CN104657259B - A kind of method and apparatus for testing Android application programs - Google Patents
A kind of method and apparatus for testing Android application programs Download PDFInfo
- Publication number
- CN104657259B CN104657259B CN201310598510.9A CN201310598510A CN104657259B CN 104657259 B CN104657259 B CN 104657259B CN 201310598510 A CN201310598510 A CN 201310598510A CN 104657259 B CN104657259 B CN 104657259B
- Authority
- CN
- China
- Prior art keywords
- command calls
- application program
- runtime data
- calls
- command
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3692—Test management for test results analysis
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The method and apparatus of open test Android application programs of the present invention.This method comprises the following steps:A:Position the command calls of application program, B:It monitors the command calls and obtains runtime data, C:The runtime data of acquisition is analyzed.
Description
Technical field
The present invention relates to software test, and more particularly to a kind of method and apparatus for testing Android application programs.
Background technology
In the application, it will usually protect data using the cryptographic algorithm and agreement of standard.But in application program
Development process in may mistakenly arrange parameter(For example, key length, cipher key content)And/or use step(For example, it is
It is no to use certificate, whether verify certificate chain)So that security cannot be guaranteed.For this reason, it may be necessary to application program is tested to come
It avoids the problem that such.
The undisclosed solution regarding to the issue above of the prior art.Static state automated testing method of the prior art is deposited
The problem of be that can not obtain runtime parameter, and parameter when running makes for the be related to cryptographic algorithm and agreement of application program
Partial analysis is vital.Dynamic testing method of the prior art generally requires modification application program or adds
Add breakpoint to debug, and the transparency and stability of program monitoring will be reduced by so doing, for example, modification application program may cause
Application program run-time error can also destroy the signature mechanism of application program.
On the other hand, the test method of the prior art, and can not face application journey only for the code issue of versatility
Particular command calling in sequence is tested and analyzed.For example, the cryptographic algorithm that is related to of application program can not be used with agreement
Part carry out specificity safety analysis(For example, whether certificate lacks or is tampered), it is concurrent so as to carry out testing
The cryptographic algorithm and agreement of mistake in existing application program use.
For this purpose, the present invention proposes a kind of method and apparatus for testing Android application programs.
The content of the invention
A purpose according to the present invention discloses a kind of method for testing Android application programs, comprises the following steps:
A:The command calls of application program are positioned,
B:It monitors the command calls and obtains runtime data,
C:The runtime data of acquisition is analyzed.
In a technical solution, step A includes:
Static code decompiling is carried out to application program, obtains class descriptor;
According to class descriptor, positioning command calls.
In a technical solution, step A includes:
Positioning uses relevant command calls with cryptographic algorithm and/or agreement.
In a technical solution, step B includes:
The command calls are monitored using the monitoring module in the Zygote processes of Dalvik virtual machine is affixed to simultaneously
Obtain runtime data.
In a technical solution, the runtime data is to use relevant parameter with cryptographic algorithm and/or agreement.
In a technical solution, in step, its command calls is positioned in the binary code of application program.
In a technical solution, the command calls are method call or instruction calls.
Another purpose according to the present invention discloses a kind of device for testing Android application programs, including:
Locating module, for positioning the command calls of application program,
Monitoring module, for monitoring the command calls and obtaining runtime data,
Analysis module is analyzed for the runtime data to acquisition.
In a technical solution, locating module is configured to:
Static code decompiling is carried out to application program, obtains class descriptor;
According to class descriptor, positioning command calls.
In a technical solution, locating module is configured to:
Positioning uses relevant command calls with cryptographic algorithm and/or agreement.
In a technical solution, the monitoring module is affixed in the Zygote processes of Dalvik virtual machine, thus
To monitor the command calls and obtain runtime data.
In a technical solution, the runtime data is to use relevant parameter with cryptographic algorithm and/or agreement.
In a technical solution, the locating module positions its command calls in the binary code of application program.
The present invention treats test program and is monitored into Mobile state, obtains its cryptographic algorithm and operation content that agreement uses.This
One advantage of invention is that mechanism, pattern, problem and the collection generation of code operation can be actively checked during program is run
The various operation informations of code so as to perform Macro or mass analysis stage by stage, according to specified standard, obtain code quality correlation and sentence
Disconnected result.Particularly, the present invention can directly analyze the binary code of program, need not rely upon the source generation of program
Code, and when program is run, technical scheme dynamically analyzes the program code loaded in memory,
The position of inserting instruction is found, and adds in specific instruction and is monitored into line program.
Description of the drawings
After the specific embodiment of the present invention has been read referring to the drawings, those skilled in the art will be more clearly
Solve various aspects of the invention.It will be apparent to a skilled person that these attached drawings are used only for cooperation specific embodiment party
Formula illustrates technical scheme, and is not intended to and protection scope of the present invention is construed as limiting.
Fig. 1 is the step schematic diagram of the method for test Android application programs according to embodiments of the present invention.
Fig. 2 is the structure diagram of the device of test Android application programs according to embodiments of the present invention.
Specific embodiment
With reference to the accompanying drawings, the specific embodiment of the present invention is described in further detail.In the following description,
For purposes of explanation, thorough understanding of many details in order to provide the one or more aspects to embodiment is stated.So
And for those skilled in the art it can easily be shown that each implementation can be put into practice with the lesser degree of these details
The one or more aspects of example.Therefore the description below is not considered as limitation, but is defined by the following claims
Protection domain.
Fig. 1 is the step schematic diagram of the method for test Android application programs according to embodiments of the present invention.Such as Fig. 1 institutes
Show, this method comprises the following steps:
A:The command calls of application program are positioned,
B:It monitors the command calls and obtains runtime data,
C:The runtime data of acquisition is analyzed.
In step, the particular command that can position application program calls, such as is used with cryptographic algorithm and/or agreement
Relevant command calls.Command calls can be the method call of the application program, interface calls or more fine-grained instruction is adjusted
With.In one example, static code decompiling is carried out to application program, obtains the class descriptor of APK programs;It is described according to class
Symbol, screens method call, filters out specific method call.
In stepb, using being affixed to Dalvik virtual machine(Dalvik VM)Zygote processes on monitoring module
To monitor the command calls and obtain runtime data.
In one example, its command calls is positioned in the binary code of application program.
Programming language used in Android application programs is Java language, and is run in Dalvik VM.The present invention's
One embodiment is monitored program operation process by increasing monitoring module on Dalvik VM.One Android
Application program is operated in a corresponding Dalvik virtual machine example, and a virtual machine instance is that an independent process is empty
Between, therefore for monitoring module is made to be monitored each process, the embodiment of the present invention by monitoring module be attached to Zygote into
Cheng Shang.
Zygote processes are a special virtual machine processes, while are also the incubator of a virtual machine instance, whenever
When performing an Android application program, Zygote goes out a subprocess to perform this using journey using fork function creations
Sequence.Zygote processes complete the operations such as the initialization of virtual machine, the loading of storehouse, the loading of preset class libraries and initialization, work as needs
During one new virtual machine instance, Zygote most rapidly provides a process masterplate by replicating itself.Therefore, monitoring is worked as
For module loading when in Zygote processes, the APK programs of each new startup can possess monitoring module in the process space, by
This ensures the reliability of monitoring.
In APK program processes, interpreter(Interpreter)It is the enforcement engine of Dalvik virtual machine, it is negative
Duty, which is explained, performs dex bytecodes(The coding run that i.e. Android program source code finally generates after compiling).
The dex bytecodes of Dalvik include constant pool(All constants are described, including quoting, method name and digital constant etc. and
Class defines, including access rights mark, class name etc.), data segment(Including all target virtual machines perform method code and with
Class and the relevant data message of method)It is supervised with enabling monitoring module fine granularity with contents, these information such as class instance variables
Control all information.In one embodiment, it is right using monitoring module in the explanation implementation procedure of Dalvik dex bytecodes
Command calls carry out strategy matching monitoring.For example, during matching monitors, first correspond to be monitored with program, Ran Houzhen
Analysis is monitored to its specific class, is next filtered in instruction-level, obtains and cryptographic algorithm/agreement makes
With relevant instruction calls, application is analyzed finally by runtime data is extracted from monitoring module(Such as analysis encryption row
For).In one example, the runtime data is to use relevant parameter with cryptographic algorithm and/or agreement.
Fig. 2 is the structure diagram of the device of test Android application programs according to embodiments of the present invention.Such as Fig. 2 institutes
Show, the device of test Android application programs includes locating module, monitoring module, analysis module.Wherein, locating module is used for
The command calls of application program are positioned, monitoring module is used to monitor the command calls and obtains runtime data, analysis module
It is analyzed for the runtime data to acquisition.In a technical solution, locating module be configured to application program into
Row static code decompiling obtains class descriptor;According to class descriptor, localization method calls.In a technical solution, positioning
Module is configured to positioning and uses relevant command calls with cryptographic algorithm and/or agreement.It is described in a technical solution
Monitoring module is affixed in the Zygote processes of Dalvik virtual machine, thus monitors the command calls and when obtaining operation
Data.In a technical solution, the runtime data is to use relevant parameter with cryptographic algorithm and/or agreement.One
In a example, locating module positions its command calls in the binary code of application program.
By the description of embodiment of above, those skilled in the art are it is understood that without departing from the present invention
Spirit and scope in the case of, can also to the present invention specific embodiment make various changes and replacement.These change and
Replacement all falls in claims of the present invention limited range.
Claims (8)
- A kind of 1. method for testing Android application programs, which is characterized in that comprise the following steps:A:The command calls of application program are positioned, wherein, positioning uses relevant command calls with cryptographic algorithm and/or agreement,B:It monitors the command calls and obtains runtime data, wherein, the runtime data is and cryptographic algorithm and/or association View uses relevant parameter,C:The runtime data of acquisition is analyzed,It monitors the command calls using the monitoring module in the Zygote processes of Dalvik virtual machine is affixed to and obtains Runtime data.
- 2. the method as described in claim 1, which is characterized in that step A includes:Static code decompiling is carried out to application program, obtains class descriptor;According to class descriptor, positioning command calls.
- 3. the method as described in claim 1, which is characterized in thatIn step, its command calls is positioned in the binary code of application program.
- 4. method as claimed in claim 3, which is characterized in thatThe command calls are method call or instruction calls.
- 5. a kind of device for testing Android application programs, which is characterized in that including:Locating module, for positioning the command calls of application program,Monitoring module, for monitoring the command calls and obtaining runtime data,Analysis module is analyzed for the runtime data to acquisition,The monitoring module is affixed in the Zygote processes of Dalvik virtual machine, is thus monitored the command calls and is obtained Take runtime data,Wherein, locating module is configured to:Positioning uses relevant command calls with cryptographic algorithm and/or agreement,Wherein, the runtime data is to use relevant parameter with cryptographic algorithm and/or agreement.
- 6. device as claimed in claim 5, which is characterized in that locating module is configured to:Static code decompiling is carried out to application program, obtains class descriptor;According to class descriptor, positioning command calls.
- 7. device as claimed in claim 5, which is characterized in thatThe locating module positions its command calls in the binary code of application program.
- 8. device as claimed in claim 7, which is characterized in thatThe command calls are method call or instruction calls.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310598510.9A CN104657259B (en) | 2013-11-22 | 2013-11-22 | A kind of method and apparatus for testing Android application programs |
PCT/CN2014/090259 WO2015074489A1 (en) | 2013-11-22 | 2014-11-04 | Method and apparatus for testing android application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310598510.9A CN104657259B (en) | 2013-11-22 | 2013-11-22 | A kind of method and apparatus for testing Android application programs |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104657259A CN104657259A (en) | 2015-05-27 |
CN104657259B true CN104657259B (en) | 2018-05-18 |
Family
ID=53178917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310598510.9A Active CN104657259B (en) | 2013-11-22 | 2013-11-22 | A kind of method and apparatus for testing Android application programs |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104657259B (en) |
WO (1) | WO2015074489A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105740701A (en) * | 2016-02-01 | 2016-07-06 | 中国人民大学 | Reconstruction method and device of application execution environment of Android platform |
CN106911537A (en) * | 2017-04-19 | 2017-06-30 | 深圳天珑无线科技有限公司 | Information collecting method and information collecting device |
CN107704393B (en) * | 2017-09-29 | 2018-08-21 | 武汉斗鱼网络科技有限公司 | Data test method, apparatus and electronic equipment |
CN108133229B (en) * | 2017-12-11 | 2021-08-06 | 广州能量盒子科技有限公司 | Classified encryption method and system for android APK (android package) file |
CN109086200B (en) * | 2018-07-13 | 2020-04-14 | 南京大学 | Effective test framework based on android virtual machine modification |
CN113032183A (en) * | 2021-03-24 | 2021-06-25 | 西安闻泰信息技术有限公司 | System management method, device, computer equipment and storage medium |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7296190B2 (en) * | 2003-01-29 | 2007-11-13 | Sun Microsystems, Inc. | Parallel text execution on low-end emulators and devices |
CN102521118A (en) * | 2011-11-11 | 2012-06-27 | 福建星网视易信息系统有限公司 | Automatic testing method of Android program |
CN102810143A (en) * | 2012-04-28 | 2012-12-05 | 天津大学 | Safety detecting system and method based on mobile phone application program of Android platform |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101027971B1 (en) * | 2010-12-10 | 2011-04-13 | (주)헬릭스테크 | Mobile communication terminal capable of testing application and method thereof |
-
2013
- 2013-11-22 CN CN201310598510.9A patent/CN104657259B/en active Active
-
2014
- 2014-11-04 WO PCT/CN2014/090259 patent/WO2015074489A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7296190B2 (en) * | 2003-01-29 | 2007-11-13 | Sun Microsystems, Inc. | Parallel text execution on low-end emulators and devices |
CN102521118A (en) * | 2011-11-11 | 2012-06-27 | 福建星网视易信息系统有限公司 | Automatic testing method of Android program |
CN102810143A (en) * | 2012-04-28 | 2012-12-05 | 天津大学 | Safety detecting system and method based on mobile phone application program of Android platform |
Non-Patent Citations (1)
Title |
---|
基于Android系统的智能终端软件行为分析方法;卜哲 等;《信息网络安全》;20121231(第3期);第33-34页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104657259A (en) | 2015-05-27 |
WO2015074489A1 (en) | 2015-05-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104657259B (en) | A kind of method and apparatus for testing Android application programs | |
US11507671B1 (en) | Detection and healing of vulnerabilities in computer code | |
CN108351770B (en) | Method and implementation environment for securely implementing program commands | |
CN102598017B (en) | Improve the system and method for its tamper-proof capabilities of Java bytecode | |
Xue et al. | NDroid: Toward tracking information flows across multiple Android contexts | |
CN1350675A (en) | Method for monitoring a programme flow | |
CN105303073B (en) | Software code guard method | |
US20170024230A1 (en) | Method, apparatus, and computer-readable medium for ofuscating execution of an application on a virtual machine | |
EP3296906A1 (en) | Method for protecting dex file from being decompiled in android system | |
CN109284585B (en) | Script encryption method, script decryption operation method and related device | |
CN103745141A (en) | Method for preventing application program in intelligent terminal android system from being decompiled | |
CN114021142A (en) | Android application program vulnerability detection method | |
CN106599627A (en) | Method and apparatus for protecting application security based on virtual machine | |
CN107315930A (en) | A kind of method of protection Python programs | |
CN112434266A (en) | Shell code control flow flattening confusion method | |
CN104252594A (en) | Virus detection method and device | |
CN111914225A (en) | Source code protection system and source code encryption method | |
CN107871066B (en) | Code compiling method and device based on android system | |
Riganelli et al. | Controlling interactions with libraries in android apps through runtime enforcement | |
You et al. | Deoptfuscator: Defeating Advanced Control-Flow Obfuscation Using Android Runtime (ART) | |
Feichtner | A comparative study of misapplied crypto in Android and iOS applications | |
CN107766247A (en) | Bootloader method of testing, device and readable storage medium storing program for executing | |
CN107368713A (en) | Protect the method and security component of software | |
US8423974B2 (en) | System and method for call replacement | |
Yeh et al. | Covdroid: A black-box testing coverage system for android |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |