Shulou(Shulou.com)06/01 Report--

C # dll the fastest encryption method uses the shell tool Virbox Protector, direct encryption, Virbox Protector can analyze the performance of dll, analyze the number of calls to each function, and choose protection methods for each function, such as obfuscation / virtualization / fragmentation / code encryption. What are the characteristics of each encryption method?

Code encryption (X86):

Assemble code for X86: a code self-modification technique (SMC) to protect code. Encrypt and store the current code as ciphertext, automatically decrypt and execute when the program runs to the protected function, and then erase the code after execution. where to run to decrypt where the code, * unable to obtain the original machine instructions and memory integrity of the code, because it is a pure memory operation, so fast, cost-effective protection means, it is recommended to add all

Code encryption (IL)

For dotNet programs, protect IL code: a dynamic running method to decrypt protected code. Encrypt and store the current code as ciphertext, automatically decrypt and execute when the program runs to the protected function, erase the code after execution, and then erase the code after execution. where to run to decrypt where the code, * unable to obtain the instructions of the original intermediate language and the code of memory integrity, because it is a pure memory operation, it is recommended to add all the protection means with high speed and high performance.

Compress

Compression software such as zip compresses code and data segments. With dynamic passwords, no tool can automatically shell. It is a key means to prevent decompilation and disassembly.

Code confusion (IL):

Rewrite the names of various elements in the code, such as variables, functions, and classes, to meaningless names. For example, it is rewritten into a single letter, or a short combination of meaningless letters, or even a symbol such as "_", making it impossible for the reader to guess its purpose based on the name.

A) rewrite part of the logic in the code into a form that is functionally equivalent but more difficult to understand. Such as rewriting for loops into while loops, rewriting loops into recursion, simplifying intermediate variables, and so on.

B) disrupt the format of the code For example, delete spaces, squeeze multiple lines of code into one line, or break a line of code into multiple lines, and so on.

C) add flower instructions, through specially constructed instructions to make the disassembler error, and then interfere with the decompilation work.

Code obfuscators can also cause some problems. The main problems include that confused code is difficult to understand, so debugging and debugging becomes difficult. Developers often need to keep the original unconfused code for debugging. For languages that support reflection, code obfuscation can conflict with reflection. Code obfuscation does not really prevent reverse engineering, it only makes it more difficult. Therefore, for situations with high security requirements, using code obfuscation alone does not guarantee the security of the source code.

Code confusion is characterized by low security and does not affect efficiency.

Code Virtualization:

For X86 code: it refers to the translation of machine code into a series of pseudo-code byte streams that can not be recognized by machines and human beings; in the specific execution, the pseudo-code is translated and explained one by one, and gradually restored to the original code and executed. This subroutine used to translate pseudocode and is responsible for concrete execution is called virtual machine VM (like an abstract CPU). It exists as a function whose argument is the memory address of the bytecode. Because the implementation of virtual machine code and virtual machine CPU can be randomly designed and executed every time, and the code can be randomly changed every time, including some logical equivalent changes, you can refer to the hardware N and non-gate NOT-AND to implement a variety of logic gates, algorithms and access memory forms, including mathematical non-equivalent changes, the code volume can almost expand by 10 to 10000 times. As a result, the machine cannot restore the algorithm to the original logic.

The characteristic of code virtualization is that the degree of security is medium and the efficiency will not be affected.

Code fragmentation

Thinking deeply about the latest technology of independent intellectual property rights: based on LLVM and ARM virtual machine technology, the massive code is automatically extracted and moved into the kernel state module of SS, which greatly reduces the threshold for use, eliminates the need for manual migration of algorithms, increases the number of portable algorithms from limited to almost infinite, and supports languages that are no longer limited to C, which is a comprehensive application of encryption technology, and the effect is similar to breaking up the execution of software. Make it impossible for the cracker to start.

High security, recommend key functions or call encryption lock methods; too much use will affect efficiency

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.