JVM 層對 jar 包字節碼加密
github
需求
拿到的需求是要對某特定的jar包實現加密保護,jar包須要提供給外部使用,但核心邏輯部分須要保護以避免被簡單反編譯即能看到。java
幾個思路
大體想到如下幾種方式:git
- 混淆器,將jar包混淆後反編譯出來的東西看起來就很眼花,但若是耐心一點也是能夠看出來的。
- 對jar包進行加密,而後在Java層重寫類加載器對其進行解密,以達到對jar包的加密保護。包括用對稱加密算法和非對稱加密算法。無論用什麼算法,在Java層面的類加載器實現的話,其實也做用不大,由於類加載器自己被反編譯出來後就基本暴露無遺了。
- 能夠修改java編譯後的class文件的某些屬性,以讓反編譯軟件分析不了,但它也不可靠,只要按照class格式深刻分析下也能反編譯出來。
- 修改JDK源碼,定製JDK就涉及到JVM的總體改動,並且還要求外部使用,不太可行。
- 利用JDK中JVM的某些相似鉤子機制和事件監聽機制,監聽加載class事件,使用本地方式完成class的解密。C/C++被編譯後想要反編譯就很麻煩了,另外還能加殼。這裏就看看這種方式。
關於JVMTI
JVMTI即JVM Tool Interface,提供了本地編程接口,主要是提供了調試和分析等接口。JVMTI很是強大,經過它能作不少事,好比能夠監聽某事件、線程分析等等。github
那麼通常怎麼使用JVMTI?通常使用Agent方式來使用,就是經過-agentlib和-agentpath指定Agent的本地庫,而後Java啓動時就會加載該動態庫。這個時刻其實能夠當作是JVM啓動的時刻,而並不是是Java層程序啓動時刻,因此此時還不涉及與Java相關的類和對象什麼的。算法
agent動態庫被加載後,JVM確定會指定一個入口函數,該入口函數爲:編程
JNIEXPORT jint JNICALL Agent_OnLoad(JavaVM *vm,char *options,void *reserved)複製代碼
因而在JVM啓動前要作的事均可以放到這個函數中,好比設置jvmtiCapabilities、設置關注的事件、設置事件的回調函數等等。其中關鍵的jvmtiCapabilities、jvmtiEventCallbacks、jvmtiEvent三個結構體以下,根據實際狀況設置。bash
typedef struct {
unsigned int can_tag_objects : 1;
unsigned int can_generate_field_modification_events : 1;
unsigned int can_generate_field_access_events : 1;
unsigned int can_get_bytecodes : 1;
unsigned int can_get_synthetic_attribute : 1;
unsigned int can_get_owned_monitor_info : 1;
unsigned int can_get_current_contended_monitor : 1;
unsigned int can_get_monitor_info : 1;
unsigned int can_pop_frame : 1;
unsigned int can_redefine_classes : 1;
unsigned int can_signal_thread : 1;
unsigned int can_get_source_file_name : 1;
unsigned int can_get_line_numbers : 1;
unsigned int can_get_source_debug_extension : 1;
unsigned int can_access_local_variables : 1;
unsigned int can_maintain_original_method_order : 1;
unsigned int can_generate_single_step_events : 1;
unsigned int can_generate_exception_events : 1;
unsigned int can_generate_frame_pop_events : 1;
unsigned int can_generate_breakpoint_events : 1;
unsigned int can_suspend : 1;
unsigned int can_redefine_any_class : 1;
unsigned int can_get_current_thread_cpu_time : 1;
unsigned int can_get_thread_cpu_time : 1;
unsigned int can_generate_method_entry_events : 1;
unsigned int can_generate_method_exit_events : 1;
unsigned int can_generate_all_class_hook_events : 1;
unsigned int can_generate_compiled_method_load_events : 1;
unsigned int can_generate_monitor_events : 1;
unsigned int can_generate_vm_object_alloc_events : 1;
unsigned int can_generate_native_method_bind_events : 1;
unsigned int can_generate_garbage_collection_events : 1;
unsigned int can_generate_object_free_events : 1;
unsigned int can_force_early_return : 1;
unsigned int can_get_owned_monitor_stack_depth_info : 1;
unsigned int can_get_constant_pool : 1;
unsigned int can_set_native_method_prefix : 1;
unsigned int can_retransform_classes : 1;
unsigned int can_retransform_any_class : 1;
unsigned int can_generate_resource_exhaustion_heap_events : 1;
unsigned int can_generate_resource_exhaustion_threads_events : 1;
unsigned int : 7;
unsigned int : 16;
unsigned int : 16;
unsigned int : 16;
unsigned int : 16;
unsigned int : 16;
} jvmtiCapabilities;複製代碼
typedef struct {
/* 50 : VM Initialization Event */
jvmtiEventVMInit VMInit;
/* 51 : VM Death Event */
jvmtiEventVMDeath VMDeath;
/* 52 : Thread Start */
jvmtiEventThreadStart ThreadStart;
/* 53 : Thread End */
jvmtiEventThreadEnd ThreadEnd;
/* 54 : Class File Load Hook */
jvmtiEventClassFileLoadHook ClassFileLoadHook;
/* 55 : Class Load */
jvmtiEventClassLoad ClassLoad;
/* 56 : Class Prepare */
jvmtiEventClassPrepare ClassPrepare;
/* 57 : VM Start Event */
jvmtiEventVMStart VMStart;
/* 58 : Exception */
jvmtiEventException Exception;
/* 59 : Exception Catch */
jvmtiEventExceptionCatch ExceptionCatch;
/* 60 : Single Step */
jvmtiEventSingleStep SingleStep;
/* 61 : Frame Pop */
jvmtiEventFramePop FramePop;
/* 62 : Breakpoint */
jvmtiEventBreakpoint Breakpoint;
/* 63 : Field Access */
jvmtiEventFieldAccess FieldAccess;
/* 64 : Field Modification */
jvmtiEventFieldModification FieldModification;
/* 65 : Method Entry */
jvmtiEventMethodEntry MethodEntry;
/* 66 : Method Exit */
jvmtiEventMethodExit MethodExit;
/* 67 : Native Method Bind */
jvmtiEventNativeMethodBind NativeMethodBind;
/* 68 : Compiled Method Load */
jvmtiEventCompiledMethodLoad CompiledMethodLoad;
/* 69 : Compiled Method Unload */
jvmtiEventCompiledMethodUnload CompiledMethodUnload;
/* 70 : Dynamic Code Generated */
jvmtiEventDynamicCodeGenerated DynamicCodeGenerated;
/* 71 : Data Dump Request */
jvmtiEventDataDumpRequest DataDumpRequest;
/* 72 */
jvmtiEventReserved reserved72;
/* 73 : Monitor Wait */
jvmtiEventMonitorWait MonitorWait;
/* 74 : Monitor Waited */
jvmtiEventMonitorWaited MonitorWaited;
/* 75 : Monitor Contended Enter */
jvmtiEventMonitorContendedEnter MonitorContendedEnter;
/* 76 : Monitor Contended Entered */
jvmtiEventMonitorContendedEntered MonitorContendedEntered;
/* 77 */
jvmtiEventReserved reserved77;
/* 78 */
jvmtiEventReserved reserved78;
/* 79 */
jvmtiEventReserved reserved79;
/* 80 : Resource Exhausted */
jvmtiEventResourceExhausted ResourceExhausted;
/* 81 : Garbage Collection Start */
jvmtiEventGarbageCollectionStart GarbageCollectionStart;
/* 82 : Garbage Collection Finish */
jvmtiEventGarbageCollectionFinish GarbageCollectionFinish;
/* 83 : Object Free */
jvmtiEventObjectFree ObjectFree;
/* 84 : VM Object Allocation */
jvmtiEventVMObjectAlloc VMObjectAlloc;
} jvmtiEventCallbacks;複製代碼
typedef enum {
JVMTI_MIN_EVENT_TYPE_VAL = 50,
JVMTI_EVENT_VM_INIT = 50,
JVMTI_EVENT_VM_DEATH = 51,
JVMTI_EVENT_THREAD_START = 52,
JVMTI_EVENT_THREAD_END = 53,
JVMTI_EVENT_CLASS_FILE_LOAD_HOOK = 54,
JVMTI_EVENT_CLASS_LOAD = 55,
JVMTI_EVENT_CLASS_PREPARE = 56,
JVMTI_EVENT_VM_START = 57,
JVMTI_EVENT_EXCEPTION = 58,
JVMTI_EVENT_EXCEPTION_CATCH = 59,
JVMTI_EVENT_SINGLE_STEP = 60,
JVMTI_EVENT_FRAME_POP = 61,
JVMTI_EVENT_BREAKPOINT = 62,
JVMTI_EVENT_FIELD_ACCESS = 63,
JVMTI_EVENT_FIELD_MODIFICATION = 64,
JVMTI_EVENT_METHOD_ENTRY = 65,
JVMTI_EVENT_METHOD_EXIT = 66,
JVMTI_EVENT_NATIVE_METHOD_BIND = 67,
JVMTI_EVENT_COMPILED_METHOD_LOAD = 68,
JVMTI_EVENT_COMPILED_METHOD_UNLOAD = 69,
JVMTI_EVENT_DYNAMIC_CODE_GENERATED = 70,
JVMTI_EVENT_DATA_DUMP_REQUEST = 71,
JVMTI_EVENT_MONITOR_WAIT = 73,
JVMTI_EVENT_MONITOR_WAITED = 74,
JVMTI_EVENT_MONITOR_CONTENDED_ENTER = 75,
JVMTI_EVENT_MONITOR_CONTENDED_ENTERED = 76,
JVMTI_EVENT_RESOURCE_EXHAUSTED = 80,
JVMTI_EVENT_GARBAGE_COLLECTION_START = 81,
JVMTI_EVENT_GARBAGE_COLLECTION_FINISH = 82,
JVMTI_EVENT_OBJECT_FREE = 83,
JVMTI_EVENT_VM_OBJECT_ALLOC = 84,
JVMTI_MAX_EVENT_TYPE_VAL = 84
} jvmtiEvent;複製代碼
具體實現
編寫咱們的agent動態庫,使之在JVM加載時完成一些邏輯,從前面也知道,主要就是在
Agent_OnLoad函數中編寫邏輯,先獲取jvmtiEnv,在經過它設置jvmtiCapabilities,完了再設置回調函數及須要監聽的事件。這裏關注的事class文件加載時事件。domJNIEXPORT jint JNICALL Agent_OnLoad(JavaVM *vm,char *options,void *reserved) { jvmtiEnv *jvmti; jint ret = vm->GetEnv((void **)&jvmti, JVMTI_VERSION); if (JNI_OK != ret) { printf("ERROR: Unable to access JVMTI!\n"); return ret; } jvmtiCapabilities capabilities; (void)memset(&capabilities, 0, sizeof(capabilities)); capabilities.can_generate_all_class_hook_events = 1; capabilities.can_tag_objects = 1; capabilities.can_generate_object_free_events = 1; capabilities.can_get_source_file_name = 1; capabilities.can_get_line_numbers = 1; capabilities.can_generate_vm_object_alloc_events = 1; jvmtiError error = jvmti->AddCapabilities(&capabilities); if (JVMTI_ERROR_NONE != error) { printf("ERROR: Unable to AddCapabilities JVMTI!\n"); return error; } jvmtiEventCallbacks callbacks; (void)memset(&callbacks, 0, sizeof(callbacks)); callbacks.ClassFileLoadHook = &ClassDecryptHook; error = jvmti->SetEventCallbacks(&callbacks, sizeof(callbacks)); if (JVMTI_ERROR_NONE != error) { printf("ERROR: Unable to SetEventCallbacks JVMTI!\n"); return error; } error = jvmti->SetEventNotificationMode(JVMTI_ENABLE, JVMTI_EVENT_CLASS_FILE_LOAD_HOOK, NULL); if (JVMTI_ERROR_NONE != error) { printf("ERROR: Unable to SetEventNotificationMode JVMTI!\n"); return error; } return JNI_OK; }複製代碼回調函數,便是上面指定的回調函數,它對應監聽的事件,會在對應的事件發生事被調用。這裏處理邏輯其實就是判斷若是是某包下的類就對其進行解密,不然不處理。jvm
void JNICALL ClassDecryptHook( jvmtiEnv *jvmti_env, JNIEnv* jni_env, jclass class_being_redefined, jobject loader, const char* name, jobject protection_domain, jint class_data_len, const unsigned char* class_data, jint* new_class_data_len, unsigned char** new_class_data ) { *new_class_data_len = class_data_len; jvmti_env->Allocate(class_data_len, new_class_data); unsigned char* _data = *new_class_data; if (name&&strncmp(name, "com/seaboat/", 11) == 0) { for (int i = 0; i < class_data_len; i++) { _data[i] = class_data[i] - 4; } } else { for (int i = 0; i < class_data_len; ++i) { _data[i] = class_data[i]; } } }複製代碼- 額外寫一個加密程序對某jar包加密進行加密處理,這裏一樣用本地庫方式,但加密解密動態庫不要一塊兒對外發布,還有Java層調用本地庫加密的程序也不要對外發布。
Java層函數
public class ByteCodeEncryptor {
static{
System.loadLibrary("ByteCodeEncryptor");
}
public native static byte[] encrypt(byte[] text);
public static void(String[] args){
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte[] buf = new byte[1024];
File srcFile = new File(fileName);
File dstFile = new File(fileName.substring(0, fileName.indexOf("."))+"_encrypted.jar");
FileOutputStream dstFos = new FileOutputStream(dstFile);
JarOutputStream dstJar = new JarOutputStream(dstFos);
JarFile srcJar = new JarFile(srcFile);
for (Enumeration<JarEntry> enumeration = srcJar.entries(); enumeration.hasMoreElements();) {
JarEntry entry = enumeration.nextElement();
InputStream is = srcJar.getInputStream(entry);
int len;
while ((len = is.read(buf, 0, buf.length)) != -1) {
baos.write(buf, 0, len);
}
byte[] bytes = baos.toByteArray();
String name = entry.getName();
if(name.endsWith(".class")){
try {
bytes = ByteCodeEncryptor.encrypt(bytes);
} catch (Exception e) {
e.printStackTrace();
}
}
JarEntry ne = new JarEntry(name);
dstJar.putNextEntry(ne);
dstJar.write(bytes);
baos.reset();
}
srcJar.close();
dstJar.close();
dstFos.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}複製代碼
本地庫
void encode(char *str)
{
unsigned int m = strlen(str);
for (int i = 0; i < m; i++)
{
str[i] = str[i]+4;
}
}
extern"C" JNIEXPORT jbyteArray JNICALL
Java_com_seaboat_bytecode_ByteCodeEncryptor_encrypt(JNIEnv * env, jclass cla,jbyteArray text)
{
char* dst = (char*)env->GetByteArrayElements(text, 0);
encode(dst);
env->SetByteArrayRegion(text, 0, strlen(dst), (jbyte *)dst);
return text;
}複製代碼
- 經過agentlib參數啓動Java,實現字節碼解密,從而實現字節碼保護。
java -agentlib:xxxxx\ByteCodeEncryptor -cp test_encrypted.jar com.seaboat.AA複製代碼
反編譯先後效果
可能報錯
下面的錯誤說明編譯的是32位的動態庫,不能再64位操做系統運行,能夠到vs的vc目錄下執行C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC>vcvarsall.bat amd64,從新編譯64位的動態庫便可。
Error occurred during initialization of VM
Could not find agent library D:\kuaipan\workspace\CPP-workspace\Project3\ByteCodeEncryptor on the library path, with error: Can't load IA 32-bit .dll on a AMD 64-bit platform複製代碼
========廣告時間========
鄙人的新書《Tomcat內核設計剖析》已經在京東銷售了,有須要的朋友能夠到 item.jd.com/12185360.ht… 進行預約。感謝各位朋友。
=========================
歡迎關注:
相關文章
- 1. JVM層對jar包字節碼加密
- 2. 使用 JVMTI 實現 jar 包字節碼加密
- 3. jar包加密
- 4. 字節碼和字節碼加強
- 5. java對一個jar包加密
- 6. jvm字節碼和類加載機制
- 7. JVM之字節碼
- 8. JVM的字節碼
- 9. JVM - 【字節碼】<clinit>
- 10. java的jar包加密
- 更多相關文章...
- • Eclipse 生成jar包 - Eclipse 教程
- • XML DOM 添加節點 - XML DOM 教程
- • 爲了進字節跳動,我精選了29道Java經典算法題,帶詳細講解
- • Java Agent入門實戰(三)-JVM Attach原理與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. JVM層對jar包字節碼加密
- 2. 使用 JVMTI 實現 jar 包字節碼加密
- 3. jar包加密
- 4. 字節碼和字節碼加強
- 5. java對一個jar包加密
- 6. jvm字節碼和類加載機制
- 7. JVM之字節碼
- 8. JVM的字節碼
- 9. JVM - 【字節碼】<clinit>
- 10. java的jar包加密