融合加密与水印的移动终端代码防篡改研究

Research on Anti Tampering of Mobile Terminal Code Combining encryption and Watermark

针对不法分子通过篡改移动终端设备代码获取利益的问题,提出了一种融合加密与水印的移动终端代码防篡改方法。对移动终端代码遭受篡改的原因、代码篡改攻击技术,以及风险评估方面分别进行分析,作为加密与水印算法的设计依据。修改AES算法中的轮边界,对其进行拆分和补充,将密钥信息藏于查找表中,并对乱码进行混淆处理,从而增强密钥信息的保护效果。通过代码的加密和自解密机制,将代码转换成不可阅读的密钥代码,采用自检技术检验代码是否被篡改,将加密算法与混沌序列相结合,利用不敏感段的代码哈希值,对敏感代码段进行保护,防止攻击者对移动终端代码的恶意篡改。实验结果表明,采用融合加密与水印算法处理后的程序与原始程序相似度很高,隐蔽性很好,攻击者很难对程序代码进行有效的篡改攻击。

Aiming at the problem that criminals obtain profits by tampering with the code of mobile terminal equipment, a tamper-proof method of mobile terminal code combining encryption and watermarking was proposed. The reasons for the tampering of the mobile terminal code, the tampering attack technology and the risk assessment are analyzed respectively, which serve as the design basis of the encryption and watermarking algorithms. We modified the wheel boundary in the algorithm, splitted and supplemented it, then hid the key information in the look-up table, and confused the garbled code, so as to enhance the protection effect of key information. Through the encryption and self decryption mechanism of the code, the code was converted into an unreadable key code, the self-test technology was used to check whether the code was tampered, the encryption algorithm was combined with the chaotic sequence, and the code hash value of the insensitive section was used to protect the sensitive code section, so as to prevent the attacker from malicious tampering with the mobile terminal code. The experimental results show that the program processed by the fusion encryption and watermarking algorithm has high similarity with the original program and good concealment. It is difficult for the attacker to tamper with the program code effectively.