CN105095753A - Broadcast safe detection method and device - Google Patents

Broadcast safe detection method and device Download PDF

Info

Publication number
CN105095753A
CN105095753A CN201410216870.2A CN201410216870A CN105095753A CN 105095753 A CN105095753 A CN 105095753A CN 201410216870 A CN201410216870 A CN 201410216870A CN 105095753 A CN105095753 A CN 105095753A
Authority
CN
China
Prior art keywords
broadcast
application program
file
broadcast component
component
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410216870.2A
Other languages
Chinese (zh)
Other versions
CN105095753B (en
Inventor
李�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201410216870.2A priority Critical patent/CN105095753B/en
Publication of CN105095753A publication Critical patent/CN105095753A/en
Application granted granted Critical
Publication of CN105095753B publication Critical patent/CN105095753B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Telephone Function (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a broadcast safe detection method and device. The method comprises steps of acquiring a source code file of an application program and a system inventory file; extracting exposed broadcast components from the source code file of the application program and the system inventory file according to a broadcast component loophole rule, so as to form a broadcast component list, wherein the broadcast component loophole rule is a judging criteria for determining that the broadcast components are in an exposed state; simulating at least one test broadcast according to the broadcast components in the broadcast component list; and sending the test broadcast to the application program, and acquiring a broadcast safe detection result. Through adoption of the method, the problem that the existing technology cannot detect whether the current broadcast of the system is hijacked maliciously is solved.

Description

Broadcast safe detection method, device
Technical field
The present invention relates to computer internet field, in particular to a kind of broadcast safe detection method, device.
Background technology
In recent years along with the development of mobile Internet, mobile platform emerges thousands of application program app miscellaneous, the life of people is made more and more to rely on intelligent movable equipment, application is in order to realize calling or alternately, having opened a lot of external broadcast interface to realize this function of each side third-party product.
Such as in android system, assembly is the basis of Androidapp, and for building types of functionality and the service of app, wherein BroadcastReceiver assembly (radio receiver) is for receiving and responding broadcast.Herein can it is clear that, android system provides the one mechanism of a set of exclusive propagation data between the components based on broadcast, and these assemblies can be arranged in different processes, play the effect of interprocess communication.Data interaction or the data interaction of application teaching display stand of different Mobile solution can be realized like this by broadcast mechanism.
Concrete, android system can comprise multiple broadcast, various broadcast runs in android system, just a corresponding broadcast component can be registered to android system when system/application is run, in implementation procedure, Android carries out event judgement to the broadcast received, determine each broadcast in requisition for event, then need the application program registration broadcast component of event to difference, different broadcast may process different events also may process identical broadcast event.
Due to the opening of android system, the security of Androidapp receives increasing concern and research.At present, the communication of inter-module can comprise following two class safety problems because AndroidManifest document configuration (configuration file of the authority that Androidapp comprises, assembly application and definition) is lack of standardization or codes implement is not rigorous: broadcast is kidnapped and assembly exposure.After broadcast abduction refers to broadcast transmission, kidnapped by other app malice owing to not having explicitly to specify receiving unit to cause broadcast may escape from current app, as shown in Figure 1, assembly A sends a broadcast, when multiple target broadcast assembly can respond, the broadcast component B of malicious application software app may first be responded, thus causes the security risks such as fishing, leakage of information; Assembly exposes finger assembly access rights and opens to the outside world completely, third party app just can call exposure assembly at any time without any need for special access right, if as in Fig. 1 assembly C expose, the assembly D of malice app can perform interrelated logic by invocation component C at any time, thus causes the security risks such as denial of service, data leak or contaminated, ability or authority leakage.Target element (callee) is insincere causes broadcast to kidnap security risk, and the insincere assembly that causes of source component (caller) exposes security risk, and the application relates to broadcast and kidnaps the security risk problem caused.
It can thus be appreciated that; because application does not carry out strict restriction for the use of broadcast mechanism; may cause wherein by the leakage of the private data of broadcast radiated; or the broadcast sent for other application does not carry out strict verification; collapse or the exception of applying self can being caused, also not carrying out assessment and safety detection mechanism for broadcasting the threat that may cause in the industry simultaneously.
Concrete, the current broadcast of detection system whether maliciously cannot can be kidnapped problem for above-mentioned prior art, not yet be proposed effective solution at present.
Summary of the invention
Embodiments provide a kind of broadcast safe detection method, device, with at least prior art cannot the current broadcast of detection system whether can by the technical matters of maliciously kidnapping.
According to an aspect of the embodiment of the present invention, provide a kind of broadcast safe detection method, the method comprises: the source code file and the system list file that obtain application program; From the source code file and system list file of application program, the broadcast component externally exposed is extracted according to broadcast component leak rule, form broadcast component list, wherein, broadcast component leak rule is for determining that broadcast component is in the decision condition of external exposed state; At least one test broadcast is simulated based on the broadcast component in broadcast component list; Send test and be broadcast to application program, obtain broadcast safe monitoring result.
According to the another aspect of the embodiment of the present invention, additionally provide a kind of broadcast safe pick-up unit, this device comprises: acquisition module, for obtaining source code file and the system list file of application program; Screening module, for extracting according to broadcast component leak rule the broadcast component externally exposed from the source code file and system list file of application program, form broadcast component list, wherein, broadcast component leak rule is for determining that broadcast component is in the decision condition of external exposed state; Analog module, for simulating at least one test broadcast based on the broadcast component in broadcast component list; Test module, is broadcast to application program for sending test, obtains broadcast safe monitoring result.
In embodiments of the present invention, the source code file obtaining application program and system list file is adopted; From the source code file and system list file of application program, the broadcast component externally exposed is extracted according to broadcast component leak rule, form broadcast component list, wherein, broadcast component leak rule is for determining that broadcast component is in the decision condition of external exposed state; At least one test broadcast is simulated based on the broadcast component in broadcast component list; Send test and be broadcast to application program, obtain the mode of broadcast safe monitoring result, because broadcast component serves the effect of length of a game's audiomonitor, upon registration, if the broadcast event intent matched with broadcast component is employed program broadcast out, will perform immediately, thus realize the process full automation of application program, if namely the Intent of a coupling has been broadcasted, then application program will start automatically, and the broadcast component of corresponding registration also can bring into operation.It can thus be appreciated that, in the above embodiments of the present application, after the broadcast component of registration is screened, can obtain having the broadcast component that excessive risk is held as a hostage, for these broadcast component, by constructing corresponding test broadcast, realize automation of broadcast continuity method of testing, namely construct test and broadcast to corresponding application program, if application program does not respond, the duty contradiction that then can perform immediately normally with it, solve thus prior art cannot the current broadcast of detection system whether can by malice abduction problem, thus can determine that the broadcast component that excessive risk is held as a hostage that has corresponding to current test broadcast is held as a hostage.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the application structure schematic diagram exposed according to the broadcast abduction existed in related art and assembly;
Fig. 2 is the hardware block diagram of a kind of mobile terminal for running broadcast safe detection method of the embodiment of the present invention;
Fig. 3 is the process flow diagram of the broadcast safe detection method according to the embodiment of the present invention one;
Fig. 4 is the detail flowchart of the broadcast safe detection method according to the embodiment of the present invention one;
Fig. 5 carries out according to the compression installation kit of the application programs of the embodiment of the present invention one the method flow schematic diagram that reverse-engineering is converted to java source code;
Whether Fig. 6 is the method flow schematic diagram of exposed state according to the broadcast component of the determination static registration of the embodiment of the present invention one;
Fig. 7 is the schematic diagram of the broadcast safe pick-up unit according to the embodiment of the present invention two;
Fig. 8 is the schematic diagram of a kind of optional broadcast safe pick-up unit according to the present invention embodiment illustrated in fig. 7 two;
Fig. 9 is the schematic diagram according to the optional broadcast safe pick-up unit of the another kind of the present invention embodiment illustrated in fig. 7 two;
Figure 10 is the schematic diagram of another the optional broadcast safe pick-up unit according to the present invention embodiment illustrated in fig. 7 two; And
Figure 11 is the schematic diagram of another the optional broadcast safe pick-up unit according to the present invention embodiment illustrated in fig. 7 two.
Embodiment
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, term " first ", " second " etc. in instructions of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
Just the name word concept that the application relates to is described below:
Android: be a kind of based on the freedom of Linux and the operating system of open source code, be mainly used in mobile device, as smart mobile phone and panel computer, reach 80% in current smart mobile phone market share.
Broadcast: the one mechanism being propagation data between the components, these assemblies can be arranged in different processes, play the effect of interprocess communication.
Reverse-engineering: also known as reversal technique or reverse engineering, refers to be disassembled by methods such as deciphering, dis-assembling, decompilings executable program or application and the structure of analysis software or application program, algorithm and code etc.
App: refer to the application program that Android platform is run herein.
APK: the abbreviation being ApplicationPackageFile, refers to the file layout of the application program installation kit of android system.
Broadcast component: can be called radio receiver (BroadcastReceiver), refers to that Andriod system is supplied to the basic entity that developer realizes app.
Embodiment 1:
The embodiment of the present invention, the embodiment of the method that a kind of broadcast safe detects can be provided, it should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the process flow diagram of accompanying drawing, and, although show logical order in flow charts, in some cases, can be different from the step shown or described by order execution herein.
The embodiment of the method that the embodiment of the present application one provides can perform in mobile terminal or similar communicator.To run on mobile terminals, Fig. 2 is the hardware block diagram of a kind of mobile terminal for running broadcast safe detection method of the embodiment of the present invention.As shown in Figure 2, mobile terminal 10 can comprise one or more (only illustrating one in figure) processor 102 (processor 102 can include but not limited to the treating apparatus of Micro-processor MCV or programmable logic device (PLD) FPGA etc.), for storing the storer 104 of data and the transmitting device 106 for communication function.
One of ordinary skill in the art will appreciate that, the structure shown in Fig. 2 is only signal, and it does not cause restriction to the structure of above-mentioned electronic installation.Such as, mobile terminal 10 also can comprise than assembly more or less shown in Fig. 2, or has the configuration different from shown in Fig. 2.
Storer 104 can be used for the software program and the module that store application software, programmed instruction/module as corresponding in the broadcast safe detection method in the embodiment of the present invention and the database data of correspondence, processor 102 is by running the software program and module that are stored in storer 104, thus perform the application of various function and data processing, namely realize the process of above-mentioned communication of mobile terminal record.Wherein, storer 104 can comprise high speed random access memory, also can comprise nonvolatile memory, as one or more magnetic storage device, flash memory or other non-volatile solid state memories.In some instances, storer 104 can comprise the storer relative to the long-range setting of processor 102 further, and these remote memories can be connected to mobile terminal 10 by network.The example of above-mentioned network includes but not limited to internet, intranet, LAN (Local Area Network), mobile radio communication and combination thereof.
Transmitting device 106 for via a network reception or send data.The wireless network that the communication providers that above-mentioned network instantiation can comprise mobile terminal 10 provides.In an example, transmitting device 106 can comprise a network adapter (NetworkInterfaceController, NIC), and it to be connected with other network equipments by base station thus can to carry out communication with internet.In an example, transmitting device 106 is radio frequency (RadioFrequency, RF) module, and it is for wirelessly carrying out communication with internet.
Under above-mentioned running environment, this application provides broadcast safe detection method as shown in Figure 3.Fig. 3 is the process flow diagram of the broadcast safe detection method according to the embodiment of the present invention one.
As shown in Figure 3, above-mentioned broadcast safe detection method can comprise following implementation step:
Step S20, can obtain source code file and the system list file of application program by the processor 102 in Fig. 2.
Composition graphs 4 is known, and for Android android system, the source code file of the application program in the application above-mentioned steps S20 can be java source code, and system list file can be AndroidManifest.xml document.Wherein, AndroidManifest.xml document can the structure of definition application and assembly thereof and metadata, the node of each assembly (comprising the broadcast component of static registration) of composition application program can be comprised, and provide each attribute to explain the metadata of application program; The source code file of application program can be carried out reverse-engineering process by the installation kit of application programs and obtain.
Step S24, can be performed by the processor 102 in Fig. 2 and from the source code file and system list file of application program, extract according to broadcast component leak rule the broadcast component externally exposed, form broadcast component list, wherein, broadcast component leak rule is for determining that broadcast component is in the decision condition of external exposed state.
Still for Android Android operation system, above-mentioned broadcast component is chartered radio receiver (BroadcastReceiver) in advance.By adding receiver label in system list file, static registration radio receiver (BroadcastReceiver) in an operating system can be realized, and application program need not be started in advance; Also in the application by exploitation radio receiver (BroadcastReceiver), then dynamic registration radio receiver can be realized on this class of radio receiver or object registration to Android operation system.
Composition graphs 4 is known, broadcast component in above-described embodiment in broadcast component list can be the broadcast component not possessing signature check logic, can obtain by carrying out corresponding broadcast registration information coupling to the source code file after reverse-engineering process and system list file.
Step S26, can realize by the processor 102 in Fig. 2 simulating at least one test broadcast based on the broadcast component in broadcast component list.
Composition graphs 4 is known, and the simulation process in above-mentioned steps S26 can realize by sending broadcast module.
Step S28, can send test by the transmitting device 106 in Fig. 2 and be broadcast to application program, obtains broadcast safe monitoring result.Preferably, if detect that application program does not respond, then determine that test broadcast is held as a hostage.
Composition graphs 4, still for Android Android operation system, above-mentioned test process can arrive the implementation status after Android device for detecting test broadcast, thus obtains Android broadcast safe testing result.Application program in above-mentioned steps S28 does not respond the process that can refer to and not record this application program in list of application.
The above embodiments of the present application provide broadcast in a kind of Aulomatizeted Detect android system and kidnap the universal method of leak.Because broadcast component serves the effect of length of a game's audiomonitor, upon registration, if the broadcast event intent matched with broadcast component is employed program broadcast out, will perform immediately, thus realize the process full automation of application program, if namely the Intent of a coupling has been broadcasted, then application program will start automatically, and the broadcast component of corresponding registration also can bring into operation.It can thus be appreciated that, in the above embodiments of the present application, after the broadcast component of registration is screened, can obtain having the broadcast component that excessive risk is held as a hostage, for these broadcast component, by constructing corresponding test broadcast, realize automation of broadcast continuity method of testing, namely construct test and broadcast to corresponding application program, if application program does not respond, the duty contradiction that then can perform immediately normally with it, solve thus prior art cannot the current broadcast of detection system whether can by malice abduction problem, thus can determine that the broadcast component that excessive risk is held as a hostage that has corresponding to current test broadcast is held as a hostage.
It should be noted that herein, the step S20 that the above embodiments of the present application provide to step S28 can run on the mobile terminal installing Android operation system, in implementation process, mobile terminal in the above-described embodiments can be Android operation system has been installed after client, with in the application for Android Android operation system, embodiment shown in above-mentioned Fig. 2 and Fig. 3 achieves Static Detection process and dynamic testing process, wherein, Static Detection process mainly comprises: after the installation kit of Android application program is converted to java source code collection by reverse Engineering Technology, can according to presetting and being kept at the regular broadcast component screening dynamic registration and static registration of broadcast component leak in rule base, determine to have high risk of kidnapping, do not carry out the broadcast component list verified, dynamic testing process mainly comprises: according to the broadcast component list detected, the corresponding Android application program that structure automation of broadcast continuity sends, and according to the implementation status arrived after Android device, thus obtains Android broadcast safe testing result.
The broadcast detection method that Android provides can comprise Static Detection module and dynamic test module, and Static Detection extracts the component list externally exposed in app automatically by AndroidManifest.xml document and java source code; Dynamic test module automatically sends abnormal Intent or URI one by one for exposure the component list that Static Detection exports and performs test, and determines whether to there is security risk by output information.Detection system idiographic flow is as follows:
Compare existing manual method for digging, the scheme that the application provides has highly effective, and whole process automation completes, without the need to installation and operation application, and the advantage that accuracy is high.
In the scheme that the above embodiments of the present application one provide, the source code file of acquisition application program and the scheme of system list file of step S20 realization can be realized as follows:
Step S201, reads the installation file of application program.Installation file in this step S201 can be a compressed package document APK.
Step S203, the installation file of decompression applications program, obtains class file collection and binary system inventory.7z.exe can be adopted to the above-mentioned APK document that decompresses, containing the file such as binary system inventory (i.e. AndroidManifest.xml binary documents) and class file collection (i.e. classes.dex) in the file after decompress(ion).
Step S205, uses reversal technique to carry out decompiling to class file collection, generates the source code file of application program, and binary system inventory is converted to system list file.
Reversal technique can comprise the multiple implementation method such as dis-assembling, decompiling, and the application can adopt the mode of decompiling to obtain the source code file of application program.
It should be noted that herein, in Android operation system, due to the core configuration document that AndroidManifest.xml is application software app, for defining the details of most of assembly of application software app, AndroidManifest.xml binary documents can be converted to visual XML document by java program AXMLPrinter2.jar by the application; In addition, classes.dex is the binary file after the conversion of app compilation of source code, decompiling can generate java source code by dex2jar, jad.exe etc.
With regard to composition graphs 5, the source code file of above-mentioned acquisition application program and the process of system list file are described in detail below.
The reverse module of APK is the primary of Android application static analysis and the step of key, and input Android application installation kit, exports java source code.APK reverse process is divided into APK to unpack, dex2jar, jar unpack and step such as batch decompiling etc., and as shown in Figure 5, concrete steps are:
First, after the APK installation kit of input Androidapp, decompression APK wraps, and obtains classes.dex file.Decompression procedure can be completed herein by 7z.exe.
Then, dex2jar program, jad.exe supervisor decompiling classes.dex file can be used, generate java code.This step can comprise: first classes.dex is converted to jar file, then the jar file that decompresses, and obtains the set of class class file.
Finally, batch decompiling class class file is to the set of java source file.
In addition, also need by AXMLPrinter2.jar Program transformation AndroidManifest.xml document, generate XML document.
In the above embodiments of the present application, broadcast component BroadcastReceiver can adopt and register in two ways: static registration and dynamic registration.
Wherein, static registration mode inside the application of AndroidManifest.xml, defines receiver also arrange the action that will receive.No matter changing application program and whether being in active state of static registration mode, all can monitor.
<receiverandroid:name="MyReceiver">
<intent-filter>
<actionandroid:name="MyReceiver_Action"/>
</intent-filter>
</receiver>
Wherein, MyReceiver is the class inheriting BroadcastReceiver, has rewritten onReceiver method, and has processed broadcast in onReceiver method.<intent-filter> label arranges filtrator, receives and specifies action broadcast.
Dynamic registration mode is registered by call function inside activity.A parameter is receiver, and another is IntentFilter, and wherein the inside is the action that will receive.Dynamic registration mode is after registering in code, thus, when after closing application program, just no longer monitors.
MyReceiverreceiver=newMyReceiver();
// create filtrator, and specify action, make it the broadcast for receiving same action
IntentFilterfilter=newIntentFilter("MyReceiver_Action");
// registration radio receiver
registerReceiver(receiver,filter);
Analyze known, because broadcast component BroadcastReceiver can adopt static registration and dynamic registration two kinds of modes, the broadcast component externally exposed can be there is in the broadcast component set of these two kinds of logon mode registrations, it should be noted that herein, expose the assembly that assembly refers to app opening access rights, third party app can conduct interviews to it without the need to any special access right.Expose the entrance that assembly is application program app, malicious third parties app can be started the app page, input data, be started the illegal operations such as service by this entrance malice.
Therefore, in the above embodiments of the present application, can pass through any one or various ways execution as follows from the source code file and system list file of application program, extract the step of the broadcast component of external exposure according to broadcast component leak rule, the broadcast component leak rule namely preset in the above embodiments of the present application can according to any one or various ways carry out detecting (this method can carry out regulation leak rule from AndroidManifest.xml document and java source code two aspect) successively as follows.
Leak regular fashion one: extract the broadcast component without signature verification from the source code file of application program, obtains the broadcast component externally exposed.
Aforesaid way one is described in detail for Android operation system:
Android platform provides the Authority Verification mechanism of part broadcast component, broadcast component can comprise " normal ", " dangerous ", " signature ", " signatureOrSystem ", wherein, only have " signature ", function that " signatureOrSystem " these two kinds of broadcast component possess signature verification, therefore, extract the broadcast component not possessing signature verification, the broadcast component as possibility potential threat is saved to broadcast component list.
Leak regular fashion two: extract the broadcast component not using system class to carry out dynamic registration from the source code file of application program, obtains the broadcast component externally exposed.
Aforesaid way two is described in detail for Android operation system:
Because Android platform provides the broadcast component of dynamic registration, because the broadcast component using LocalBroadcastManager to carry out registering is only limitted to current process, there is the potential risk of being held as a hostage, therefore the BroadcastReceiver registered according to the registerReceiver method of LocalBroadcastManager will be extracted, as matched and searched to the broadcast component of dynamic registration be saved to above-mentioned broadcast component list.
The scheme that analysis aforesaid way one and mode two provide is known, for the broadcast component BroadcastReceiver carrying out dynamic registration in the application, performs judgement at java source code according to following logic:
If define Intentfilter object, then containing the predefined action of nonsystematic; By registerReceiver interface dynamic registration broadcast component in code, except following two class broadcast component belong to the risk situation that there is not exposure, all there is the risk externally exposed in other broadcast component: a kind of is the BroadcastReceiver registered by system class LocalBroadcastManager, and effect is only limitted in current process; Another kind is that registerReceiver interface has added permission verification.
Leak regular fashion three: the label of the broadcast component of static registration and/or property value in detection system inventory file, extracts label and/or property value meets pre-conditioned broadcast component as the broadcast component externally exposed.
Aforesaid way three is described in detail: by reading the content of text of the java source code file that decompiling obtains for Android operation system, coupling, whether containing the code characteristic meeting label and/or the property value preset, if having, extracts the information of corresponding dynamic assembly BroadcastReceiver.Such as, can the labels such as exported, permission and intent-filter and attribute be considered, detect the exposure assembly of app.
In the flow process whether the broadcast component BroadcastReceiver of detection static registration as shown in Figure 6 externally exposes, considered and there is exported and permission attribute simultaneously, or intentfilter label and permission attribute time exposure.Concrete testing process is as follows:
Step S501, obtains the defined file of the broadcast component of current static registration.
Step S502, judges whether the defined file of this broadcast component comprises exported label, if comprised, then enters step S503, otherwise, proceed to step S505.
Step S503, judges the property value of exported label, if the property value of this exported label is false, then determine broadcast component that current static the registers assembly as non-exposed, otherwise, if the property value of this exported label is ture, then enter step S504.
Step S504, judges whether the defined file of this broadcast component comprises permission attribute simultaneously, if comprised, determines broadcast component that current static the registers assembly as non-exposed, otherwise, represent broadcast component that the current static register assembly as exposure.Permission attribute in this step is nonsystematic authority and adds the self-defined authority of the basic protection of signature.
Step S505, judges whether the defined file of this broadcast component comprises intentfilter label, if comprised, then enters step S506, otherwise, determine broadcast component that current static the registers assembly as non-exposed.Intentfilter label is herein non-application software app homepage AUCHERActivity.
Step S506, judges whether the defined file of this broadcast component comprises permission attribute simultaneously, if comprised, determines broadcast component that current static the registers assembly as non-exposed, otherwise, represent broadcast component that the current static register assembly as exposure.
What need to further illustrate is herein, above-mentioned three kinds of regular fashions that the application provides can select wherein a kind of, two or three be applied to the broadcast component extracting and externally expose, in the application process that three kinds of modes all adopt, the process that three kinds of mode orders carry out extracting can be adopted successively, the sequence of extraction of these three kinds of modes can carry out combination in any, and the application does not limit at this.
Can by any one or various ways execution are according to the regular step extracting the broadcast component of externally exposure from the source code file and system list file of application program of broadcast component leak as follows, the broadcast component leak rule namely preset in the above embodiments of the present application can according to any one or various ways detect successively as follows.
Preferably, in the implementation process of the above embodiments of the present application, step S28 sends test and is broadcast to application program, obtains broadcast safe monitoring result and can comprise following implementation process:
First, send test and be broadcast to application program.
Then, detect the process whether comprising application program in application process list, wherein, if the process comprising application program in application process list detected, broadcast safe monitoring result is test broadcast safe, if the process not comprising application program in application process list detected, then broadcast safe monitoring result is held as a hostage for testing broadcast.
It should be noted that herein, such scheme achieves the broadcast component for each exposure, can by send this broadcast component corresponding be broadcast to application program, by tested application program app to the result that it responds test current broadcast assembly be whether the assembly with risk leak also need to further illustrate herein be, in the above embodiments of the present application, the step simulating at least one test broadcast according to the broadcast component in broadcast component list can realize in the following way: obtain the source code text message mated with each broadcast component in broadcast component list, use source code text message to construct broadcast corresponding to broadcast component as the destination object of broadcast, generate test broadcast.
Such as, after screening obtains broadcast component list, the test that sending module can adopt the mode of adb instruction to send structure is broadcast to application program (as: adbambroadcasta component Name d broadcasted content), thus determines whether test broadcast is held as a hostage further by the response results detecting application software.
In summary, in Android Android operation system in the embodiment one that the application provides, detection is kidnapped in broadcast can be divided into three parts, Part I, reverse-engineering process can be carried out, the source code (i.e. the set of java source code) of the program that is applied and system list file (namely registering the AndroidManifest.xml file of broadcast) by the installation compressed package APK of application programs; Part II, obtains the static broadcast assembly of application registration after filtering and the broadcast component of dynamic registration, namely carries out filtration by rule to the broadcast component of static registration in source code and system list file and extract, obtain broadcast component list; Part III, simulation transmission is broadcast to application program, detects application program reaction.Namely according to the broadcast component list name obtained, broadcast message is sent to application program by simulator program, in further detection system, whether application process exists to verify whether the broadcast of initiation is held as a hostage, and if there is no, then illustrates that can be initiated broadcast kidnaps.Just a kind of alternative of the application is applied in the function that above-mentioned application scenarios realizes and is described in detail below.
Testing process idiographic flow is as follows:
First, the APK installation kit of input Android application, and extract the broadcast component leak rule in broadcast leak rule base, as previously mentioned, this broadcast component leak rule comprises three kinds of modes.
Then, receive APK installation kit by the reverse module of APK, be converted to java source code file collection by reverse decompiling:
(1), decompression APK installation kit, obtain classes.dex file.
(2), use dex2jar program, change classes.dex into jar file.
(3), decompression jar file, obtain class class file and bibliographic structure thereof.
(4), batch decompiling class class file, obtain java source file and bibliographic structure thereof.
Then, for the unchecked java source file of in java source file bibliographic structure, open file, and perform following operation:
A, by row file reading content, read next line (or first trip) content of text, and perform b.
Broadcast component leak rule 1 (i.e. leak regular fashion one in b, characteristic matching broadcast leak rule base, if rule needs multirow to mate, automatic reading subsequent rows text), if correctly mate, then record the source code lines text in the broadcast component place program code text of registration, and skip to e; Otherwise skip to c.
Broadcast component leak rule 2 (i.e. leak regular fashion two in c, characteristic matching broadcast leak rule base, if rule needs multirow to mate, automatic reading subsequent rows text), if correctly mate, then record the source code lines text in the broadcast component place program code text of registration, skip to e; Otherwise skip to d.
Broadcast component leak rule 3 (i.e. leak regular fashion three in d, characteristic matching broadcast leak rule base, if rule needs multirow to mate, automatic reading subsequent rows text), if correctly mate, then record the source code lines text in the broadcast component place program code text of registration, skip to e; Otherwise skip to d.
If e current line is not that end-of-file is capable, skip to a step; Otherwise skip to f.
F, obtain the information of broadcast component for coupling and carry out check processing.This test processes process comprises following implementation step: first, the source code text message recorded is submitted to the broadcast module of structure automatically in above-mentioned b to e, and this broadcast module structure broadcast transmission is in system; Then, by detect list of application, disappear if be applied in process, illustrate and kidnaps successfully, now, need record current broadcast title, otherwise return continuation construct broadcast module detect; Finally, mobile terminal can acquire the successful broadcast component list of existence abduction is the final detection result of native system.
In above-described embodiment, the temporary file generated in reverse-engineering processing procedure can also be cleared up further, to reduce system resource waste.
Embodiment 2:
Fig. 7 is the schematic diagram of the broadcast safe pick-up unit according to the embodiment of the present invention two.
As shown in Figure 7, the broadcast safe pick-up unit be somebody's turn to do can comprise: acquisition module 60, screening module 62, analog module 64 and test module 66.
Wherein, acquisition module 60, for obtaining source code file and the system list file of application program; Screening module 62, for extracting according to broadcast component leak rule the broadcast component externally exposed from the source code file and system list file of application program, form broadcast component list, wherein, broadcast component leak rule is for determining that broadcast component is in the decision condition of external exposed state; Analog module 64, for simulating at least one test broadcast based on the broadcast component in broadcast component list; Test module 66, is broadcast to application program for sending test, obtains broadcast safe monitoring result.
The device that the above embodiments of the present application provide can run on mobile terminals, and in implementation process, network game client in the above-described embodiments can be installed the mobile terminal after Android Android operation system.
It can thus be appreciated that the above embodiments of the present application provide broadcast in a kind of Aulomatizeted Detect android system and kidnap the fexible unit of leak.Because broadcast component serves the effect of length of a game's audiomonitor, upon registration, if the broadcast event intent matched with broadcast component is employed program broadcast out, will perform immediately, thus realize the process full automation of application program, if namely the Intent of a coupling has been broadcasted, then application program will start automatically, and the broadcast component of corresponding registration also can bring into operation.It can thus be appreciated that, in the above embodiments of the present application, after the broadcast component of registration is screened, can obtain having the broadcast component that excessive risk is held as a hostage, for these broadcast component, by constructing corresponding test broadcast, realize automation of broadcast continuity method of testing, namely construct test and broadcast to corresponding Android application program, if application program does not respond, the duty contradiction that then can perform immediately normally with it, solve prior art thus cannot detect the current broadcast of Android android system whether can by malice abduction problem, thus can determine that the broadcast component that excessive risk is held as a hostage that has corresponding to current test broadcast is held as a hostage.
It should be noted that herein, the acquisition module 60 that the above embodiments of the present application provide, screening module 62, analog module 64 and test module 66 can run on mobile terminals, in implementation process, mobile terminal in the above-described embodiments can be Android operation system has been installed after client, with in the application for Android Android operation system, embodiment shown in above-mentioned Fig. 2 and Fig. 3 achieves Static Detection process and dynamic testing process, wherein, Static Detection process mainly comprises: after the installation kit of Android application program is converted to java source code collection by reverse Engineering Technology, can according to presetting and being kept at the regular broadcast component screening dynamic registration and static registration of broadcast component leak in rule base, determine to have high risk of kidnapping, do not carry out the broadcast component list verified, dynamic testing process mainly comprises: according to the broadcast component list detected, the corresponding Android application program that structure automation of broadcast continuity sends, and according to the implementation status arrived after Android device, thus obtains Android broadcast safe testing result.
It should be noted that herein, the acquisition module 60 that the above embodiments of the present application provide, screening module 62, analog module 64 and test module 66 have identical application scenarios with the method step S20 to step S28 provided in embodiment one, but the example that the method for being not limited to provides.And above-mentioned modules can operate in mobile terminal as a part for hardware.
Preferably, said apparatus can also comprise: confirm module, if for detecting that application program does not respond, then determines that test broadcast is held as a hostage.
Preferably, as shown in Figure 8, the application's above-mentioned screening module 62 can comprise following any one or multiple extraction module:
First extraction module 621, for extracting the broadcast component without signature verification from the source code file of application program, obtains the broadcast component externally exposed.
Second extraction module 623, for extracting the broadcast component not using system class to carry out dynamic registration from the source code file of application program, obtains the broadcast component externally exposed.
3rd extraction module 625, for label and/or the property value of the broadcast component of static registration in detection system inventory file, extraction label and/or property value meet pre-conditioned broadcast component as the broadcast component externally exposed.
It should be noted that, each extraction module that the above embodiments of the present application provide has identical application scenarios with the three kinds of leak regular fashions provided in embodiment one herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in mobile terminal as a part for hardware.
Preferably, as shown in Figure 9, the above-mentioned test module 66 of the application can comprise: sending module 661, detection module 663, first testing result module 665 and the second testing result module 667.
Wherein, sending module 661, is broadcast to application program for sending test; Detection module 663, for detecting the process whether comprising application program in application process list; First testing result module 665, if for the process comprising application program in application process list being detected, broadcast safe monitoring result is test broadcast safe; Second testing result module 667, if for the process not comprising application program in application process list being detected, then broadcast safe monitoring result is held as a hostage for testing broadcast.
It should be noted that herein, the sending module 661 that the above embodiments of the present application provide, detection module 663, first testing result module 665 and the second testing result module 667 have identical application scenarios with the corresponding method step provided in embodiment one, but the example that the method for being not limited to provides.And above-mentioned modules can operate in mobile terminal as a part for hardware.
Preferably, as shown in Figure 10, the above-mentioned analog module of the application 64 can comprise: sub-acquisition module 641 and generation module 643.
Wherein, sub-acquisition module 641, for obtaining the source code text message mated with each broadcast component in broadcast component list; Generation module 643, for using source code text message to construct broadcast corresponding to broadcast component, generates test broadcast.
It should be noted that, the sub-acquisition module 641 that the above embodiments of the present application provide and generation module 643 have identical application scenarios with the corresponding method step provided in embodiment one herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in mobile terminal as a part for hardware.
Preferably, as shown in figure 11, the acquisition module 60 in the above embodiments of the present application can comprise: read module 601, decompression module 603 and reverse-engineering processing module 605.
Wherein, read module 601, for reading the installation file of application program; Decompression module 603, for the installation file of decompression applications program, obtains class file collection and binary system inventory; Reverse-engineering processing module 605, for using reversal technique to carry out decompiling to class file collection, generating the source code file of application program, and binary system inventory is converted to system list file.
It should be noted that, the read module 601 that the above embodiments of the present application provide, decompression module 603 and reverse-engineering processing module 605 have identical application scenarios with the corresponding method step provided in embodiment one herein, but the example that the method for being not limited to provides.And above-mentioned modules can operate in mobile terminal as a part for hardware.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
In the above embodiment of the present invention, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
In several embodiments that the application provides, should be understood that, disclosed client, the mode by other realizes.Wherein, device embodiment described above is only schematic, the such as division of described unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of unit or module or communication connection can be electrical or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, ROM (read-only memory) (ROM, Read-OnlyMemory), random access memory (RAM, RandomAccessMemory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the premise without departing from the principles of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.

Claims (12)

1. a broadcast safe detection method, is characterized in that, comprising:
Obtain source code file and the system list file of application program;
From the source code file and described system list file of described application program, the broadcast component externally exposed is extracted according to broadcast component leak rule, form broadcast component list, wherein, described broadcast component leak rule is for determining that described broadcast component is in the decision condition of external exposed state;
At least one test broadcast is simulated based on the broadcast component in described broadcast component list;
Send described test and be broadcast to described application program, obtain broadcast safe monitoring result.
2. method according to claim 1, is characterized in that, if detect that described application program does not respond, then determines that described test broadcast is held as a hostage.
3. method according to claim 1, it is characterized in that, the described step extracting the broadcast component externally exposed according to broadcast component leak rule from the source code file and described system list file of described application program comprises following any one or various ways:
Mode one: extract the broadcast component without signature verification from the source code file of described application program, obtains the broadcast component of described external exposure;
Mode two: extract the broadcast component not using system class to carry out dynamic registration from the source code file of described application program, obtains the broadcast component of described external exposure;
Mode three: the label and/or the property value that detect the broadcast component of static registration in described system list file, extracts described label and/or property value meets the broadcast component of pre-conditioned broadcast component as described external exposure.
4. method according to claim 1, is characterized in that, sends described test and is broadcast to described application program, and the step obtaining broadcast safe monitoring result comprises:
Send described test and be broadcast to described application program;
Detect the process whether comprising described application program in application process list, wherein, if the process comprising described application program in described application process list detected, described broadcast safe monitoring result is described test broadcast safe, if the process not comprising described application program in described application process list detected, then described broadcast safe monitoring result is that described test broadcast is held as a hostage.
5. method according to claim 1, is characterized in that, the step simulating at least one test broadcast based on the broadcast component in described broadcast component list comprises:
Obtain the source code text message mated with each broadcast component in described broadcast component list;
Use described source code text message to construct broadcast corresponding to broadcast component, generate described test broadcast.
6. method according to claim 1, is characterized in that, the step of the source code file and system list file that obtain described application program comprises:
Read the installation file of described application program;
The installation file of the described application program that decompresses, obtains class file collection and binary system inventory;
Use reversal technique to carry out decompiling to described class file collection, generate the source code file of described application program, and described binary system inventory is converted to described system list file.
7. a broadcast safe pick-up unit, is characterized in that, comprising:
Acquisition module, for obtaining source code file and the system list file of application program;
Screening module, for extracting according to broadcast component leak rule the broadcast component externally exposed from the source code file and described system list file of described application program, form broadcast component list, wherein, described broadcast component leak rule is for determining that described broadcast component is in the decision condition of external exposed state;
Analog module, for simulating at least one test broadcast based on the broadcast component in described broadcast component list;
Test module, is broadcast to described application program for sending described test, obtains broadcast safe monitoring result.
8. device according to claim 7, is characterized in that, described device also comprises: determination module, if for detecting that described application program does not respond, then determines that described test broadcast is held as a hostage.
9. device according to claim 7, is characterized in that, described screening module comprises following any one or multiple extraction module:
First extraction module, for extracting the broadcast component without signature verification in the source code file from described application program, obtains the broadcast component of described external exposure;
Second extraction module, for extracting the broadcast component not using system class to carry out dynamic registration in the source code file from described application program, obtains the broadcast component of described external exposure;
3rd extraction module, for detecting label and/or the property value of the broadcast component of static registration in described system list file, extracts described label and/or property value meets the broadcast component of pre-conditioned broadcast component as described external exposure.
10. device according to claim 7, is characterized in that, described test module comprises:
Sending module, is broadcast to described application program for sending described test;
Detection module, for detecting the process whether comprising described application program in application process list;
First testing result module, if for the process comprising described application program in described application process list being detected, described broadcast safe monitoring result is described test broadcast safe;
Second testing result module, if for the process not comprising described application program in described application process list being detected, then described broadcast safe monitoring result is that described test broadcast is held as a hostage.
11. devices according to claim 7, is characterized in that, described analog module comprises:
Sub-acquisition module, for obtaining the source code text message mated with each broadcast component in described broadcast component list;
Generation module, for using described source code text message to construct broadcast corresponding to broadcast component, generates described test broadcast.
12. devices according to claim 7, is characterized in that, described acquisition module comprises:
Read module, for reading the installation file of described application program;
Decompression module, for the installation file of the described application program that decompresses, obtains class file collection and binary system inventory;
Reverse-engineering processing module, for using reversal technique to carry out decompiling to described class file collection, generates the source code file of described application program, and described binary system inventory is converted to described system list file.
CN201410216870.2A 2014-05-21 2014-05-21 Broadcast safe detection method, device Active CN105095753B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410216870.2A CN105095753B (en) 2014-05-21 2014-05-21 Broadcast safe detection method, device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410216870.2A CN105095753B (en) 2014-05-21 2014-05-21 Broadcast safe detection method, device

Publications (2)

Publication Number Publication Date
CN105095753A true CN105095753A (en) 2015-11-25
CN105095753B CN105095753B (en) 2019-02-26

Family

ID=54576161

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410216870.2A Active CN105095753B (en) 2014-05-21 2014-05-21 Broadcast safe detection method, device

Country Status (1)

Country Link
CN (1) CN105095753B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107967210A (en) * 2017-12-04 2018-04-27 东软集团股份有限公司 Android module testings case generation method and device
CN108491327A (en) * 2018-03-26 2018-09-04 中南大学 A kind of Android application dynamic Receiver components local refusal service leak detection method
CN110032871A (en) * 2019-04-22 2019-07-19 广东工业大学 A kind of safety detection method, device and the medium of the inter-component communication of application program
CN111371837A (en) * 2020-02-07 2020-07-03 北京小米移动软件有限公司 Function presenting method, function presenting device, and storage medium
CN111459822A (en) * 2020-04-01 2020-07-28 北京字节跳动网络技术有限公司 Method, device and equipment for extracting system component data and readable medium
CN113626312A (en) * 2021-07-15 2021-11-09 荣耀终端有限公司 Test method, electronic device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120222120A1 (en) * 2011-02-24 2012-08-30 Samsung Electronics Co. Ltd. Malware detection method and mobile terminal realizing the same
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN103186740A (en) * 2011-12-27 2013-07-03 北京大学 Automatic detection method for Android malicious software

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120222120A1 (en) * 2011-02-24 2012-08-30 Samsung Electronics Co. Ltd. Malware detection method and mobile terminal realizing the same
CN103186740A (en) * 2011-12-27 2013-07-03 北京大学 Automatic detection method for Android malicious software
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107967210A (en) * 2017-12-04 2018-04-27 东软集团股份有限公司 Android module testings case generation method and device
CN108491327A (en) * 2018-03-26 2018-09-04 中南大学 A kind of Android application dynamic Receiver components local refusal service leak detection method
CN108491327B (en) * 2018-03-26 2020-08-25 中南大学 Android application dynamic Receiver component local denial of service vulnerability detection method
CN110032871A (en) * 2019-04-22 2019-07-19 广东工业大学 A kind of safety detection method, device and the medium of the inter-component communication of application program
CN111371837A (en) * 2020-02-07 2020-07-03 北京小米移动软件有限公司 Function presenting method, function presenting device, and storage medium
CN111459822A (en) * 2020-04-01 2020-07-28 北京字节跳动网络技术有限公司 Method, device and equipment for extracting system component data and readable medium
CN111459822B (en) * 2020-04-01 2023-10-03 抖音视界有限公司 Method, device, equipment and readable medium for extracting system component data
CN113626312A (en) * 2021-07-15 2021-11-09 荣耀终端有限公司 Test method, electronic device and storage medium

Also Published As

Publication number Publication date
CN105095753B (en) 2019-02-26

Similar Documents

Publication Publication Date Title
CN105095753A (en) Broadcast safe detection method and device
CN105303112A (en) Component calling bug detection method and apparatus
EP3036645B1 (en) Method and system for dynamic and comprehensive vulnerability management
CN109635523B (en) Application program detection method and device and computer readable storage medium
CN109388532B (en) Test method, test device, electronic equipment and computer readable storage medium
CN104715195B (en) Malicious code detection system and method based on dynamic pitching pile
US20170353481A1 (en) Malware detection by exploiting malware re-composition variations using feature evolutions and confusions
CN105224869A (en) Assembly test method and device
CN106709325B (en) Method and device for monitoring program
CN104331662B (en) Android malicious application detection method and device
CN103996007A (en) Testing method and system for Android application permission leakage vulnerabilities
CN104517054A (en) Method, device, client and server for detecting malicious APK
CN104090751B (en) A kind of method that root authority is obtained in android system
CN104376266A (en) Determination method and device for security level of application software
CN105760756A (en) System And Method For Detecting Modified Or Corrupted External Devices
CN110855642B (en) Application vulnerability detection method and device, electronic equipment and storage medium
CN103677898A (en) Method for checking loaded extension and/or plug-in on server side and server
CN109657468B (en) Virus behavior detection method, device and computer readable storage medium
CN105653947A (en) Method and device for assessing application data security risk
CN111835756A (en) APP privacy compliance detection method and device, computer equipment and storage medium
CN104123496A (en) Rogue software interception method, device and terminal
CN111294347B (en) Safety management method and system for industrial control equipment
CN109960937B (en) Method and system for constructing vulnerability drilling environment
CN109543409B (en) Method, device and equipment for detecting malicious application and training detection model
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210926

Address after: 518000 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 Floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518000, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

TR01 Transfer of patent right