基于操作码的Python程序防逆转算法研究与实现

发布时间：2018-04-05 03:04

本文选题：Python　切入点：字节码文件　出处：《中国科学技术大学》2017年硕士论文

【摘要】：Python编程语言自20世纪90年诞生至今,得益于其简单易学、语法简洁清晰、可扩展性强、支持面向对象等诸多优点,已被广泛的应用于系统管理任务和Web编程等诸多领域。但使用Python编程语言编写的源码文件(.py)编译生成的字节码文件(Bytecode file,.pyc)很容易被逆向工具反编译,这不仅会侵害开发人员的知识产权和经济利益,而且具有严重的安全隐患。于此同时现有的代码混淆技术、文件加密技术、本地编译技术、数字水印技术等防逆转方法存在安全性不足、容易造成字节码文件的执行效率下降、应用体积增加等问题。为此本文围绕基于操作码替换与合并的Python字节码文件防逆转策略展开研究工作,本文的主要的研究内容和成果包括以下三个方面:(1)通过对Python运行框架和Python字节码文件编译、解释执行机制的分析,根据Python虚拟机对字节码文件中的操作码逐一进行解释执行的特性,将Python字节码文件的核心内容co_code域进行简化抽象,建立字节码文件的操作码序列模型与基本块模型。(2)针对现有的代码混淆技术和数字水印技术安全性不足的问题,本文以字节码文件中的操作码序列为基础,结合单表替换密码,设计出了一种适用于Python字节码文件的操作码的操作码替换策略。该策略通过操作码替换来改变操作码序列中操作码的值来达到改变操作码序列内容和防逆转的目的。最后对操作码替换策略在Python2.7.9中予以实现,并根据单表替换密码的特性,利用操作码的统计学规律,评估操作码替换策略的安全性。(3)针对文件加密技术易对字节码文件的执行效率造成影响和本地编译技术造成目标程序体积增加的问题,本文设计出一种操作码合并策略。该策略以字节码文件中的操作码序列的基本块为基础,利用窥孔优化技术将处于同一个基本块中连续出现的多个操作码进行合并,并使用新操作码来代替原来操作码序列中连续出现的多个操作码。通过操作码合并大大缩短了操作码序列的长度,改变了操作码序列的结构和内容,最终达到防逆转的目的。最后对操作码合并策略在Python 2.7.9中予以实现,并对操作码合并策略产生的字节码文件的安全性、执行效率、以及文件大小进行评估与实验。
[Abstract]:Python programming language has been widely used in many fields, such as system management task and Web programming, because of its simplicity, clear syntax, strong expansibility and object-oriented support.However, the bytecode file compiled by Python programming language is easy to be decompiled by reverse tools, which not only infringes the intellectual property rights and economic benefits of developers, but also has a serious security hazard.At the same time, the existing anti-reverse methods, such as code confusion, file encryption, local compilation, digital watermarking and so on, are not secure enough, which can easily lead to the decrease of the execution efficiency of bytecode files and the increase of application volume.Therefore, this paper focuses on the anti-reversal strategy of Python bytecode files based on opcode replacement and merging. The main research contents and results of this paper include the following three aspects: 1) compiling the Python running framework and Python bytecode files.The analysis of execution mechanism is explained. According to the characteristic of Python virtual machine to interpret and execute the opcodes in bytecode file one by one, the core content of Python bytecode file is simplified and abstracted by co_code domain.To solve the problem of insufficient security of existing code obfuscation technology and digital watermarking technology, this paper bases on the operation code sequence in bytecode file and replaces the cipher with single table, which is based on the operation code sequence model of bytecode file and the basic block model.An opcode replacement strategy for Python bytecode files is designed.This strategy can change the content of the opcode sequence and prevent the reverse by changing the value of the opcode in the opcode sequence by replacing the opcode.Finally, the opcode replacement strategy is implemented in Python2.7.9, and according to the characteristics of single-table substitution cipher, the statistical rule of opcode is used.To evaluate the security of opcode replacement policy, this paper designs an opcode merging strategy to solve the problem that file encryption technology can easily affect the efficiency of bytecode file execution and the local compilation technology causes the volume of target program to increase.Based on the basic blocks of the sequence of operands in the bytecode file, the strategy combines multiple opcodes which appear continuously in the same basic block by using peephole optimization technique.New opcodes are used to replace multiple operands which appear continuously in the sequence of original opcodes.The length of the opcode sequence is greatly shortened and the structure and content of the opcode sequence are changed by the combination of opcodes.Finally, the opcode merging policy is implemented in Python 2.7.9, and the security, execution efficiency and file size of bytecode files generated by the opcode merging policy are evaluated and tested.
【学位授予单位】：中国科学技术大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP312

【参考文献】