defects in the existing flattening control flow algorithms are analyzed to implement the Python code confusion system designed in this paper. The layout confusion used in the system is introduced. Secondly, the opaque predicate algorithm based on congruence equation and the N-state opaque predicate algorithm based on piecewise Logistic chaotic mapping are proposed and implemented. Then, an improved flattening control flow algorithm is proposed, which overcomes the defects of the existing flattening control flow algorithms. The algorithm of controlling confusion and layout confusion is implemented in the code confusion system. The experiment and analysis of the Python code confusion system designed in this paper are carried out. The code confusion system is experimented with, The experimental results show that the Python code confusion system designed by using layout confusion and control obfuscation algorithm can ensure the correctness of the obfuscation code. Compared with the existing algorithms, it has better balance, lower extra time cost when calculating the output of opaque predicates, and has high security, strength, endurance and concealment. It can effectively increase the difficulty of the attacker to break the code, at the same time, there is a certain amount of time and space overhead.
【學(xué)位授予單位】：中國科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP311.5;TP309

【參考文獻】

相關(guān)期刊論文 前5條

1 吳偉民;林水明;林志毅;;一種基于混沌不透明謂詞的壓扁控制流算法[J];計算機科學(xué);2015年05期

2 陳代梅;范希輝;朱靜;汪玉美;;基于同余方程和中國剩余定理的混淆算法[J];計算機應(yīng)用研究;2015年02期

3 蘇慶;吳偉民;李忠良;李景j;陳為德;;混沌不透明謂詞在代碼混淆中的研究與應(yīng)用[J];計算機科學(xué);2013年06期

4 楊樂;周強強;薛錦云;;基于垃圾代碼的控制流混淆算法[J];計算機工程;2011年12期

5 范九倫;張雪鋒;;分段Logistic混沌映射及其性能分析[J];電子學(xué)報;2009年04期

，

本文編號：1635765