CN107958150A - A kind of method for detecting Android hot patch security - Google Patents

A kind of method for detecting Android hot patch security Download PDF

Info

Publication number
CN107958150A
CN107958150A CN201711263819.7A CN201711263819A CN107958150A CN 107958150 A CN107958150 A CN 107958150A CN 201711263819 A CN201711263819 A CN 201711263819A CN 107958150 A CN107958150 A CN 107958150A
Authority
CN
China
Prior art keywords
patch
android
signature
security
zip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711263819.7A
Other languages
Chinese (zh)
Inventor
陈仲达
高振鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZHONGKE INFORMATION SECURITY COMMON TECHNOLOGY NATIONAL ENGINEERING RESEARCH CENTER Co Ltd
Original Assignee
ZHONGKE INFORMATION SECURITY COMMON TECHNOLOGY NATIONAL ENGINEERING RESEARCH CENTER Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZHONGKE INFORMATION SECURITY COMMON TECHNOLOGY NATIONAL ENGINEERING RESEARCH CENTER Co Ltd filed Critical ZHONGKE INFORMATION SECURITY COMMON TECHNOLOGY NATIONAL ENGINEERING RESEARCH CENTER Co Ltd
Priority to CN201711263819.7A priority Critical patent/CN107958150A/en
Publication of CN107958150A publication Critical patent/CN107958150A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)

Abstract

A kind of method for detecting Android hot patch security, which is based on Android application, needs signature to be installed, Android system in Android application installation process needs to verify the signature of apk, if service packs could be used that the identical certificate signatures of apk, then contrast the signature for issuing patch and whether currently running apk signatures are consistent, at the same time, security sweep is carried out to patch, determines whether patch file has forbidden code.Which can verify the security of Android hot patch.The beneficial effect of technical solution of the present invention is:Using detection method of the present invention, whether legal, prevent virus infection mobile phone if can effectively monitor hot patch file.

Description

A kind of method for detecting Android hot patch security
Technical field
The present invention relates to safety monitoring field, more particularly to a kind of method for detecting Android hot patch security.
Background technology
Hot patch(hotfix), also known as patch, refers to repair some codes of software vulnerability, is a kind of quick, low Cost repairs the mode of product software version defect.The main advantage of hot patch is the business that will not be currently running equipment Interrupt, i.e., in the case of not restarting equipment, the defects of equipment current software version can be repaired.
With the fast development of smart mobile phone, Android application competition is continuous, causes Android to be applied and is quickly developed and promoted Using the application of, Android quick exploitation inevitably there are some Software for Design in terms of loophole, meanwhile, user is all the time to Android application Program is there are new demand, in order not to influence the use of application program, generally in a manner of hot patch to Android application program into The reparation of row loophole or renewal, i.e., repaired or updated to the application program in the case where not stopping application program.
Under normal conditions, Android is applied in installation process, and most of mobile phone all can carry out safety detection to software, when Detection passes through rear normal mounting.For the Android application after installation, when being repaired and updated using hot patch, mobile phone is substantially Safety detection is not carried out with more new content to repairing, can not so ensure the security of Android application.
The content of the invention
In view of the deficiencies of the prior art, the present invention proposes a kind of method for detecting Android hot patch security, the detection Whether the application of method, can effectively judge that Android is applied and be encroached on when being repaired and updated using hot patch be subject to virus, from And ensure the security of Android application.
A kind of method for detecting Android hot patch security of the present invention, completes detection, mainly includes in two steps:It is right Dex hot patch file carries out security sweep;Then the security of dex hot patch files described in Android application public key verifications is utilized.
Further, the dex hot patch file security scanning step is specially:
Obtain the patch file of Android application;
Extract the dex hot patch files in Android application patch file;
Security sweep is carried out to dex hot patch file.
Further, it is specially using the security of dex hot patch files described in Android application public key verifications:
Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;
The APK signing certificates applied using Android to be upgraded sign patch.zip files;
Obtain the public signature key of Android application to be upgraded;
Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not Safety.
Further, the signature that the APK signing certificates applied using Android to be upgraded sign patch.zip files Order and be:
jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip patch.zip others
Wherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate
Further, obtaining the public signature key step that Android to be upgraded is applied is:
Obtain Android package manager;
Obtain certificate factory;
Obtain the Android application signature being currently running;
Obtain the public key for the Android application signature being currently running.
Further, the method for the signature and the public signature key is:
Read the signature of patch.zip files;
Whether the signature for detecting patch.zip files is complete;
The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves The patch is safe, is verified not by then representing it is fly-by-night patch.
The beneficial effect of technical solution of the present invention is:Using detection method of the present invention, can effectively supervise Whether legal control hot patch file, prevent virus infection mobile phone.
Embodiment
In order to make those skilled in the art more fully understand technical scheme, with reference to specific embodiment to this Invention is described in further detail.
Under normal circumstances, the Android application installation in mobile phone and operational process are:
The apk coating erectors of Android application call, and after checking Android application signature, parse the Android Manifest in apk, note The information such as rights statements and four big components is recorded, solution extrudes so storehouses in lib;
Desktop application receives Android application mount message, and parsing apk obtains application icon and shows, and stores startup Activity information;
When desktop clicks on the Android application operation, call and start Activity;
Start the process of application by system, default process name writes on the bag name in Android Manifest when being using installation;
Code in application process loading apk in dex, loads necessary resource;
Display starts the Activity pages, and Android application starts.
Android in mobile phone is rear, it is necessary to which when updating patch or loophole, hot patch installation and operation flow is using installation is complete (Following flow is using Ali Atlas as example, and major hot repair complex frame is similar):
After the change that hot patch is done all concentrates on the Android application process startup, done in loading code and resource necessary Replace, specific implementation flow be by guiding class to realize, it is specific as follows:
Step 1:The code entrance that Android application process can control is Application, generally in attachBaseContext Neutralize and handled in onCreate.Amigo provides compiling plug-in unit, in the case where not changing existing code substantially, replaces Application classes are Amigo classes, and the version being being currently used is verified in attachBaseContext, judge whether to need Upgrade, code and so storehouses are decompressed from Android patch application apk, finally recall using original Application;And Tinker Also Application is replaced, but by providing note, generates similar agency and has used oneself to realize, it is necessary to change The code of Application classes.In addition dex is service packs, it is necessary to recombine new dex texts in independent process in Tinker Part, could use afterwards.
Step 2:Reflection obtains LoadedApk in attachBaseContext, and replaces mClassloader and be AmigoClassLoader, inherits DexClassLoader, with the addition of new dex when creating, and specify the road in new so storehouses Footpath, has override findResource, loadClass methods.
Step 3:Reflection obtains quoting resource in attachBaseContext, creates new AssetManager and replacement.
Step 4:Application in execution attachPatchedApplication, loading patch apk, and Amigo classes are replaced in onCreate.
Technical solution of the present invention is namely based on installation and the hot patch installation and operation flow of existing Android application, hair A kind of bright detection hot patch whether safety method, particular technique thinking and technological means are as follows:
Normal conditions, Android application need signature to be installed, the Android system needs pair in Android application installation process The signature of apk is verified, if service packs could be used that the identical certificate signatures of apk, then contrast issues the signature of patch Whether consistent sign with currently running apk, meanwhile, security sweep is carried out to patch, determines whether patch file has illegal generation Code.Which can verify the security of Android hot patch.Specific implementation is as follows:
A kind of method for detecting Android hot patch security, completes detection, mainly includes in two steps:To dex hot patch file into Row security sweep;Then the security of dex hot patch files described in Android application public key verifications is utilized.
The dex hot patch file security scanning step is specially:
Obtain the patch file of Android application;
Extract the dex hot patch files in Android application patch file;
Security sweep is carried out to dex hot patch file.
Security using dex hot patch files described in Android application public key verifications is specially:
Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;
The APK signing certificates applied using Android to be upgraded sign patch.zip files;
Obtain the public signature key of Android application to be upgraded;
Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not Safety.
Using Android to be upgraded apply APK signing certificates be to the signature order that patch.zip files are signed:
jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip patch.zip others
Wherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate
Obtaining the public signature key step that Android to be upgraded is applied is:
Obtain Android package manager;
Obtain certificate factory;
Obtain the Android application signature being currently running;
Obtain the public key for the Android application signature being currently running.
The signature and the method for the public signature key are:
Read the signature of patch.zip files;
Whether the signature for detecting patch.zip files is complete;
The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves The patch is safe, is verified not by then representing it is fly-by-night patch.
A kind of method for detecting Android hot patch security provided by the present invention is described in detail above, herein In apply embodiment the principle and embodiment of the application be set forth, the explanation of above example is only intended to help Understand the present processes and its core concept;Meanwhile for those of ordinary skill in the art, according to the thought of the application, There will be changes in specific embodiments and applications, in conclusion this specification content should not be construed as to this The limitation of application.

Claims (6)

  1. A kind of 1. method for detecting Android hot patch security, it is characterised in that the side of the detection Android hot patch security Method is completed in two steps:
    Security sweep is carried out to dex hot patch file;
    Utilize the security of dex hot patch files described in Android application public key verifications.
  2. 2. a kind of method for detecting Android hot patch security as claimed in claim 1, it is characterised in that the dex is vulcanized Fourth file security scanning step is specially:
    Obtain the patch file of Android application;
    Extract the dex hot patch files in Android application patch file;
    Security sweep is carried out to dex hot patch file.
  3. 3. a kind of method for detecting Android hot patch security as claimed in claim 1, it is characterised in that should using Android The security of dex hot patch file is specially described in public key verifications:
    Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;
    The APK signing certificates applied using Android to be upgraded sign patch.zip files;
    Obtain the public signature key of Android application to be upgraded;
    Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not Safety.
  4. 4. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that utilize to be upgraded Android application APK signing certificates be to the signature order that patch.zip files are signed:
    jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip patch.zip others
    Wherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate.
  5. 5. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that obtain to be upgraded Android application public signature key step be:
    Obtain Android package manager;
    Obtain certificate factory;
    Obtain the Android application signature being currently running;
    Obtain the public key for the Android application signature being currently running.
  6. 6. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that described to compare institute State signature and the method for the public signature key is:
    Read the signature of patch.zip files;
    Whether the signature for detecting patch.zip files is complete;
    The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves The patch is safe, is verified not by then representing it is fly-by-night patch.
CN201711263819.7A 2017-12-05 2017-12-05 A kind of method for detecting Android hot patch security Pending CN107958150A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711263819.7A CN107958150A (en) 2017-12-05 2017-12-05 A kind of method for detecting Android hot patch security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711263819.7A CN107958150A (en) 2017-12-05 2017-12-05 A kind of method for detecting Android hot patch security

Publications (1)

Publication Number Publication Date
CN107958150A true CN107958150A (en) 2018-04-24

Family

ID=61963099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711263819.7A Pending CN107958150A (en) 2017-12-05 2017-12-05 A kind of method for detecting Android hot patch security

Country Status (1)

Country Link
CN (1) CN107958150A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344619A (en) * 2018-08-15 2019-02-15 北京奇艺世纪科技有限公司 The hot restorative procedure and device of application program
CN109472148A (en) * 2018-11-15 2019-03-15 百度在线网络技术(北京)有限公司 Load the method, apparatus and storage medium of hot patch
CN109828772A (en) * 2019-02-19 2019-05-31 百度在线网络技术(北京)有限公司 Hot update method, operating system, terminal device and storage medium
CN111221563A (en) * 2020-01-13 2020-06-02 上海博泰悦臻网络技术服务有限公司 Application management method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7810159B2 (en) * 2005-06-14 2010-10-05 At&T Intellectual Property I, L.P. Methods, computer networks and computer program products for reducing the vulnerability of user devices
CN103942073A (en) * 2014-04-08 2014-07-23 北京奇虎科技有限公司 Method and device for realizing system hot patching
CN104049973A (en) * 2014-06-25 2014-09-17 北京思特奇信息技术股份有限公司 Safety verification method and device for android application program
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN105787357A (en) * 2016-03-28 2016-07-20 福建联迪商用设备有限公司 APK (Android Package) downloading method and system based on Android system
CN106055979A (en) * 2016-05-24 2016-10-26 百度在线网络技术(北京)有限公司 Kernel fixing method and apparatus
CN107301105A (en) * 2016-04-14 2017-10-27 华为技术有限公司 Verify the method and device of hot patch or dynamic base
CN107423624A (en) * 2017-04-12 2017-12-01 北京奇虎科技有限公司 terminal system vulnerability scanning method and device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7810159B2 (en) * 2005-06-14 2010-10-05 At&T Intellectual Property I, L.P. Methods, computer networks and computer program products for reducing the vulnerability of user devices
CN103942073A (en) * 2014-04-08 2014-07-23 北京奇虎科技有限公司 Method and device for realizing system hot patching
CN104049973A (en) * 2014-06-25 2014-09-17 北京思特奇信息技术股份有限公司 Safety verification method and device for android application program
CN105429760A (en) * 2015-12-01 2016-03-23 神州融安科技(北京)有限公司 Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment)
CN105787357A (en) * 2016-03-28 2016-07-20 福建联迪商用设备有限公司 APK (Android Package) downloading method and system based on Android system
CN107301105A (en) * 2016-04-14 2017-10-27 华为技术有限公司 Verify the method and device of hot patch or dynamic base
CN106055979A (en) * 2016-05-24 2016-10-26 百度在线网络技术(北京)有限公司 Kernel fixing method and apparatus
CN107423624A (en) * 2017-04-12 2017-12-01 北京奇虎科技有限公司 terminal system vulnerability scanning method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DENGYIN2000: "插件化阿里Atlas之插件热补丁安全校验", 《HTTPS://WWW.JIANSHU.COM/P/D1149C86CA7A?UTM_CAMPAIGN=HUGO&UTM_MEDIUM=READER_SHARE&UTM_CONTENT=NOTE》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109344619A (en) * 2018-08-15 2019-02-15 北京奇艺世纪科技有限公司 The hot restorative procedure and device of application program
CN109472148A (en) * 2018-11-15 2019-03-15 百度在线网络技术(北京)有限公司 Load the method, apparatus and storage medium of hot patch
CN109472148B (en) * 2018-11-15 2021-04-02 百度在线网络技术(北京)有限公司 Method, device and storage medium for loading hot patch
CN109828772A (en) * 2019-02-19 2019-05-31 百度在线网络技术(北京)有限公司 Hot update method, operating system, terminal device and storage medium
US11221838B2 (en) 2019-02-19 2022-01-11 Baidu Online Network Technology (Beijing) Co., Ltd. Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process
CN111221563A (en) * 2020-01-13 2020-06-02 上海博泰悦臻网络技术服务有限公司 Application management method and system

Similar Documents

Publication Publication Date Title
CN107958150A (en) A kind of method for detecting Android hot patch security
US10031743B2 (en) Method and apparatus for kernel repair and patching
CN103530534B (en) A kind of Android program ROOT authorization method based on signature verification
CN103559591B (en) Software management system based on trust computing and management method
WO2019037522A1 (en) Bug fixing method, bug fixing device and server
WO2017050186A1 (en) Application permission management method and smart pos terminal
CN106355081A (en) Android program start verification method and device
CN102880828B (en) Intrusion detection and recovery system aiming at virtualization support environment
CN104123481A (en) Method and device for preventing application program from being tampered
CN107466455B (en) POS machine security verification method and device
US20160197950A1 (en) Detection system and method for statically detecting applications
CN104408370A (en) Android system security verification method and verification device thereof
CN101901323B (en) System filtration method for monitoring loading activity of program module
CN112231702B (en) Application protection method, device, equipment and medium
CN104680061A (en) Method and system for verifying code signing during startup of application in Android environment
Sellwood et al. Sleeping android: The danger of dormant permissions
WO2017008728A1 (en) Method and system for classifying development mode and product mode for terminal
CN107273742A (en) A kind of mandate installation method, barcode scanning payment terminal, server and the system of Android application
CN106709281B (en) Patch granting and acquisition methods, device
CN111338674A (en) Instruction processing method, device and equipment
CN118051918A (en) Security vulnerability restoration management method and device
CN109918912A (en) A kind of Ile repair method and relevant device for computer virus
CN111158729A (en) System upgrading method, device, equipment and storage medium
CN112955889A (en) Safe starting device and method
CN112163216B (en) Method and system for establishing safe computing environment of intelligent electric energy meter

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180424

WD01 Invention patent application deemed withdrawn after publication