CN108959860B - Method for detecting whether Android system is cracked or not and obtaining cracking record - Google Patents
Method for detecting whether Android system is cracked or not and obtaining cracking record Download PDFInfo
- Publication number
- CN108959860B CN108959860B CN201810801104.0A CN201810801104A CN108959860B CN 108959860 B CN108959860 B CN 108959860B CN 201810801104 A CN201810801104 A CN 201810801104A CN 108959860 B CN108959860 B CN 108959860B
- Authority
- CN
- China
- Prior art keywords
- cracking
- android
- frida
- steps
- following
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000005336 cracking Methods 0.000 title claims abstract description 53
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 8
- 230000002194 synthesizing effect Effects 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims description 13
- 230000002452 interceptive effect Effects 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000006399 behavior Effects 0.000 abstract description 4
- 230000008859 change Effects 0.000 abstract description 4
- 238000002347 injection Methods 0.000 abstract description 2
- 239000007924 injection Substances 0.000 abstract description 2
- 238000013515 script Methods 0.000 description 3
- 241001634817 Cydia Species 0.000 description 2
- 244000141359 Malus pumila Species 0.000 description 1
- 244000172730 Rubus fruticosus Species 0.000 description 1
- 235000021016 apples Nutrition 0.000 description 1
- 235000021029 blackberry Nutrition 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3608—Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Quality & Reliability (AREA)
- Debugging And Monitoring (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a method for detecting whether an Android system is cracked or not and acquiring cracking records, which comprises the following steps: s100: collecting a specific file in a system, synthesizing the specific file into a specific value by using an algorithm, storing the specific value, uploading the specific value to a cloud server, judging whether the specific value is changed in real time, and entering S200 when the specific value is changed; s200: collecting system user data and uploading the system user data to a cloud server; s300: judging whether the system is root-free, if so, entering the step S400, otherwise, returning to the step S100; s400: and checking the framework of the reverse tool, acquiring a cracking record document corresponding to the reverse tool, and uploading the acquired cracking record document to a cloud server. The method and the device have the advantages that files of the reverse tool are combined into the only specific value, whether the system is cracked or not is judged through judging the change of the specific value, when the system is cracked, reverse injection is carried out according to the framework of the reverse tool, cracking behaviors are tracked, and then the corresponding cracking record file is obtained.
Description
Technical Field
The invention relates to the technical field of system safety, in particular to a method for detecting whether an Android system is cracked or not and acquiring cracking records.
Background
The Android system is the most popular intelligent operating system at present, the popularization range of the Android system far exceeds that of intelligent operating systems such as apples and blackberries, and as many illegal users want to acquire sensitive data of the users in the system, the users need to crack the Android operating system. In order to protect the security of system data, the Android system puts many efforts in the security aspect, however, without an absolute security system, a vulnerability is inevitably utilized by people, and the existing reverse cracking tools are infinite, thereby causing various security problems of the Android system.
At the present stage, the Android system protection mainly lies in security reinforcing schemes of an operating system and applications, such as autonomous access control, mandatory access control, TrustZone and application shell adding of the system, so as to prevent the systems from being cracked by people.
Disclosure of Invention
In order to solve the problems, the invention aims to provide a method for detecting whether an Android system is cracked and acquiring cracking records, and the method, the method and the purpose are achieved by recording the cracking process of a cracker after judging that the cracked behavior exists.
The specific scheme is as follows:
a method for detecting whether an Android system is cracked or not and obtaining cracking records comprises the following steps:
s100: collecting specific files in a system, wherein the specific files comprise files carried by the system and files generated by a reverse tool, synthesizing the specific files into a specific value by using an encryption algorithm, storing the specific value and uploading the specific value to a cloud server, judging whether the specific value is changed in real time, and entering S200 when the specific value is changed;
s200: collecting system user data and uploading the system user data to a cloud server;
s300: judging whether the system is root-free, if so, entering the step S400, otherwise, returning to the step S100;
s400: and checking the framework of the reverse tool, acquiring a cracking record document corresponding to the reverse tool, and uploading the acquired cracking record document to a cloud server.
Further, the determination method in step S300 is: when one of the following four ways is true, then the system is determined to be root:
the first method is as follows: su files exist under the/system/bin/or/system/xbin directory;
the second method comprises the following steps: writing can be carried out under the root directory of the system;
the third method comprises the following steps: selinux may be set to Permissive mode;
the method is as follows: commands requiring root rights may execute.
Further, the file carried by the system is a mobile phone serial number file.
Further, the system user data includes user information, a mobile phone number, a location, a mobile phone model, a current system version, a kernel, and a mobile phone serial number.
Further, in step S100, the reverse tool includes: xposed, Frida, smalidea and IDA PRO, step S400 specifically includes:
s410: checking an Xpos architecture to obtain a cracking record document of the Xpos;
the method specifically comprises the following steps:
step 1: determine if there is
A/data/data/de. robv. android. xposed. installer/bin/xposed bridge. jar file, if present, go to step 2;
step 2: checking whether an Xpos module exists in a/proc/process ID/maps directory, and if so, entering a step 3;
and step 3: checking whether the system/bin/app _ process is modified or not, if so, analyzing the principle and the function of an Xpos architecture, customizing the execution function of the reverse HOOK Xpos to obtain a cracking record document of the Xpos, namely an application program of the HOOK of the Xpos and a function of the HOOK;
s420: checking Frida architecture to obtain a Frida cracking record document, wherein the Frida cracking record document comprises a Frida HOOK application program, a HOOK function, a Frida client service program and interactive data between Android and a pc end;
the method specifically comprises the following steps:
step 1: checking whether Frida _ server exists in the system, if so, performing reverse analysis on the function in Frida _ server to obtain a function needing HOOK, and injecting a reverse HOOK function to obtain a HOOK application program and a HOOK function of Frida;
step 2: monitoring a tcp port of a Frida module to obtain interaction data between a Frida client service program and Android and a pc terminal in an Android system;
s430: dynamically debugging an application program by using the smalidea to obtain a cracking record document of the smalidea, namely interactive data of the Android and the pc end;
the method specifically comprises the following steps:
step 1: checking whether android xml is changed to debug mode, and entering step 2 when the android xml is changed;
step 2: checking whether ro.debug in the default.prop file is in a debugging mode, and entering step 3 when the ro.debug is in the debugging mode;
and step 3: checking whether a tcp port of the smalidea is in a debugging mode, and acquiring interactive data of the Android and pc ends when the tcp port of the smalidea is in the debugging mode;
s440: dynamically debugging the application program by using the IDA PRO to obtain a cracking record document of the IDA PRO, namely debugging data;
the method specifically comprises the following steps:
step 1: checking whether the TracerPid is debugged, and entering a step 2 when the TracerPid is debugged;
step 2: the tcp port of the IDA PRO is monitored, and the client service program of the IDA PRO is searched, and then the debug data is acquired by the client service program.
According to the technical scheme, files of a mainstream reverse cracking tool are combined into a unique specific value for judgment, whether the system is cracked or not is judged through judgment of change of the specific value, when the system is cracked, reverse injection is carried out according to the framework of the reverse tool, cracking behaviors are tracked, and then a corresponding cracking record file is obtained.
Drawings
Fig. 1 is a schematic flow chart according to a first embodiment of the present invention.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. Those skilled in the art will appreciate still other possible embodiments and advantages of the present invention with reference to these figures.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
referring to fig. 1, the present invention provides a method for detecting whether an Android system is cracked and obtaining a cracking record, where cracking includes that a system is root, a system application is HOOK injected, an application is debugged by a reverse tool, and the method includes the following steps:
s100: the method comprises the steps of collecting specific files in a system, wherein the specific files comprise files carried by the system and files generated by a reverse tool, synthesizing the specific files into a specific value by using an encryption algorithm, storing the specific value and uploading the specific value to a cloud server, judging whether a characteristic value is changed or not in real time, and entering S200 when the characteristic value is changed.
The reverse tool is a mainstream reverse cracking tool such as Xposed, cydia Substrate, Frida, smallidea, IDA PRO, JEB and gdb, and four reverse tools such as Xposed, Frida, smallidea and IDAPRO are selected in the embodiment.
The files carried by the system are files contained in the system, and in this embodiment, an International Mobile Equipment Identity (IMEI) file is preferably used, because other files carried by the system may be changed during system upgrade, and the IMEI file does not change, which does not affect the subsequent determination of the change of the specific value.
The file generated by the reverse tool may be: system/bin/app _ process,/system/xbin/su, default. prop or data/data/de. robv. android. xposed. installer/bin/xposed B bridge. jar, etc.
The encryption algorithm may be a conventional encryption algorithm such as a hash algorithm MD 5. The characteristic value is a unique specific value that can detect whether the system is compromised, in this example a value generated using the MD5 algorithm.
It is known in the art that when a system is cracked, the system can be cracked by one or more reverse tools, at this time, the specific file corresponding to the specific reverse tool will be changed, and when the specific file is changed, the specific value calculated by the specific file will also be changed, so that whether the system is cracked can be judged by checking whether the current specific value is changed.
It should be noted that there are two main ways for general cracking applications and system programs: the method comprises the steps of firstly, embedding a HOOK module into an application program, wherein the HOOK architecture is realized by hooking before or after the function call of the application and inserting corresponding operations, such as acquiring parameter values, changing the parameter values and actively calling the function. And secondly, using a dynamic debugging mode, obtaining a value of the program in operation through a debugging mode at a breakpoint under a corresponding function of the application program, thereby obtaining the sensitive information of the application program.
S200: and collecting system user data and uploading the system user data to a cloud server.
The system user data is hardware information of the user terminal and system information, and in this embodiment, the system user data specifically includes: user information, mobile phone number, position location, mobile phone model, current system version, kernel, mobile phone serial number, and the like.
S300: and judging whether the system is root-free, if so, entering the step S400, and if not, returning to the step S100.
In one possible implementation, whether the system is root can be judged by the following four ways, wherein when one way is established, the system is root, and one or more ways can be selected by a person skilled in the art for judgment.
The first method is as follows: su files exist under the/system/bin/or/system/xbin directory.
The second method comprises the following steps: writes may be made under the root directory of the system.
The third method comprises the following steps: selinux may be set to Permissive mode.
The method is as follows: commands requiring root rights may execute.
The commands requiring root authority are mount, su and the like.
S400: and checking the framework of the reverse tool, acquiring a cracking record document corresponding to the reverse tool, and uploading the acquired cracking record document to a cloud server.
In this embodiment, since the reverse tools are Xposed, Frida, smalidea, and IDA PRO, the following description is made in detail on the acquisition process of the breaking record documents of these four reverse tools.
S410: the Xpos architecture is examined to obtain a cracking record document for Xpos.
Xpos is a popular HOOK architecture, called as Android HOOK artifact, and can acquire any function of a HOOK Android java layer, modify function parameter values, call the function of the java layer and further acquire application data.
The method specifically comprises the following steps:
step 1: determine if there is
Jar files, when present, go to step 2.
Step 2: checking whether the Xpos module exists in the/proc/process ID/maps directory, and if so, entering step 3.
And step 3: checking whether the system/bin/app _ process is modified or not, if so, analyzing the principle and the function of the Xpos architecture, customizing the execution function of the reverse HOOK Xpos to obtain the cracking record document of the Xpos, namely the application program of the HOOK of the Xpos and the function of the HOOK.
It should be noted that when/system/bin/app _ process is modified, a/system/bin/app _ process file usually exists, and at this time, a code is injected into app _ process, because Xposed modified app _ process code is known, custom code is inserted before modification, and then the application program using Xposed HOOK and the function of HOOK can be recorded.
S420: and checking a Frida architecture to obtain a Frida cracking record document, wherein the Frida cracking record document comprises a HOOK application program, a HOOK function, a Frida client service program and interactive data between Android and a pc end of Frida.
The Frida is a HOOK framework based on Python + javascript, and is used for killing android, ios, linux, win, osx and other platforms, and is more convenient and faster than Xpos and substructe cydia due to interaction based on scripts. When the client side and the pc side carry out data interaction, the pc side executes a script needing HOOK and then transmits the script to a client side service program of the Android intelligent terminal to carry out HOOK operation of an application program.
The method specifically comprises the following steps:
step 1: checking whether Frida _ server exists in the system, if so, obtaining a function needing HOOK by carrying out reverse analysis on the function in Frida _ server, and injecting a reverse HOOK function to obtain the application program of HOOK of Frida and the function of HOOK.
Step 2: the tcp port 27042/27043 of the Frida module is monitored to obtain data for interactions between the Frida client servlet and the Android and pc terminals in the Android system.
Generally, a client service program of the Frida module is a server, a tcp port of the Frida module is 27042/27043, the service program of the Frida client in the Android system can be known by monitoring the port, and interactive data of the Android and the pc end can be acquired.
S430: and dynamically debugging the application program for the smalidea to obtain a cracking record document of the smalidea, namely the interactive data of the Android and the pc end.
And performing dynamic debugging on the application program by using the smalidea, so that data of the application program during running can be acquired, and further sensitive data of the application program can be acquired. The sensitive data may be a password, encrypted data, etc.
The method specifically comprises the following steps:
step 1: xml is checked whether it is changed to debug mode, and when it is changed, step 2 is entered.
Step 2: checking whether ro.debug in default.prop file is in debug mode, and entering step 3 when in debug mode.
And step 3: and checking whether the port/proc/net/tcp is in a debugging mode, and acquiring interactive data of the Android and pc ends when the port/proc/net/tcp is in the debugging mode.
S440: the dynamic debugging application program is used for IDA PRO to obtain a cracking record document of the IDA PRO, namely debugging data.
The method specifically comprises the following steps:
step 1: it is checked whether TracerPid is debugged and when debugged, step 2 is entered.
Step 2: monitoring the port/proc/net/tcp, searching the client service program of the IDA PRO, and then acquiring debugging data through the client service program.
Through the above steps S410 to S440, the architectures of the four reverse tools in this embodiment are analyzed, the corresponding cracking record documents are obtained, and the obtained cracking record documents are uploaded to the cloud server for subsequent processing.
In this embodiment, through the above steps, whether the system is cracked or not can be detected, when cracking is detected, system user data and cracking record documents necessary for application such as statistics and evidence obtaining of cracking behaviors are collected, the collected data are uploaded to the cloud server for subsequent use, and a user can perform application such as statistics, evidence obtaining, display and issuing according to the system user data and the cracking record documents received by the cloud server.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. A method for detecting whether an Android system is cracked or not and obtaining cracking records is characterized by comprising the following steps: the method comprises the following steps:
s100: collecting specific files in a system, wherein the specific files comprise files carried by the system and files generated by a reverse tool, synthesizing the specific files into a specific value by using an encryption algorithm, storing the specific value and uploading the specific value to a cloud server, judging whether the specific value is changed in real time, and entering S200 when the specific value is changed;
s200: collecting system user data and uploading the system user data to a cloud server, wherein the system user data are hardware information of a terminal and system information;
s300: judging whether the system is root-free, if so, entering the step S400, otherwise, returning to the step S100;
s400: checking the architecture of the reverse tool, acquiring a cracking record document corresponding to the reverse tool, and uploading the acquired cracking record document to a cloud server; the reverse tool comprises: xpos, Frida, smalidea and IDA PRO, and the method comprises the following specific steps:
s410: checking an Xpos architecture to obtain a cracking record document of the Xpos;
the method specifically comprises the following steps:
step 1: determine if there is
A/data/data/de. robv. android. xposed. installer/bin/xposed bridge. jar file, if present, go to step 2;
step 2: checking whether an Xpos module exists in a/proc/process ID/maps directory, and if so, entering a step 3;
and step 3: checking whether the system/bin/app _ process is modified or not, if so, analyzing the principle and the function of an Xpos architecture, customizing the execution function of the reverse HOOK Xpos to obtain a cracking record document of the Xpos, namely an application program of the HOOK of the Xpos and a function of the HOOK;
s420: checking Frida architecture to obtain a Frida cracking record document, wherein the Frida cracking record document comprises a Frida HOOK application program, a HOOK function, a Frida client service program and interactive data between Android and a pc end;
the method specifically comprises the following steps:
step 1: checking whether Frida _ server exists in the system, if so, performing reverse analysis on the function in Frida _ server to obtain a function needing HOOK, and injecting a reverse HOOK function to obtain a HOOK application program and a HOOK function of Frida;
step 2: monitoring a tcp port of a Frida module to obtain interaction data between a Frida client service program and Android and a pc terminal in an Android system;
s430: dynamically debugging an application program by using the smalidea to obtain a cracking record document of the smalidea, namely interactive data of the Android and the pc end;
the method specifically comprises the following steps:
step 1: checking whether android xml is changed to debug mode, and entering step 2 when the android xml is changed;
step 2: checking whether ro.debug in the default.prop file is in a debugging mode, and entering step 3 when the ro.debug is in the debugging mode;
and step 3: checking whether a tcp port of the smalidea is in a debugging mode, and acquiring interactive data of the Android and pc ends when the tcp port of the smalidea is in the debugging mode;
s440: dynamically debugging the application program by using the IDA PRO to obtain a cracking record document of the IDA PRO, namely debugging data;
the method specifically comprises the following steps:
step 1: checking whether the TracerPid is debugged, and entering a step 2 when the TracerPid is debugged;
step 2: the tcp port of the IDA PRO is monitored, and the client service program of the IDA PRO is searched, and then the debug data is acquired by the client service program.
2. The method for detecting whether the Android system is cracked and obtaining the cracking record according to claim 1, wherein the method comprises the following steps: the determination method in step S300 is: when one of the following four ways is true, then the system is determined to be root:
the first method is as follows: su files exist under the/system/bin/or/system/xbin directory;
the second method comprises the following steps: writing can be carried out under the root directory of the system;
the third method comprises the following steps: selinux may be set to Permissive mode;
the method is as follows: commands requiring root rights may execute.
3. The method for detecting whether the Android system is cracked and obtaining the cracking record according to claim 1, wherein the method comprises the following steps: the file carried by the system is a mobile phone serial number file.
4. The method for detecting whether the Android system is cracked and obtaining the cracking record according to claim 1, wherein the method comprises the following steps: the system user data comprises user information, a mobile phone number, position location, a mobile phone model, a current system version, a kernel and a mobile phone serial number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810801104.0A CN108959860B (en) | 2018-07-20 | 2018-07-20 | Method for detecting whether Android system is cracked or not and obtaining cracking record |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810801104.0A CN108959860B (en) | 2018-07-20 | 2018-07-20 | Method for detecting whether Android system is cracked or not and obtaining cracking record |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108959860A CN108959860A (en) | 2018-12-07 |
| CN108959860B true CN108959860B (en) | 2020-11-17 |
Family
ID=64481979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810801104.0A Active CN108959860B (en) | 2018-07-20 | 2018-07-20 | Method for detecting whether Android system is cracked or not and obtaining cracking record |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108959860B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111104337A (en) * | 2019-12-30 | 2020-05-05 | 杭州云缔盟科技有限公司 | Method for detecting terminal simulator |
| CN111522699B (en) * | 2020-04-14 | 2023-05-23 | 杭州斯凯数据科技集团有限公司 | Detection method for target memory change caused by VMP instruction |
| CN112507292B (en) * | 2020-12-09 | 2024-01-26 | 重庆邮电大学 | Method for protecting shell supporting running environment detection and integrity detection |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2418935A1 (en) * | 2002-02-14 | 2003-08-14 | Cloakware Corporation | System and method of foiling buffer-overflow and alien-code attacks |
| CN101783801B (en) * | 2010-01-29 | 2013-04-24 | 福建星网锐捷网络有限公司 | Software protection method based on network, client side and server |
| CN105069357A (en) * | 2015-08-06 | 2015-11-18 | 福建天晴数码有限公司 | Vulnerability scanning method, cloud server and system |
| CN106650408B (en) * | 2016-12-09 | 2020-08-04 | 武汉斗鱼网络科技有限公司 | Method and system for judging whether android system has root permission |
| CN107609410B (en) * | 2017-09-11 | 2019-07-02 | 厦门市美亚柏科信息股份有限公司 | Android system data guard method, terminal device and storage medium based on HOOK |
-
2018
- 2018-07-20 CN CN201810801104.0A patent/CN108959860B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778103A (en) * | 2016-12-30 | 2017-05-31 | 上海掌门科技有限公司 | Reinforcement means, system and decryption method that a kind of Android application program anti-reversing is cracked |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108959860A (en) | 2018-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11687653B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| CN108133139B (en) | Android malicious application detection system based on multi-operation environment behavior comparison | |
| CN112685737A (en) | APP detection method, device, equipment and storage medium | |
| CN111931166B (en) | Application program anti-attack method and system based on code injection and behavior analysis | |
| CN108959860B (en) | Method for detecting whether Android system is cracked or not and obtaining cracking record | |
| US20130247198A1 (en) | Emulator updating system and method | |
| CN108959071B (en) | RASP-based PHP deformation webshell detection method and system | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN103793649A (en) | Method and device for cloud-based safety scanning of files | |
| CN113158197B (en) | SQL injection vulnerability detection method and system based on active IAST | |
| CN114386032A (en) | Firmware detection system and method for power Internet of things equipment | |
| KR102180098B1 (en) | A malware detecting system performing monitoring of malware and controlling a device of user | |
| CN112035354A (en) | Method, device and equipment for positioning risk code and storage medium | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN113886814A (en) | Attack detection method and related device | |
| CN116340943A (en) | Application program protection method, device, equipment, storage medium and program product | |
| Tang et al. | Towards dynamically monitoring android applications on non-rooted devices in the wild | |
| CN109784051B (en) | Information security protection method, device and equipment | |
| KR101557455B1 (en) | Application Code Analysis Apparatus and Method For Code Analysis Using The Same | |
| JP5613000B2 (en) | Application characteristic analysis apparatus and program | |
| CN111291377A (en) | Application vulnerability detection method and system | |
| CN106650439A (en) | Suspicious application program detection method and device | |
| CN113569240B (en) | Method, device and equipment for detecting malicious software | |
| CN115544503A (en) | File-free attack detection method, device, equipment and storage medium | |
| CN109271781B (en) | Method and system for detecting super authority obtaining behavior of application program based on kernel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |