阅读说明：本技术 临时授权Root实现调试的方法和装置 (Method and device for realizing debugging by temporarily authorizing Root ) 是由 髙陆林 张泽远 李阳 刘文明 郭晗 于 2019-10-09 设计创作，主要内容包括：本发明提供一种临时授权Root实现调试的方法和装置,其中方法包括：调试设备与授权卡进行数据交互,所述授权卡中的数据包括用于加密的用户身份信息、设备信息和调试时间；调试设备对授权卡中的数据进行身份认证和数据完整性校验；调试设备对授权卡中的数据进行调试时间和产品序列号校验；如果授权卡中的数据身份认证、数据完整性、调试时间和产品序列号都通过校验,调试设备开启临时Root权限,进入具有Root权限的系统。本发明能够提高设备调试过程时提高临时授权Root的安全性。(The invention provides a method and a device for realizing debugging by temporarily authorizing Root, wherein the method comprises the following steps: the debugging equipment carries out data interaction with an authorization card, and data in the authorization card comprises encrypted user identity information, equipment information and debugging time; the debugging equipment carries out identity authentication and data integrity verification on the data in the authorization card; the debugging equipment checks the debugging time and the product serial number of the data in the authorization card; and if the data identity authentication, the data integrity, the debugging time and the product serial number in the authorization card pass the verification, the debugging equipment starts the temporary Root authority and enters a system with the Root authority. The invention can improve the security of the temporary authorization Root during the debugging process of the equipment.)

1. A method for temporarily authorizing Root to realize debugging is characterized by comprising the following steps:

the debugging equipment carries out data interaction with an authorization card, and data in the authorization card comprises encrypted user identity information, equipment information and debugging time;

the debugging equipment carries out identity authentication and data integrity verification on the data in the authorization card;

the debugging equipment checks the debugging time and the product serial number of the data in the authorization card;

and if the data identity authentication, the data integrity, the debugging time and the product serial number in the authorization card pass the verification, the debugging equipment starts the temporary Root authority and enters a system with the Root authority.

2. The method for realizing debugging through temporary authorization Root according to claim 1, wherein before the debugging device performs data interaction with the authorization card, the method further comprises:

a server receives a temporary authorization debugging request of debugging equipment, wherein the debugging request comprises user identity information and equipment information;

the server side checks the user identity information;

and if the verification is passed, receiving a temporary authorization debugging request of the debugging equipment, manufacturing an authorization card according to the user identity information and the equipment information, and setting debugging time for the authorization card.

3. The method for realizing debugging of temporary authorization Root according to claim 2, wherein the steps of manufacturing an authorization card according to the user identity information and the device information and setting the debugging time for the authorization card specifically comprise:

according to the user identity information and the equipment information, carrying out first encryption on the user identity information and the equipment information by using an encryption algorithm, and storing encrypted data into a manufactured authorization card;

writing the executable program into the authorization card, and performing second encryption operation on the executable program code;

and setting debugging time for the authorization card, wherein the temporary authorization Root can be started in the debugging time.

4. The method for realizing debugging through temporary authorization Root according to claim 3, wherein the debugging device performs data interaction with the authorization card, and specifically comprises:

and inserting the authorization card into the corresponding debugging equipment and restarting the debugging equipment, carrying out first decryption verification on encrypted data in the authorization card by the debugging equipment, carrying out second decryption operation on the executable program code, sending decrypted user identity information and equipment information to a server, and carrying out identity authentication, data integrity, debugging time and product serial number verification.

5. The method for realizing debugging by temporarily authorizing Root according to claim 1, wherein the debugging device starts a temporary Root right and enters a system with the Root right, and specifically comprises:

if the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card pass the verification, the debugging equipment transmits the Root mark and the debugging time to the kernel, the temporary Root authority is started within the debugging time, and the debugging equipment enters an Android system with the Root authority after being normally started;

if any one of the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card does not pass the verification, the debugging equipment cannot be granted a temporary Root authority and normally enters the Android system.

6. The method of temporarily authorized Root enabled debugging of claim 5, further comprising:

after the authorization card is pulled out from the debugging equipment, the system automatically restarts to exit the temporary Root authority; alternatively, the first and second electrodes may be,

and monitoring whether the current time is in the debugging time or not through the kernel, and if the current time exceeds the debugging time, automatically restarting the system to exit the temporary Root authority.

7. A debugging device for temporarily authorizing Root, comprising:

the authorization card interaction module is used for performing data interaction with an authorization card, and data in the authorization card comprises encrypted user identity information, equipment information and debugging time;

and the Root authority module is used for starting the temporary Root authority and entering a system with the Root authority after the data identity authentication, the data integrity, the debugging time and the product serial number in the authorization card pass the verification.

8. The debugging device of temporary authorization Root according to claim 7, wherein the authorization card interaction module is specifically configured to:

and after the authorization card is inserted, restarting the debugging equipment to carry out first decryption verification on encrypted data in the authorization card, carrying out second decryption operation on the executable program code, sending decrypted user identity information and equipment information to the server, and carrying out identity authentication, data integrity, debugging time and product serial number verification.

9. The apparatus for debugging a temporary authorized Root according to claim 8, wherein the Root permission module is specifically configured to:

if the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card pass the verification, the debugging equipment transmits the Root mark and the debugging time to the kernel, the temporary Root authority is started within the debugging time, and the debugging equipment enters an Android system with the Root authority after being normally started;

if any one of the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card does not pass the verification, the debugging equipment cannot be granted a temporary Root authority and normally enters the Android system.

10. The Root temporarily authorized debugging apparatus according to claim 9, wherein the Root permission module is further specifically configured to:

when the authorization card interaction module determines that the authorization card is pulled out, the system is triggered to automatically restart and exit the temporary Root authority; alternatively, the first and second electrodes may be,

and monitoring whether the current time is within the debugging time or not through the kernel, and triggering the system to automatically restart and exit the temporary Root authority if the current time exceeds the debugging time.

Technical Field

The embodiment of the invention relates to the technical field of terminal application, in particular to a method and a device for realizing debugging by temporarily authorizing Root.

Background

Root permissions of Android (Android) have all permissions in a system, such as starting or stopping a process, deleting or adding a user, adding or disabling hardware, and the like, and Android system files and user files (excluding a ROM) can also be accessed and modified.

In order to debug the Android device of the production version, a debugging system is refreshed to debug the Android device, or Root operation is performed on the Android device to debug the Android device. However, in order to temporarily debug the device and refresh the debug version, the operation is troublesome, and all the information stored in the device after the refresh is finished is emptied. If the bug is positioned, the bug can be positioned only after the bug reappears in the debugging version, and the test result cannot accurately prove that the production version has problems due to the change of the environment of the equipment. Opening the temporary Root authority for temporarily debugging the device can destroy the security of the system because the Root authority has all the authorities in the system.

In addition, the currently commonly used temporary Root authority method further includes: the mobile terminal sends a downloading request for downloading the executable program file to the cloud server; downloading an executable program file from a cloud server; operating an executable program file, and modifying the ID level of the current user into a preset level through the executable program file to obtain a temporary Root authority; judging whether the mobile equipment is restarted or not; and if the mobile equipment is restarted, restoring the ID level of the current user to be a non-Root level on the mobile equipment side so as to cancel the temporary Root authority of the current user. On one hand, the temporary Root authority can avoid the problem of popping up the authorization reminding for many times, and great convenience is brought to the use of a user; on the other hand, after the mobile device is restarted, the temporary Root authority automatically disappears. However, both the device identification and the information reliability verification in the network interaction cannot be guaranteed, and the device insecurity is increased in a phase-changing manner.

It should be noted that the above background description is only for the sake of clarity and complete description of the technical solutions of the present invention and for the understanding of those skilled in the art. Such solutions are not considered to be known to the person skilled in the art merely because they have been set forth in the background section of the invention.

Disclosure of Invention

In view of the foregoing problems, an object of embodiments of the present invention is to provide a method and an apparatus for implementing debugging of a temporary authorization Root, which can improve security of the temporary authorization Root during a device debugging process.

In order to achieve the above object, an embodiment of the present invention provides a method for temporarily authorizing Root to implement debugging, including: the debugging equipment carries out data interaction with an authorization card, and data in the authorization card comprises encrypted user identity information, equipment information and debugging time; the debugging equipment carries out identity authentication and data integrity verification on the data in the authorization card; the debugging equipment checks the debugging time and the product serial number of the data in the authorization card; and if the data identity authentication, the data integrity, the debugging time and the product serial number in the authorization card pass the verification, the debugging equipment starts the temporary Root authority and enters a system with the Root authority.

Further, before the debugging device performs data interaction with the authorization card, the debugging device further includes: a server receives a temporary authorization debugging request of debugging equipment, wherein the debugging request comprises user identity information and equipment information; the server side checks the user identity information; and if the verification is passed, receiving a temporary authorization debugging request of the debugging equipment, manufacturing an authorization card according to the user identity information and the equipment information, and setting debugging time for the authorization card.

Further, according to the user identity information and the equipment information, the encryption algorithm is used for carrying out first encryption on the user identity information and the equipment information, and encrypted data are stored in the manufactured authorization card; writing the executable program into the authorization card, and performing second encryption operation on the executable program code; and setting debugging time for the authorization card, wherein the temporary authorization Root can be started in the debugging time.

Furthermore, the authorization card is inserted into the corresponding debugging device and restarts the debugging device, the debugging device performs first decryption and verification on encrypted data in the authorization card, performs second decryption operation on the executable program code, sends decrypted user identity information and device information to the server, and performs identity authentication, data integrity, debugging time and product serial number verification.

Further, if the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card pass the verification, the debugging equipment transmits the Root mark and the debugging time to the kernel, the temporary Root authority is started within the debugging time, and the debugging equipment enters the Android system with the Root authority after being normally started; if any one of the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card does not pass the verification, the debugging equipment cannot be granted a temporary Root authority and normally enters the Android system.

Further, after the authorization card is pulled out from the debugging equipment, the system automatically restarts to exit the temporary Root authority; or, monitoring whether the current time is in the debugging time or not through the kernel, and if the current time exceeds the debugging time, automatically restarting the system to exit the temporary Root authority.

The embodiment of the present invention further provides a device for debugging a temporary authorization Root, including: the authorization card interaction module is used for performing data interaction with an authorization card, and data in the authorization card comprises encrypted user identity information, equipment information and debugging time; and the Root authority module is used for starting the temporary Root authority and entering a system with the Root authority after the data identity authentication, the data integrity, the debugging time and the product serial number in the authorization card pass the verification.

In the embodiment of the invention, the temporary Root authority can be granted to the appointed debugging equipment through the special authorization card, the data in the authorization card is specially encrypted, and the data integrity check, the signature, the time and the SN check are added in the interaction process with the debugging equipment, thereby providing greater guarantee in safety.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments or the description in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.

Fig. 1 is a schematic flow diagram of manufacturing an authorization card in a method for implementing debugging by temporary authorization Root according to an embodiment of the present invention;

fig. 2 is a schematic flowchart of a process of opening a temporary Root permission of a method for realizing debugging by temporarily authorizing a Root according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of a debugging apparatus for temporarily authorizing Root according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention. Furthermore, as used in the examples of the invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the invention. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.

In order to make the technical solutions of the present invention better understood by those skilled in the art, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings.

The embodiment of the invention provides a method for realizing debugging of temporary authorized Root, which is different from the traditional temporary Root authority in that the safety of the temporary authorized Root is improved during the debugging process of equipment by manufacturing an authorization card in advance. As shown in fig. 1, the method for preparing the authorization card in advance comprises the following steps:

s101, a server receives a temporary authorization debugging request of debugging equipment, wherein the debugging request comprises user identity information and equipment information.

S102, the server side checks the user identity information, if the user identity information passes the check, the step S103 is carried out, and if the user identity information does not pass the check, the step S104 is carried out.

In this step, the user identity information includes a contact number (e.g., a mobile phone number), the server sends the verification code to a user contact terminal (e.g., a user mobile phone), and if the user can correctly provide the verification code to the server, the verification is passed.

S103, receiving the temporary authorization debugging request of the debugging equipment, manufacturing an authorization card according to the user identity information and the equipment information, and setting the debugging time for the authorization card.

In this step, if the user identity information passes the verification, the server receives a temporary authorized debugging request of the debugging device, and according to the user identity information and the device information, the user identity information and the device information are encrypted for the first time by using an encryption algorithm (such as an RSA + DES + MD5 hybrid encryption algorithm), the encrypted data is stored in the manufactured authorization card, an executable program (such as a bin program) is written into the authorization card, and a second encryption (such as MD5 information-digest algorithm encryption) operation is performed on the executable program code, so as to further prevent the illegal tampering. In addition, the debugging time is set for the authorization card, the temporary authorization Root can be started within the debugging time, and if the debugging time is exceeded, the temporary Root authority is exited.

And S104, rejecting the temporary authorized debugging request of the debugging equipment.

After the authorization card is manufactured, the method for implementing debugging by temporarily authorizing Root provided by the embodiment of the present invention, as shown in fig. 2, further includes the following steps:

step S201, the debugging device performs data interaction with the authorization card, where the data in the authorization card includes user identity information used for encryption, device information, and debugging time.

In this step, the user inserts the authorization card into the corresponding commissioning device and restarts the commissioning device. And after the debugging equipment is restarted, performing data interaction with the authorization card.

Step S202, the debugging equipment carries out identity authentication and data integrity check on the data in the authorization card, if the data passes the check, the step S203 is carried out, and if the data does not pass the check, the step S205 is carried out.

In this step, the debugging device performs a first decryption check on the encrypted data in the authorization card, performs a second MD5 decryption operation on the executable program code, and sends the decrypted user identity information and device information to the server for checking.

The server verification comprises the following steps: the identity authentication is used for confirming the source of the data; and data integrity check for preventing data tampering. Wherein, the certificate can be used for identity authentication; a hash algorithm and a key may be used for data integrity checking.

In step S203, the debugging device checks the debugging time and the Serial Number (SN) of the product for the data in the authorization card, and if the data passes, the process goes to step S203, and if the data does not pass, the process goes to step S205.

In this step, after the integrity and signature of the data in the authorization card are verified, the server further verifies the debugging time and the product serial number in the data of the authorization card, and the time validity and the local validity are ensured. Specifically, if the current time is within the debug time range and the serial number is consistent with the serial number in the decrypted device information, the check passes.

And S204, if the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card pass the verification, starting a temporary Root authority by the debugging equipment, and entering an Android system with the Root authority.

In the step, after all the checks are passed, the debugging equipment transmits the Root mark and the debugging time to a kernel (kernel), a temporary Root authority is started in the debugging time, and the debugging equipment enters an Android system with the Root authority after being normally started.

In addition, the system automatically restarts to exit the temporary Root authority after the authorization card is pulled out from the debugging equipment. Or, monitoring whether the current time is in the debugging time or not through the kernel, and if the current time exceeds the debugging time, automatically restarting the system to exit the temporary Root authority.

Step S205, if any one of the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card does not pass the verification, the debugging equipment cannot be granted a temporary Root authority, and the Android system is normally entered.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the computer program is executed. The storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a Random Access Memory (RAM).

With further reference to fig. 3, an embodiment of the present invention further provides a device for temporarily authorizing Root to implement debugging, where the device includes:

the authorization card interaction module 301 is configured to perform data interaction with an authorization card, where data in the authorization card includes user identity information used for encryption, device information, and debugging time;

the Root authority module 302 is configured to open a temporary Root authority after the data identity authentication, the data integrity, the debugging time, and the product serial number in the authorization card pass verification, and enter a system with the Root authority.

The authorization card interaction module is specifically used for: and after the authorization card is inserted, restarting the debugging equipment to carry out first decryption verification on encrypted data in the authorization card, carrying out second decryption operation on the executable program code, sending decrypted user identity information and equipment information to the server, and carrying out identity authentication, data integrity, debugging time and product serial number verification.

The Root authority module is specifically used for: if the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card pass the verification, the debugging equipment transmits the Root mark and the debugging time to the kernel, the temporary Root authority is started within the debugging time, and the debugging equipment enters an Android system with the Root authority after being normally started; if any one of the identity authentication, the data integrity, the debugging time and the product serial number of the data in the authorization card fails to pass the verification, the debugging equipment cannot be granted a temporary Root authority and normally enters an Android system; and when the authorization card interaction module determines that the authorization card is pulled out, triggering the system to automatically restart and exit the temporary Root authority, or monitoring whether the current time is in the debugging time through the kernel, and if the current time exceeds the debugging time, triggering the system to automatically restart and exit the temporary Root authority.

Similar to the specific technical details of the device for realizing debugging by temporary authorization Root and the method for realizing debugging by temporary authorization Root, the technical effects that can be achieved in the implementation mode of the device for realizing debugging by temporary authorization Root can also be achieved in the implementation mode of the method for realizing debugging by temporary authorization Root, and are not described here again in order to reduce repetition. Accordingly, the related technical details mentioned in the embodiment of the apparatus for temporarily authorizing Root to implement debugging can also be applied in the embodiment of the method for temporarily authorizing Root to implement debugging.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments.

Finally, it should be noted that: the foregoing description of various embodiments of the invention is provided to those skilled in the art for the purpose of illustration. It is not intended to be exhaustive or to limit the invention to a single disclosed embodiment. Various alternatives and modifications of the invention, as described above, will be apparent to those skilled in the art. Thus, while some alternative embodiments have been discussed in detail, other embodiments will be apparent or relatively easy to derive by those of ordinary skill in the art. The present invention is intended to embrace all such alternatives, modifications, and variances which have been discussed herein, and other embodiments which fall within the spirit and scope of the above application.