CN109117250A - A kind of simulator recognition methods, identification equipment and computer-readable medium - Google Patents

A kind of simulator recognition methods, identification equipment and computer-readable medium Download PDF

Info

Publication number
CN109117250A
CN109117250A CN201810855587.2A CN201810855587A CN109117250A CN 109117250 A CN109117250 A CN 109117250A CN 201810855587 A CN201810855587 A CN 201810855587A CN 109117250 A CN109117250 A CN 109117250A
Authority
CN
China
Prior art keywords
simulator
terminal
rule
identification
hit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810855587.2A
Other languages
Chinese (zh)
Other versions
CN109117250B (en
Inventor
李骁
董晓琼
胡定耀
王智浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810855587.2A priority Critical patent/CN109117250B/en
Priority to PCT/CN2018/107747 priority patent/WO2020019484A1/en
Publication of CN109117250A publication Critical patent/CN109117250A/en
Application granted granted Critical
Publication of CN109117250B publication Critical patent/CN109117250B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45504Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
    • G06F9/45508Runtime interpretation or emulation, e g. emulator loops, bytecode interpretation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The embodiment of the invention discloses a kind of simulator recognition methods, identification equipment and computer-readable mediums, wherein this method comprises: obtaining the facility information of target terminal;According to the facility information of pre-set multiple simulator recognition rules and the target terminal, determine the target identification rule that the facility information of the target terminal is hit in the multiple simulator recognition rule, wherein, the multiple simulator recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record;According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal runs on simulator environment.Using the embodiment of the present invention, facilitate the accuracy for promoting simulator identification.

Description

A kind of simulator recognition methods, identification equipment and computer-readable medium
Technical field
The present invention relates to fields of communication technology more particularly to a kind of simulator recognition methods, identification equipment and computer can Read medium.
Background technique
Android simulator, which is one, to go out the operation of android system in the various platform simulations such as Windows, Linux The application of environment, user can run answering for android system in the Android simulator in the terminals such as personal computer With., in application, for certain business, such as needing to carry out the business of Risk Monitoring using android system, it is undesirable that it It is running on simulator, it is therefore desirable to be identified to whether terminal runs on Android simulator environment.And current risk It identifies that equipment is limited to the recognition capability of Android simulator, can not effectively identify whether terminal runs on simulator environment.
Summary of the invention
The embodiment of the present invention provides a kind of simulator recognition methods, identification equipment and computer-readable medium, helps to mention Rise the accuracy of simulator identification.
In a first aspect, the embodiment of the invention provides a kind of simulator recognition methods, comprising:
The facility information of target terminal is obtained, the facility information includes and the model information of the target terminal, center The producer identification of processor CPU, memory headroom value, the first number of the application of installation, storage file the second number, make Network formats, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined The target identification rule that the facility information of terminal is hit in the multiple simulator recognition rule, wherein the multiple simulator Recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record;
According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal is transported Row is in simulator environment.
Optionally, the weight and weight threshold according to the pre-set target identification rule, identifies the mesh Whether mark terminal runs on simulator environment, comprising:
When the target identification rule of hit is multiple, according to the power of pre-set each simulator recognition rule Weight calculates the sum of the weight of each target identification rule;
Judge the weight and whether it is greater than pre-set weight threshold;
When the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
Optionally, the method also includes:
The facility information for the terminal for running on simulator environment in statistical history record respectively hits the multiple simulator The hit information of recognition rule, the hit information includes hit frequency and/or hit-count;
The corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule;
Wherein, the corresponding weight of each simulator recognition rule hit frequency corresponding with the simulator recognition rule is at just Than, and/or, the corresponding weight of each simulator recognition rule hit-count corresponding with the simulator recognition rule is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes Address title and/or media access control (Media Access Control, MAC) of router;The multiple simulator is known Rule does not include following at least two:
Router name in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified Claim identical;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the second preset blacklist MAC Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All manufacturers in the producer identification of the central processor CPU of the terminal to be identified and preset white list Mark is all different;
Be not configured with presetting module in the terminal to be identified, the presetting module include bluetooth module, temperature sensor, One or more of light sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The all-network standard in network formats and preset network formats list that the terminal to be identified uses is not It is identical;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
Optionally, believed described according to the equipment of pre-set multiple simulator recognition rules and the target terminal Breath, determine the facility information of the target terminal before the target identification that the multiple simulator recognition rule hit is regular, The method also includes:
The flag value of the corresponding objective function of facility information of the target terminal is obtained, and is determined according to the flag value Whether the objective function is by hook;
When determining the objective function by hook, it is corresponding that the objective function is obtained from the memory of the objective function Objective function pointer;
The corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding Original function, and original device information is determined according to the original function;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined The target identification rule that the facility information of terminal is hit in the multiple simulator recognition rule, comprising:
According to pre-set multiple simulator recognition rules and the original device information, the original device letter is determined Cease the target identification rule hit in the multiple simulator recognition rule.
It is optionally, described to determine the objective function whether by hook according to the flag value, comprising:
The character of predetermined position in the flag value is compared with preset fixed character, the predeterminated position The number of characters of the character at place is identical as the number of characters of the fixed character;
When the character and the fixed character difference for comparing to obtain the predetermined position, the objective function quilt is determined hook。
It is optionally, described to determine the objective function whether by hook according to the flag value, comprising:
Logical operation is carried out to the flag value according to preset logical algorithm, to obtain operation result value, wherein described Logical algorithm is that jump address when being executed according to the primary function in preset characters string and system determines;
When the operation result value is positive integer, determine the objective function by hook.
Second aspect, the embodiment of the invention provides a kind of identification equipment, which includes for executing above-mentioned The unit of the method for one side.
The third aspect, the embodiment of the invention provides another kinds to identify that equipment, including processor, user interface, communication connect Mouth and memory, the processor, user interface, communication interface and memory are connected with each other, wherein the memory is for depositing Storage supports identification equipment to execute the computer program of the above method, and the computer program includes program instruction, the processor It is configured for calling described program instruction, the method for executing above-mentioned first aspect.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage medium, the computer storage medium It is stored with computer program, the computer program includes program instruction, and described program instruction makes institute when being executed by a processor State the method that processor executes above-mentioned first aspect.
The embodiment of the present invention can be determined in preset multiple simulator recognition rules by the facility information of acquisition terminal The simulator recognition rule of the facility information hit of the target terminal, and then according to the simulator recognition rule of the preset hit Weight and default weight threshold, to identify whether the target terminal runs on simulator environment, so that realizing in conjunction with multiple Simulator recognition rule carries out simulator identification, this helps to the accuracy for promoting simulator identification.
Detailed description of the invention
Technical solution in order to illustrate the embodiments of the present invention more clearly, below will be to needed in embodiment description Attached drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the invention, general for this field For logical technical staff, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of simulator recognition methods provided in an embodiment of the present invention;
Fig. 2 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram for identifying equipment provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another identification equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts Example, shall fall within the protection scope of the present invention.
The technical solution of the application can be applied to identification equipment in, the identification equipment may include various terminals, server or Risk identification product (equipment) being connect with terminal etc., for being identified (referred to as " simulation to the simulator behavior in terminal Device identification "), whether simulator environment is run on identification terminal (or application in terminal, such as application of identification implantation SDK), Or referred to as whether identification terminal is logged in using simulator.In this application, simulator can refer to Android simulator or its His simulator.This application involves terminal can be mobile phone, computer, plate, personal computer, smartwatch etc., the application is not It limits.
Specifically, the application can be by being arranged multiple simulator recognition rules, and the letter of the various equipment by obtaining terminal Breath, such as the Wi-Fi Hotspot information, model information, the manufacturer's information of CPU, module configuration information, memory headroom letter that connect It ceases, number, the number of file of storage, the network formats used, system file exception information, operating status of the application of installation Etc. simulator recognition rules that are one or more in information, and being hit according to various facility informations, know in conjunction with multiple simulators Not rule carries out simulator identification, so as to promote the accuracy of simulator identification.It is described in detail individually below.
Referring to Figure 1, Fig. 1 is a kind of flow diagram of simulator recognition methods provided in an embodiment of the present invention.Specifically , as shown in Figure 1, the simulator recognition methods may comprise steps of:
101, the facility information of target terminal is obtained.
Wherein, which can refer to any terminal for needing to carry out simulator identification, for example produce with risk identification The terminal of product connection, perhaps the terminal under specific air control scene or triggering (for example pass through programmable button or gesture or pre- If other triggering modes) simulator identification terminal, etc., the application is without limitation.The air control scene may include stepping on Record scene, transaction scene, the preferential field scene of APP etc..
Optionally, the facility information of the acquisition may include with the model information of the target terminal, the producer identification of CPU, Memory headroom value, the first number of the application of installation, the second number of file of storage, the network formats used, module configuration Information, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial.Wherein, the type Information may include the model and/or brand of the target terminal, which includes whether such as blue configured with presetting module Tooth module, temperature sensor, light sensor etc., the route-map may include the title and/or media interviews of router Control MAC Address etc..
102, according to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined The target identification rule that the facility information of terminal is hit in multiple simulator recognition rule.
Wherein, multiple simulator recognition rule can be according to the terminal for running on simulator environment in historical record What facility information was determined, to promote the efficiency and reliability of simulator identification.For example, multiple simulator recognition rule can be with Including following at least two:
Rule 1: the road in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified It is identical by device title;
Rule 2: the MAC Address of the router of the Wi-Fi Hotspot of terminal connection to be identified is in the second preset blacklist Interior MAC Address set;
Wherein, detection MAC Address whether be in preset MAC Address set can also be known as detection MAC Address whether with MAC Address in the MAC Address set is identical;Correspondingly, MAC Address be in MAC Address set can refer to the MAC Address with MAC address in the MAC Address set is identical.
Rule 3: the model of terminal to be identified is identical as any terminal model in preset third blacklist;
Rule 4: the brand of terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
Optionally, above-mentioned blacklist such as the first blacklist, the second blacklist, third blacklist, the 4th blacklist etc. wrap The facility information included, which can be, to be identified as the terminal of simulator and (is identified as operating in the end of simulator environment in historical data End) corresponding facility information, for example (L is the integer greater than 0, such as takes 8) a facility information (routing by preceding L that statistics number is most Device title, MAC Address, model or brand etc.) or statistics number be greater than preset threshold facility information etc., herein not It repeats.
For example, first blacklist includes the title for being identified as the router that the terminal of simulator is connected in historical data The more title of middle statistics number, such as preceding M that statistics number is most (M is the integer greater than 0, such as takes 10) a title, or Statistics number is greater than the title of preset number threshold value (first threshold);For another example, which includes identifying in historical data The more MAC Address of statistics number or by the MAC Address group in the MAC Address of the router connected by the terminal of simulator At MAC Address set, for example (N is the integer greater than 0, such as takes 50) a MAC Address, Huo Zhetong by preceding N that statistics number is most Metering number is greater than the MAC Address of preset number threshold value (second threshold), or the MAC Address set determined by these MAC Address, Etc., the application is without limitation.Wherein, the first threshold and second threshold can preset to obtain.
Rule 5: all productions in the producer identification of the central processor CPU of terminal to be identified and preset white list Trade mark knowledge is all different;
It wherein, may include the mark of one or more legal CPU manufacturers in the white list.
Rule 6: be not configured with presetting module in terminal to be identified, the presetting module include bluetooth module, temperature sensor, One or more of light sensor;
Wherein, the presetting module can according to historical data count be identified as in the terminal of simulator do not have configuration Module, such as bluetooth module, temperature sensor, light sensor.So if recognizing terminal does not configure the presetting module, then It may be simulator.
Rule 7: the memory headroom value of terminal to be identified is less than default memory threshold;
Rule 8: the first number of the application of terminal installation to be identified is less than preset first quantity threshold;
Rule 9: the second number of the file of terminal storage to be identified is less than preset second quantity threshold;
Wherein, first quantity threshold and the second quantity threshold can preset to obtain.
Rule 10: the network formats that terminal to be identified uses and the all-network standard in preset network formats list are equal It is not identical;
Optionally, identification equipment can determine which is just in conjunction with target area of the terminal to be identified such as where target terminal Normal network formats, such as by being pre-configured with different zones and its corresponding network formats list, to determine and the target area The corresponding network formats list in domain, the network formats in the network formats list are the proper network standard of the target area. If detecting that the network formats that the target terminal uses are not the network formats in its corresponding network formats list, the mesh Mark terminal may run on simulator environment, because simulator may distort network formats information.
Rule 11: there are the system files of preset path and title in the system of terminal to be identified;
It may be simulator if there is abnormal system file in target terminal.For example, the system file of the exception It may include the system file of following path and title :/dev/qemu_pipe ,/dev/socket/qemud ,/system/lib/ Libc_malloc_debug_qemu.so ,/sys/qemu_trace ,/proc/tty/drivers/goldfish etc..
Rule 12: the operating status of terminal to be identified is root state.If detecting that target terminal is in Android Root state then may be simulator.
Wherein, facility information hit simulator recognition rule be referred to as facility information meet simulator recognition rule or Meet simulator recognition rule etc..The terminal to be identified is the simulator identification needed by determining the hit of its facility information Rule is to carry out the terminal of simulator identification, such as above-mentioned target terminal.
103, according to the weight and weight threshold of pre-set target identification rule, identify whether the target terminal is transported Row is in simulator environment.
Wherein, the weight of multiple simulator recognition rule can preset to obtain, such as by air control personnel according to warp It tests and is configured, or the frequency of each simulator recognition rule or secondary is hit according to the terminal for being identified as simulator in historical record Number is configured, etc..For example, the weight of setting is descending successively are as follows: regular 4 > rule of 1=rule 2 > rule 3=rule 5 > rule 6=rule 7=rule 8=rule 9=rule 10 > rule 11 > rule 12.For the weight of simulator recognition rule Setting or method of determination, the application is without limitation.
That is, the application can be carried out by preset multiple simulator recognition rules when carrying out simulator identification, It can be by obtaining the facility information of terminal, and detect whether the facility information hits multiple simulator recognition rule, in turn According to the weight and default weight threshold of the simulator recognition rule of hit, to carry out simulator identification, such as the mould in hit When the weight of quasi- device recognition rule is greater than the weight threshold, determine the terminal operating in simulator environment.It further, if should The facility information and any simulator recognition rule of miss of target terminal, then can determine the target terminal not running in simulator Environment.
For example, in some embodiments, which is above-mentioned rule 1,2,3, preset Rule 1 weight be 0.7, rule 2 weight be 0.7, rule 3 weight be 0.5, weight threshold 0.6, the acquisition is set Standby information includes the title of the router of the Wi-Fi Hotspot of target terminal connection and the type of MAC Address and the target terminal Number.Then identify equipment can by detect the router in the facility information title whether with the router in first blacklist Title is identical and the facility information in MAC Address whether be in the MAC Address set in second blacklist, and should Whether the model in facility information is identical as any terminal model in the third blacklist.If identification equipment detects the road It is identical as the either router title in first blacklist by the title of device, it is determined that hit rule 1, if identification equipment inspection Measure the MAC address set that the MAC Address is in second blacklist, it is determined that hit rule 2, if identification equipment Detect that the model is identical as any terminal model in the third blacklist, it is determined that hit rule 3.Assuming that identification equipment is true The facility information hit rule 2 of the fixed target terminal, miss rule 1 and 3, regular 2 corresponding weights 0.7 are greater than weight threshold 0.6, then it can determine that the target terminal runs on simulator environment.
In embodiments of the present invention, identification equipment can determine preset multiple moulds by the facility information of acquisition terminal The simulator recognition rule of the facility information hit of the target terminal in quasi- device recognition rule, and then according to the preset hit The weight of simulator recognition rule and default weight threshold, to identify whether the target terminal runs on simulator environment, so that It realizes in conjunction with multiple simulator recognition rules and carries out simulator identification, this helps to promote the accurate of simulator identification Property.
Fig. 2 is referred to, Fig. 2 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention.Tool Body, as shown in Fig. 2, the simulator recognition methods may comprise steps of:
201, the facility information for the terminal for running on simulator environment in statistical history record respectively hits multiple simulation The hit information of device recognition rule, the hit information include hit frequency and/or hit-count.
202, the corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule.
Wherein, the corresponding weight of each simulator recognition rule can hit frequency corresponding with the simulator recognition rule It is directly proportional, and/or, the corresponding weight of each simulator recognition rule can hit-count corresponding with the simulator recognition rule It is directly proportional.
That is, the application can pass through the historical data to the terminal for being identified as running on simulator environment, including life In simulator rule carry out big data analysis, frequency and/or the number of above-mentioned rule are hit come flexible according to the historical data The weight of simulator recognition rule is set.For example, the frequency of the hit frequency of a certain rule of hit is higher, the corresponding power of the rule Reset be set to it is bigger;The hit-count for hitting a certain rule is higher, and the corresponding weight of the rule is set as bigger, etc..It is optional , the mapping relations between the hit frequency (and/or hit-count) and weight can be pre-established, alternatively, pre-establishing the life The mapping relations between mapping relations and important level and weight between middle frequency (and/or hit-count) and important level Etc..And then identify that equipment can determine that its is corresponding according to the hit frequency and/or hit-count of each simulator recognition rule Weight.It is further alternative, it can also go to count each simulator identification rule in nearest preset time period according to prefixed time interval New hit frequency and/or hit-count then, and then each rule is updated according to the new hit frequency and/or hit-count Weight, further to promote the accuracy of simulator identification.
Optionally, identification equipment can also be arranged or choose the carry out simulator according to the hit frequency and/or hit-count Multiple simulator recognition rules (i.e. above-mentioned multiple simulator recognition rules) of identification, it is such as that hit frequency or number is highest (L is the integer greater than 0 to preceding L, such as takes 6) rule of a rule as the identification of multiple simulator, or will be in preset time period Hit frequency be higher than the rule of predeterminated frequency threshold value as multiple simulator recognition rule, or will be in preset time period Hit-count is higher than the rule of preset times threshold value as multiple simulator recognition rule, etc., is not listed one by one herein.From And the flexibility and reliability of simulator setting rule are improved, and be able to ascend recognition efficiency.
203, the facility information of target terminal is obtained.
Optionally, when carrying out simulator identification, identification equipment multinomial can be set by obtaining the equipment bottom of target terminal Standby information, for example the facility information may include following one or more: route-map (including the road of the Wi-Fi Hotspot of connection Such as Wi-Fi service set (Service Set Identifier, SSID) by device title (or Wi-Fi title), router mac Address (or Wi-Fi MAC Address) such as Wi-Fi basic service set identification (Basic Service Set Identifier, BSSID) etc.), type (model and/or brand), CPU manufacturer information, Bluetooth information, sensor information, user use trace Information for example memory headroom value, the network formats used, Android state (or be operating status, such as whether be in root shape State), system file exception information (such as whether there are the system files of preset path and title), installation application number, deposit The number of the file of storage, the packet name for accessing App, the access version number of App, the version number of SDK, OS Type, operation system System version, equipment exclusive identification code (UDID), whether escaped from prison (for example 1 representative has been escaped from prison, and 0 representative is not escaped from prison), longitude and latitude Whether information, network type, specified App install (for example 1 representative has been installed, and 0 representative is not installed), whether are mounted with that Ali is small Number, whether be mounted with v8 plug-in unit, current time stamp (such as precision be millisecond), advertisement identifier, Vendor identifier, equipment type Number, host name, CPU core calculation, cpu type, CPU subtype, screen resolution, storage gross space, storage fragmentation, when Area, language, electricity, battery status, operator name, country ISO, starting time, keyboard list, did erased or distorted, The did that is stored in localfile, GPS switch (for example 0 represent and close, 1 represent open), GPS licensing status, APP whether are opened Dynamic link library list of load etc., to carry out simulator identification.Optionally, it is raw that Android bottom source can be used in the application API acquires facility information, so that facility information is not easy to be tampered.
It, can with promote identification specifically, identification equipment can carry out simulator identification by obtaining multinomial facility information By property.Moreover, the identification equipment can use the facility information Xiang Zhongyu of the acquisition according to preset multiple simulator recognition rules The corresponding partial information of multiple simulator recognition rule identifies for simulator, that is, the facility information item obtained is more than needing to make The facility information item used, so that illegal person can not determine which specifically used information to carry out simulator identification, this is just Facilitate after preventing illegal person from recognizing a certain recognition rule to distort relevant device information and leads to not identify simulator in time The case where generation, that is, prevent recognition rule to be cracked so that improve simulator identification reliability.
204, according to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined The target identification rule that the facility information of terminal is hit in multiple simulator recognition rule.
Wherein, multiple simulator recognition rule can be according to the terminal for running on simulator environment in historical record What facility information was determined, it does not repeat herein.
205, when the target identification rule of hit is multiple, according to the power of pre-set each simulator recognition rule Weight calculates the sum of the weight of each target identification rule.
206, judge the weight and whether it is greater than pre-set weight threshold.
207, when the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
Specifically, identification equipment can be known by judging whether the facility information obtained hits pre-set multiple simulators It is irregular, according to whether the result of hit determines the weight of each rule, and identified whether according to the weight of each rule as simulator. Wherein, if hitting a certain rule, taking the weight of the rule of the hit is pre-set weight;If a certain rule of miss Then, then the weight for taking the rule of the miss is 0.That is, the simulator recognition rule of statistics hit, that is, target identification rule Weight.Further, a threshold value can be preset, if being accumulated by the sum of the weight of each target identification rule of hit More than the threshold value, then it can recognize as simulator, that is, determine that the target terminal runs on simulator environment.
For example, in some embodiments, which is above-mentioned regular 1-12, preset The weight of rule 1,2 is 0.4, and the weight of rule 3,4 is 0.35, and the weight of rule 5 is 0.3, rule 6,7,8,9,10 Weight is 0.25, and the weight of rule 11 is 0.2, and the weight of rule 12 is 0.1, and preset weight threshold is 1.The acquisition is set Standby information includes the title and MAC Address of the router of the Wi-Fi Hotspot of target terminal connection, the model of target terminal, brand, The producer identification of CPU, module configuration information, memory headroom value, the first number of the application of installation, storage file second Number, the network formats used, operating status and other information.Then identify that equipment can be by detecting the routing in the facility information Whether the title of device whether locate by the MAC Address in and the facility information identical as the router rs name in first blacklist In the MAC Address set in second blacklist and the model in the facility information whether with appointing in the third blacklist One terminal models are identical and the facility information in brand it is whether identical as any terminal brand in the 4th blacklist, with And whether the producer identification of the CPU in the facility information is all different with all producer identifications in the white list, and Whether the module configuration information in the facility information indicates the target terminal configured in presetting module and the facility information Whether the first number whether memory headroom value is less than the application of default memory threshold and the installation in the facility information is less than Whether the second number of first quantity threshold and the file of the storage in the facility information is less than preset second number threshold Whether the network formats used in value and the facility information are equal with the all-network standard in preset network formats list System file information in the not identical and facility information indicates whether the system file of preset path and title, with And whether the operating status in facility information is root state.If identification equipment detect the router title and this first Either router title in blacklist is identical, it is determined that hit rule 1, if identification equipment detects that the MAC Address is in MAC address set in second blacklist, it is determined that hit rule 2, if identification equipment detects the model and is somebody's turn to do Any terminal model in third blacklist is identical, it is determined that hit rule 3, etc. does not repeat herein.Assuming that identification equipment is true The facility information hit rule 1,2,5,12 of the fixed target terminal, miss rule 3,4,6,7,8,9,10 and 11 is then hit The sum of weight of rule is 0.4+0.4+0.3+0.1=1.2, and 1.2 are greater than weight threshold 1, then can determine that the target terminal is run In simulator environment.If the sum of weight of rule of hit can determine the target terminal not running in simulator ring less than 1 Border, perhaps may also be combined with other information and further identifies or can also be spaced after preset time and carry out simulator identification again, or Person control to terminal part operation, etc. according to the size of the sum of weight, and the application is without limitation.
In embodiments of the present invention, identification equipment can generate various moulds according to the common feature of the simulator of each type Quasi- device recognition rule, and multiple simulation can be hit according to the facility information for the terminal for running on simulator environment in historical record The hit frequency and/or hit-count of device recognition rule are that weight is arranged in each simulator recognition rule, and then is carrying out simulator When identification, the simulator recognition rule of facility information hit can be determined by the multinomial facility information of acquisition target terminal, And then it is to determine the target terminal according to the sum of weight of each simulator recognition rule of the hit and default weight threshold It is no to run on simulator environment, so that improving the flexibility and reliability of the weight setting of simulator rule, realize combination Multiple simulator recognition rules carry out simulator identification, this just improves the accuracy of simulator identification.
Fig. 3 is referred to, Fig. 3 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention.Tool Body, as shown in figure 3, the simulator recognition methods may comprise steps of:
301, the facility information of target terminal is obtained.
Wherein, the associated description of the facility information of acquisition can refer to the associated description of above-described embodiment, not repeat herein.
302, the flag value of the corresponding objective function of facility information of the target terminal is obtained, and is determined according to the flag value Whether the objective function is by hook.
Optionally, after obtaining facility information, and this according to pre-set multiple simulator recognition rules and should The facility information of target terminal determines that the facility information of the target terminal is known in the target that multiple simulator recognition rule is hit Not before rule, i.e., before carrying out simulator identification according to facility information, identification equipment also be can detect for carrying out simulator Whether the facility information of identification is tampered, to ensure to carry out simulator identification based on true facility information.Wherein, the detection is The no facility information being tampered can be only the corresponding facility information of multiple simulator recognition rule, to reduce cost of device.
Specifically, whether identification equipment by hook can identify that this distorts row by the corresponding function of detection device information For.Wherein, which can be used for marking the state of the objective function, which can refer to the state whether being tampered, Or it can refer to read-write state, obstruction and non-blocking state, exit the state of process or program and/or change the content of file State etc., so as to determine the objective function whether by hook according to the flag value.Each function has correspondence Flag, the flag be a variable, when a certain function is by hook, the corresponding flag of the function can change.Know as a result, Whether other equipment can be changed by the flag of detection function, to determine whether the function is corresponding by hook namely the function Facility information whether be tampered.Wherein, the value of the flag can be stored in the corresponding memory of the objective function.
Optionally, when whether determining the objective function by hook according to the flag value, identification equipment can be by the flag The character of predetermined position in value is compared with preset fixed character;When compare to obtain the character of the predetermined position with When the fixed character difference, determine the objective function by hook.Wherein, the number of characters of the character of the predetermined position is fixed with this The number of characters of character is identical, compares in order to match.That is, the flag, which changes, can refer to one of the flag value Or multidigit changes, and the one or more predetermined positions that can refer to flag is one or more.To which identification is set It is standby to be compared by the one or more fixed characters with when being not tampered with for the flag value predetermined position that will acquire, If flag value this it is one or more change, i.e., flag value is one or more different from the fixed character, then shows By hook, i.e. the corresponding facility information of the objective function is tampered the objective function.
For example, for Android version in 4.4 or more and 5.0 systems below, some Xposed plug-in units to certain function into When row hook, 1 can be set by 1 (bit) of the fixed position of the flag value of the function;And the letter being normally not tampered with Number, the position of flag value is 0 (i.e. above-mentioned fixed character).Therefore, can be by the fixed bit of the flag value of detection function No is 0, so that it may know whether the function by Xposed plug-in unit has carried out hook.That is, if the flag value of the survey function The fixed bit is not 0, that is, can be shown that the function by hook, which is tampered.
Optionally, when whether determining the objective function by hook according to the flag value, identification equipment can also be according to pre- If logical algorithm to the flag value carry out logical operation, to obtain operation result value;When the operation result value is positive integer, Determine the objective function by hook.Wherein, which can be holds according to the primary function in preset characters string and system What jump address when row determined.That is, can also will according to logic of propositions algorithm to flag treated value with do not usurped Fixed character such as 0 when changing is compared, if treated, the value changes, i.e., is not 0, for example be a certain positive integer When, then show the function by hook.
For example, for Android version 5.0 and its above system, if logically algorithm such as logical expression EntryPointFromJni&&AccessFlags&0x10000000 result is equal to positive integer, then can be shown that the function is tampered; If the logical expression result is equal to 0 (as fixed character), it can be shown that the function is not tampered with.Wherein, should EntryPointFromJni can refer to jump address when primary function such as native function executes, and AccessFlags is Above-mentioned flag.
It is further alternative, identify that equipment before determining the objective function whether by hook according to the flag value, may be used also It determines the system version that the target terminal target uses, and then goes selection according to the flag according to the system version of the target terminal It is worth and determines the objective function whether by the mode of hook, to promote the efficiency of hook detection.Wherein, the system version and hook inspection The corresponding relationship of the mode of survey can be preset to obtain.
303, when determining the objective function by hook, it is corresponding that the objective function is obtained from the memory of the objective function Objective function pointer.
Wherein, it the function pointer and is stored in the different field of same memory by the function of hook, and different There are mapping relations for function pointer and original function, and the storage address of different functions pointer and original function has mapping in other words Relationship.
Optionally, after determining the objective function by hook, this can also be restored by the objective function of hook, with Convenient for determining the corresponding real equipment information of the objective function.Specifically, determining a certain function such as the objective function quilt After hook, can from its memory the corresponding function pointer of the quick obtaining objective function, i.e., above-mentioned objective function pointer, with Convenient for determining for example primary API of the corresponding original function of the objective function according to the objective function pointer, i.e., not by the true of hook Real function.
304, the corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding Original function, and original device information is determined according to the original function.
After determining the objective function pointer in the corresponding memory of the objective function, the mesh can be further determined that out The corresponding original function of scalar functions pointer, i.e., true Method.And then the objective function can be replaced by the original function, it is real Now to by the reduction of the function of hook.To identify that equipment can determine that the target terminal is corresponding true by the original function Facility information, to carry out simulator identification based on real equipment information, that is to say, that this embodiment of the present invention can be set detecting Standby information obtains true facility information when being tampered in time, to carry out simulator identification based on true facility information, by This improves the accuracy and reliability of simulator identification.
For example, it is assumed that the facility information includes the title and MAC Address of the router, if detecting the name of the router Claim corresponding function by hook, can restore to obtain the title of true primary routing device;If detecting that the MAC Address is corresponding Function can be restored to obtain true original MAC address by hook, and then can be based on the name of the true primary routing device Claim and MAC Address is to carry out simulator identification.
It should be understood that the original function pointer stored in memory will not be tampered, according to the work of Xposed plug-in unit Principle can back up the raw information of function before distorting objective function, and save particular address in memory, That is the address of objective function pointer direction.And once these backup informations are also tampered, that Xposed plug-in unit will be unable to normally Work.Therefore, the original function got in the particular address that the objective function pointer is directed toward, must be correct function, It will not be tampered.
305, according to pre-set multiple simulator recognition rules and the original device information, determine that the original device is believed Cease the target identification rule hit in multiple simulator recognition rule.
306, according to the weight and weight threshold of pre-set target identification rule, identify whether the target terminal is transported Row is in simulator environment.
After determining true original device information, that is, it can determine whether the original device information hits corresponding mould Quasi- device recognition rule, and then simulator identification is carried out according to hit results, identification method and it is above-mentioned according to facility information and in advance If multiple simulator rules carry out simulator know it is similar otherwise, specifically please refer to step in above-mentioned embodiment illustrated in fig. 1 The associated description of step 205-207, does not repeat herein in 102-103 and embodiment illustrated in fig. 2.
Optionally, if it is determined that target terminal operates in simulator environment, identification equipment produce warning information, with into Row air control.For example, the warning information may include: risk class, it is user information, one or more in equipment malicious act. Wherein, which can determine according to the target air control scene of terminal, specifically can be preset to obtain different air control fields The corresponding relationship of scape and risk class;Alternatively, the application that the risk class can be run according to end objectives is determined, specifically may be used It presets to obtain the corresponding relationship of different application and risk class;Alternatively, the risk class can also be according to terminal by hook's The number of function is determined, specifically can be preset to obtain the corresponding relationship of different hook numbers and risk class;Alternatively, the wind Dangerous grade can also be determined according to the priority for the facility information that terminal is tampered, and specifically can be preset to obtain distinct device letter The priority of breath and each priority and the corresponding relationship of risk class, etc., the application is without limitation.For example, the risk etc. Grade can be divided into high-risk, middle danger, low danger or level-one, second level, three-level etc..The user information may include user identifier (User Identification, UID), phone number, ID card No. (if register application when collect if) etc..The malice row To may include distorting MAC Address, distorting CPU manufacturer, distort mobile phone model and brand, distort phone number etc., specifically may be used It is determined by above-mentioned hook detection.
In addition, optional, identification equipment can also according to the warning information, to target terminal under send instructions, to target end Operation on end (the APP client run in such as terminal) is controlled.For example, if identification equipment determines that the risk class is Low danger, identification equipment, which can send instructions down, indicates client output prompt, it is desirable that user's validation information, verification mode include But it is not limited to the modes such as short message verification code, picture validation code.Subsequent operation can not be carried out if verifying does not pass through.For another example, such as Fruit identification equipment determines that the risk class is middle danger, and identification equipment, which can send instructions down, indicates that client forbids user in target wind Control scene (such as log in, get red packet, coupon redemption, consume, transfer accounts etc.) requests access to operation.For another example, if known Other equipment determine the risk class be it is high-risk, identification equipment, which can send instructions down, indicates client to forbid user that all are requested access to Operation, etc., is not listed one by one herein.
For example, can obtain performance more stronger than mobile phone for certain mobile phone games using simulator and (actually belong to swim Play cheating), the application can identify whether game application operates in simulator environment by above-mentioned identification method, can Timely discovery runs on the game behavior in simulator, and then can prevent the behavior, prevents cheating from losing to user's bring.
For another example, the air control strategy for the petty load that a certain financial institution releases is only the user of specific region to be allowed such as to go up north Wide user's loan, illegal user may use simulator to modify GPS positioning, achieve the purpose that gain loan by cheating around air control strategy Money.The application can identify whether equipment runs on simulator environment by above-mentioned identification method as a result, and determine equipment It runs on after simulator environment, refuses the loan requests of the user.Further, above-mentioned hook inspection also can be used in the application Survey mode restores the GPS positioning, to acquire the true location information of user.
For another example, illegal person realizes a simulation by the way that the information such as mobile phone model, brand, manufacturer are arranged in simulator Device software simulates the purpose of more different Android mobile phones, so that creating false identity gains preferential activity, registration reward etc. by cheating.Pass through The application, after capable of determining that the information such as mobile phone model, brand, manufacturer are tampered according to above-mentioned hook detection mode, reduction is true The information such as real mobile phone model, brand, manufacturer simultaneously carry out simulator identification, and then whether can identify equipment operation in time Operate in simulator environment, and can be prevented in time the behavior when operating in simulator environment identifying, avoid to Legitimate user causes damages.
In embodiments of the present invention, identification equipment can be according to the terminal of multiple the simulator recognition rules and acquisition of setting Facility information, according to the simulator recognition rule that terminal device information is hit, to identify whether the terminal runs on simulator ring Border carries out simulator identification so that realizing in conjunction with multiple simulator recognition rules, this just improves the standard of simulator identification True property.Moreover, whether can be tampered by identification facility information before identifying whether as simulator according to facility information, And true facility information is restored when being tampered in time detecting, to carry out simulator knowledge based on true facility information Not, this just further improves the accuracy of simulator identification.
Above method embodiment is all the simulator recognition methods to the application for example, retouching to each embodiment It states and all emphasizes particularly on different fields, there is no the part being described in detail in some embodiment, reference can be made to the related descriptions of other embodiments.
Fig. 4 is referred to, Fig. 4 is a kind of structural schematic diagram for identifying equipment provided in an embodiment of the present invention.The present invention is implemented The identification equipment of example includes the unit for executing above-mentioned simulator recognition methods.Specifically, the identification equipment 400 of the present embodiment Can include: acquiring unit 401 and processing unit 402.Wherein,
Acquiring unit 401, for obtaining the facility information of target terminal, the facility information includes and the target terminal Model information, the producer identification of central processor CPU, memory headroom value, the first number of the application of installation, storage text Second number of part, the network formats used, operating status, connection Wireless Fidelity Wi-Fi Hotspot route-map in Any one is multinomial;
Processing unit 402, for the equipment according to pre-set multiple simulator recognition rules and the target terminal Information determines the target identification rule that the facility information of the target terminal is hit in the multiple simulator recognition rule, In, the multiple simulator recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record Out;
The processing unit 402 is also used to weight and weight threshold according to the pre-set target identification rule, Identify whether the target terminal runs on simulator environment.
Optionally, the processing unit 402, specifically for the target identification rule in hit be it is multiple when, according to The weight of pre-set each simulator recognition rule calculates the sum of the weight of each target identification rule;Described in judgement Weight and whether be greater than pre-set weight threshold;When the weight and be greater than the weight threshold when, determine described in Target terminal runs on simulator environment.
Optionally, the identification equipment further include: weight setting unit 403,;
The weight setting unit 403, the terminal for running on simulator environment in the record of statistical history respectively are set Standby information hits the hit information of the multiple simulator recognition rule;According to the corresponding hit information of each simulator recognition rule Determine the corresponding weight of each simulator recognition rule.
Wherein, the hit information includes hit frequency and/or hit-count, the corresponding power of each simulator recognition rule Corresponding with the simulator recognition rule hit frequency of weight is directly proportional, and/or, the corresponding weight of each simulator recognition rule and The corresponding hit-count of simulator recognition rule is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes The title and/or MAC address of router;The multiple simulator recognition rule includes following at least two:
Router name in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified Claim identical;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the second preset blacklist MAC Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All manufacturers in the producer identification of the central processor CPU of the terminal to be identified and preset white list Mark is all different;
Be not configured with presetting module in the terminal to be identified, the presetting module include bluetooth module, temperature sensor, One or more of light sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The all-network standard in network formats and preset network formats list that the terminal to be identified uses is not It is identical;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
Optionally, the identification equipment further include: hook detection unit 404 and reduction unit 405;
The acquiring unit 401 is also used to obtain the flag of the corresponding objective function of facility information of the target terminal Value;
Hook detection unit 404, for determining the objective function whether by hook according to the flag value;
The acquiring unit 401 is also used to when determining the objective function by hook, from the memory of the objective function It is middle to obtain the corresponding objective function pointer of the objective function;
Reduction unit 405 determines the mesh for the corresponding relationship of each function pointer and function according to the pre-stored data The corresponding original function of scalar functions pointer, and original device information is determined according to the original function;
The processing unit 402, specifically for according to pre-set multiple simulator recognition rules and described original setting Standby information determines the target identification rule that the original device information is hit in the multiple simulator recognition rule.
Optionally, the hook detection unit 404, specifically for by the character of the predetermined position in the flag value with Preset fixed character is compared, the number of characters phase of the number of characters of the character of the predetermined position and the fixed character Together;When the character and the fixed character difference for comparing to obtain the predetermined position, determine the objective function by hook.
Optionally, the hook detection unit 404 is specifically used for carrying out the flag value according to preset logical algorithm Logical operation, to obtain operation result value, wherein the logical algorithm is according to the primary function in preset characters string and system What jump address when execution determined;When the operation result value is positive integer, determine the objective function by hook.
Specifically, the identification equipment can realize that simulator of the above-mentioned Fig. 1 into embodiment illustrated in fig. 3 is known by said units Step some or all of in other method.It should be understood that the embodiment of the present invention is the Installation practice of corresponding method embodiment, other side The description of method embodiment, is also applied for the embodiment of the present invention.
Fig. 5 is referred to, Fig. 5 is the structural schematic diagram of another identification equipment provided in an embodiment of the present invention.The identification is set It is ready for use on and executes above-mentioned method.As shown in figure 5, the identification equipment 500 in the present embodiment may include: one or more processing Device 501 and memory 502.Optionally, which may also include one or more user interfaces 503, and/or, one or Multiple communication interfaces 504.Above-mentioned processor 501, user interface 503, communication interface 504 and memory 502 can pass through bus 505 Connection, or can connect by other means, it is illustrated in Fig. 5 with bus mode.Wherein, memory 502 is used for Computer program is stored, the computer program includes program instruction, and processor 501 is used to execute the journey of the storage of memory 502 Sequence instruction.
Wherein, processor 501 can be used for calling described program instruction execution following steps: obtain the equipment letter of target terminal Breath, the facility information include empty with the model information of the target terminal, the producer identification of central processor CPU, memory Between value, the first number of application of installation, the second number of file of storage, the network formats used, operating status, connection Any one of route-map of Wireless Fidelity Wi-Fi Hotspot is multinomial;According to pre-set multiple simulator identification rule Then with the facility information of the target terminal, determine the facility information of the target terminal in the multiple simulator recognition rule The target identification rule of hit, wherein the multiple simulator recognition rule is according to running on simulator ring in historical record What the facility information of the terminal in border was determined;According to the weight and weight threshold of the pre-set target identification rule, know Whether the not described target terminal runs on simulator environment.
Optionally, processor 501 is called and is advised described in described program instruction execution according to the pre-set target identification Weight and weight threshold then specifically executes following steps when identifying whether the target terminal runs on simulator environment: when When the target identification rule of hit includes multiple, according to the weight of pre-set each simulator recognition rule, calculate each The sum of the weight of a target identification rule;Judge the weight and whether it is greater than pre-set weight threshold;Work as institute State weight and when being greater than the weight threshold, determine that the target terminal runs on simulator environment.
Optionally, processor 501 is also used to call described program instruction execution following steps: respectively in statistical history record The facility information for running on the terminal of simulator environment hits the hit information of the multiple simulator recognition rule, the hit Information includes hit frequency and/or hit-count;Each simulator is determined according to the corresponding hit information of each simulator recognition rule The corresponding weight of recognition rule;Wherein, the corresponding weight of each simulator recognition rule is corresponding with the simulator recognition rule Hit frequency is directly proportional, and/or, the hit corresponding with the simulator recognition rule of the corresponding weight of each simulator recognition rule Number is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes The title and/or MAC address of router;The multiple simulator recognition rule includes following at least two: The title of the router of the Wi-Fi Hotspot of terminal connection to be identified is identical as the router rs name in the first preset blacklist; The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the MAC Address in the second preset blacklist Set;The model of the terminal to be identified is identical as any terminal model in preset third blacklist;The end to be identified The brand at end is identical as any terminal brand in the 4th preset blacklist;The central processor CPU of the terminal to be identified Producer identification be all different with all producer identifications in preset white list;It is not configured in the terminal to be identified Presetting module, the presetting module include one or more of bluetooth module, temperature sensor, light sensor;It is described to The memory headroom value of identification terminal is less than default memory threshold;First number of the application of the terminal installation to be identified is less than pre- If the first quantity threshold;Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;Institute The network formats that terminal to be identified uses are stated to be all different with the all-network standard in preset network formats list;It is described to There are the system files of preset path and title in the system of identification terminal;The operating status of the terminal to be identified is root shape State.
Optionally, processor 501 is calling described in described program instruction execution according to pre-set multiple simulators knowledges The not facility information of rule and the target terminal, determines that the facility information of the target terminal is identified in the multiple simulator Before the target identification rule of rule hit, also executes following steps: obtaining the corresponding mesh of facility information of the target terminal The flag value of scalar functions, and determine the objective function whether by hook according to the flag value;When determining the objective function When by hook, the corresponding objective function pointer of the objective function is obtained from the memory of the objective function;According to depositing in advance Each function pointer of storage and the corresponding relationship of function, determine the corresponding original function of the objective function pointer, and according to institute It states original function and determines original device information;
Processor 501 calls described in described program instruction execution according to pre-set multiple simulator recognition rules and institute The facility information for stating target terminal determines what the facility information of the target terminal was hit in the multiple simulator recognition rule When target identification rule, following steps are specifically executed: according to pre-set multiple simulator recognition rules and described original setting Standby information determines the target identification rule that the original device information is hit in the multiple simulator recognition rule.
Optionally, processor 501 according to the flag value determines the target described in described program instruction execution calling When whether function is by hook, specifically execute following steps: by the character of the predetermined position in the flag value with it is preset solid Determine character to be compared, the number of characters of the character of the predetermined position is identical as the number of characters of the fixed character;When comparing When obtaining the character of the predetermined position with the fixed character difference, determine the objective function by hook.
Optionally, processor 501 according to the flag value determines the target described in described program instruction execution calling When whether function is by hook, following steps are specifically executed: logical operation being carried out to the flag value according to preset logical algorithm, To obtain operation result value, wherein the logical algorithm is when being executed according to the primary function in preset characters string and system What jump address determined;When the operation result value is positive integer, determine the objective function by hook.
Wherein, the processor 501 can be central processing unit (Central Processing Unit, CPU), should Processor can also be other general processors, digital signal processor (Digital Signal Processor, DSP), specially With integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor are patrolled Collect device, discrete hardware components etc..General processor can be microprocessor or the processor be also possible to it is any conventional Processor etc..
User interface 503 may include input equipment and output equipment, and input equipment may include Trackpad, microphone etc., Output equipment may include display (LCD etc.), loudspeaker etc..
Communication interface 504 may include receiver and transmitter, for being communicated with other equipment.
Memory 502 may include read-only memory and random access memory, and provide instruction sum number to processor 501 According to.The a part of of memory 502 can also include nonvolatile RAM.For example, memory 502 can also store The corresponding relationship etc. of above-mentioned function pointer and function.
In the specific implementation, above-mentioned Fig. 1 can be performed to shown in Fig. 3 in processor 501 described in the embodiment of the present invention etc. The implementation of each unit described in Fig. 4 of the embodiment of the present invention also can be performed in implementation described in embodiment of the method, It does not repeat herein.
The embodiment of the invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage There is computer program, mould described in embodiment corresponding to Fig. 1 to Fig. 3 can be realized when the computer program is executed by processor Step some or all of in quasi- device recognition methods, can also realize the function of the identification equipment of Fig. 4 of the present invention or embodiment illustrated in fig. 5 Can, it does not repeat herein.
The embodiment of the invention also provides a kind of computer program products comprising instruction, when it runs on computers When, so that step some or all of in the computer execution above method.
The computer readable storage medium can be the storage inside list of identification equipment described in aforementioned any embodiment Member, such as the hard disk or memory of identification equipment.The computer readable storage medium is also possible to the outside of the identification equipment The plug-in type hard disk being equipped in storage equipment, such as the identification equipment, intelligent memory card (Smart Media Card, SMC), Secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..
In this application, term "and/or", only a kind of incidence relation for describing affiliated partner, indicates may exist Three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Separately Outside, character "/" herein typicallys represent the relationship that forward-backward correlation object is a kind of "or".
In the various embodiments of the application, magnitude of the sequence numbers of the above procedures are not meant to the elder generation of execution sequence Afterwards, the execution sequence of each process should be determined by its function and internal logic, the implementation process structure without coping with the embodiment of the present invention At any restriction.
The above, some embodiments only of the invention, but scope of protection of the present invention is not limited thereto, and it is any Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or replace It changes, these modifications or substitutions should be covered by the protection scope of the present invention.

Claims (10)

1. a kind of simulator recognition methods characterized by comprising
The facility information of target terminal is obtained, the facility information includes and the model information of the target terminal, central processing The producer identification of device CPU, memory headroom value, the first number of the application of installation, storage file the second number, use Network formats, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target terminal is determined The target identification rule hit in the multiple simulator recognition rule of facility information, wherein the multiple simulator identification Rule is determined according to the facility information for the terminal for running on simulator environment in historical record;
According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal runs on Simulator environment.
2. the method according to claim 1, wherein described according to pre-set target identification rule Weight and weight threshold, identify whether the target terminal runs on simulator environment, comprising:
When the target identification rule of hit is multiple, according to the weight of pre-set each simulator recognition rule, meter Calculate the sum of the weight of each target identification rule;
Judge the weight and whether it is greater than pre-set weight threshold;
When the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
3. the method according to claim 1, wherein the method also includes:
The facility information for the terminal for running on simulator environment in statistical history record respectively hits the multiple simulator identification The hit information of rule, the hit information includes hit frequency and/or hit-count;
The corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule;
Wherein, the corresponding weight of each simulator recognition rule hit frequency corresponding with the simulator recognition rule is directly proportional, And/or the corresponding weight of each simulator recognition rule hit-count corresponding with the simulator recognition rule is directly proportional.
4. method according to claim 1-3, which is characterized in that the model information includes the target terminal Model and/or brand, the route-map includes the title and/or MAC address of router;It is described more A simulator recognition rule includes following at least two:
The title and the router rs name phase in the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified Together;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the MAC in the second preset blacklist Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All producer identifications in the producer identification of the central processor CPU of the terminal to be identified and preset white list It is all different;
Presetting module is not configured in the terminal to be identified, the presetting module includes bluetooth module, temperature sensor, light One or more of sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The network formats that the terminal to be identified uses are all different with the all-network standard in preset network formats list;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
5. the method according to claim 1, wherein described according to pre-set multiple simulator identification rule Then with the facility information of the target terminal, determine the facility information of the target terminal in the multiple simulator recognition rule Before the target identification rule of hit, the method also includes:
The flag value of the corresponding objective function of facility information of the target terminal is obtained, and according to flag value determination Whether objective function is by hook;
When determining the objective function by hook, the corresponding mesh of the objective function is obtained from the memory of the objective function Scalar functions pointer;
The corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding original Function, and original device information is determined according to the original function;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target terminal is determined The target identification rule hit in the multiple simulator recognition rule of facility information, comprising:
According to pre-set multiple simulator recognition rules and the original device information, determine that the original device information exists The target identification rule of the multiple simulator recognition rule hit.
6. according to the method described in claim 5, it is characterized in that, described determine that the objective function is according to the flag value It is no by hook, comprising:
The character of predetermined position in the flag value is compared with preset fixed character, the predetermined position The number of characters of character is identical as the number of characters of the fixed character;
When the character and the fixed character difference for comparing to obtain the predetermined position, the objective function quilt is determined hook。
7. according to the method described in claim 5, it is characterized in that, described determine that the objective function is according to the flag value It is no by hook, comprising:
Logical operation is carried out to the flag value according to preset logical algorithm, to obtain operation result value, wherein the logic Algorithm is that jump address when being executed according to the primary function in preset characters string and system determines;
When the operation result value is positive integer, determine the objective function by hook.
8. a kind of identification equipment, which is characterized in that including for executing the side as described in any one of claim 1-7 claim The unit of method.
9. a kind of identification equipment, which is characterized in that including processor, user interface, communication interface and memory, the processing Device, user interface, communication interface and memory are connected with each other, wherein the memory is for storing computer program, the meter Calculation machine program includes program instruction, and the processor is configured for calling described program instruction, executes claim 1-7 such as and appoints Method described in one.
10. a kind of computer readable storage medium, which is characterized in that the computer storage medium is stored with computer program, The computer program includes program instruction, and described program instruction makes the processor execute such as right when being executed by a processor It is required that the described in any item methods of 1-7.
CN201810855587.2A 2018-07-27 2018-07-27 Simulator identification method, simulator identification equipment and computer readable medium Active CN109117250B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810855587.2A CN109117250B (en) 2018-07-27 2018-07-27 Simulator identification method, simulator identification equipment and computer readable medium
PCT/CN2018/107747 WO2020019484A1 (en) 2018-07-27 2018-09-26 Simulator recognition method, recognition device, and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810855587.2A CN109117250B (en) 2018-07-27 2018-07-27 Simulator identification method, simulator identification equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN109117250A true CN109117250A (en) 2019-01-01
CN109117250B CN109117250B (en) 2022-03-08

Family

ID=64862409

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810855587.2A Active CN109117250B (en) 2018-07-27 2018-07-27 Simulator identification method, simulator identification equipment and computer readable medium

Country Status (2)

Country Link
CN (1) CN109117250B (en)
WO (1) WO2020019484A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213341A (en) * 2019-05-13 2019-09-06 百度在线网络技术(北京)有限公司 The downloading detection method and device of application program
CN110248372A (en) * 2019-04-25 2019-09-17 深圳壹账通智能科技有限公司 A kind of method, apparatus, storage medium and the computer equipment of simulator detection
CN110378112A (en) * 2019-07-08 2019-10-25 北京达佳互联信息技术有限公司 A kind of user identification method and device
CN111107064A (en) * 2019-12-04 2020-05-05 北京奇虎科技有限公司 Terminal equipment identification method, device, equipment and readable storage medium
CN111177483A (en) * 2019-12-04 2020-05-19 北京奇虎科技有限公司 Terminal device identification method, device and computer readable storage medium
WO2021036450A1 (en) * 2019-08-27 2021-03-04 苏宁云计算有限公司 Simulator detection method and system
CN113282304A (en) * 2021-05-14 2021-08-20 杭州云深科技有限公司 System for identifying virtual machine based on app installation list
CN113468541A (en) * 2021-06-30 2021-10-01 北京达佳互联信息技术有限公司 Operating environment recognition method and device, electronic equipment and storage medium
CN113902458A (en) * 2021-12-07 2022-01-07 深圳市活力天汇科技股份有限公司 Malicious user identification method and device and computer equipment
CN115294408A (en) * 2022-10-08 2022-11-04 汉达科技发展集团有限公司 Operation abnormity identification method for driving simulator

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111338946B (en) * 2020-02-24 2023-07-14 北京新氧科技有限公司 Android simulator detection method and device
CN111461545B (en) * 2020-03-31 2023-11-10 北京深演智能科技股份有限公司 Method and device for determining machine access data
CN111611254B (en) * 2020-04-30 2023-05-09 广东良实机电工程有限公司 Equipment energy consumption abnormality monitoring method and device, terminal equipment and storage medium
CN114079623B (en) * 2020-08-04 2023-07-21 中国移动通信集团河北有限公司 Method and device for identifying transmission capacity of user side router
CN113337995B (en) * 2021-06-29 2023-11-03 海信冰箱有限公司 Clothes information identification method for washing machine and washing machine
CN115909019B (en) * 2022-10-26 2024-02-09 吉林省吉林祥云信息技术有限公司 Scheduling method in multi-model node scene for identifying verification code image

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951355A (en) * 2015-07-03 2015-09-30 北京数字联盟网络科技有限公司 Application program virtual operation environment recognition method and device
CN106648835A (en) * 2016-12-26 2017-05-10 武汉斗鱼网络科技有限公司 Method and system for detecting running of Android application program in Android simulator
US20170277891A1 (en) * 2016-03-25 2017-09-28 The Mitre Corporation System and method for vetting mobile phone software applications
CN107729121A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 Simulator detection method and device
CN108021805A (en) * 2017-12-18 2018-05-11 上海众人网络安全技术有限公司 Detect method, apparatus, equipment and the storage medium of Android application program running environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107678834A (en) * 2017-09-30 2018-02-09 北京梆梆安全科技有限公司 A kind of Android simulator detection method and device based on hardware configuration

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104951355A (en) * 2015-07-03 2015-09-30 北京数字联盟网络科技有限公司 Application program virtual operation environment recognition method and device
US20170277891A1 (en) * 2016-03-25 2017-09-28 The Mitre Corporation System and method for vetting mobile phone software applications
CN106648835A (en) * 2016-12-26 2017-05-10 武汉斗鱼网络科技有限公司 Method and system for detecting running of Android application program in Android simulator
CN107729121A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 Simulator detection method and device
CN108021805A (en) * 2017-12-18 2018-05-11 上海众人网络安全技术有限公司 Detect method, apparatus, equipment and the storage medium of Android application program running environment

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110248372A (en) * 2019-04-25 2019-09-17 深圳壹账通智能科技有限公司 A kind of method, apparatus, storage medium and the computer equipment of simulator detection
CN110248372B (en) * 2019-04-25 2023-04-11 深圳壹账通智能科技有限公司 Simulator detection method and device, storage medium and computer equipment
CN110213341A (en) * 2019-05-13 2019-09-06 百度在线网络技术(北京)有限公司 The downloading detection method and device of application program
CN110213341B (en) * 2019-05-13 2023-06-23 百度在线网络技术(北京)有限公司 Method and device for detecting downloading of application program
CN110378112A (en) * 2019-07-08 2019-10-25 北京达佳互联信息技术有限公司 A kind of user identification method and device
WO2021036450A1 (en) * 2019-08-27 2021-03-04 苏宁云计算有限公司 Simulator detection method and system
CN111107064B (en) * 2019-12-04 2022-07-12 北京奇虎科技有限公司 Terminal equipment identification method, device, equipment and readable storage medium
CN111107064A (en) * 2019-12-04 2020-05-05 北京奇虎科技有限公司 Terminal equipment identification method, device, equipment and readable storage medium
CN111177483A (en) * 2019-12-04 2020-05-19 北京奇虎科技有限公司 Terminal device identification method, device and computer readable storage medium
CN113282304A (en) * 2021-05-14 2021-08-20 杭州云深科技有限公司 System for identifying virtual machine based on app installation list
CN113282304B (en) * 2021-05-14 2022-04-29 杭州云深科技有限公司 System for identifying virtual machine based on app installation list
CN113468541A (en) * 2021-06-30 2021-10-01 北京达佳互联信息技术有限公司 Operating environment recognition method and device, electronic equipment and storage medium
CN113468541B (en) * 2021-06-30 2024-03-12 北京达佳互联信息技术有限公司 Identification method, identification device, electronic equipment and storage medium
CN113902458A (en) * 2021-12-07 2022-01-07 深圳市活力天汇科技股份有限公司 Malicious user identification method and device and computer equipment
CN115294408A (en) * 2022-10-08 2022-11-04 汉达科技发展集团有限公司 Operation abnormity identification method for driving simulator

Also Published As

Publication number Publication date
WO2020019484A1 (en) 2020-01-30
CN109117250B (en) 2022-03-08

Similar Documents

Publication Publication Date Title
CN109117250A (en) A kind of simulator recognition methods, identification equipment and computer-readable medium
CN109144665A (en) A kind of simulator recognition methods, identification equipment and computer-readable medium
CN109062667A (en) A kind of simulator recognition methods, identification equipment and computer-readable medium
CN109561085A (en) A kind of auth method based on EIC equipment identification code, server and medium
CN103440456B (en) The method and device that a kind of application security is assessed
CN107820210B (en) Sign-in method, mobile terminal and computer readable storage medium
CN109145590B (en) Function hook detection method, detection equipment and computer readable medium
EP2965257B1 (en) Method for measuring and monitoring the access levels to personal data generated by resources of a user device
CN103186740A (en) Automatic detection method for Android malicious software
US20190135177A1 (en) Method and system for aggregation of behavior modification results
CN107846511A (en) A kind of method, terminal and computer-readable recording medium for accessing moving advertising
WO2022148391A1 (en) Model training method and apparatus, data detection method and apparatus, and device and medium
CN109688183A (en) Group control device recognition methods, device, equipment and computer readable storage medium
CN109756840A (en) Mobile terminal is registered anti-cheating method, device, system, equipment and storage medium
CN117009208A (en) Dependency information processing method, device, equipment and storage medium
CN111931047A (en) Artificial intelligence-based black product account detection method and related device
CN110363648B (en) Multi-dimensional attribute verification method and device based on same geographic type and electronic equipment
CN111340574B (en) Risk user identification method and device and electronic equipment
CN109068329A (en) Dummy location recognition methods, device, equipment and computer readable storage medium
CN110493475A (en) The real-time network utilization efficiency of telephone network is low and Misuse detection platform
US11290590B2 (en) Method and system for distraction management of context-aware rule-based smart device
CN112989323B (en) Process detection method, device, terminal and storage medium
CN113468541A (en) Operating environment recognition method and device, electronic equipment and storage medium
CN113849812A (en) Application program detection method and device and electronic equipment
CN113673870A (en) Enterprise data analysis method and related components

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant