CN106919844A - A kind of android system vulnerability of application program detection method - Google Patents
A kind of android system vulnerability of application program detection method Download PDFInfo
- Publication number
- CN106919844A CN106919844A CN201710078479.4A CN201710078479A CN106919844A CN 106919844 A CN106919844 A CN 106919844A CN 201710078479 A CN201710078479 A CN 201710078479A CN 106919844 A CN106919844 A CN 106919844A
- Authority
- CN
- China
- Prior art keywords
- apk
- leak
- bags
- application program
- apk bags
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of android system vulnerability of application program detection method, can be used for penetration testing and APK security tests.The inventive method analyzes APK bags to be detected first, determines its leak species that may be present;The earlier version of APK bags is then looked for, and is sorted according to issuing time order;The APK bags of searching loop earlier version, APK usability testings are carried out to it;For the APK bags that there is network connection, the analysis test of network packet capturing sniff is carried out one by one, find leak;For the APK bags in the absence of network connection, unpacking Reverse engineering operation is carried out, analyse whether there is leak;Attacked using the leak for finding, soundd out whether attack succeeds, if it succeeds, being defined as leak.
Description
Technical field
The invention belongs to cyberspace security technology area, more particularly to a kind of inspection of android system vulnerability of application program
Survey method.
Background technology
In recent years, intelligent sliding moved end is quickly grown, and Android operation system is increased income with it, beautiful interface, Consumer's Experience are good
Deng many advantages in the case where intelligent sliding moved end operating system stands in great numbers the situation emerged in large numbers, the market share of maximum is occupied rapidly.
Gate threshold is relatively low also due to its developer enters for the installation procedure APK of Android, and the reason such as support third party's exploitation enjoys exploitation
The favor of person.During an APK exploitation to application, normal condition will experience many versions, interior survey from the beginning
Version is to public testing version, then commercial version finally.More new capital each time is the once lifting to itself, earlier version
APK is limited by technology, and developer's lacks experience, and Networks and information security problem is especially related on stream
Deal with improperly, it is likely that cause earlier version to there is leak or defect in many logical designs or in safety applications.
For the APK application programs of latest edition, it is very difficult to want to be analyzed by reverse-engineering means, because
Its code typically takes corresponding safeguard measure.But this point is not obvious in earlier version.If in fact, attacked
Person can launch to attack to the APK bags of early stage, recover source code, or by analyzing agreement, take some enterprises and still using
RestfulAPI interfaces, then the ability of attacker will become very strong, it is likely that take some valuable information, very
To directly to enterprise servers expansion attack.
Foregoing reverse-engineering, as the term suggests, it is exactly, by existing product, it to be carried out inversely using some technological means
Deduce, finally restore the original system architecture of product, module composition etc..For an Android application program, we
Logical code, framework, function call tree, the interface source of APK can be restored using some instruments by the APK bags of most original
Code etc..Common instrument has APKTool and dex2jar, and this is also the instrument that we mainly use.In addition, have specifically designed in
The (SuSE) Linux OS of Android reverse-engineerings, is integrated with the instrument that can much carry out decompiling.
Traditional APK leak detection methods, lay particular emphasis on carries out Hole Detection in newest version, can only so find to work as
The leak of preceding version client application, and the leak for being present in server end but not used in redaction cannot be found.This is
One blind spot of traditional detection method.
Additionally, traditional APK leak detection methods, only carry out Hole Detection to an APK for version, have ignored version with
Contact between version, thus testing result has limitation, it is impossible to the security to APK carries out the evaluation and test of Comprehensive.
The content of the invention
It is an object of the invention to provide a kind of android system vulnerability of application program detection method, energy effective detection goes out
The leak of application program, aids in the security of server penetration testing or penetration testing engineer to third party's APK softwares
Assessment etc..
Android system vulnerability of application program detection method of the present invention, comprises the following steps:
Step one, analysis APK bags to be detected, determine its leak species that may be present;
Step 2, the earlier version for finding APK bags, and from morning to night sorted each version according to issuing time order;
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, can test APK bags normally use;
If can not normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy, until looking for
To an available APK bag, step 4 is entered after finding;
Step 4, for the APK bags in the absence of network connection, step 5 is directly entered, for the APK that there is network connection
Bag, the analysis test of network packet capturing sniff is carried out to APK bags, finds leak;After being completed, to remaining available earlier version
APK bags carry out the analysis test of network packet capturing sniff one by one, find leak, and record each leak for finding;
Step 5, unpacking Reverse engineering operation is carried out to APK bags, analyze it and whether there is leak;To remaining available morning
Phase version APK carries out reverse-engineering test, each leak that record finds;
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak.
As can be known from the above technical solutions, the present invention APK bag to be detected by analyzing test, determines its leakage that may be present
Hole species;The earlier version of APK bags is then looked for, according to each version that sorts from the old to the new;The APK of searching loop earlier version
Bag, APK usability testings are carried out to it, for the APK bags that there is network connection, packet capturing analysis operation are carried out to APK, are recorded
The various parameters that APK is produced.For the APK in the absence of network connection, or the APK that packet capturing analysis is finished, unpack inversely
Engineering operation, with reference to network flow analysis, it whether there is leak, finally, be attacked using the leak for finding, and sound out what is attacked
Whether succeed.
Compared with prior art, the invention has the advantages that and beneficial effect:To numerous versions of APK bags, from old edition
This carries out leak test one by one to redaction, i.e., carry out Hole Detection by the way of global version.On the one hand, using former
The leak of version infers the leak of redaction so that more purposive in detection process;Still further aspect, global version
Hole Detection mode, leak can be more fully detected, so as to have a more comprehensive evaluation and test knot to the security of APK
Really.
Brief description of the drawings
Fig. 1 is a kind of flow chart of android system vulnerability of application program detection method provided in an embodiment of the present invention.
Specific embodiment
With reference to embodiment and Figure of description, the present invention is described in further detail, but specific reality of the invention
Apply mode not limited to this.
Embodiment
Android system vulnerability of application program detection method of the present invention first determine prepare detection APK application programs and its
Leak species that may be present;Then, the earlier version of APK bags is found, earlier version is launched one one by one according to certain order
The penetration testing of series;Finally, the test of packet capturing sniff and converse works analyzing are carried out to APK bags;Finally, sent out using earlier version
Existing leak, attacks the APK applications of existing version.Such as Fig. 1, each step is specific as follows:
Step one, analysis APK bags to be detected, determine its leak species that may be present.Leak species that may be present
Including scenario described below:
1st, the core algorithm continued to use is revealed.Most prominent be exactly in gaming, many algorithms once it is determined that after all without change
More.Such as 2048, pixel bird, plant Great War corpse, the fruit person of bearing game.If the source code of early stage is cracked, present
Game is just easy to pirate.
2nd, the UI designs that leakage is continued to use.In existing many android system application programs, it is understood that there may be part interface
It is similar or even identical with early stage.
3rd, communication mechanism and internal agreement.Such as the Andriod system clients of the version of Baidu's cloud 3.0, still can access
The existing server of Baidu's cloud.
4th, the security parameter that client and server are consulted, the parameter can be used as the Service Ticket of APK logins.
5th, the coding style of enterprise is revealed.Different enterprises has different management to want in code development management regulation
Ask.Have plenty of can with disclosed, and some coding styles or the code administration specification revealed to be that enterprise does not allow disclosed.
6th, weak security mechanism operate interface.The operate interface being exposed by earlier version, directly attacks security mechanism
Poor server.
7th, attacker tries to figure out the code and algorithm of other platforms by android system platform.It is likely to their calculation
Method is the same, and at least structure is the same.
8th, source code is distorted.Bypass the embedded inspection mechanism of client or implantation virus, if any client exist and visit
The limitation in number of times and time limit is asked, if the easily client release of decompiling before taking, we just can again be usurped using it
Change source code and be transferred to backstage.
Step 2, the earlier version for finding the APK bags, and from morning to night sorted each version according to issuing time order.Seek
Look for the earlier version can be in the following way:
1st, third-party platform:Many third-party platforms, such as Android market, mobile phone paradise, both provide an APK correspondence
The download link of old version.
2nd, official's issue:Official has oneself website, microblog account, mhkc etc., and oneself is issued most by these channels
New APK versions.By the issue situation of its multiple version, we can get the APK versions of early stage.
3rd, search engine.Scanned for by Baidu or google search engine, the keyword of search includes:
1) APK titles+" old version ", such as Taobao's old version;
2) APK titles+blurry versions number, such as Taobao 1.0, Baidu's cloud 2.0, youku.com 2.2;
3) APK titles+specific version number, specific version number is typically set up on the basis of blurry versions number, if work as search
Suo Liao Taobaos 1.0, what search engine fed back is all version informations relevant with 1.0, and such as Taobao 1.0.5 is issued today,
The important renewals of Taobao 3.1.0.In consideration of it, version number can be refined, complete precise search and download.
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, whether test the APK bags can be normal
Use;If cannot normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy,
Untill an available APK bag is found, step 4 is entered after finding.
Determine an issuing time for application program, method that can be by decompressing APK bags obtains it
The generation time of files such as " classes.dex ", the time may be considered the issuing time of APK, and this uses programming language right and wrong
What Chang Rongyi was realized.
Usability testing can combine step 4.If an APK cannot be used, then the follow-up institute carried out to it
It is all futile to have operation.Thus it is possible to it is no normal using the first step for being APK detection operations, it is also a step the most basic.
Step 4, for the APK bags in the absence of network connection, step 5 is directly entered, for the APK that there is network connection
Bag, the analysis test of network packet capturing sniff is carried out to APK bags, finds leak;After being completed, to remaining available earlier version
APK bags carry out the analysis test of network packet capturing sniff one by one, find leak, and record each leak for finding.
Network packet capturing sniff, refers to the communication data by capturing proper network, packet sniffing is carried out, to what is grabbed
Packet is unpacked and is unpacked, it is intended to understand the concrete meaning of each field references of data in bag, and attempts to data
Bag simulant-client is interacted with server.
Leak is found, mainly the parameter related to operation is searched by the data flow between client and server,
Data stream is analyzed, with quick lock in target (i.e. leak).Aforementioned parameters generally comprise variable name and corresponding value, generally
By operator "=" connection, it is very easy to identified.Specifically, judge that leak valuable parameter can be divided into following three
Kind:
(1) operation behavior parameter:Indicate the key-value pair of operation behavior.Now, variable name is probably an abbreviation, such as
" op ", " method " etc..Its corresponding value may look like some character strings, comprising the behavior that will be carried out at present, such as
“del”、“delete”。
(2) object parameter is operated:The key-value pair of operation object is indicated, variable name represents " to delete title ", these changes
Amount name may shape such as " name ", " file ".Corresponding value is specific filename etc..
(3) parameters for authentication:Indicate the key-value pairs such as subscriber identity information or session key.Ordinary circumstance, the change of user name
Amount shape such as " u ", " username ".Cryptographic variable name then shape such as " password ", " pwd ".The variable name of parameters for authentication
Then shape such as " secret ", " sig ".Not always in plain text, if value is ciphertext, encryption key is necessarily embedded in visitor to the value of submission
In the source code of family end, the further operation of waiting step five is recorded.
Step 5, unpacking Reverse engineering operation is carried out to the APK bags, analyze it and whether there is leak.To remaining available
Earlier version APK carries out reverse-engineering test, each leak that record finds.
Because the parameters for authentication obtained in step 4, often it is not necessarily in plain text, it is impossible to be directly used in certification or attack
Behavior, so, general way is that APK bags are carried out into Reverse engineering operation, parses the parameters for authentication algorithm of inside or solid
Change the authentication secret inside application program.Using the version of linked network, we can decode communication mechanism and internal agreement,
The leak of the aspects such as security parameter, the weak security mechanism that client is consulted with server.
For the version for being not connected to network, we can utilize the source code for parsing, thus it is speculated that the core that application program is continued to use
Center algorithm, the UI for continuing to use designs, the attack leak of the coding style of enterprise, spanning operation system platform and distort source code authority and bypass
Deng being that enterprise android system application program development leak in these areas is sounded the alarm.
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak.
The method of attack can be:
1) source code is read, core algorithm is decoded.
2) source code is read, UI designs are decoded.
3) source code, parsing enterprise coding style are read.
4) source code is read, the cross-platform point of attack is found.
5) source code is read, authority is carried out and is bypassed.
6) network flow is packed, carrying out data to operation behavior parameter, operation object parameter etc. Reseals, and utilizes
The instruments such as TCPReplay, Fiddler carry out Replay Attack and man-in-the-middle attack etc..
7) source code is read, authentication mechanism and packaging network flow is understood, to specifying user name and password to carry out exhaustion.
8) source code is read, weak security mechanism interface and packaging network flow is understood, directly weak security mechanism interface is carried out
Leak is attacked.
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all in essence of the invention
Any modification, equivalent and improvement made within god and principle etc., should be included within the scope of the present invention.
Claims (7)
1. a kind of android system vulnerability of application program detection method, it is characterised in that comprise the following steps:
Step one, analysis APK bags to be detected, determine its leak species that may be present;
Step 2, the earlier version for finding APK bags, and from morning to night sorted each version according to issuing time order;
Step 3, the APK bags from earliest issue carry out the test of APK availabilities, that is, can test APK bags normally use;If
Can not normally use, continue to select next APK bags to be tested according to issuing time order, by that analogy, until finding one
Untill individual available APK bags, step 4 is entered after finding;
Step 4, for the APK bags in the absence of network connection, be directly entered step 5, for the APK bags that there is network connection,
The analysis test of network packet capturing sniff is carried out to APK bags, leak is found;After being completed, to remaining available earlier version APK bags
The analysis test of network packet capturing sniff is carried out one by one, finds leak, and record each leak for finding;
Step 5, unpacking Reverse engineering operation is carried out to APK bags, analyze it and whether there is leak;To remaining available early stage version
This APK carries out reverse-engineering test, each leak that record finds;
Step 6, attacked using the leak for finding, sound out to attack and whether succeed, if it succeeds, being defined as leak.
2. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step one
Leak species that may be present includes:The core algorithm that leakage is continued to use;The UI designs that leakage is continued to use;Communication mechanism and internal association
View;The security parameter that client is consulted with server;Reveal the coding style of enterprise;Weak security mechanism operate interface;Early stage version
Originally the operate interface being exposed;Distort source code.
3. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 2
The mode for finding APK bag earlier versions includes:Third-party platform, official's issue or search engine.
4. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that during the issue
Between determination mode be:The generation time of its " classes.dex " file is obtained as the issue of APK bags by decompressing APK bags
Time.
5. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 4
Find leak mode be:By the data flow between client and server, search and operation relevant parameter, data are flowed into
Row analysis, to lock leak.
6. android system vulnerability of application program detection method as claimed in claim 5, it is characterised in that the related ginseng
Number includes:
(1) operation behavior parameter, the operation behavior parameter indicates the key-value pair of operation behavior;
(2) object parameter, the operation object parameter is operated to indicate the key-value pair of operation object;
(3) parameters for authentication, the parameters for authentication indicates subscriber identity information or session key key-value pair.
7. android system vulnerability of application program detection method as claimed in claim 1, it is characterised in that described in step 6
The method of attack includes:
A, read source code, decode core algorithm, decode UI designs, parsing enterprise coding style, find the cross-platform point of attack or
Authority is carried out to bypass;
B, packaging network flow, carry out data and Reseal to operation behavior parameter, operation object parameter, using TCPReplay,
Fiddler instruments carry out Replay Attack and man-in-the-middle attack;
C, reading source code, understand authentication mechanism and packaging network flow, to specifying user name and password to carry out exhaustion;
D, reading source code, understand weak security mechanism interface and packaging network flow, directly carry out leak to weak security mechanism interface
Attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710078479.4A CN106919844B (en) | 2017-02-14 | 2017-02-14 | A kind of android system vulnerability of application program detection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710078479.4A CN106919844B (en) | 2017-02-14 | 2017-02-14 | A kind of android system vulnerability of application program detection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106919844A true CN106919844A (en) | 2017-07-04 |
CN106919844B CN106919844B (en) | 2019-08-02 |
Family
ID=59453606
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710078479.4A Active CN106919844B (en) | 2017-02-14 | 2017-02-14 | A kind of android system vulnerability of application program detection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106919844B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN109858252A (en) * | 2017-11-30 | 2019-06-07 | 中标软件有限公司 | The leak analysis restorative procedure of self-control system |
CN109981715A (en) * | 2017-12-28 | 2019-07-05 | 中移信息技术有限公司 | A kind of method and device of session management |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110119765A1 (en) * | 2009-11-18 | 2011-05-19 | Flexilis, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
US20140245440A1 (en) * | 2013-02-28 | 2014-08-28 | Trustees Of Boston Univeristy | Software Inspection System |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
US20150242635A1 (en) * | 2014-02-27 | 2015-08-27 | Nec Laboratories America, Inc. | DuLeak: A Scalable App Engine for High-Impact Privacy Leaks |
CN105653943A (en) * | 2015-12-24 | 2016-06-08 | 北京奇虎科技有限公司 | Log auditing method and system for android applications |
CN105989251A (en) * | 2015-02-12 | 2016-10-05 | 卓望数码技术(深圳)有限公司 | Piratic android application discrimination method and piratic android application discrimination system |
-
2017
- 2017-02-14 CN CN201710078479.4A patent/CN106919844B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110119765A1 (en) * | 2009-11-18 | 2011-05-19 | Flexilis, Inc. | System and method for identifying and assessing vulnerabilities on a mobile communication device |
US20140245440A1 (en) * | 2013-02-28 | 2014-08-28 | Trustees Of Boston Univeristy | Software Inspection System |
CN103227992A (en) * | 2013-04-01 | 2013-07-31 | 南京理工大学常熟研究院有限公司 | Android terminal-based vulnerability scanning system |
US20150242635A1 (en) * | 2014-02-27 | 2015-08-27 | Nec Laboratories America, Inc. | DuLeak: A Scalable App Engine for High-Impact Privacy Leaks |
US9245125B2 (en) * | 2014-02-27 | 2016-01-26 | Nec Laboratories America, Inc. | Duleak: a scalable app engine for high-impact privacy leaks |
CN104537309A (en) * | 2015-01-23 | 2015-04-22 | 北京奇虎科技有限公司 | Application program bug detection method, application program bug detection device and server |
CN105989251A (en) * | 2015-02-12 | 2016-10-05 | 卓望数码技术(深圳)有限公司 | Piratic android application discrimination method and piratic android application discrimination system |
CN105653943A (en) * | 2015-12-24 | 2016-06-08 | 北京奇虎科技有限公司 | Log auditing method and system for android applications |
Non-Patent Citations (1)
Title |
---|
张焕: ""安卓平台下恶意软件的检测"", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109858252A (en) * | 2017-11-30 | 2019-06-07 | 中标软件有限公司 | The leak analysis restorative procedure of self-control system |
CN109858252B (en) * | 2017-11-30 | 2023-04-25 | 中标软件有限公司 | Vulnerability analysis and repair method for homemade system |
CN108173832A (en) * | 2017-12-25 | 2018-06-15 | 四川长虹电器股份有限公司 | Family's Internet of Things application system penetration testing method based on end cloud translocation |
CN109981715A (en) * | 2017-12-28 | 2019-07-05 | 中移信息技术有限公司 | A kind of method and device of session management |
CN109981715B (en) * | 2017-12-28 | 2021-11-16 | 中移动信息技术有限公司 | Session management method and device |
Also Published As
Publication number | Publication date |
---|---|
CN106919844B (en) | 2019-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zuo et al. | Why does your data leak? uncovering the data leakage in cloud from mobile apps | |
US20210067529A1 (en) | System and method of adding tags for use in detecting computer attacks | |
Barmpatsalou et al. | A critical review of 7 years of Mobile Device Forensics | |
US9894090B2 (en) | Penetration test attack tree generator | |
US9479526B1 (en) | Dynamic comparative analysis method and apparatus for detecting and preventing code injection and other network attacks | |
JP5396051B2 (en) | Method and system for creating and updating a database of authorized files and trusted domains | |
CN110855676B (en) | Network attack processing method and device and storage medium | |
Xue et al. | RootAgency: A digital signature-based root privilege management agency for cloud terminal devices | |
TW201642135A (en) | Detecting malicious files | |
WO2009021070A1 (en) | System and method for authentication, data transfer, and protection against phishing | |
O'Connor | Violent Python: a cookbook for hackers, forensic analysts, penetration testers and security engineers | |
Chen et al. | Mass discovery of android traffic imprints through instantiated partial execution | |
CN111182060A (en) | Message detection method and device | |
CN106919844B (en) | A kind of android system vulnerability of application program detection method | |
CN115552401A (en) | Fast application detection method, device, equipment and storage medium | |
CN105205398B (en) | It is a kind of that shell side method is looked into based on APK shell adding software dynamic behaviours | |
TWI671655B (en) | System and method for program security protection | |
Vecchiato et al. | A security configuration assessment for android devices | |
CN112214769B (en) | Active measurement system of Windows system based on SGX architecture | |
WO2022193517A1 (en) | Platform for constructing sample for capability verification of mobile phone forensics, and method | |
JP6676790B2 (en) | Request control device, request control method, and request control program | |
Ostrovskaya et al. | Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory | |
Raza et al. | Digital Forensic Analysis of Telegram Messenger App in Android Virtual Environment | |
Pham | Foundations of Adaptive Cyber Defense against Advanced Persistent Threats | |
Clarke | Computer forensics a pocket guide |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |