摘要
为了研究代码混淆技术的安全性,利用AOP提供的连接点模型和字节码操作机制,提出了一种新的针对混淆代码的攻击方法,其操作均在字节码级别上完成。实验证明,该方法不需要获取目标程序的源代码,从而使代码混淆失去意义;此外,对于攻击者而言,不用对反编译后的程序执行再编译,就可以修改目标代码的行为。与现有的代码混淆技术相比,这种新的攻击方法更加直接且简单易行,是一种行之有效的方法。
In order to study the security of code obfuscation technology,a new attack approach to obfuscated code was proposed using the joint point model and the instrument mechanism provided by AOP.All operations were implemented on byte code level.Experiment showns that the attack approach did not require access to the source code of attack target,which made obfuscation useless.Besides,as for attackers,they could modify the behavior of target application without decompiling and recompiling it.Compared with the existing code obfuscation technology,this attack approach is more straightforward and simpler to be implemented,and is an effective approach.
出处
《太原理工大学学报》
CAS
北大核心
2010年第2期153-156,共4页
Journal of Taiyuan University of Technology
