CN107040553A - Leak analysis method, device, terminal and storage medium - Google Patents
Leak analysis method, device, terminal and storage medium Download PDFInfo
- Publication number
- CN107040553A CN107040553A CN201710456999.4A CN201710456999A CN107040553A CN 107040553 A CN107040553 A CN 107040553A CN 201710456999 A CN201710456999 A CN 201710456999A CN 107040553 A CN107040553 A CN 107040553A
- Authority
- CN
- China
- Prior art keywords
- data
- function
- encryption
- intended application
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
This application discloses a kind of leak analysis method, device, terminal and storage medium, in this scenario, determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption function is the function for being used in the intended application perform data encryption;The decryption function is to be used to perform the function of data deciphering in the intended application;Monitor and the first data to be encrypted are inputted in the encryption function, then intercept and capture first data;Monitor the decryption function the second data by encryption are decrypted, then intercept and capture second data that the decryption function is decrypted;Based on first data and the second data, leak analysis is carried out to the intended application.The scheme of the application can be realized carries out leak test to the application for carrying out data interaction using data encryption mechanism and server in terminal.
Description
Technical field
The application, which is related to, applies technical field of measurement and test, more particularly to a kind of leak analysis method, device, terminal and storage
Medium.
Background technology
With the continuous development of network technology, the application program with server interaction can be realized in terminal (can also claim
For client-side program) it is also increasing.If there are security breaches in application program, then may be realized by the application program
Malicious attack to server so that the data in server have security threat.
In order to detect that application program whether there is security breaches, it is necessary to which application program carries out safety test.Such as, to application
Program carries out penetration testing, wherein, penetration testing is the attack method by simulating malicious hackers, to assess computer network system
A kind of appraisal procedure for safety of uniting.However, using encryption mechanism or other anti-tamper machines between application program and server
In the case that system carries out data interaction, can not but safety test be carried out to application program at present, also can not just test out and apply journey
Sequence whether there is security breaches.
The content of the invention
In view of this, this application provides a kind of leak analysis method, device, terminal and storage medium, with to using
Encryption mechanism or other tamper-proof mechanisms carry out the test of security breaches with the application program that server is interacted.
To achieve the above object, on the one hand, include this application provides a kind of leak analysis method:
Determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption
Function is the function for performing data encryption, and the decryption function is the function for performing data deciphering;
Monitor and the first data to be encrypted are inputted in the encryption function, then intercept and capture first data;
Monitor the decryption function the second data by encryption are decrypted, then intercept and capture the decryption function decryption
Second data gone out;
Based on first data and the second data, leak analysis is carried out to the intended application.
On the other hand, present invention also provides a kind of leak analysis device, including:
Function determining unit, for determine at least one encryption function in intended application to be tested and at least one
Decryption function, the encryption function is the function for performing data encryption, and the decryption function is for performing data deciphering
Function;
First monitoring unit, the first data to be encrypted are inputted for monitoring in the encryption function, then intercept and capture described
First data;
The second data by encryption are decrypted, then cut by the second monitoring unit for monitoring the decryption function
Obtain second data that the decryption function is decrypted;
Leak analysis unit, for based on first data and the second data, leak to be carried out to the intended application
Analysis.
On the other hand, present invention also provides a kind of terminal, including:
Processor and memory, the processor and memory are connected by communication bus;
Wherein, the processor, for calling and performing the program stored in the memory;
The memory, for storage program, described program is at least used for:
Determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption
Function is the function for performing data encryption, and the decryption function is the function for performing data deciphering;
Monitor and the first data to be encrypted are inputted in the encryption function, then intercept and capture first data;
Monitor the decryption function the second data by encryption are decrypted, then intercept and capture the decryption function decryption
Second data gone out;
Based on first data and the second data, leak analysis is carried out to the intended application.
Be stored with computer executable instructions in a kind of storage medium, the storage medium, and the computer is executable to be referred to
Make for performing above-described leak analysis method.
Understood via above-mentioned technical scheme, pass through the encryption to being used to carry out data encryption in intended application to be tested
Function and it is monitored for the decryption function for carrying out data deciphering, to be encrypted first is inputted in encryption function is monitored
During data, the first not encrypted data are intercepted and captured, so as to which the data for being sent to server are encrypted in intended application
Before, not encrypted data are truncated to;Moreover, it is decrypted to the second data by encryption monitoring decryption function
Afterwards, the second data that the decryption function is decrypted also are intercepted and captured, are the data that intended application returns through encryption in server so
Afterwards, the data after the data that server is returned are decrypted can also be got by being monitored to the decryption function,
It can be seen that, although terminal can not get the encryption key and decruption key of encryption and decryption data between intended application and server,
But terminal can but be directly obtained it is not encrypted corresponding to the encryption data interacted between intended application and server
The first data and the second data so that still can be based on first data and the second data, realize to the intended application
Analysis of Security Leaks.
Brief description of the drawings
, below will be to embodiment or existing in order to illustrate more clearly of the embodiment of the present application or technical scheme of the prior art
There is the accompanying drawing used required in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
The embodiment of application, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 shows a kind of a kind of composition structural representation of application scenarios of leak analysis method of the application;
Fig. 2 shows a kind of composition structural representation for the terminal being applicable suitable for a kind of leak analysis method of the application
Figure;
Fig. 3 shows a kind of schematic flow sheet of leak analysis method one embodiment of the application;
Fig. 4 shows a kind of schematic flow sheet of another embodiment of leak analysis method of the application;
Fig. 5 shows a kind of signal of relation between the function and function being related in test application and intended application
Figure;
Fig. 6 shows a kind of composition structural representation of leak analysis device one embodiment of the application;
Fig. 7 shows a kind of composition structural representation of another embodiment of leak analysis device of the application.
Embodiment
The leak analysis method of the application can apply to test the application run in terminal, to test out application
Present in security breaches.
In order to make it easy to understand, first the system for the application scenarios that the leak analysis method to the embodiment of the present application is applicable is constituted
It is introduced.Such as Fig. 1, it can include in the application scenarios shown in Fig. 1:Terminal 101 and server 102.
Wherein, terminal 101 can be mobile phone, tablet personal computer etc..
In the embodiment of the present application, at least one application based on client/server mechanism is installed in the terminal 101
Program (Application, APP), based on the APP, terminal can be set up with the server belonging to the APP and communicate to connect, and to
The server 102 sends access request.
Accordingly, the access request that server 102 is sent in response to the terminal, returning to the APP by the APP in terminal please
Seek the data of access.
In the embodiment of the present application, in order to test in APP with the presence or absence of the data safety in the server for influenceing the APP
Security breaches, are also equipped with whether there is for testing the APP in the terminal the test application of security breaches.
In the embodiment of the present application, the terminal can be mobile phone, tablet personal computer etc..Such as, referring to Fig. 2, it illustrates this Shen
Please embodiment the terminal that is applicable of leak analysis method a kind of composition structural representation.In fig. 2, the terminal 200 can be with
Including:Processor 201, memory 202, communication interface 203, input block 204 and display 205 and communication bus 206.
It is processing module 201, memory 202, communication interface 203, input block 204, display 205, total by communication
Line 206 completes mutual communication.
In the embodiment of the present application, the processor 201, can be central processing unit (Central Processing
Unit, CPU), ASIC (application-specific integrated circuit, ASIC), numeral
Signal processor (DSP), application specific integrated circuit (ASIC), ready-made programmable gate array (FPGA) or other programmable logic devices
Part etc..
The processor can call the program stored in memory 202, specifically, be able to can be performed with figure below with processor
Operation in 3 and Fig. 4 performed by end side.
It is used to deposit one or more than one program in memory 202, program can include program code, described program
Code includes computer-managed instruction, in the embodiment of the present application, is at least stored with the memory for realizing following functions
Program:
Determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption letter
Number is to be used to performing the function of data encryption in the intended application, and decryption function is to be used to perform data deciphering in intended application
Function;
Monitor and the first data to be encrypted are inputted in encryption function, then intercept and capture first data;
Monitor the decryption function the second data by encryption are decrypted, then intercept and capture what the decryption function was decrypted
Second data;
Based on first data and the second data, leak analysis is carried out to the intended application.
In a kind of possible implementation, the memory 202 may include storing program area and storage data field, wherein,
Storing program area can storage program area, above mentioned program, and at least one function (such as sound-playing function,
Image player function and positioning function etc.) needed for application program etc.;Storage data field can store the use according to terminal
The data created in journey, such as, and voice data, phone directory etc..
In addition, memory 202 can include high-speed random access memory, nonvolatile memory, example can also be included
Such as at least one disk memory, flush memory device or other volatile solid-state parts.
The communication interface 203 can be the interface of communication module, the interface of such as gsm module.
The application can also include input block 205, and the input block can include touching on sensing touch display panel
Touch touch sensing unit, keyboard of event etc..
The display 204 includes display panel, such as touch display panel.In the case of one kind is possible, it can use
Liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode (Organic Light-Emitting
Diode, OLED) etc. form configure display panel.
Certainly, the terminal structure shown in Fig. 2 does not constitute the restriction to terminal in the embodiment of the present application, in actual applications
Terminal can include than more or less parts shown in Fig. 2, or combine some parts.
Present inventor passes through carries out research discovery to APP test process:Current existing APP test process
In, it is usually that network agent is set in terminal, and by network agent by the data drainage interacted between the APP and server
Into designated equipment (e.g., desktop computer), so that the APP whether there is according to the data analysis interacted between APP and server
Security breaches.However, carrying out data friendship using encryption mechanism or other tamper-proof mechanisms between application program and server
In the case of mutually, the data being directed to by network agent on designated equipment are the data after encryption, and e.g., APP adds data
Server is sent to after close, or server returns to the response data after APP encryption, and due to that can not get APP's
Encryption key and decruption key, also the data transmitted between APP and server by encryption can not just be handled with
And analysis, it is impossible to the APP is analyzed with the presence or absence of security breaches.
It can be seen that, it whether there is security breaches in the APP to test, it is important to can get between APP and server
Initial data corresponding to the interactive data by encryption.Therefore, in the embodiment of the present application, terminal can monitor APP logarithms
According to encryption and the operation of decryption, and before the data for needing to transmit are encrypted APP, intercept and capture and encrypted needed for the APP
Data;Meanwhile, it is the data that APP returns through encryption in server, and it is decrypted in the data that APP is returned to server
Afterwards, the data that the APP is decrypted are intercepted and captured, so that returned according to the data before the APP of intercepting and capturing encryptions and to server
Data after data deciphering, to analyze the APP with the presence or absence of security breaches.
Operation in view of realizing data encryption and decryption in APP is respectively by the encryption function and solution in APP
What close function was completed, therefore, terminal can determine encryption function and decryption function in the APP, and monitor the encryption respectively
Function and decryption function, when inputting the first data to be encrypted in monitoring the encryption function, then intercept and capture first data;
Accordingly, decryption function is being monitored to input, when the second data by encryption are decrypted, then intercept and capture the decryption function
The second data decrypted;And based on first data and the second data, leak analysis is carried out to the APP.
In the embodiment of the present application, for the ease of the data handled by differentiation encryption function and decryption function, by APP
It is input to the data that encryption function is encrypted and is referred to as the first data, will enter into the data being decrypted in decryption function and be referred to as
The second data by encryption, wherein, the second data can be obtained to the second data deciphering by encryption by decryption function.
With reference to the above general character of the application, the leak analysis method to the embodiment of the present application describes in detail.
Referring to Fig. 3, it illustrates applying for a kind of schematic flow sheet of leak analysis method one embodiment, the present embodiment from
Test application is described with the interaction between APP to be tested in terminal.The method of the present embodiment can include:
S301, the test application of terminal is analyzed the program code of intended application to be tested, and obtaining the target should
Source code.
Wherein, as previously described, the test, which is applied, is used for the other application to outside test application in the terminal
Carry out leak analysis.
In order to which the test application installed with terminal and the other application that need not currently carry out leak analysis make a distinction,
The application referred to as intended application for needing to carry out leak analysis in other words will be currently needed for testing in terminal.
In order to subsequently orient the encryption function that data encryption and protection are realized in intended application, and data are entered
The decryption function of row decryption, can analyze the source code of the intended application, to be analyzed according to source code included in the intended application
Encryption and decryption function.
Wherein, the mode for the source code for analyzing the APP according to APP program code can have a variety of, e.g., and system is operated with Android
Exemplified by the APP of system, because the APP of Android operation system is largely write using Jave language, using the invertibity of Jave language,
The source code of the APP can be gone out with conversed analysis, so as to obtain AES, logic and method of calibration etc. used in the APP.
Such as, conversed analysis APP source code can be analyzed by the grammer of the program language to APP, so as to restore the APP's
Source code.Certainly, can have a variety of to the APP specific implementations for carrying out conversed analysis source code, not be any limitation as herein.
S302, test is using the mark according to preset encryption function and decryption function, from the source code of the intended application
In, determine at least one encryption function for performing data encryption and at least one decryption for performing data deciphering
Function.
Wherein, the intended application includes at least one encryption function and at least one decryption function.
Encryption function refer to data are encrypted and other protective treatments function, accordingly, decryption function for pair
Data are decrypted to release the function of protective treatment.It is understood that the function of encryption is realized in an APP can one
Plant or a variety of, and each encryption function correspond to a decryption function, therefore, decryption function can also have a kind of or many
Kind.
Wherein, determine that the mode of encryption function and decryption function can have a variety of from intended application.In view of big portion
Encryption function and decryption function employed in point application program are all some fixed functions, therefore, in a kind of realization side
In formula, e.g., by the form of different lists, it can be divided with preset all possible encryption function and the mark of decryption function
Encryption function and decryption function are not included.So, by the source code of the intended application with respectively with preset encryption function
Mark is compared, it may be determined that the encryption function included in the source code;Accordingly, by source code and preset decryption function
Mark is compared, it may be determined that go out the decryption function included in source code.
Wherein, the mark of the encryption function and decryption function can be the title of function.In view of being compiled in some language
In the program write, it is allowed to which the function name of different functions is identical, therefore, in order to uniquely distinguish a function, the mark of the function is also
Type function and parameter of function etc. can be included.Such as, the mark of encryption function can include:The function name of encryption function,
Type function and parameter.
S303, during the terminal operating intended application, test application being monitored respectively by built-in Hook Function
Each encryption function and decryption function.
Hook Function is built in test application.The essence of hook hook functions is the program to processing system message,
The event that process or other processes where the Hook Function occur can be captured by Hook Function, hook hook can pass through
The jump instruction of compilation, realizes the execution flow for changing function in other processes.Therefore, target can be answered by hook functions
Encryption function and decryption function in are monitored, and block and change the data of the encryption function and decryption function
Handling process.S304, test application is monitored by Hook Function when the first data to be encrypted are inputted in encryption function, is passed through
Hook Function intercepts and captures first data.
When Hook Function monitors the intended application the first data of required encryption are have input into the encryption function, then may be used
So that before first data are encrypted encryption function, first data are intercepted by the Hook Function, so that surveying
Examination application can get intended application to the first data before encryption.
Wherein, the encryption key to data is preset in the encryption function, encryption function is according to the encryption key to data
It is encrypted.Although test application can not get the encryption key of the encryption function in intended application to be tested, lead to
The data before encryption function encryption can but be intercepted and captured by crossing Hook Function, be encrypted so as to avoid due to that can not crack in intended application
Encryption key in function, and lead to not analyze the intended application in export by encryption data the problem of.
It is understood that in the APP using security mechanism, in order to ensure that the data to server transport are not tampered with
Deng typically the data that be sent to server being encrypted, therefore, first data can be that intended application is sent to clothes
The data of business device, or, the intermediate data (data for carrying out intermediate treatment) of the data of required transmission.Therefore, to first
Before data are encrypted, first data are truncated to, then can avoid being sent to server due to intended application can not be decrypted
Data, and can not to intended application carry out safety analysis the problem of.First data configuration is test by S305, test application
Data.
It is understood that during safety test is carried out to intended application, modification may be needed in some situations
The data that intended application is sent to server, to be directed to the response data that the amended data are returned based on server,
To judge the intended application with the presence or absence of the leak for having influence on server security.
Wherein, first data configuration can be had a variety of for the mode of test data, specifically can be according to actual survey
Examination needs being modified to the first data, splice etc. different configurations to handle.
Such as, in the case of one kind is possible, first data and the test character specified can be subjected to splicing, obtained
To the test data.Wherein, the test character specified can be stored in advance in the memory of terminal;The test character can also
It is some characters inputted in real time by tester.For example, it is assumed that the first data are " www.a*b.com ", then can be by first
Data carry out splicing and obtain " wwwwww.a*b.com.ID=1.and1=1 " either, " wwwwww.a*b.com.ID=
1.and1=2 ", needs the data after the splicing as intended application so as to subsequently to be sent to the data of server.
S306, test application returns to the test data by the Hook Function encryption function in the intended application
It is encrypted.
Hook Function returns to test data the encryption function in intended application, so that encryption function is no longer right
The first data originally are encrypted, but the test data is encrypted.
It is understood that in order to test using so that no longer the first data are encrypted for encryption function, in survey
While examination application has intercepted first data, the test application can be blocked at the data of the encryption function by Hook Function
Flow is managed, that is, freezes the treatment progress of the encryption function so that encryption function such as is at the state of pending processing, and no longer enters
Row data encryption.Accordingly, when test application by first data replace with test data and return to encryption function it
Afterwards, test application can release the obstruction to the encryption function by Hook Function, to allow encryption function to the test
Data are handled.
Wherein, the duration that Hook Function blocks the encryption function can be acquiescence duration or by tester
It is set in advance as needed, test application is typically more than by first data configuration as test data institute using the duration of the obstruction
The duration needed is defined.
Need explanation step S304 to S306 be with an encryption function is monitored and intercepted encryption before first
Data instance is introduced, but it is understood that, for each encryption function, test application monitor the encryption function and
The process for intercepting first data is similar.
After the test data is encrypted encryption function in S307, intended application, by the test number by encryption
According to the server for being sent to the intended application.
Obtained after being handled due to the test data encrypted in encryption function for test application the first original data
, the test data by encryption is sent to after server, server can be returned according to test data for intended application
Response data, so that the data interaction analyzed based on response data between intended application and server whether there is security breaches.
It is understood that during testing intended application, according to testing requirement, test application is according to need
Select to perform step S305 to S307, or selection does not perform the S305 to S307.Such as, need not be into the first data
In the case of adding other data, then it can not perform step S305 and S307, then subsequently can be directly according to the first data
And the second data that decryption function is decrypted, to analyze the intended application with the presence or absence of security breaches.
S308, test application monitors decryption function to input by Hook Function, and by the second data of encryption
It is decrypted, then intercepts and captures the second data that the decryption function is decrypted.
If monitoring that decryption function have input the second data by encryption, and the decryption function pair by Hook Function
Second data of the encryption are decrypted, when obtaining second data, and Hook Function can intercept and capture second data, so that
Test program gets not encrypted data, and leak analysis is carried out so as to follow-up.
It is understood that the data decrypted needed for intended application can be the number that server returns to intended application
According to, e.g., response data that the data that server is sent for intended application are returned etc..Certainly, this is counted by encrypt second
According to can also be intermediate data etc. produced by data that intended application processing server is returned.
Optionally, it is contemplated that the first data by encryption or the test data by encryption are sent to by intended application
After server, server can return through the response data of encryption (such as the dotted line institute in Fig. 3 between server and intended application
Show), and intended application needs the data by encryption returned using decryption function to server to be decrypted.Therefore, decrypt
The second data of process encryption are inputted in function can be directed to the first data or test data by encryption for server
The response data of return.
Further, because different encryption functions correspond to different decryption functions, same set of enciphering and deciphering algorithm is such as used
Encryption function and decryption function may belong in the same class of the intended application, therefore, in the embodiment of the present application, decrypt letter
Several the second decrypted data can be directed to the first encrypted data of the encryption function associated with the decryption function for server
Or the response data that test data is returned.
It is understood that step S304 and step S308 order is not limited to shown in Fig. 3, in actual applications,
Different data may be encrypted simultaneously for encryption function and decryption function in intended application in the absence of incidence relation
Or decryption;Meanwhile, even if be mutually related encryption function and decryption function (i.e. using identical match AES and
The encryption function and decipherment algorithm of decipherment algorithm) different data may also can be encrypted or be decrypted simultaneously, therefore,
While step S304 is performed, step S308 can also be performed simultaneously.
S309, test application is based on the test data and second data, and leak analysis is carried out to the intended application.
Such as, by contrastive test data and the second data, and specific test order is combined, can analyze the target should
It whether there is leak in.
And for example, test application can be according to encryption function and the corresponding relation of decryption function, by the survey with corresponding relation
Try data and carry out display output with the second data (e.g., the second data are the response data for test data), so as to tester
Member is directed to the second data that test data is returned according to server, analyzes the intended application with the presence or absence of leak.
Certainly, can have many with the presence or absence of the mode of leak based on test data and the second data analysis intended application
Kind, it is not any limitation as herein.
It is understood that the present embodiment be by the first data configuration be test data after, by intended application will test
It is sent to exemplified by server and is introduced after data encryption, therefore, the test application needs to be based on the test data and second
Data, analyze the intended application with the presence or absence of security breaches.But, if intended application is will to be sent to after the first data encryption
Server, then first data and second data progress leak analysis can be directly based upon by testing application.
It is, with the built-in Hook Function in test application, and to pass through hook it should be noted that in the embodiment of the present application
Function is illustrated exemplified by monitoring encryption function and decryption function in intended application to be tested, but it is understood that
It is, if monitoring encryption function and decryption function, and intercept the side of first data and the second data by other means
Formula is applied equally to the embodiment of the present application.Such as, call back function can be injected in each encryption function and decryption function, with
Input is captured to the second data of the first data of encryption function, and decryption function output by call back function.The application couple
In monitoring the encryption function and decryption function, do not limited with the concrete mode for intercepting first data and the second data
System.
It can be seen that, in the embodiment of the present application, terminal the data for being sent to server can be encrypted in intended application
Before, not encrypted data are truncated to;And after server returns through the data of encryption for intended application, intercept the mesh
Mark application to server return data be decrypted after data, therefore can be, although terminal can not get intended application with
The encryption key and decruption key of encryption and decryption data between server, but terminal can but be directly obtained intended application with
Not encrypted the first data and the second data corresponding to the encryption data interacted between server, so that still can be with base
In first data and the second data, the Analysis of Security Leaks to the intended application is realized.
It is understood that being to intercept the first number from intended application with Hook Function in the application above example
According to this and the second data and return to test application exemplified by illustrate, but it is understood that, in order to realize test application
The first data and the second data in intended application can be got, can also be injected into intended application for realizing the mesh
The broadcast function of data transfer between mark application and test application.
In order to make it easy to understand, having a safety test function for being used to perform security vulnerability testing to test operation in application
Exemplified by illustrate, in the case where test application has safety test function, be injected into broadcast function in intended application and use
In the Hook Function and safety test function that are transferred to the data in target APP in test application.Referring to Fig. 4, it shows
The schematic flow sheet of another embodiment of leak analysis method of the application a kind of.The present embodiment can include:
S401, the test application of terminal carries out conversed analysis by the program code to target APP to be tested, restores
Target APP source code.
The present embodiment is introduced so that conversed analysis goes out source code as an example, but determines target APP's by other means
The mode of source code is also applied for the present embodiment.
S402, test application combines target APP's according to preset encryption function list and decryption function list
Source code, determines the identification information and the mark of at least one decryption function of at least one encryption function in target APP
Information.
Wherein, the encryption function and the identification information of decryption function are used for the unique mark encryption function and decryption letter
Number encryption function.The identification information can include function name, function parameter and type function.
Above step S401 and step S402 is the preparation before testing target APP, and the purpose is to predict
Possible encryption function and decryption function, while judging encryption function that may be present and solution in target APP for user
Close function provides foundation.
S403, when terminal starts target APP, test application controls the main letter of the APP by built-in hook functions
Number entrance, and the injection broadcast function into target APP principal function entrance.
S404, target APP are supervised needed for obtaining the obstruction duration and the hook functions of user's input by the broadcast function
The identification information and the identification information of at least one decryption function of at least one encryption function of control.
Wherein, identification information can be function name, function parameter and type function.
Wherein, during obstruction in a length of APP to target encryption function and decryption function carries out obstructive root canal, to freeze letter
The duration of number operation.The present embodiment is introduced so that user sets the obstruction duration as an example, but the obstruction duration can also
It is a duration of test application acquiescence.
User can combine the above test application conversed analysis source code gone out and the possible encryption function estimated out with
And decryption function, to determine the encryption function for needing to monitor and decryption function.
User broadcasts into target APP inputs the obstruction duration and encryption, the mark letter of decryption function in function
Breath, can be the relevant information such as input obstruction duration in the input frame in first target APP, then input can be captured by broadcasting function
Relevant information;Can also be by inputting relevant information in the operating system command row to terminal, to realize into target APP
Relevant information is set, and these relevant informations are captured by broadcast function.Such as, so that terminal is Android operation system as an example, Ke Yiyong
Family can input or set target APP obstruction duration in Android order line, then the broadcast function for injecting target APP can
To capture the obstruction duration of input.
The broadcast function in S405, target APP is by the obstruction duration, the identification information and object decryption of encryption function
The identification information of function is transferred to the hook functions of test application.
Hook functions are according to the information for broadcasting function transfer, it is determined that encryption and the decryption function of required monitoring, it is possible to
Obstructive root canal to the encryption function and decryption function is controlled according to obstruction duration.
S406, test application is believed by hook functions according to the identification information of encryption function and the mark of decryption function
Breath, monitors each encryption function and decryption function in target APP.
For the ease of understand in test application, intended application and this test application and intended application the function that is related to it
Between relation, Fig. 5 is may refer to, it illustrates the function that is related in test application and intended application, and between function
Test is installed using 51 in a kind of schematic diagram of relation, such as Fig. 5, the terminal and needs the target of tested security breaches should
With 52.
Wherein, test includes Hook Function using 61, and intended application 52 includes at least one encryption function and extremely
A few decryption function.
When needing to carry out leak analysis to intended application 52, test can be started in terminal and apply 51, then started
The intended application 52, when the intended application 52 starts, test utilizes main letter of the Hook Function to the intended application 52 using 51
Number entrance injection broadcast function so that include broadcast function in intended application and (show that intended application includes note in such as Fig. 5
The broadcast function entered), and the broadcast function can be run in intended application running.
Injected from Hook Function into intended application after broadcast function, the Hook Function can with positioned at the intended application
Internal broadcast function realizes data transfer, so as to realize that test application can obtain intended application operation by broadcasting function
During produced by or processing data.
After user inputs obstruction duration, encryption function mark and decryption function mark into intended application, broadcast
Function can obtain obstruction duration, encryption function mark and decryption function mark, and the hook letters being transferred in test application
In number, such as Fig. 5, shown in step S501.Accordingly, Hook Function is identified and decryption function mark difference according to the encryption function
Encryption function and decryption function are monitored.
Certainly, can be with safety test function, the safety test during the test applies 51 in addition to including Hook Function
Function is is used for the function for receiving the data of broadcast function passes in test application, so, by testing the hook letter in application
Safety test function in number, the broadcast function being injected into intended application and test application can just be realized should to target
Data are obtained with transmission data and from intended application.Wherein, on the data between safety test function and broadcast function
Transitive relation can refer to the introduction of subsequent step.
S407, test application monitors target APP by hook functions and the first number to be encrypted is inputted into encryption function
According to then intercepting first data and export the broadcast function, and control the encryption function to be in blocked state until reach the resistance
Fill in duration.
Illustrating, when there are the first data for needing the encryption function to encrypt in intended application 52, such as scheming with reference to Fig. 5
There are the first data to be entered shown in 5, in encryption function, then the hook functions, which monitor input in encryption function, needs encryption
The first data, encryption function will be blocked and continued executing with, and intercept and capture step S502 in first data, such as Fig. 5;Meanwhile,
First data transfer intercepted is given broadcast function by hook functions, as shown in step S503 in Fig. 5.
S408, target APP broadcast function return to the first data the safety test function in test application.
It is understood that for the ease of description, the present embodiment is provided with for carrying out safety test with testing in application
Safety test function exemplified by illustrate, but actually the broadcast function first function can be returned to test should
With to complete follow-up test by testing application.
S409, test application is spliced the first data with the data to be spliced that user inputs by safety test function
Processing, obtains test data.
It is understood that obtaining the test data by other means is applied equally to the present embodiment.
S410, test application returns to test data by safety test function the broadcast function in target APP.
S411, the hook functions in test application are after the obstruction to encryption function is cancelled, and control encryption function is wide to this
The test data for broadcasting function acquisition is encrypted, to cause test data of the encryption function output by encryption.
Above step S408 to S411 is introduced with reference to Fig. 5, broadcast function returns to the first data intercepted
Safety test function in test application, such as step S504;The first data after encryption are carried out splicing by safety test function
Afterwards, test data splicing obtained returns to the broadcast function in the intended application again, to allow second-chance institution number to spell
Connect the test data obtained by handling to be input in encryption function, such as step S505.Accordingly, in order that obtaining in intended application
Encryption function can continue to perform the flow of encryption data, and hook functions cancel the obstruction to encryption function, so that encryption
Function can perform encryption flow, and the test data obtained to broadcast function is encrypted, and exports the test after encryption
Step S506 in data, such as Fig. 5.
Certainly, encryption function is completed after being encrypted to test data, and processing of the intended application to the data by encryption can
To be performed according to the handling process set in intended application, e.g., the data after encryption can be sent to server by intended application.
Certainly, intended application is also possible to carry out the data after encryption other processing, is not any limitation as herein.S412, target APP will be through
The test data for crossing encryption is transferred to server.
S413, target APP obtain what server was returned for the test data, the second data by encryption.
It is understood that the embodiment of the present application is directed to the number of responses that test data is returned by server using the second data
It is introduced exemplified by, in order to understand that application and the data interaction between server, and test are applied and applied to service
Device is truncated to the first not encrypted data before sending the first data of encryption;And return through the second number of encryption in server
According to rear, the process that decryption function in target APP goes out second data from the data deciphering by encryption is intercepted.
S414, test application monitors that the second data that the process is encrypted are decrypted decryption function by hook functions
Afterwards, the second data output decryption function decrypted gives broadcast function.
Broadcast function in S415, APP returns to the second data the safety test function of test application.
Step S414 and S415 are introduced with reference to Fig. 5, the process encryption of server return is received in intended application
The second data when, intended application can by through encryption the second data be transferred to decryption function, will pass through decryption function
Second data are decrypted, so as to carry out relevant treatment based on the second data, it is corresponding such as to export the second data to display interface
Image etc..Test application is monitored by hook function pair decryption functions, can monitor to have input in the decryption function
The second data by encryption, in that case, hook functions can detect the decryption function from the by encryption
In two functions, when decrypting second data, second data, such as step S507 are intercepted and captured;Then, second is counted by hook functions
According to passing to step S508 in broadcast function, such as Fig. 5;Accordingly, leak point is performed in order that obtaining and being used to realize in test function
The safety test function of analysis can get second data, and second data transfer can be given the safety test by the broadcast function
Function, such as step S509, so, during being interacted between intended application and server, even if intended application and server
Between employ anti-tamper encryption mechanism of Denging, test application can still get what is actually interacted between intended application and server
Data content.
S416, tests the safety test function of application according to the test data and the second data, analyzing target APP is
It is no to there are security breaches.
Such as, test data is " wwwwww.a*b.com.ID=1.and1=2 ", because " 1=2 " is incorrect, if
The second data that server is returned are miscue, then explanation can not be by changing data that target APP transmitted to service
Device carries out data control;And if " not finding accordingly result " that server is returned, although then explanation test data is problematic,
, therefore, then may be by changing data that target APP transmitted to clothes but server still can carry out the processing such as data search
Business device carries out data control, i.e. target APP has security breaches.
In the present embodiment, to realize test application with entering exemplified by the data transfer between intended application by broadcasting function
Row explanation.Meanwhile, into intended application, injection broadcast function can also meet test needed for user inputs into broadcast function
The purpose of test data, so, hook functions can control encryption function to carry out the test data being input in broadcast function
Encryption, and the test data by encryption is sent to server by intended application, in order to which basis is input in broadcast function
Test data and server return data carry out safety test, it is achieved thereby that more flexible safety test.
A kind of leak analysis device provided in an embodiment of the present invention is introduced below, a kind of leak described below point
Analysis apparatus can be with a kind of above-described leak analysis method mutually to should refer to.
Such as, referring to Fig. 6, it illustrates a kind of composition structural representation of leak analysis device one embodiment of the application,
The device of the present embodiment can include:
Function determining unit 601, for determining at least one encryption function in intended application to be tested and at least
One decryption function, the encryption function is the function for performing data encryption, and the decryption function is for performing data
The function of decryption;
First monitoring unit 602, inputs the first data to be encrypted for monitoring, then intercepts and captures institute in the encryption function
State the first data;
The second data by encryption are decrypted, then by the second monitoring unit 603 for monitoring the decryption function
Intercept and capture second data that the decryption function is decrypted;
Leak analysis unit 604, for based on first data and the second data, being leaked to the intended application
Analyze in hole.
Optionally, first monitoring unit, specifically, for monitoring the encryption letter by built-in Hook Function
Number, and when inputting the first data to be encrypted in monitoring the encryption function, intercept and capture first data;
Second monitoring unit, specifically, for monitoring the decryption function by the Hook Function, and in hook
Function monitors the ciphertext data and the second data by encryption is decrypted, then intercepts and captures what the decryption function was decrypted
Second data.
Optionally, the device can also include:
Function call injection unit 605, for when terminal starts the intended application, the principal function to the intended application to enter
Injection broadcast function in mouthful;
Accordingly, first monitoring unit includes:
First data cutout unit, for monitoring the encryption function by built-in Hook Function, and monitoring
State when the first data to be encrypted are inputted in encryption function, by Hook Function by first data output intercepted to institute
State broadcast function;
First data capture unit, for obtaining first data by the broadcast function;
Second monitoring unit includes:
Second data outputting unit, for monitoring the decryption function by the Hook Function, and in Hook Function prison
Control the ciphertext data the second data by encryption are decrypted, intercept and capture the second data decrypted and export to described
Broadcast function;
Second data capture unit, for obtaining second data by the broadcast function.
Such as Fig. 7, it illustrates a kind of schematic flow sheet of another embodiment of leak analysis device of the embodiment of the present application, sheet
The device of embodiment and the difference of embodiment illustrated in fig. 6 are:
In device shown in Fig. 7, in addition to:
Data configuration unit 606, after intercepting first data in first monitoring unit, by described
One data configuration is test data;
Data returning unit 607, for the test data to be returned into the encryption function, and controls the encryption letter
It is several that the test data is encrypted, answered so that the test data by encryption is transferred to the target by the intended application
Server;
Accordingly, second data that second monitoring unit is intercepted and captured are directed to first data for the server
The response data of return;
The leak analysis unit 604 is specifically, for according to the test data and response data, to the target
Using progress leak analysis.
Optionally, in the embodiment of one device of any of the above, the device can also include:
Obstructive root canal unit, for while first data are intercepted and captured described in first monitoring unit, obstruction should
The flow chart of data processing of encryption function;
Obstruction cancels unit, enters for the test data to be returned into the encryption function in the data returning unit
While row encryption, cancel the obstruction to the encryption function, to cause the encryption function to encrypt the test data.
Optionally, in any of the above one embodiment, the function determining unit, including:
Source code analytic unit, carries out conversed analysis for the program code to intended application to be tested, obtains the target
The source code of application;
First function determining unit, for the mark according to preset encryption function, from the source code of the intended application,
Determine at least one encryption function for performing data encryption;
Second function determining unit, for the mark according to preset decryption function, from the source code of the intended application,
Determine at least one decryption function for performing data deciphering.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation be all between difference with other embodiment, each embodiment identical similar part mutually referring to.
For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is joined
See the part explanation of embodiment of the method.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include be this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except also there is other identical element in the process including key element, method, article or equipment.
The foregoing description of the disclosed embodiments, enables those skilled in the art to realize or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and generic principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with features of novelty with principles disclosed herein most wide
Scope.
It the above is only the preferred embodiment of the present invention, it is noted that come for those skilled in the art
Say, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (15)
1. a kind of leak analysis method, it is characterised in that including:
Determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption function
For the function for performing data encryption, the decryption function is the function for performing data deciphering;
Monitor and the first data to be encrypted are inputted in the encryption function, then intercept and capture first data;
Monitor the decryption function the second data by encryption are decrypted, then intercept and capture what the decryption function was decrypted
Second data;
Based on first data and the second data, leak analysis is carried out to the intended application.
2. leak analysis method according to claim 1, it is characterised in that described monitor in the encryption function inputs
First data to be encrypted, then intercept and capture first data, including:
The encryption function is monitored by built-in Hook Function, and inputs in the encryption function is monitored to be encrypted the
During one data, first data are intercepted and captured;
It is described to monitor the decryption function to being decrypted by the second data encrypted, then intercept and capture the decryption function decryption
Second data gone out, including:
The decryption function is monitored by the Hook Function, and the ciphertext data is monitored to by encrypting in Hook Function
The second data be decrypted, then intercept and capture second data that the decryption function is decrypted.
3. leak analysis method according to claim 2, it is characterised in that it is described monitor it is defeated in the encryption function
Before entering the first data to be encrypted, in addition to:
When terminal starts the intended application, the injection broadcast function into the principal function entrance of the intended application;
After intercepting and capturing first data, in addition to:
By Hook Function the broadcast function is given by first data output intercepted;
First data are obtained by the broadcast function;
After second data that the intercepting and capturing decryption function is decrypted, in addition to:
By the Hook Function broadcast function is given by second data output intercepted;
Second data are obtained by the broadcast function.
4. the leak analysis method according to any one of claims 1 to 3, it is characterised in that intercept and capture described first described
After data, in addition to:
It is test data by first data configuration;
The test data is returned into the encryption function to be encrypted, so that the intended application passes through what is encrypted by described
Test data is transferred to the server of the intended application;
Accordingly, second data are that the server is directed to the response data that first data are returned;
It is then described to be based on first data and the second data, leak analysis is carried out to the intended application, including:
According to the test data and response data, leak analysis is carried out to the intended application.
5. leak analysis method according to claim 4, it is characterised in that it is described the test data is returned to it is described
Encryption function is encrypted, including:
The test data is returned to by the encryption function by the Hook Function, and controls the encryption function to described
Test data is encrypted.
6. leak analysis method according to claim 4, it is characterised in that intercept and capture the same of first data described
When, in addition to:
Block the operation of the encryption function;
It is then described while the test data is returned into the encryption function be encrypted, in addition to:
Cancel the obstruction to the encryption function, to cause the encryption function to encrypt the test data.
7. the leak analysis method according to any one of claims 1 to 3, it is characterised in that determination mesh to be tested
At least one encryption function and at least one decryption function in mark application, including:
Conversed analysis is carried out to the program code of intended application to be tested, the source code of the intended application is obtained;
According to the mark of preset encryption function, from the source code of the intended application, determine for performing data encryption
At least one encryption function;
According to the mark of preset decryption function, from the source code of the intended application, determine for performing data deciphering
At least one decryption function.
8. a kind of leak analysis device, it is characterised in that including:
Function determining unit, for determining at least one encryption function in intended application to be tested and at least one decryption
Function, the encryption function is the function for performing data encryption, and the decryption function is the letter for performing data deciphering
Number;
First monitoring unit, inputs the first data to be encrypted for monitoring, then intercepts and captures described first in the encryption function
Data;
The second data by encryption are decrypted, then intercept and capture institute by the second monitoring unit for monitoring the decryption function
State second data that decryption function is decrypted;
Leak analysis unit, for based on first data and the second data, leak analysis to be carried out to the intended application.
9. leak analysis device according to claim 8, it is characterised in that first monitoring unit, specifically, being used for
The encryption function is monitored by built-in Hook Function, and to be encrypted first is inputted in the encryption function is monitored and is counted
According to when, intercept and capture first data;
Second monitoring unit, specifically, for monitoring the decryption function by the Hook Function, and in Hook Function
Monitor the ciphertext data the second data by encryption are decrypted, then that intercepts and captures that the decryption function decrypts is described
Second data.
10. leak analysis device according to claim 9, it is characterised in that also include:
Function call injection unit, for when terminal starts the intended application, being noted into the principal function entrance of the intended application
Enter to broadcast function;
First monitoring unit includes:
First data cutout unit, for monitoring the encryption function by built-in Hook Function, and is monitoring described add
When the first data to be encrypted are inputted in close function, by Hook Function by first data output intercepted to described wide
Broadcast function;
First data capture unit, for obtaining first data by the broadcast function;
Second monitoring unit includes:
Second data outputting unit, for monitoring the decryption function by the Hook Function, and is monitored in Hook Function
The second data by encryption are decrypted the ciphertext data, intercept and capture the second data decrypted and export to the broadcast
Function;
Second data capture unit, for obtaining second data by the broadcast function.
11. the leak analysis device according to any one of claim 8 to 10, it is characterised in that also include:
Data configuration unit, after intercepting first data in first monitoring unit, by first data
It is configured to test data;
Data returning unit, for the test data to be returned into the encryption function, and controls the encryption function to institute
Test data encryption is stated, so that the test data by encryption is transferred to the clothes of the intended application by the intended application
Business device;
Accordingly, second data that second monitoring unit is intercepted and captured return for the server for first data
Response data;
The leak analysis unit to the intended application specifically, for according to the test data and response data, entering
Row leak analysis.
12. leak analysis device according to claim 4, it is characterised in that also include:
Obstructive root canal unit, for while first data are intercepted and captured described in first monitoring unit, blocking the encryption
The operation of function;
Obstruction cancels unit, is added for the test data to be returned into the encryption function in the data returning unit
While close, cancel the obstruction to the encryption function, to cause the encryption function to encrypt the test data.
13. the leak analysis device according to any one of claim 8 to 10, it is characterised in that the function determining unit,
Including:
Source code analytic unit, carries out conversed analysis, obtaining the target should for the program code to intended application to be tested
Source code;
First function determining unit, for the mark according to preset encryption function, from the source code of the intended application, it is determined that
Go out at least one encryption function for performing data encryption;
Second function determining unit, for the mark according to preset decryption function, from the source code of the intended application, it is determined that
Go out at least one decryption function for performing data deciphering.
14. a kind of terminal, it is characterised in that including:
Processor and memory, the processor and memory are connected by communication bus;
Wherein, the processor, for calling and performing the program stored in the memory;
The memory, for storage program, described program is at least used for:
Determine at least one encryption function and at least one decryption function in intended application to be tested, the encryption function
For the function for performing data encryption, the decryption function is the function for performing data deciphering;
Monitor and the first data to be encrypted are inputted in the encryption function, then intercept and capture first data;
Monitor the decryption function the second data by encryption are decrypted, then intercept and capture what the decryption function was decrypted
Second data;
Based on first data and the second data, leak analysis is carried out to the intended application.
15. be stored with computer executable instructions, the computer executable instructions in a kind of storage medium, the storage medium
The leak analysis method described in 1 to 7 any one is required for perform claim.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710456999.4A CN107040553A (en) | 2017-06-16 | 2017-06-16 | Leak analysis method, device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710456999.4A CN107040553A (en) | 2017-06-16 | 2017-06-16 | Leak analysis method, device, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107040553A true CN107040553A (en) | 2017-08-11 |
Family
ID=59541392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710456999.4A Pending CN107040553A (en) | 2017-06-16 | 2017-06-16 | Leak analysis method, device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107040553A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446053A (en) * | 2018-09-03 | 2019-03-08 | 平安普惠企业管理有限公司 | Test method, computer readable storage medium and the terminal of application program |
| CN110096433A (en) * | 2019-03-26 | 2019-08-06 | 北京邮电大学 | The method of encryption data is obtained on a kind of iOS platform |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011073982A1 (en) * | 2009-12-15 | 2011-06-23 | Seeker Security Ltd. | Method and system of runtime analysis |
| CN102868699A (en) * | 2012-09-26 | 2013-01-09 | 北京联众互动网络股份有限公司 | Method and tool for vulnerability detection of server providing data interaction services |
| CN105208041A (en) * | 2015-10-15 | 2015-12-30 | 厦门大学 | HOOK-based cloud storage application encryption data packet cracking method |
| CN105516131A (en) * | 2015-12-04 | 2016-04-20 | 珠海市君天电子科技有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN106294179A (en) * | 2016-08-22 | 2017-01-04 | 上海亿账通互联网科技有限公司 | Analog detection method in process of application development and server |
-
2017
- 2017-06-16 CN CN201710456999.4A patent/CN107040553A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011073982A1 (en) * | 2009-12-15 | 2011-06-23 | Seeker Security Ltd. | Method and system of runtime analysis |
| CN102868699A (en) * | 2012-09-26 | 2013-01-09 | 北京联众互动网络股份有限公司 | Method and tool for vulnerability detection of server providing data interaction services |
| CN105208041A (en) * | 2015-10-15 | 2015-12-30 | 厦门大学 | HOOK-based cloud storage application encryption data packet cracking method |
| CN105516131A (en) * | 2015-12-04 | 2016-04-20 | 珠海市君天电子科技有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN106294179A (en) * | 2016-08-22 | 2017-01-04 | 上海亿账通互联网科技有限公司 | Analog detection method in process of application development and server |
Non-Patent Citations (1)
| Title |
|---|
| 马超等: "《Android移动设备应用程序开发》", 30 June 2016, 哈尔滨工业大学出版社 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109446053A (en) * | 2018-09-03 | 2019-03-08 | 平安普惠企业管理有限公司 | Test method, computer readable storage medium and the terminal of application program |
| CN110096433A (en) * | 2019-03-26 | 2019-08-06 | 北京邮电大学 | The method of encryption data is obtained on a kind of iOS platform |
| CN110096433B (en) * | 2019-03-26 | 2020-07-14 | 北京邮电大学 | Method for acquiring encrypted data on iOS platform |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Specter et al. | The ballot is busted before the blockchain: A security analysis of voatz, the first internet voting application used in {US}. federal elections | |
| US10924517B2 (en) | Processing network traffic based on assessed security weaknesses | |
| Chu et al. | Security and privacy analyses of internet of things children’s toys | |
| Springall et al. | Security analysis of the Estonian internet voting system | |
| US20230245092A1 (en) | Terminal for conducting electronic transactions | |
| US9268945B2 (en) | Detection of vulnerabilities in computer systems | |
| CN104063788B (en) | Mobile platform credibility payment system and method | |
| US20160036849A1 (en) | Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies | |
| EP3061024B1 (en) | Method and apparatus for protecting application program password of mobile terminal | |
| Tiwari et al. | A large scale analysis of android—web hybridization | |
| Likaj et al. | Where we stand (or fall): An analysis of CSRF defenses in web frameworks | |
| CN107040553A (en) | Leak analysis method, device, terminal and storage medium | |
| Kohli et al. | Security testing of android based COVID tracer applications | |
| Heiderich et al. | The bug that made me president a browser-and web-security case study on helios voting | |
| Susanto | Revealing cyber threat of smart mobile devices within digital ecosystem: User information security awareness | |
| Falade et al. | Vulnerability analysis of digital banks' mobile applications | |
| CN110399706B (en) | Authorization authentication method, device and computer system | |
| US20160308829A1 (en) | Information security device and information security method thereof | |
| Pell et al. | The ethical imperative for a vulnerability equities process and how the common vulnerability scoring system can aid that process | |
| Park et al. | Multiple Device Login Attacks and Countermeasures of Mobile VoIP Apps on Android. | |
| Busch et al. | Make Remote Forensic Investigations Forensic Again: Increasing the Evidential Value of Remote Forensic Investigations | |
| CN112995170A (en) | Method, device and system for protecting website user information | |
| Simeon et al. | Smart Phone Security Threats And Risk Mitigation Strategies | |
| Kusreynada et al. | Android Apps Vulnerability Detection with Static and Dynamic Analysis Approach using MOBSF | |
| Yerukhimovich et al. | Can Smartphones and Privacy Coexist?: Assessing Technologies and Regulations Protecting Personal Data on Android and IOS Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170811 |
|
| RJ01 | Rejection of invention patent application after publication |