Search

CN-121980565-A - IOS application encryption reinforcement system based on binary system

CN121980565ACN 121980565 ACN121980565 ACN 121980565ACN-121980565-A

Abstract

The invention discloses a binary-based iOS application encryption reinforcement system, which adopts an encryption reinforcement mechanism to protect iOS applications, wherein the encryption reinforcement mechanism provides protection for an App by preferentially executing reinforcement codes, dynamically confusion key functions and collaborative module interactions, and has program code insertion, code confusion, dynamic library calling and dependency management functions; the method comprises the steps of inserting a program code into a binary file of a target program, inserting a reinforcement code into the binary file of the target program, executing the reinforcement code before the original code of the target program, carrying out dynamic confusion processing on functions of the target program by code confusion, generating a confusion code and a jump table, preventing reverse analysis and parameter type analysis, calling a loading dynamic library module by a dynamic library to realize a safety protection function, including anti-debugging, anti-secondary packing and data encryption, and depending on instruction offset, data offset and Mach-O file format of a management repair target program.

Inventors

  • MENG XIANGYU
  • LI JIANG
  • ZHAO XINHUA
  • JIANG YANTING

Assignees

  • 南京大数据集团有限公司
  • 南京市城市数字治理中心

Dates

Publication Date
20260505
Application Date
20260401

Claims (9)

  1. 1. The binary-based iOS application encryption reinforcement system is characterized in that an encryption reinforcement mechanism is adopted to protect iOS applications, the encryption reinforcement mechanism is used for inserting program codes, code confusion, dynamic library calling and dependency management functions through interaction of a priority execution reinforcement code, a dynamic confusion key function and a cooperative module, the program codes are inserted into binary files of a target program and are executed before original codes of the target program, the code confusion carries out dynamic confusion processing on functions of the target program to generate confusion codes and jump tables so as to prevent reverse analysis and parameter type analysis, the dynamic library calling loads and calls a dynamic library module to realize safety protection functions including anti-debugging, anti-secondary packaging and data encryption, and the dependency management restores instruction offset, data offset and Mach-O file format of the target program.
  2. 2. The system of claim 1, wherein the system comprises a shell module, a dynamic library module, and a reinforcement tool module, wherein the shell module is used for being inserted into a target program and executed before original codes of the program, and comprises an initialization module and a dynamic generation confusion code module, the dynamic library module is used for realizing a safety protection function and assisting the shell module to work, the reinforcement tool module is used for generating the confusion code, the shell code and the shell data, inserting the shell code and the shell data into the target program, modifying program entry points, and combining the shell module and the dynamic library module into the target program, and the shell module, the dynamic library module and the reinforcement tool module work cooperatively through data sharing and function calling, wherein the shell module calls the initialization functions of the dynamic library module, the dynamic library module reads function switches and data in the shell module, and the reinforcement tool module uses encryption interfaces provided by the dynamic library module when generating the confusion code.
  3. 3. The binary-based iOS application encryption reinforcement system of claim 1, wherein the initialization module is configured to load the dynamic library module preferentially and call its initialization function, the dynamically generated obfuscation code module is configured to execute the dynamically generated obfuscation code, wherein the obfuscation code analyzes the block processing function instruction based on the control flow, and dynamically jumps the code block through the jump table at runtime, and returns control rights to the original entry point of the target program.
  4. 4. The binary-based iOS application encryption reinforcement system of claim 1, wherein the dynamic library module comprises an anti-debug detection unit for implementing anti-debug and anti-secondary packaging, and a shell module interaction interface unit for identifying and calling an initialization function in the shell and reading function switches and data in the shell.
  5. 5. The binary-based iOS application encryption reinforcement system of claim 1, wherein the reinforcement tool module comprises a code obfuscation unit for obfuscating or dynamically generating a shell code and shell data according to a reinforcement policy, an insertion unit for inserting the shell code and the shell data into a code section and a data section of a target program, an entry modification unit for modifying a program entry point into a shell entry function, an addition unit for adding a dependency on a dynamic library in the target program, a dependency management unit for repairing an instruction, a data offset, and a Mach-O file format of the target program, wherein the code obfuscation unit analyzes a symbol table and configuration information of the target program, and determines a function and an address range to be obfuscated; The method comprises the steps of carrying out control flow analysis on a function to be confused, dividing the function to be confused into a plurality of code blocks, generating the confused code blocks and a corresponding jump table, merging shell initialization logic with the generated confused codes and data to form a complete reinforcement code segment, recording area information of the codes and the data, inserting the confused codes generated by a code confusion unit into a target program through an insertion unit, and ensuring that a shell entry function is executed preferentially by an entry modification unit.
  6. 6. The binary-based iOS application encryption reinforcement system of claim 5, wherein the generated shell data structure comprises instructions and data, wherein the instructions comprise shell code and obfuscation instructions, the data comprises shell code association data, obfuscation code jump tables, other reinforcement or configuration data, the inserting unit is operative to insert the shell code before the object code segment, insert the shell data at the end of the string, the data segment is reserved only for space copying the shell data, the entry modification unit is operative to change the main function address in the object code to the main function address of the shell, change the first function address in the init function list to the init function address of the shell for the dynamic library, and store the main function or the init function address in the object code in a custom structure on the shell.
  7. 7. The binary-based iOS application encryption reinforcement system as recited in claim 5, wherein the adding unit first increases the LC_LOAD_ DYLIB LOAD command and sets the library name, and then increases the LC_ RPATH LOAD command to specify the search path of the dynamic library.
  8. 8. The binary-based iOS application encryption reinforcing system, as set forth in claim 4, wherein the dependency management unit comprises a code repair and a file format repair, wherein the range of code repairs comprises two segments: __ TEXT code segment, repairing PC related instruction in target code instruction; __ DATA DATA segment, repairing the recorded PC address needing repositioning; the file format repair includes: __ LINKEDIT dynamically linking information segments, namely repairing all information related to the data position or size; The COMMAND field in the file header repairs the affected offset and size.
  9. 9. The binary-based iOS application encryption reinforcement system according to claim 1, further comprising a program self-checking module, which is respectively interacted with the reinforcement module and the shell module and is used for extracting key content characteristics of a target program in the reinforcement process and checking at the running time, wherein the program self-checking module comprises a characteristic extracting unit, which is interacted with the reinforcement tool module and is used for reading code segments and function instructions of the target program in the reinforcement process, calculating a checking range and generating a checking value, and storing the checking range into the shell module, and a checking executing unit, which is interacted with the shell module and is used for checking the checking value stored in the shell module when the program runs and triggering a safety response if the checking fails, wherein the checking value is a CRC (cyclic redundancy check) or a hash value.

Description

IOS application encryption reinforcement system based on binary system Technical Field The invention belongs to the technical field of mobile application security, and particularly relates to an iOS application encryption reinforcement system based on binary system. Background In mobile security, code security of a client layer is very important, because a mobile application program is usually executed on a client device and processes user sensitive data, reverse engineering and malicious attacks can be effectively resisted by reinforcing the application program, confidential information and intellectual property of the application program are protected, and a powerful security protection layer is provided for the application program by means of code confusion, encryption protection, anti-debugging and the like, so that difficulty of cracking and modifying the application program by an attacker is increased. The existing main stream reinforcement scheme is divided into three types, namely source code reinforcement, IPA reinforcement with bitCode and binary IPA reinforcement, and the existing binary IPA reinforcement scheme has certain limitation in the aspect of preventing reverse analysis although the access cost is lower, only simple code confusion is supported, the protection force on a key function is insufficient, the attack modes such as dynamic debugging and secondary packaging are difficult to defend, the reinforcement scheme relying on bitcode is removed by xcode15, and the function cannot be used. Disclosure of Invention The invention aims to provide an iOS application encryption reinforcement system based on binary system, which solves the problems that only simple code confusion is supported, the protection strength for key functions is insufficient, the attack modes such as dynamic debugging and secondary packaging are difficult to defend, the reinforcement scheme depending on bitcode is removed by xcode15, and the functions cannot be used. The binary-based iOS application encryption reinforcement system adopts an encryption reinforcement mechanism to protect iOS applications, the encryption reinforcement mechanism has program code insertion, code confusion, dynamic library calling and dependency management functions by preferentially executing reinforcement codes, dynamic confusion key functions and collaborative module interaction, wherein the program code insertion inserts the reinforcement codes into binary files of target programs and is executed before original codes of the target programs, the code confusion carries out dynamic confusion processing on functions of the target programs to generate confusion codes and jump tables so as to prevent reverse analysis and parameter type analysis, the dynamic library calling loads and calls a dynamic library module to realize safety protection functions including anti-debugging, anti-secondary packaging and data encryption, and the dependency management and restoration of instruction offset, data offset and Mach-O file formats of the target programs. The system comprises a shell module, a dynamic library module, a reinforcement tool module, a program entry point modification module and a dynamic library module, wherein the shell module is used for being inserted into a target program and executed before original codes of the program, the shell module comprises an initialization module and a dynamic confusion code generation module, the dynamic library module is used for realizing a safety protection function and assisting the shell module in working, the reinforcement tool module is used for generating confusion codes, shell codes and shell data, inserting the shell codes and the shell data into the target program, modifying the program entry point and combining the shell module and the dynamic library module into the target program, the shell module, the dynamic library module and the reinforcement tool module cooperate through data sharing and function calling, the shell module calls the initialization function of the dynamic library module, the dynamic library module reads function switches and data in the shell module, and the reinforcement tool module uses an encryption interface provided by the dynamic library module when the confusion codes are generated. The shell module execution flow is concretely as follows, firstly, a dynamic library module is loaded preferentially, an initialization function is called, then a dynamically generated confusion code is executed, finally, the control right is returned to an original program entry point, the shell comprises two flows when in operation, and the confusion code is started and executed, and the concrete process is as follows: The shell starting flow entry is at the entry point of the reinforcement program, the general shell functions are to load and decrypt the program, after the completion, the shell basically does not interfere with the running of the program, but the iOS system is special i