CN109117250A - A kind of simulator recognition methods, identification equipment and computer-readable medium - Google Patents
A kind of simulator recognition methods, identification equipment and computer-readable medium Download PDFInfo
- Publication number
- CN109117250A CN109117250A CN201810855587.2A CN201810855587A CN109117250A CN 109117250 A CN109117250 A CN 109117250A CN 201810855587 A CN201810855587 A CN 201810855587A CN 109117250 A CN109117250 A CN 109117250A
- Authority
- CN
- China
- Prior art keywords
- simulator
- terminal
- rule
- identification
- hit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45504—Abstract machines for programme code execution, e.g. Java virtual machine [JVM], interpreters, emulators
- G06F9/45508—Runtime interpretation or emulation, e g. emulator loops, bytecode interpretation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The embodiment of the invention discloses a kind of simulator recognition methods, identification equipment and computer-readable mediums, wherein this method comprises: obtaining the facility information of target terminal;According to the facility information of pre-set multiple simulator recognition rules and the target terminal, determine the target identification rule that the facility information of the target terminal is hit in the multiple simulator recognition rule, wherein, the multiple simulator recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record;According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal runs on simulator environment.Using the embodiment of the present invention, facilitate the accuracy for promoting simulator identification.
Description
Technical field
The present invention relates to fields of communication technology more particularly to a kind of simulator recognition methods, identification equipment and computer can
Read medium.
Background technique
Android simulator, which is one, to go out the operation of android system in the various platform simulations such as Windows, Linux
The application of environment, user can run answering for android system in the Android simulator in the terminals such as personal computer
With., in application, for certain business, such as needing to carry out the business of Risk Monitoring using android system, it is undesirable that it
It is running on simulator, it is therefore desirable to be identified to whether terminal runs on Android simulator environment.And current risk
It identifies that equipment is limited to the recognition capability of Android simulator, can not effectively identify whether terminal runs on simulator environment.
Summary of the invention
The embodiment of the present invention provides a kind of simulator recognition methods, identification equipment and computer-readable medium, helps to mention
Rise the accuracy of simulator identification.
In a first aspect, the embodiment of the invention provides a kind of simulator recognition methods, comprising:
The facility information of target terminal is obtained, the facility information includes and the model information of the target terminal, center
The producer identification of processor CPU, memory headroom value, the first number of the application of installation, storage file the second number, make
Network formats, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined
The target identification rule that the facility information of terminal is hit in the multiple simulator recognition rule, wherein the multiple simulator
Recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record;
According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal is transported
Row is in simulator environment.
Optionally, the weight and weight threshold according to the pre-set target identification rule, identifies the mesh
Whether mark terminal runs on simulator environment, comprising:
When the target identification rule of hit is multiple, according to the power of pre-set each simulator recognition rule
Weight calculates the sum of the weight of each target identification rule;
Judge the weight and whether it is greater than pre-set weight threshold;
When the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
Optionally, the method also includes:
The facility information for the terminal for running on simulator environment in statistical history record respectively hits the multiple simulator
The hit information of recognition rule, the hit information includes hit frequency and/or hit-count;
The corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule;
Wherein, the corresponding weight of each simulator recognition rule hit frequency corresponding with the simulator recognition rule is at just
Than, and/or, the corresponding weight of each simulator recognition rule hit-count corresponding with the simulator recognition rule is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes
Address title and/or media access control (Media Access Control, MAC) of router;The multiple simulator is known
Rule does not include following at least two:
Router name in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified
Claim identical;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the second preset blacklist
MAC Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All manufacturers in the producer identification of the central processor CPU of the terminal to be identified and preset white list
Mark is all different;
Be not configured with presetting module in the terminal to be identified, the presetting module include bluetooth module, temperature sensor,
One or more of light sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The all-network standard in network formats and preset network formats list that the terminal to be identified uses is not
It is identical;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
Optionally, believed described according to the equipment of pre-set multiple simulator recognition rules and the target terminal
Breath, determine the facility information of the target terminal before the target identification that the multiple simulator recognition rule hit is regular,
The method also includes:
The flag value of the corresponding objective function of facility information of the target terminal is obtained, and is determined according to the flag value
Whether the objective function is by hook;
When determining the objective function by hook, it is corresponding that the objective function is obtained from the memory of the objective function
Objective function pointer;
The corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding
Original function, and original device information is determined according to the original function;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined
The target identification rule that the facility information of terminal is hit in the multiple simulator recognition rule, comprising:
According to pre-set multiple simulator recognition rules and the original device information, the original device letter is determined
Cease the target identification rule hit in the multiple simulator recognition rule.
It is optionally, described to determine the objective function whether by hook according to the flag value, comprising:
The character of predetermined position in the flag value is compared with preset fixed character, the predeterminated position
The number of characters of the character at place is identical as the number of characters of the fixed character;
When the character and the fixed character difference for comparing to obtain the predetermined position, the objective function quilt is determined
hook。
It is optionally, described to determine the objective function whether by hook according to the flag value, comprising:
Logical operation is carried out to the flag value according to preset logical algorithm, to obtain operation result value, wherein described
Logical algorithm is that jump address when being executed according to the primary function in preset characters string and system determines;
When the operation result value is positive integer, determine the objective function by hook.
Second aspect, the embodiment of the invention provides a kind of identification equipment, which includes for executing above-mentioned
The unit of the method for one side.
The third aspect, the embodiment of the invention provides another kinds to identify that equipment, including processor, user interface, communication connect
Mouth and memory, the processor, user interface, communication interface and memory are connected with each other, wherein the memory is for depositing
Storage supports identification equipment to execute the computer program of the above method, and the computer program includes program instruction, the processor
It is configured for calling described program instruction, the method for executing above-mentioned first aspect.
Fourth aspect, the embodiment of the invention provides a kind of computer readable storage medium, the computer storage medium
It is stored with computer program, the computer program includes program instruction, and described program instruction makes institute when being executed by a processor
State the method that processor executes above-mentioned first aspect.
The embodiment of the present invention can be determined in preset multiple simulator recognition rules by the facility information of acquisition terminal
The simulator recognition rule of the facility information hit of the target terminal, and then according to the simulator recognition rule of the preset hit
Weight and default weight threshold, to identify whether the target terminal runs on simulator environment, so that realizing in conjunction with multiple
Simulator recognition rule carries out simulator identification, this helps to the accuracy for promoting simulator identification.
Detailed description of the invention
Technical solution in order to illustrate the embodiments of the present invention more clearly, below will be to needed in embodiment description
Attached drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the invention, general for this field
For logical technical staff, without creative efforts, it is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of simulator recognition methods provided in an embodiment of the present invention;
Fig. 2 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention;
Fig. 3 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram for identifying equipment provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another identification equipment provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are some of the embodiments of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, every other implementation obtained by those of ordinary skill in the art without making creative efforts
Example, shall fall within the protection scope of the present invention.
The technical solution of the application can be applied to identification equipment in, the identification equipment may include various terminals, server or
Risk identification product (equipment) being connect with terminal etc., for being identified (referred to as " simulation to the simulator behavior in terminal
Device identification "), whether simulator environment is run on identification terminal (or application in terminal, such as application of identification implantation SDK),
Or referred to as whether identification terminal is logged in using simulator.In this application, simulator can refer to Android simulator or its
His simulator.This application involves terminal can be mobile phone, computer, plate, personal computer, smartwatch etc., the application is not
It limits.
Specifically, the application can be by being arranged multiple simulator recognition rules, and the letter of the various equipment by obtaining terminal
Breath, such as the Wi-Fi Hotspot information, model information, the manufacturer's information of CPU, module configuration information, memory headroom letter that connect
It ceases, number, the number of file of storage, the network formats used, system file exception information, operating status of the application of installation
Etc. simulator recognition rules that are one or more in information, and being hit according to various facility informations, know in conjunction with multiple simulators
Not rule carries out simulator identification, so as to promote the accuracy of simulator identification.It is described in detail individually below.
Referring to Figure 1, Fig. 1 is a kind of flow diagram of simulator recognition methods provided in an embodiment of the present invention.Specifically
, as shown in Figure 1, the simulator recognition methods may comprise steps of:
101, the facility information of target terminal is obtained.
Wherein, which can refer to any terminal for needing to carry out simulator identification, for example produce with risk identification
The terminal of product connection, perhaps the terminal under specific air control scene or triggering (for example pass through programmable button or gesture or pre-
If other triggering modes) simulator identification terminal, etc., the application is without limitation.The air control scene may include stepping on
Record scene, transaction scene, the preferential field scene of APP etc..
Optionally, the facility information of the acquisition may include with the model information of the target terminal, the producer identification of CPU,
Memory headroom value, the first number of the application of installation, the second number of file of storage, the network formats used, module configuration
Information, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial.Wherein, the type
Information may include the model and/or brand of the target terminal, which includes whether such as blue configured with presetting module
Tooth module, temperature sensor, light sensor etc., the route-map may include the title and/or media interviews of router
Control MAC Address etc..
102, according to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined
The target identification rule that the facility information of terminal is hit in multiple simulator recognition rule.
Wherein, multiple simulator recognition rule can be according to the terminal for running on simulator environment in historical record
What facility information was determined, to promote the efficiency and reliability of simulator identification.For example, multiple simulator recognition rule can be with
Including following at least two:
Rule 1: the road in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified
It is identical by device title;
Rule 2: the MAC Address of the router of the Wi-Fi Hotspot of terminal connection to be identified is in the second preset blacklist
Interior MAC Address set;
Wherein, detection MAC Address whether be in preset MAC Address set can also be known as detection MAC Address whether with
MAC Address in the MAC Address set is identical;Correspondingly, MAC Address be in MAC Address set can refer to the MAC Address with
MAC address in the MAC Address set is identical.
Rule 3: the model of terminal to be identified is identical as any terminal model in preset third blacklist;
Rule 4: the brand of terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
Optionally, above-mentioned blacklist such as the first blacklist, the second blacklist, third blacklist, the 4th blacklist etc. wrap
The facility information included, which can be, to be identified as the terminal of simulator and (is identified as operating in the end of simulator environment in historical data
End) corresponding facility information, for example (L is the integer greater than 0, such as takes 8) a facility information (routing by preceding L that statistics number is most
Device title, MAC Address, model or brand etc.) or statistics number be greater than preset threshold facility information etc., herein not
It repeats.
For example, first blacklist includes the title for being identified as the router that the terminal of simulator is connected in historical data
The more title of middle statistics number, such as preceding M that statistics number is most (M is the integer greater than 0, such as takes 10) a title, or
Statistics number is greater than the title of preset number threshold value (first threshold);For another example, which includes identifying in historical data
The more MAC Address of statistics number or by the MAC Address group in the MAC Address of the router connected by the terminal of simulator
At MAC Address set, for example (N is the integer greater than 0, such as takes 50) a MAC Address, Huo Zhetong by preceding N that statistics number is most
Metering number is greater than the MAC Address of preset number threshold value (second threshold), or the MAC Address set determined by these MAC Address,
Etc., the application is without limitation.Wherein, the first threshold and second threshold can preset to obtain.
Rule 5: all productions in the producer identification of the central processor CPU of terminal to be identified and preset white list
Trade mark knowledge is all different;
It wherein, may include the mark of one or more legal CPU manufacturers in the white list.
Rule 6: be not configured with presetting module in terminal to be identified, the presetting module include bluetooth module, temperature sensor,
One or more of light sensor;
Wherein, the presetting module can according to historical data count be identified as in the terminal of simulator do not have configuration
Module, such as bluetooth module, temperature sensor, light sensor.So if recognizing terminal does not configure the presetting module, then
It may be simulator.
Rule 7: the memory headroom value of terminal to be identified is less than default memory threshold;
Rule 8: the first number of the application of terminal installation to be identified is less than preset first quantity threshold;
Rule 9: the second number of the file of terminal storage to be identified is less than preset second quantity threshold;
Wherein, first quantity threshold and the second quantity threshold can preset to obtain.
Rule 10: the network formats that terminal to be identified uses and the all-network standard in preset network formats list are equal
It is not identical;
Optionally, identification equipment can determine which is just in conjunction with target area of the terminal to be identified such as where target terminal
Normal network formats, such as by being pre-configured with different zones and its corresponding network formats list, to determine and the target area
The corresponding network formats list in domain, the network formats in the network formats list are the proper network standard of the target area.
If detecting that the network formats that the target terminal uses are not the network formats in its corresponding network formats list, the mesh
Mark terminal may run on simulator environment, because simulator may distort network formats information.
Rule 11: there are the system files of preset path and title in the system of terminal to be identified;
It may be simulator if there is abnormal system file in target terminal.For example, the system file of the exception
It may include the system file of following path and title :/dev/qemu_pipe ,/dev/socket/qemud ,/system/lib/
Libc_malloc_debug_qemu.so ,/sys/qemu_trace ,/proc/tty/drivers/goldfish etc..
Rule 12: the operating status of terminal to be identified is root state.If detecting that target terminal is in Android
Root state then may be simulator.
Wherein, facility information hit simulator recognition rule be referred to as facility information meet simulator recognition rule or
Meet simulator recognition rule etc..The terminal to be identified is the simulator identification needed by determining the hit of its facility information
Rule is to carry out the terminal of simulator identification, such as above-mentioned target terminal.
103, according to the weight and weight threshold of pre-set target identification rule, identify whether the target terminal is transported
Row is in simulator environment.
Wherein, the weight of multiple simulator recognition rule can preset to obtain, such as by air control personnel according to warp
It tests and is configured, or the frequency of each simulator recognition rule or secondary is hit according to the terminal for being identified as simulator in historical record
Number is configured, etc..For example, the weight of setting is descending successively are as follows: regular 4 > rule of 1=rule 2 > rule 3=rule 5
> rule 6=rule 7=rule 8=rule 9=rule 10 > rule 11 > rule 12.For the weight of simulator recognition rule
Setting or method of determination, the application is without limitation.
That is, the application can be carried out by preset multiple simulator recognition rules when carrying out simulator identification,
It can be by obtaining the facility information of terminal, and detect whether the facility information hits multiple simulator recognition rule, in turn
According to the weight and default weight threshold of the simulator recognition rule of hit, to carry out simulator identification, such as the mould in hit
When the weight of quasi- device recognition rule is greater than the weight threshold, determine the terminal operating in simulator environment.It further, if should
The facility information and any simulator recognition rule of miss of target terminal, then can determine the target terminal not running in simulator
Environment.
For example, in some embodiments, which is above-mentioned rule 1,2,3, preset
Rule 1 weight be 0.7, rule 2 weight be 0.7, rule 3 weight be 0.5, weight threshold 0.6, the acquisition is set
Standby information includes the title of the router of the Wi-Fi Hotspot of target terminal connection and the type of MAC Address and the target terminal
Number.Then identify equipment can by detect the router in the facility information title whether with the router in first blacklist
Title is identical and the facility information in MAC Address whether be in the MAC Address set in second blacklist, and should
Whether the model in facility information is identical as any terminal model in the third blacklist.If identification equipment detects the road
It is identical as the either router title in first blacklist by the title of device, it is determined that hit rule 1, if identification equipment inspection
Measure the MAC address set that the MAC Address is in second blacklist, it is determined that hit rule 2, if identification equipment
Detect that the model is identical as any terminal model in the third blacklist, it is determined that hit rule 3.Assuming that identification equipment is true
The facility information hit rule 2 of the fixed target terminal, miss rule 1 and 3, regular 2 corresponding weights 0.7 are greater than weight threshold
0.6, then it can determine that the target terminal runs on simulator environment.
In embodiments of the present invention, identification equipment can determine preset multiple moulds by the facility information of acquisition terminal
The simulator recognition rule of the facility information hit of the target terminal in quasi- device recognition rule, and then according to the preset hit
The weight of simulator recognition rule and default weight threshold, to identify whether the target terminal runs on simulator environment, so that
It realizes in conjunction with multiple simulator recognition rules and carries out simulator identification, this helps to promote the accurate of simulator identification
Property.
Fig. 2 is referred to, Fig. 2 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention.Tool
Body, as shown in Fig. 2, the simulator recognition methods may comprise steps of:
201, the facility information for the terminal for running on simulator environment in statistical history record respectively hits multiple simulation
The hit information of device recognition rule, the hit information include hit frequency and/or hit-count.
202, the corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule.
Wherein, the corresponding weight of each simulator recognition rule can hit frequency corresponding with the simulator recognition rule
It is directly proportional, and/or, the corresponding weight of each simulator recognition rule can hit-count corresponding with the simulator recognition rule
It is directly proportional.
That is, the application can pass through the historical data to the terminal for being identified as running on simulator environment, including life
In simulator rule carry out big data analysis, frequency and/or the number of above-mentioned rule are hit come flexible according to the historical data
The weight of simulator recognition rule is set.For example, the frequency of the hit frequency of a certain rule of hit is higher, the corresponding power of the rule
Reset be set to it is bigger;The hit-count for hitting a certain rule is higher, and the corresponding weight of the rule is set as bigger, etc..It is optional
, the mapping relations between the hit frequency (and/or hit-count) and weight can be pre-established, alternatively, pre-establishing the life
The mapping relations between mapping relations and important level and weight between middle frequency (and/or hit-count) and important level
Etc..And then identify that equipment can determine that its is corresponding according to the hit frequency and/or hit-count of each simulator recognition rule
Weight.It is further alternative, it can also go to count each simulator identification rule in nearest preset time period according to prefixed time interval
New hit frequency and/or hit-count then, and then each rule is updated according to the new hit frequency and/or hit-count
Weight, further to promote the accuracy of simulator identification.
Optionally, identification equipment can also be arranged or choose the carry out simulator according to the hit frequency and/or hit-count
Multiple simulator recognition rules (i.e. above-mentioned multiple simulator recognition rules) of identification, it is such as that hit frequency or number is highest
(L is the integer greater than 0 to preceding L, such as takes 6) rule of a rule as the identification of multiple simulator, or will be in preset time period
Hit frequency be higher than the rule of predeterminated frequency threshold value as multiple simulator recognition rule, or will be in preset time period
Hit-count is higher than the rule of preset times threshold value as multiple simulator recognition rule, etc., is not listed one by one herein.From
And the flexibility and reliability of simulator setting rule are improved, and be able to ascend recognition efficiency.
203, the facility information of target terminal is obtained.
Optionally, when carrying out simulator identification, identification equipment multinomial can be set by obtaining the equipment bottom of target terminal
Standby information, for example the facility information may include following one or more: route-map (including the road of the Wi-Fi Hotspot of connection
Such as Wi-Fi service set (Service Set Identifier, SSID) by device title (or Wi-Fi title), router mac
Address (or Wi-Fi MAC Address) such as Wi-Fi basic service set identification (Basic Service Set Identifier,
BSSID) etc.), type (model and/or brand), CPU manufacturer information, Bluetooth information, sensor information, user use trace
Information for example memory headroom value, the network formats used, Android state (or be operating status, such as whether be in root shape
State), system file exception information (such as whether there are the system files of preset path and title), installation application number, deposit
The number of the file of storage, the packet name for accessing App, the access version number of App, the version number of SDK, OS Type, operation system
System version, equipment exclusive identification code (UDID), whether escaped from prison (for example 1 representative has been escaped from prison, and 0 representative is not escaped from prison), longitude and latitude
Whether information, network type, specified App install (for example 1 representative has been installed, and 0 representative is not installed), whether are mounted with that Ali is small
Number, whether be mounted with v8 plug-in unit, current time stamp (such as precision be millisecond), advertisement identifier, Vendor identifier, equipment type
Number, host name, CPU core calculation, cpu type, CPU subtype, screen resolution, storage gross space, storage fragmentation, when
Area, language, electricity, battery status, operator name, country ISO, starting time, keyboard list, did erased or distorted,
The did that is stored in localfile, GPS switch (for example 0 represent and close, 1 represent open), GPS licensing status, APP whether are opened
Dynamic link library list of load etc., to carry out simulator identification.Optionally, it is raw that Android bottom source can be used in the application
API acquires facility information, so that facility information is not easy to be tampered.
It, can with promote identification specifically, identification equipment can carry out simulator identification by obtaining multinomial facility information
By property.Moreover, the identification equipment can use the facility information Xiang Zhongyu of the acquisition according to preset multiple simulator recognition rules
The corresponding partial information of multiple simulator recognition rule identifies for simulator, that is, the facility information item obtained is more than needing to make
The facility information item used, so that illegal person can not determine which specifically used information to carry out simulator identification, this is just
Facilitate after preventing illegal person from recognizing a certain recognition rule to distort relevant device information and leads to not identify simulator in time
The case where generation, that is, prevent recognition rule to be cracked so that improve simulator identification reliability.
204, according to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target is determined
The target identification rule that the facility information of terminal is hit in multiple simulator recognition rule.
Wherein, multiple simulator recognition rule can be according to the terminal for running on simulator environment in historical record
What facility information was determined, it does not repeat herein.
205, when the target identification rule of hit is multiple, according to the power of pre-set each simulator recognition rule
Weight calculates the sum of the weight of each target identification rule.
206, judge the weight and whether it is greater than pre-set weight threshold.
207, when the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
Specifically, identification equipment can be known by judging whether the facility information obtained hits pre-set multiple simulators
It is irregular, according to whether the result of hit determines the weight of each rule, and identified whether according to the weight of each rule as simulator.
Wherein, if hitting a certain rule, taking the weight of the rule of the hit is pre-set weight;If a certain rule of miss
Then, then the weight for taking the rule of the miss is 0.That is, the simulator recognition rule of statistics hit, that is, target identification rule
Weight.Further, a threshold value can be preset, if being accumulated by the sum of the weight of each target identification rule of hit
More than the threshold value, then it can recognize as simulator, that is, determine that the target terminal runs on simulator environment.
For example, in some embodiments, which is above-mentioned regular 1-12, preset
The weight of rule 1,2 is 0.4, and the weight of rule 3,4 is 0.35, and the weight of rule 5 is 0.3, rule 6,7,8,9,10
Weight is 0.25, and the weight of rule 11 is 0.2, and the weight of rule 12 is 0.1, and preset weight threshold is 1.The acquisition is set
Standby information includes the title and MAC Address of the router of the Wi-Fi Hotspot of target terminal connection, the model of target terminal, brand,
The producer identification of CPU, module configuration information, memory headroom value, the first number of the application of installation, storage file second
Number, the network formats used, operating status and other information.Then identify that equipment can be by detecting the routing in the facility information
Whether the title of device whether locate by the MAC Address in and the facility information identical as the router rs name in first blacklist
In the MAC Address set in second blacklist and the model in the facility information whether with appointing in the third blacklist
One terminal models are identical and the facility information in brand it is whether identical as any terminal brand in the 4th blacklist, with
And whether the producer identification of the CPU in the facility information is all different with all producer identifications in the white list, and
Whether the module configuration information in the facility information indicates the target terminal configured in presetting module and the facility information
Whether the first number whether memory headroom value is less than the application of default memory threshold and the installation in the facility information is less than
Whether the second number of first quantity threshold and the file of the storage in the facility information is less than preset second number threshold
Whether the network formats used in value and the facility information are equal with the all-network standard in preset network formats list
System file information in the not identical and facility information indicates whether the system file of preset path and title, with
And whether the operating status in facility information is root state.If identification equipment detect the router title and this first
Either router title in blacklist is identical, it is determined that hit rule 1, if identification equipment detects that the MAC Address is in
MAC address set in second blacklist, it is determined that hit rule 2, if identification equipment detects the model and is somebody's turn to do
Any terminal model in third blacklist is identical, it is determined that hit rule 3, etc. does not repeat herein.Assuming that identification equipment is true
The facility information hit rule 1,2,5,12 of the fixed target terminal, miss rule 3,4,6,7,8,9,10 and 11 is then hit
The sum of weight of rule is 0.4+0.4+0.3+0.1=1.2, and 1.2 are greater than weight threshold 1, then can determine that the target terminal is run
In simulator environment.If the sum of weight of rule of hit can determine the target terminal not running in simulator ring less than 1
Border, perhaps may also be combined with other information and further identifies or can also be spaced after preset time and carry out simulator identification again, or
Person control to terminal part operation, etc. according to the size of the sum of weight, and the application is without limitation.
In embodiments of the present invention, identification equipment can generate various moulds according to the common feature of the simulator of each type
Quasi- device recognition rule, and multiple simulation can be hit according to the facility information for the terminal for running on simulator environment in historical record
The hit frequency and/or hit-count of device recognition rule are that weight is arranged in each simulator recognition rule, and then is carrying out simulator
When identification, the simulator recognition rule of facility information hit can be determined by the multinomial facility information of acquisition target terminal,
And then it is to determine the target terminal according to the sum of weight of each simulator recognition rule of the hit and default weight threshold
It is no to run on simulator environment, so that improving the flexibility and reliability of the weight setting of simulator rule, realize combination
Multiple simulator recognition rules carry out simulator identification, this just improves the accuracy of simulator identification.
Fig. 3 is referred to, Fig. 3 is the flow diagram of another simulator recognition methods provided in an embodiment of the present invention.Tool
Body, as shown in figure 3, the simulator recognition methods may comprise steps of:
301, the facility information of target terminal is obtained.
Wherein, the associated description of the facility information of acquisition can refer to the associated description of above-described embodiment, not repeat herein.
302, the flag value of the corresponding objective function of facility information of the target terminal is obtained, and is determined according to the flag value
Whether the objective function is by hook.
Optionally, after obtaining facility information, and this according to pre-set multiple simulator recognition rules and should
The facility information of target terminal determines that the facility information of the target terminal is known in the target that multiple simulator recognition rule is hit
Not before rule, i.e., before carrying out simulator identification according to facility information, identification equipment also be can detect for carrying out simulator
Whether the facility information of identification is tampered, to ensure to carry out simulator identification based on true facility information.Wherein, the detection is
The no facility information being tampered can be only the corresponding facility information of multiple simulator recognition rule, to reduce cost of device.
Specifically, whether identification equipment by hook can identify that this distorts row by the corresponding function of detection device information
For.Wherein, which can be used for marking the state of the objective function, which can refer to the state whether being tampered,
Or it can refer to read-write state, obstruction and non-blocking state, exit the state of process or program and/or change the content of file
State etc., so as to determine the objective function whether by hook according to the flag value.Each function has correspondence
Flag, the flag be a variable, when a certain function is by hook, the corresponding flag of the function can change.Know as a result,
Whether other equipment can be changed by the flag of detection function, to determine whether the function is corresponding by hook namely the function
Facility information whether be tampered.Wherein, the value of the flag can be stored in the corresponding memory of the objective function.
Optionally, when whether determining the objective function by hook according to the flag value, identification equipment can be by the flag
The character of predetermined position in value is compared with preset fixed character;When compare to obtain the character of the predetermined position with
When the fixed character difference, determine the objective function by hook.Wherein, the number of characters of the character of the predetermined position is fixed with this
The number of characters of character is identical, compares in order to match.That is, the flag, which changes, can refer to one of the flag value
Or multidigit changes, and the one or more predetermined positions that can refer to flag is one or more.To which identification is set
It is standby to be compared by the one or more fixed characters with when being not tampered with for the flag value predetermined position that will acquire,
If flag value this it is one or more change, i.e., flag value is one or more different from the fixed character, then shows
By hook, i.e. the corresponding facility information of the objective function is tampered the objective function.
For example, for Android version in 4.4 or more and 5.0 systems below, some Xposed plug-in units to certain function into
When row hook, 1 can be set by 1 (bit) of the fixed position of the flag value of the function;And the letter being normally not tampered with
Number, the position of flag value is 0 (i.e. above-mentioned fixed character).Therefore, can be by the fixed bit of the flag value of detection function
No is 0, so that it may know whether the function by Xposed plug-in unit has carried out hook.That is, if the flag value of the survey function
The fixed bit is not 0, that is, can be shown that the function by hook, which is tampered.
Optionally, when whether determining the objective function by hook according to the flag value, identification equipment can also be according to pre-
If logical algorithm to the flag value carry out logical operation, to obtain operation result value;When the operation result value is positive integer,
Determine the objective function by hook.Wherein, which can be holds according to the primary function in preset characters string and system
What jump address when row determined.That is, can also will according to logic of propositions algorithm to flag treated value with do not usurped
Fixed character such as 0 when changing is compared, if treated, the value changes, i.e., is not 0, for example be a certain positive integer
When, then show the function by hook.
For example, for Android version 5.0 and its above system, if logically algorithm such as logical expression
EntryPointFromJni&&AccessFlags&0x10000000 result is equal to positive integer, then can be shown that the function is tampered;
If the logical expression result is equal to 0 (as fixed character), it can be shown that the function is not tampered with.Wherein, should
EntryPointFromJni can refer to jump address when primary function such as native function executes, and AccessFlags is
Above-mentioned flag.
It is further alternative, identify that equipment before determining the objective function whether by hook according to the flag value, may be used also
It determines the system version that the target terminal target uses, and then goes selection according to the flag according to the system version of the target terminal
It is worth and determines the objective function whether by the mode of hook, to promote the efficiency of hook detection.Wherein, the system version and hook inspection
The corresponding relationship of the mode of survey can be preset to obtain.
303, when determining the objective function by hook, it is corresponding that the objective function is obtained from the memory of the objective function
Objective function pointer.
Wherein, it the function pointer and is stored in the different field of same memory by the function of hook, and different
There are mapping relations for function pointer and original function, and the storage address of different functions pointer and original function has mapping in other words
Relationship.
Optionally, after determining the objective function by hook, this can also be restored by the objective function of hook, with
Convenient for determining the corresponding real equipment information of the objective function.Specifically, determining a certain function such as the objective function quilt
After hook, can from its memory the corresponding function pointer of the quick obtaining objective function, i.e., above-mentioned objective function pointer, with
Convenient for determining for example primary API of the corresponding original function of the objective function according to the objective function pointer, i.e., not by the true of hook
Real function.
304, the corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding
Original function, and original device information is determined according to the original function.
After determining the objective function pointer in the corresponding memory of the objective function, the mesh can be further determined that out
The corresponding original function of scalar functions pointer, i.e., true Method.And then the objective function can be replaced by the original function, it is real
Now to by the reduction of the function of hook.To identify that equipment can determine that the target terminal is corresponding true by the original function
Facility information, to carry out simulator identification based on real equipment information, that is to say, that this embodiment of the present invention can be set detecting
Standby information obtains true facility information when being tampered in time, to carry out simulator identification based on true facility information, by
This improves the accuracy and reliability of simulator identification.
For example, it is assumed that the facility information includes the title and MAC Address of the router, if detecting the name of the router
Claim corresponding function by hook, can restore to obtain the title of true primary routing device;If detecting that the MAC Address is corresponding
Function can be restored to obtain true original MAC address by hook, and then can be based on the name of the true primary routing device
Claim and MAC Address is to carry out simulator identification.
It should be understood that the original function pointer stored in memory will not be tampered, according to the work of Xposed plug-in unit
Principle can back up the raw information of function before distorting objective function, and save particular address in memory,
That is the address of objective function pointer direction.And once these backup informations are also tampered, that Xposed plug-in unit will be unable to normally
Work.Therefore, the original function got in the particular address that the objective function pointer is directed toward, must be correct function,
It will not be tampered.
305, according to pre-set multiple simulator recognition rules and the original device information, determine that the original device is believed
Cease the target identification rule hit in multiple simulator recognition rule.
306, according to the weight and weight threshold of pre-set target identification rule, identify whether the target terminal is transported
Row is in simulator environment.
After determining true original device information, that is, it can determine whether the original device information hits corresponding mould
Quasi- device recognition rule, and then simulator identification is carried out according to hit results, identification method and it is above-mentioned according to facility information and in advance
If multiple simulator rules carry out simulator know it is similar otherwise, specifically please refer to step in above-mentioned embodiment illustrated in fig. 1
The associated description of step 205-207, does not repeat herein in 102-103 and embodiment illustrated in fig. 2.
Optionally, if it is determined that target terminal operates in simulator environment, identification equipment produce warning information, with into
Row air control.For example, the warning information may include: risk class, it is user information, one or more in equipment malicious act.
Wherein, which can determine according to the target air control scene of terminal, specifically can be preset to obtain different air control fields
The corresponding relationship of scape and risk class;Alternatively, the application that the risk class can be run according to end objectives is determined, specifically may be used
It presets to obtain the corresponding relationship of different application and risk class;Alternatively, the risk class can also be according to terminal by hook's
The number of function is determined, specifically can be preset to obtain the corresponding relationship of different hook numbers and risk class;Alternatively, the wind
Dangerous grade can also be determined according to the priority for the facility information that terminal is tampered, and specifically can be preset to obtain distinct device letter
The priority of breath and each priority and the corresponding relationship of risk class, etc., the application is without limitation.For example, the risk etc.
Grade can be divided into high-risk, middle danger, low danger or level-one, second level, three-level etc..The user information may include user identifier (User
Identification, UID), phone number, ID card No. (if register application when collect if) etc..The malice row
To may include distorting MAC Address, distorting CPU manufacturer, distort mobile phone model and brand, distort phone number etc., specifically may be used
It is determined by above-mentioned hook detection.
In addition, optional, identification equipment can also according to the warning information, to target terminal under send instructions, to target end
Operation on end (the APP client run in such as terminal) is controlled.For example, if identification equipment determines that the risk class is
Low danger, identification equipment, which can send instructions down, indicates client output prompt, it is desirable that user's validation information, verification mode include
But it is not limited to the modes such as short message verification code, picture validation code.Subsequent operation can not be carried out if verifying does not pass through.For another example, such as
Fruit identification equipment determines that the risk class is middle danger, and identification equipment, which can send instructions down, indicates that client forbids user in target wind
Control scene (such as log in, get red packet, coupon redemption, consume, transfer accounts etc.) requests access to operation.For another example, if known
Other equipment determine the risk class be it is high-risk, identification equipment, which can send instructions down, indicates client to forbid user that all are requested access to
Operation, etc., is not listed one by one herein.
For example, can obtain performance more stronger than mobile phone for certain mobile phone games using simulator and (actually belong to swim
Play cheating), the application can identify whether game application operates in simulator environment by above-mentioned identification method, can
Timely discovery runs on the game behavior in simulator, and then can prevent the behavior, prevents cheating from losing to user's bring.
For another example, the air control strategy for the petty load that a certain financial institution releases is only the user of specific region to be allowed such as to go up north
Wide user's loan, illegal user may use simulator to modify GPS positioning, achieve the purpose that gain loan by cheating around air control strategy
Money.The application can identify whether equipment runs on simulator environment by above-mentioned identification method as a result, and determine equipment
It runs on after simulator environment, refuses the loan requests of the user.Further, above-mentioned hook inspection also can be used in the application
Survey mode restores the GPS positioning, to acquire the true location information of user.
For another example, illegal person realizes a simulation by the way that the information such as mobile phone model, brand, manufacturer are arranged in simulator
Device software simulates the purpose of more different Android mobile phones, so that creating false identity gains preferential activity, registration reward etc. by cheating.Pass through
The application, after capable of determining that the information such as mobile phone model, brand, manufacturer are tampered according to above-mentioned hook detection mode, reduction is true
The information such as real mobile phone model, brand, manufacturer simultaneously carry out simulator identification, and then whether can identify equipment operation in time
Operate in simulator environment, and can be prevented in time the behavior when operating in simulator environment identifying, avoid to
Legitimate user causes damages.
In embodiments of the present invention, identification equipment can be according to the terminal of multiple the simulator recognition rules and acquisition of setting
Facility information, according to the simulator recognition rule that terminal device information is hit, to identify whether the terminal runs on simulator ring
Border carries out simulator identification so that realizing in conjunction with multiple simulator recognition rules, this just improves the standard of simulator identification
True property.Moreover, whether can be tampered by identification facility information before identifying whether as simulator according to facility information,
And true facility information is restored when being tampered in time detecting, to carry out simulator knowledge based on true facility information
Not, this just further improves the accuracy of simulator identification.
Above method embodiment is all the simulator recognition methods to the application for example, retouching to each embodiment
It states and all emphasizes particularly on different fields, there is no the part being described in detail in some embodiment, reference can be made to the related descriptions of other embodiments.
Fig. 4 is referred to, Fig. 4 is a kind of structural schematic diagram for identifying equipment provided in an embodiment of the present invention.The present invention is implemented
The identification equipment of example includes the unit for executing above-mentioned simulator recognition methods.Specifically, the identification equipment 400 of the present embodiment
Can include: acquiring unit 401 and processing unit 402.Wherein,
Acquiring unit 401, for obtaining the facility information of target terminal, the facility information includes and the target terminal
Model information, the producer identification of central processor CPU, memory headroom value, the first number of the application of installation, storage text
Second number of part, the network formats used, operating status, connection Wireless Fidelity Wi-Fi Hotspot route-map in
Any one is multinomial;
Processing unit 402, for the equipment according to pre-set multiple simulator recognition rules and the target terminal
Information determines the target identification rule that the facility information of the target terminal is hit in the multiple simulator recognition rule,
In, the multiple simulator recognition rule is determined according to the facility information for the terminal for running on simulator environment in historical record
Out;
The processing unit 402 is also used to weight and weight threshold according to the pre-set target identification rule,
Identify whether the target terminal runs on simulator environment.
Optionally, the processing unit 402, specifically for the target identification rule in hit be it is multiple when, according to
The weight of pre-set each simulator recognition rule calculates the sum of the weight of each target identification rule;Described in judgement
Weight and whether be greater than pre-set weight threshold;When the weight and be greater than the weight threshold when, determine described in
Target terminal runs on simulator environment.
Optionally, the identification equipment further include: weight setting unit 403,;
The weight setting unit 403, the terminal for running on simulator environment in the record of statistical history respectively are set
Standby information hits the hit information of the multiple simulator recognition rule;According to the corresponding hit information of each simulator recognition rule
Determine the corresponding weight of each simulator recognition rule.
Wherein, the hit information includes hit frequency and/or hit-count, the corresponding power of each simulator recognition rule
Corresponding with the simulator recognition rule hit frequency of weight is directly proportional, and/or, the corresponding weight of each simulator recognition rule and
The corresponding hit-count of simulator recognition rule is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes
The title and/or MAC address of router;The multiple simulator recognition rule includes following at least two:
Router name in the title and the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified
Claim identical;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the second preset blacklist
MAC Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All manufacturers in the producer identification of the central processor CPU of the terminal to be identified and preset white list
Mark is all different;
Be not configured with presetting module in the terminal to be identified, the presetting module include bluetooth module, temperature sensor,
One or more of light sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The all-network standard in network formats and preset network formats list that the terminal to be identified uses is not
It is identical;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
Optionally, the identification equipment further include: hook detection unit 404 and reduction unit 405;
The acquiring unit 401 is also used to obtain the flag of the corresponding objective function of facility information of the target terminal
Value;
Hook detection unit 404, for determining the objective function whether by hook according to the flag value;
The acquiring unit 401 is also used to when determining the objective function by hook, from the memory of the objective function
It is middle to obtain the corresponding objective function pointer of the objective function;
Reduction unit 405 determines the mesh for the corresponding relationship of each function pointer and function according to the pre-stored data
The corresponding original function of scalar functions pointer, and original device information is determined according to the original function;
The processing unit 402, specifically for according to pre-set multiple simulator recognition rules and described original setting
Standby information determines the target identification rule that the original device information is hit in the multiple simulator recognition rule.
Optionally, the hook detection unit 404, specifically for by the character of the predetermined position in the flag value with
Preset fixed character is compared, the number of characters phase of the number of characters of the character of the predetermined position and the fixed character
Together;When the character and the fixed character difference for comparing to obtain the predetermined position, determine the objective function by hook.
Optionally, the hook detection unit 404 is specifically used for carrying out the flag value according to preset logical algorithm
Logical operation, to obtain operation result value, wherein the logical algorithm is according to the primary function in preset characters string and system
What jump address when execution determined;When the operation result value is positive integer, determine the objective function by hook.
Specifically, the identification equipment can realize that simulator of the above-mentioned Fig. 1 into embodiment illustrated in fig. 3 is known by said units
Step some or all of in other method.It should be understood that the embodiment of the present invention is the Installation practice of corresponding method embodiment, other side
The description of method embodiment, is also applied for the embodiment of the present invention.
Fig. 5 is referred to, Fig. 5 is the structural schematic diagram of another identification equipment provided in an embodiment of the present invention.The identification is set
It is ready for use on and executes above-mentioned method.As shown in figure 5, the identification equipment 500 in the present embodiment may include: one or more processing
Device 501 and memory 502.Optionally, which may also include one or more user interfaces 503, and/or, one or
Multiple communication interfaces 504.Above-mentioned processor 501, user interface 503, communication interface 504 and memory 502 can pass through bus 505
Connection, or can connect by other means, it is illustrated in Fig. 5 with bus mode.Wherein, memory 502 is used for
Computer program is stored, the computer program includes program instruction, and processor 501 is used to execute the journey of the storage of memory 502
Sequence instruction.
Wherein, processor 501 can be used for calling described program instruction execution following steps: obtain the equipment letter of target terminal
Breath, the facility information include empty with the model information of the target terminal, the producer identification of central processor CPU, memory
Between value, the first number of application of installation, the second number of file of storage, the network formats used, operating status, connection
Any one of route-map of Wireless Fidelity Wi-Fi Hotspot is multinomial;According to pre-set multiple simulator identification rule
Then with the facility information of the target terminal, determine the facility information of the target terminal in the multiple simulator recognition rule
The target identification rule of hit, wherein the multiple simulator recognition rule is according to running on simulator ring in historical record
What the facility information of the terminal in border was determined;According to the weight and weight threshold of the pre-set target identification rule, know
Whether the not described target terminal runs on simulator environment.
Optionally, processor 501 is called and is advised described in described program instruction execution according to the pre-set target identification
Weight and weight threshold then specifically executes following steps when identifying whether the target terminal runs on simulator environment: when
When the target identification rule of hit includes multiple, according to the weight of pre-set each simulator recognition rule, calculate each
The sum of the weight of a target identification rule;Judge the weight and whether it is greater than pre-set weight threshold;Work as institute
State weight and when being greater than the weight threshold, determine that the target terminal runs on simulator environment.
Optionally, processor 501 is also used to call described program instruction execution following steps: respectively in statistical history record
The facility information for running on the terminal of simulator environment hits the hit information of the multiple simulator recognition rule, the hit
Information includes hit frequency and/or hit-count;Each simulator is determined according to the corresponding hit information of each simulator recognition rule
The corresponding weight of recognition rule;Wherein, the corresponding weight of each simulator recognition rule is corresponding with the simulator recognition rule
Hit frequency is directly proportional, and/or, the hit corresponding with the simulator recognition rule of the corresponding weight of each simulator recognition rule
Number is directly proportional.
Optionally, the model information includes the model and/or brand of the target terminal, and the route-map includes
The title and/or MAC address of router;The multiple simulator recognition rule includes following at least two:
The title of the router of the Wi-Fi Hotspot of terminal connection to be identified is identical as the router rs name in the first preset blacklist;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the MAC Address in the second preset blacklist
Set;The model of the terminal to be identified is identical as any terminal model in preset third blacklist;The end to be identified
The brand at end is identical as any terminal brand in the 4th preset blacklist;The central processor CPU of the terminal to be identified
Producer identification be all different with all producer identifications in preset white list;It is not configured in the terminal to be identified
Presetting module, the presetting module include one or more of bluetooth module, temperature sensor, light sensor;It is described to
The memory headroom value of identification terminal is less than default memory threshold;First number of the application of the terminal installation to be identified is less than pre-
If the first quantity threshold;Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;Institute
The network formats that terminal to be identified uses are stated to be all different with the all-network standard in preset network formats list;It is described to
There are the system files of preset path and title in the system of identification terminal;The operating status of the terminal to be identified is root shape
State.
Optionally, processor 501 is calling described in described program instruction execution according to pre-set multiple simulators knowledges
The not facility information of rule and the target terminal, determines that the facility information of the target terminal is identified in the multiple simulator
Before the target identification rule of rule hit, also executes following steps: obtaining the corresponding mesh of facility information of the target terminal
The flag value of scalar functions, and determine the objective function whether by hook according to the flag value;When determining the objective function
When by hook, the corresponding objective function pointer of the objective function is obtained from the memory of the objective function;According to depositing in advance
Each function pointer of storage and the corresponding relationship of function, determine the corresponding original function of the objective function pointer, and according to institute
It states original function and determines original device information;
Processor 501 calls described in described program instruction execution according to pre-set multiple simulator recognition rules and institute
The facility information for stating target terminal determines what the facility information of the target terminal was hit in the multiple simulator recognition rule
When target identification rule, following steps are specifically executed: according to pre-set multiple simulator recognition rules and described original setting
Standby information determines the target identification rule that the original device information is hit in the multiple simulator recognition rule.
Optionally, processor 501 according to the flag value determines the target described in described program instruction execution calling
When whether function is by hook, specifically execute following steps: by the character of the predetermined position in the flag value with it is preset solid
Determine character to be compared, the number of characters of the character of the predetermined position is identical as the number of characters of the fixed character;When comparing
When obtaining the character of the predetermined position with the fixed character difference, determine the objective function by hook.
Optionally, processor 501 according to the flag value determines the target described in described program instruction execution calling
When whether function is by hook, following steps are specifically executed: logical operation being carried out to the flag value according to preset logical algorithm,
To obtain operation result value, wherein the logical algorithm is when being executed according to the primary function in preset characters string and system
What jump address determined;When the operation result value is positive integer, determine the objective function by hook.
Wherein, the processor 501 can be central processing unit (Central Processing Unit, CPU), should
Processor can also be other general processors, digital signal processor (Digital Signal Processor, DSP), specially
With integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array
(Field-Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor are patrolled
Collect device, discrete hardware components etc..General processor can be microprocessor or the processor be also possible to it is any conventional
Processor etc..
User interface 503 may include input equipment and output equipment, and input equipment may include Trackpad, microphone etc.,
Output equipment may include display (LCD etc.), loudspeaker etc..
Communication interface 504 may include receiver and transmitter, for being communicated with other equipment.
Memory 502 may include read-only memory and random access memory, and provide instruction sum number to processor 501
According to.The a part of of memory 502 can also include nonvolatile RAM.For example, memory 502 can also store
The corresponding relationship etc. of above-mentioned function pointer and function.
In the specific implementation, above-mentioned Fig. 1 can be performed to shown in Fig. 3 in processor 501 described in the embodiment of the present invention etc.
The implementation of each unit described in Fig. 4 of the embodiment of the present invention also can be performed in implementation described in embodiment of the method,
It does not repeat herein.
The embodiment of the invention also provides a kind of computer readable storage medium, the computer-readable recording medium storage
There is computer program, mould described in embodiment corresponding to Fig. 1 to Fig. 3 can be realized when the computer program is executed by processor
Step some or all of in quasi- device recognition methods, can also realize the function of the identification equipment of Fig. 4 of the present invention or embodiment illustrated in fig. 5
Can, it does not repeat herein.
The embodiment of the invention also provides a kind of computer program products comprising instruction, when it runs on computers
When, so that step some or all of in the computer execution above method.
The computer readable storage medium can be the storage inside list of identification equipment described in aforementioned any embodiment
Member, such as the hard disk or memory of identification equipment.The computer readable storage medium is also possible to the outside of the identification equipment
The plug-in type hard disk being equipped in storage equipment, such as the identification equipment, intelligent memory card (Smart Media Card, SMC),
Secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..
In this application, term "and/or", only a kind of incidence relation for describing affiliated partner, indicates may exist
Three kinds of relationships, for example, A and/or B, can indicate: individualism A exists simultaneously A and B, these three situations of individualism B.Separately
Outside, character "/" herein typicallys represent the relationship that forward-backward correlation object is a kind of "or".
In the various embodiments of the application, magnitude of the sequence numbers of the above procedures are not meant to the elder generation of execution sequence
Afterwards, the execution sequence of each process should be determined by its function and internal logic, the implementation process structure without coping with the embodiment of the present invention
At any restriction.
The above, some embodiments only of the invention, but scope of protection of the present invention is not limited thereto, and it is any
Those familiar with the art in the technical scope disclosed by the present invention, can readily occur in various equivalent modifications or replace
It changes, these modifications or substitutions should be covered by the protection scope of the present invention.
Claims (10)
1. a kind of simulator recognition methods characterized by comprising
The facility information of target terminal is obtained, the facility information includes and the model information of the target terminal, central processing
The producer identification of device CPU, memory headroom value, the first number of the application of installation, storage file the second number, use
Network formats, operating status, connection any one of the route-map of Wireless Fidelity Wi-Fi Hotspot or multinomial;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target terminal is determined
The target identification rule hit in the multiple simulator recognition rule of facility information, wherein the multiple simulator identification
Rule is determined according to the facility information for the terminal for running on simulator environment in historical record;
According to the weight and weight threshold of the pre-set target identification rule, identify whether the target terminal runs on
Simulator environment.
2. the method according to claim 1, wherein described according to pre-set target identification rule
Weight and weight threshold, identify whether the target terminal runs on simulator environment, comprising:
When the target identification rule of hit is multiple, according to the weight of pre-set each simulator recognition rule, meter
Calculate the sum of the weight of each target identification rule;
Judge the weight and whether it is greater than pre-set weight threshold;
When the weight and be greater than the weight threshold when, determine that the target terminal runs on simulator environment.
3. the method according to claim 1, wherein the method also includes:
The facility information for the terminal for running on simulator environment in statistical history record respectively hits the multiple simulator identification
The hit information of rule, the hit information includes hit frequency and/or hit-count;
The corresponding weight of each simulator recognition rule is determined according to the corresponding hit information of each simulator recognition rule;
Wherein, the corresponding weight of each simulator recognition rule hit frequency corresponding with the simulator recognition rule is directly proportional,
And/or the corresponding weight of each simulator recognition rule hit-count corresponding with the simulator recognition rule is directly proportional.
4. method according to claim 1-3, which is characterized in that the model information includes the target terminal
Model and/or brand, the route-map includes the title and/or MAC address of router;It is described more
A simulator recognition rule includes following at least two:
The title and the router rs name phase in the first preset blacklist of the router of the Wi-Fi Hotspot of terminal connection to be identified
Together;
The MAC Address of the router of the Wi-Fi Hotspot of the terminal connection to be identified is in the MAC in the second preset blacklist
Address set;
The model of the terminal to be identified is identical as any terminal model in preset third blacklist;
The brand of the terminal to be identified is identical as any terminal brand in the 4th preset blacklist;
All producer identifications in the producer identification of the central processor CPU of the terminal to be identified and preset white list
It is all different;
Presetting module is not configured in the terminal to be identified, the presetting module includes bluetooth module, temperature sensor, light
One or more of sensor;
The memory headroom value of the terminal to be identified is less than default memory threshold;
First number of the application of the terminal installation to be identified is less than preset first quantity threshold;
Second number of the file of the terminal storage to be identified is less than preset second quantity threshold;
The network formats that the terminal to be identified uses are all different with the all-network standard in preset network formats list;
There are the system files of preset path and title in the system of the terminal to be identified;
The operating status of the terminal to be identified is root state.
5. the method according to claim 1, wherein described according to pre-set multiple simulator identification rule
Then with the facility information of the target terminal, determine the facility information of the target terminal in the multiple simulator recognition rule
Before the target identification rule of hit, the method also includes:
The flag value of the corresponding objective function of facility information of the target terminal is obtained, and according to flag value determination
Whether objective function is by hook;
When determining the objective function by hook, the corresponding mesh of the objective function is obtained from the memory of the objective function
Scalar functions pointer;
The corresponding relationship of each function pointer and function according to the pre-stored data determines that the objective function pointer is corresponding original
Function, and original device information is determined according to the original function;
According to the facility information of pre-set multiple simulator recognition rules and the target terminal, the target terminal is determined
The target identification rule hit in the multiple simulator recognition rule of facility information, comprising:
According to pre-set multiple simulator recognition rules and the original device information, determine that the original device information exists
The target identification rule of the multiple simulator recognition rule hit.
6. according to the method described in claim 5, it is characterized in that, described determine that the objective function is according to the flag value
It is no by hook, comprising:
The character of predetermined position in the flag value is compared with preset fixed character, the predetermined position
The number of characters of character is identical as the number of characters of the fixed character;
When the character and the fixed character difference for comparing to obtain the predetermined position, the objective function quilt is determined
hook。
7. according to the method described in claim 5, it is characterized in that, described determine that the objective function is according to the flag value
It is no by hook, comprising:
Logical operation is carried out to the flag value according to preset logical algorithm, to obtain operation result value, wherein the logic
Algorithm is that jump address when being executed according to the primary function in preset characters string and system determines;
When the operation result value is positive integer, determine the objective function by hook.
8. a kind of identification equipment, which is characterized in that including for executing the side as described in any one of claim 1-7 claim
The unit of method.
9. a kind of identification equipment, which is characterized in that including processor, user interface, communication interface and memory, the processing
Device, user interface, communication interface and memory are connected with each other, wherein the memory is for storing computer program, the meter
Calculation machine program includes program instruction, and the processor is configured for calling described program instruction, executes claim 1-7 such as and appoints
Method described in one.
10. a kind of computer readable storage medium, which is characterized in that the computer storage medium is stored with computer program,
The computer program includes program instruction, and described program instruction makes the processor execute such as right when being executed by a processor
It is required that the described in any item methods of 1-7.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810855587.2A CN109117250B (en) | 2018-07-27 | 2018-07-27 | Simulator identification method, simulator identification equipment and computer readable medium |
PCT/CN2018/107747 WO2020019484A1 (en) | 2018-07-27 | 2018-09-26 | Simulator recognition method, recognition device, and computer readable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810855587.2A CN109117250B (en) | 2018-07-27 | 2018-07-27 | Simulator identification method, simulator identification equipment and computer readable medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109117250A true CN109117250A (en) | 2019-01-01 |
CN109117250B CN109117250B (en) | 2022-03-08 |
Family
ID=64862409
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810855587.2A Active CN109117250B (en) | 2018-07-27 | 2018-07-27 | Simulator identification method, simulator identification equipment and computer readable medium |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN109117250B (en) |
WO (1) | WO2020019484A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110213341A (en) * | 2019-05-13 | 2019-09-06 | 百度在线网络技术(北京)有限公司 | The downloading detection method and device of application program |
CN110248372A (en) * | 2019-04-25 | 2019-09-17 | 深圳壹账通智能科技有限公司 | A kind of method, apparatus, storage medium and the computer equipment of simulator detection |
CN110378112A (en) * | 2019-07-08 | 2019-10-25 | 北京达佳互联信息技术有限公司 | A kind of user identification method and device |
CN111107064A (en) * | 2019-12-04 | 2020-05-05 | 北京奇虎科技有限公司 | Terminal equipment identification method, device, equipment and readable storage medium |
CN111177483A (en) * | 2019-12-04 | 2020-05-19 | 北京奇虎科技有限公司 | Terminal device identification method, device and computer readable storage medium |
WO2021036450A1 (en) * | 2019-08-27 | 2021-03-04 | 苏宁云计算有限公司 | Simulator detection method and system |
CN113282304A (en) * | 2021-05-14 | 2021-08-20 | 杭州云深科技有限公司 | System for identifying virtual machine based on app installation list |
CN113468541A (en) * | 2021-06-30 | 2021-10-01 | 北京达佳互联信息技术有限公司 | Operating environment recognition method and device, electronic equipment and storage medium |
CN113902458A (en) * | 2021-12-07 | 2022-01-07 | 深圳市活力天汇科技股份有限公司 | Malicious user identification method and device and computer equipment |
CN115294408A (en) * | 2022-10-08 | 2022-11-04 | 汉达科技发展集团有限公司 | Operation abnormity identification method for driving simulator |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111338946B (en) * | 2020-02-24 | 2023-07-14 | 北京新氧科技有限公司 | Android simulator detection method and device |
CN111461545B (en) * | 2020-03-31 | 2023-11-10 | 北京深演智能科技股份有限公司 | Method and device for determining machine access data |
CN111611254B (en) * | 2020-04-30 | 2023-05-09 | 广东良实机电工程有限公司 | Equipment energy consumption abnormality monitoring method and device, terminal equipment and storage medium |
CN114079623B (en) * | 2020-08-04 | 2023-07-21 | 中国移动通信集团河北有限公司 | Method and device for identifying transmission capacity of user side router |
CN113337995B (en) * | 2021-06-29 | 2023-11-03 | 海信冰箱有限公司 | Clothes information identification method for washing machine and washing machine |
CN115909019B (en) * | 2022-10-26 | 2024-02-09 | 吉林省吉林祥云信息技术有限公司 | Scheduling method in multi-model node scene for identifying verification code image |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104951355A (en) * | 2015-07-03 | 2015-09-30 | 北京数字联盟网络科技有限公司 | Application program virtual operation environment recognition method and device |
CN106648835A (en) * | 2016-12-26 | 2017-05-10 | 武汉斗鱼网络科技有限公司 | Method and system for detecting running of Android application program in Android simulator |
US20170277891A1 (en) * | 2016-03-25 | 2017-09-28 | The Mitre Corporation | System and method for vetting mobile phone software applications |
CN107729121A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | Simulator detection method and device |
CN108021805A (en) * | 2017-12-18 | 2018-05-11 | 上海众人网络安全技术有限公司 | Detect method, apparatus, equipment and the storage medium of Android application program running environment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107678834A (en) * | 2017-09-30 | 2018-02-09 | 北京梆梆安全科技有限公司 | A kind of Android simulator detection method and device based on hardware configuration |
-
2018
- 2018-07-27 CN CN201810855587.2A patent/CN109117250B/en active Active
- 2018-09-26 WO PCT/CN2018/107747 patent/WO2020019484A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104951355A (en) * | 2015-07-03 | 2015-09-30 | 北京数字联盟网络科技有限公司 | Application program virtual operation environment recognition method and device |
US20170277891A1 (en) * | 2016-03-25 | 2017-09-28 | The Mitre Corporation | System and method for vetting mobile phone software applications |
CN106648835A (en) * | 2016-12-26 | 2017-05-10 | 武汉斗鱼网络科技有限公司 | Method and system for detecting running of Android application program in Android simulator |
CN107729121A (en) * | 2017-09-30 | 2018-02-23 | 北京梆梆安全科技有限公司 | Simulator detection method and device |
CN108021805A (en) * | 2017-12-18 | 2018-05-11 | 上海众人网络安全技术有限公司 | Detect method, apparatus, equipment and the storage medium of Android application program running environment |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110248372A (en) * | 2019-04-25 | 2019-09-17 | 深圳壹账通智能科技有限公司 | A kind of method, apparatus, storage medium and the computer equipment of simulator detection |
CN110248372B (en) * | 2019-04-25 | 2023-04-11 | 深圳壹账通智能科技有限公司 | Simulator detection method and device, storage medium and computer equipment |
CN110213341A (en) * | 2019-05-13 | 2019-09-06 | 百度在线网络技术(北京)有限公司 | The downloading detection method and device of application program |
CN110213341B (en) * | 2019-05-13 | 2023-06-23 | 百度在线网络技术(北京)有限公司 | Method and device for detecting downloading of application program |
CN110378112A (en) * | 2019-07-08 | 2019-10-25 | 北京达佳互联信息技术有限公司 | A kind of user identification method and device |
WO2021036450A1 (en) * | 2019-08-27 | 2021-03-04 | 苏宁云计算有限公司 | Simulator detection method and system |
CN111107064B (en) * | 2019-12-04 | 2022-07-12 | 北京奇虎科技有限公司 | Terminal equipment identification method, device, equipment and readable storage medium |
CN111107064A (en) * | 2019-12-04 | 2020-05-05 | 北京奇虎科技有限公司 | Terminal equipment identification method, device, equipment and readable storage medium |
CN111177483A (en) * | 2019-12-04 | 2020-05-19 | 北京奇虎科技有限公司 | Terminal device identification method, device and computer readable storage medium |
CN113282304A (en) * | 2021-05-14 | 2021-08-20 | 杭州云深科技有限公司 | System for identifying virtual machine based on app installation list |
CN113282304B (en) * | 2021-05-14 | 2022-04-29 | 杭州云深科技有限公司 | System for identifying virtual machine based on app installation list |
CN113468541A (en) * | 2021-06-30 | 2021-10-01 | 北京达佳互联信息技术有限公司 | Operating environment recognition method and device, electronic equipment and storage medium |
CN113468541B (en) * | 2021-06-30 | 2024-03-12 | 北京达佳互联信息技术有限公司 | Identification method, identification device, electronic equipment and storage medium |
CN113902458A (en) * | 2021-12-07 | 2022-01-07 | 深圳市活力天汇科技股份有限公司 | Malicious user identification method and device and computer equipment |
CN115294408A (en) * | 2022-10-08 | 2022-11-04 | 汉达科技发展集团有限公司 | Operation abnormity identification method for driving simulator |
Also Published As
Publication number | Publication date |
---|---|
WO2020019484A1 (en) | 2020-01-30 |
CN109117250B (en) | 2022-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109117250A (en) | A kind of simulator recognition methods, identification equipment and computer-readable medium | |
CN109144665A (en) | A kind of simulator recognition methods, identification equipment and computer-readable medium | |
CN109062667A (en) | A kind of simulator recognition methods, identification equipment and computer-readable medium | |
CN109561085A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
CN103440456B (en) | The method and device that a kind of application security is assessed | |
CN107820210B (en) | Sign-in method, mobile terminal and computer readable storage medium | |
CN109145590B (en) | Function hook detection method, detection equipment and computer readable medium | |
EP2965257B1 (en) | Method for measuring and monitoring the access levels to personal data generated by resources of a user device | |
CN103186740A (en) | Automatic detection method for Android malicious software | |
US20190135177A1 (en) | Method and system for aggregation of behavior modification results | |
CN107846511A (en) | A kind of method, terminal and computer-readable recording medium for accessing moving advertising | |
WO2022148391A1 (en) | Model training method and apparatus, data detection method and apparatus, and device and medium | |
CN109688183A (en) | Group control device recognition methods, device, equipment and computer readable storage medium | |
CN109756840A (en) | Mobile terminal is registered anti-cheating method, device, system, equipment and storage medium | |
CN117009208A (en) | Dependency information processing method, device, equipment and storage medium | |
CN111931047A (en) | Artificial intelligence-based black product account detection method and related device | |
CN110363648B (en) | Multi-dimensional attribute verification method and device based on same geographic type and electronic equipment | |
CN111340574B (en) | Risk user identification method and device and electronic equipment | |
CN109068329A (en) | Dummy location recognition methods, device, equipment and computer readable storage medium | |
CN110493475A (en) | The real-time network utilization efficiency of telephone network is low and Misuse detection platform | |
US11290590B2 (en) | Method and system for distraction management of context-aware rule-based smart device | |
CN112989323B (en) | Process detection method, device, terminal and storage medium | |
CN113468541A (en) | Operating environment recognition method and device, electronic equipment and storage medium | |
CN113849812A (en) | Application program detection method and device and electronic equipment | |
CN113673870A (en) | Enterprise data analysis method and related components |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |