KR20170044850A - Android application dynamic loading method - Google Patents

Abstract

The present invention relates to a dynamic loading method for an Android application. More specifically, a DEX file of an Android application is digitally signed and encrypted and then posted on the Internet. At the time of initial application execution, an application having file import, decryption, verification, and dynamic loading program logic, And obtains the digital signature and the encrypted DEX file corresponding to the latest version from the publishing server, decrypts and verifies the digital signature, and if it is normal, stores it in a secure manner, And loading the DEX file safely stored at the start of the process. According to the present invention, it is possible to fix and upgrade bugs of some programs to the Android application from time to time, and it is also possible to prevent decompilation of the Android application because the DEX file, which is the main content of the program, is encrypted.

Description

Android application dynamic loading method [0002]

The present invention relates to a dynamic loading method for an Android application. More specifically, a DEX file of the Android application is digitally signed and encrypted and then posted on the Internet. The application obtains the file, verifies the decryption and digital signature, and then dynamically loads the file. And a method for facilitating partial program modification and bug correction through the program.

Android is a Linux-based open operating system (platform) released by Google in November 2007 to enter the mobile (smartphone) market. Android is a robot that originally looked like a human, and it includes an operating system, middleware and applications for mobile. If you hit PC, it corresponds to Windows. A handset maker, an external SW vendor, and a mobile operator can use it free of charge. The handset adopting this platform is called an 'Android phone'. We also launched the Android Market, a trading market for software for Android phones based on Apple's iPhone and App Store.

1 is a reference diagram related to the configuration of a basic Android application. As shown in FIG. 1, the Android application operates under an environment called Dalvik VM, and is composed of a dex (DEX) file compiled to operate in Dalvic VM and WbXML including various resources, and configured with a manifest .

As a result of the distribution of executable code, it is not possible to re-address the bug of the program except for the reinstallation of some logic changes. In order to solve this problem, a hybrid method based on a web service has been developed in many cases, but there still exists a problem with a native code implemented in Java. Also, DEX files have a configuration that can be decompiled, which can be a target of hackers.

DISCLOSURE OF THE INVENTION An object of the present invention is to solve the above-mentioned problems, and it is an object of the present invention to electronically sign and encrypt a DEX file including an execution code of an Android application, After downloading the latest version of the publishing file after checking the version at the point of time, decrypting and verifying the digital signature are performed, and then the dynamic loading is performed so that the latest version can be maintained at all times. At the same time, And to provide a method for preventing such a problem.

According to another aspect of the present invention, there is provided a dynamic application loading method for an Android application,

In an Android application dynamic loading method,

DEX (DEX) file distribution method,

Compiling the Android source (S01);

A DEX file creation step S02;

A DEX file digital signature (DEX-S generation) step S03;

Encrypting (DEX-E generation) the digitally signed DEX file (DEX-S) (S04);

(S05) of publishing the encrypted file (DEX-E) together with the version information;

/ RTI >

To install DEX,

Confirming version information (S11);

Downloading the encrypted file DEX-E (S12);

Decrypting (DEX-S generation) the encrypted DEX file (DEX-E) (S13);

A digital signature verification step (S14) of a decrypted DEX file (DEX-S);

Encrypting (DEX-X creation) the DEX file (DEX-S) for storage (S15);

Storing the encrypted DEX file (DEX-X) together with the version information (S16);

/ RTI >

To run the program,

Decrypting (DEX-S generation) the encrypted DEX file (DEX-X) (S21);

A step (S22) of verifying the digital signature of a dex (DEX) file (DEX-S);

Dynamically loading a DEX file (S23);

Executing the program through the dynamically loaded DEX file (S24);

And a control unit.

Also, the encryption key used in generating the encrypted DEX-E file to be published may be distributed in the Android application, or may be a value calculated using the same encryption key derivation method during encryption and decryption,

The cryptographic key used when generating the encrypted DEX-X file to be stored may use a cryptographic key derived from at least one of information unique to the Android phone, MAC address, telephone number, device model name, and program package name .

In addition, if there are a plurality of DEX files, the DEX file distribution method may be performed after generating one file including the division information,

When performing the above-described method of executing the program on the Android phone, it is possible to divide the file into respective DEX files and perform a dynamic loading process individually.

Further, in the DEX installation method,

Confirming version information (S11); And downloading the encrypted file DEX-E (S12); The connection information in < RTI ID =

Among the methods of executing the program,

Executing the program through the dynamically loaded DEX file (S24); The program start information used in

Addition of electronic signature information, integrity information using a hash, or encryption using a cryptographic key.

According to the present invention, a program can be modified and reapplied without reinstalling the Android application, and the program can be safely used for program logic leak or hacking.

Figure 1 shows the configuration of an Android application (APK file) in a Dalvik VM environment.
FIG. 2 is a flow chart of a DEX file distribution method among the Android application dynamic loading methods according to a preferred embodiment of the present invention.
FIG. 3 is a flow chart of a method of installing a DEX in an Android application dynamic loading method according to a preferred embodiment of the present invention.
4 is a flow chart of a method of executing a program among the Android application dynamic loading methods according to the preferred embodiment of the present invention
5 shows a simplified configuration of an electronically signed DEX-S, an encrypted post-use DEX-E, and an encrypted DEX-X file.

The drawings and the following description illustrate certain exemplary embodiments of the invention. Thus, those skilled in the art will appreciate that, although not explicitly described or shown herein, it is contemplated that the principles of the invention may be embodied and devised within the scope of the invention. Moreover, any examples described herein are intended to be interpreted as helping to understand the principles of the invention and without limiting the specific examples and conditions listed. As a result, the present invention is not limited to the specific embodiments or examples described below, but is only limited by the claims and their equivalents.

FIG. 2 is a flowchart of a DEX file distribution method among dynamic application loading methods of an Android application according to a preferred embodiment of the present invention.

As shown in FIG. 2, the DEX file distribution method causes a DEX file to be generated (S02) through an Android source compilation step S01. As shown in FIG. 1, a file configured to be executed in the Dalvik VM environment of the Android is a DEX file, such as a configuration of an Android application (APK file) in the Dalvik VM environment.

The DEX-S (10) file of FIG. 5 is generated through the digital signature step S03 for the generated DEX file. The DEX-S file is constructed by adding an electronic signature value to the DEX file. The purpose of the digital signature value is to verify the authenticity of the publisher and integrity of the published DEX file.

The digitally signed DEX file DEX-S generates the file DEX-E 20 of FIG. 5 through the step S04 of encrypting it. The DEX-E file is a value obtained by encrypting the DEX-S file with the encryption key (KEY1) as shown in Fig. The cipher key used in the cipher can be decrypted using the same value as in decryption, so it can be distributed by putting the cipher key information in the distribution Android program. It is not necessary to include the specific information, for example, the package name of the program (Android Package Name) or the specific SEED value (the value that is the basis for generation of the encryption key), and then the same mathematical calculation method May be used to derive the value of the key derivation method.

The encrypted file DEX-E is posted on the Internet via the step S05 of posting together with the version information. The publishing method may be published in various ways such as a web service method using HTTP / HTTPS or a daemon service or FTP service using TCP / IP method.

3 is a flowchart illustrating a DEX installation method of the dynamic application loading method of an Android application according to a preferred embodiment of the present invention.

When the program is started in the Android environment, the step S11 of checking the version information first confirms whether there is a version distributed later than the stored version. Of course, there is no file saved at first, so you will get the latest version.

If there is a file to be downloaded according to the version information, the encrypted file DEX-E is downloaded through a step S12. The version information checking method and the downloading method described above can be applied through various known methods such as a web service method, an FTP method, and a TCP / IP-based daemon service method.

The encrypted DEX file (DEX-E) 20 fetches the DEX-S 10 shown in FIG. 5 through a decoding step S13. As described above, the key KEY1 used for encryption in the DEX-E 20 of FIG. 5 uses the same fixed value for encryption and decryption, or uses a value derived by the key derivation method.

The digital signature verification (DEX-S) 10 of the decrypted DEX file (DEX-S) 10 is confirmed (S14), and it is confirmed whether or not the publisher is normal and the data is not modulated.

(DEX-S) 10 for storage (S15) to generate the DEX-X 30 shown in Fig. It is appropriate that the key (KEY2) 31 used at this time uses the cryptographic key value calculated by key derivation from at least one of the unique information of the Android phone, the MAC address, the telephone number, the device model name, and the program package name. Since the DEX file is stored through the digital signature and encryption process as described above, it is possible to fundamentally block the possibility of the tampering due to hacking or the like.

The encrypted DEX file (DEX-X) 30 is stored in the smart phone together with the version information (S16).

4 is a flowchart illustrating a method of executing a program in a dynamic loading method of an Android application according to a preferred embodiment of the present invention.

The DEX-S 10 is fetched via the step S21 of decrypting the encrypted DEX file (DEX-X) 30. The encryption key (KEY2) used in the decryption is a value derived through the same method used to generate the DEX-X (30).

After verifying the integrity of the digitally signed DEX file (DEX-S) through a digital signature verification step (S22), the DEX file is dynamically loaded (S23), and the dynamic loaded DEX DEX) file to execute the program through step S24. The step of executing the program (S24) is executed by calling a specific class and a function belonging to the loaded DEX file. This part is well known in the Android development environment and is not described in detail.

In addition, although a single DEX file has been described above, it is also possible to repeatedly perform the same process for publishing, storing, and executing several DEX files.

In another method, when there are a plurality of DEX files, a method of distributing the DEX file after generating the one file including the division information, and executing the program on the Android phone When performing the operation, it is possible to divide the file into each DEX file and perform the dynamic loading process individually.

In addition, in the DEX installation method, it is also possible to use the connection information for confirming the version information, the connection information for downloading the encrypted file (DEX-E), and the program through the dynamically loaded DEX file In step S24, it is preferable that the program start class and the function information fired as the input information are protected by one or more of adding digital signature information, adding integrity information using a hash function, or encrypting using a cryptographic key, It will be a good way to respond to various attacks.

10: Digitally signed DEX file (DEX-S)
11: DEX file
12: Digital signature value for the DEX file (11)
20: DEX file for encrypted publication (DEX-E)
21: How to Enable Encryption for Publishing
20: Encrypted archive file (DEX-X)
21: How to use archive encryption

Claims (4)

In an Android application dynamic loading method,
DEX (DEX) file distribution method,
Compiling the Android source (S01);
A DEX file creation step S02;
A DEX file digital signature (DEX-S generation) step S03;
Encrypting (DEX-E generation) the digitally signed DEX file (DEX-S) (S04);
(S05) of publishing the encrypted file (DEX-E) together with the version information;
/ RTI >
To install DEX,
Confirming version information (S11);
Downloading the encrypted file DEX-E (S12);
Decrypting (DEX-S generation) the encrypted DEX file (DEX-E) (S13);
A digital signature verification step (S14) of a decrypted DEX file (DEX-S);
Encrypting (DEX-X creation) the DEX file (DEX-S) for storage (S15);
Storing the encrypted DEX file (DEX-X) together with the version information (S16);
/ RTI >
To run the program,
Decrypting (DEX-S generation) the encrypted DEX file (DEX-X) (S21);
(S22) verifying the digital signature of a dex (DEX) file (DEX-S);
Dynamically loading a DEX file (S23);
Executing the program through the dynamically loaded DEX file (S24);
And a dynamic loading method for the Android application The method according to claim 1,
The encryption key used when generating the encrypted DEX-E file to be published may be distributed in the Android application or may be a value calculated using the same encryption key derivation method when decrypting and decrypting,
The encryption key used when generating the encrypted DEX-X file to be stored may use a cryptographic key derived from at least one of information unique to the Android phone, MAC address, telephone number, device model name, and program package name ≪ RTI ID = 0.0 > Android < / RTI > The method according to claim 1,
If the number of the DEX files is plural, it is possible to perform the DEX file distribution method after generating the one file including the division information,
When performing the method of executing the program in the Android phone, the dynamic loading process can be separately performed after dividing the file into respective DEX files. The method according to claim 1,
During the DEX installation process,
Confirming version information (S11); And downloading the encrypted file DEX-E (S12); The connection information in < RTI ID =

During the method of executing the program,
Executing the program through the dynamically loaded DEX file (S24); The program start information used in

An encryption method using integrity information using a hash, or encryption using a cryptographic key.

Images