CN107958150A - A kind of method for detecting Android hot patch security - Google Patents
A kind of method for detecting Android hot patch security Download PDFInfo
- Publication number
- CN107958150A CN107958150A CN201711263819.7A CN201711263819A CN107958150A CN 107958150 A CN107958150 A CN 107958150A CN 201711263819 A CN201711263819 A CN 201711263819A CN 107958150 A CN107958150 A CN 107958150A
- Authority
- CN
- China
- Prior art keywords
- patch
- android
- signature
- security
- zip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
A kind of method for detecting Android hot patch security, which is based on Android application, needs signature to be installed, Android system in Android application installation process needs to verify the signature of apk, if service packs could be used that the identical certificate signatures of apk, then contrast the signature for issuing patch and whether currently running apk signatures are consistent, at the same time, security sweep is carried out to patch, determines whether patch file has forbidden code.Which can verify the security of Android hot patch.The beneficial effect of technical solution of the present invention is:Using detection method of the present invention, whether legal, prevent virus infection mobile phone if can effectively monitor hot patch file.
Description
Technical field
The present invention relates to safety monitoring field, more particularly to a kind of method for detecting Android hot patch security.
Background technology
Hot patch(hotfix), also known as patch, refers to repair some codes of software vulnerability, is a kind of quick, low
Cost repairs the mode of product software version defect.The main advantage of hot patch is the business that will not be currently running equipment
Interrupt, i.e., in the case of not restarting equipment, the defects of equipment current software version can be repaired.
With the fast development of smart mobile phone, Android application competition is continuous, causes Android to be applied and is quickly developed and promoted
Using the application of, Android quick exploitation inevitably there are some Software for Design in terms of loophole, meanwhile, user is all the time to Android application
Program is there are new demand, in order not to influence the use of application program, generally in a manner of hot patch to Android application program into
The reparation of row loophole or renewal, i.e., repaired or updated to the application program in the case where not stopping application program.
Under normal conditions, Android is applied in installation process, and most of mobile phone all can carry out safety detection to software, when
Detection passes through rear normal mounting.For the Android application after installation, when being repaired and updated using hot patch, mobile phone is substantially
Safety detection is not carried out with more new content to repairing, can not so ensure the security of Android application.
The content of the invention
In view of the deficiencies of the prior art, the present invention proposes a kind of method for detecting Android hot patch security, the detection
Whether the application of method, can effectively judge that Android is applied and be encroached on when being repaired and updated using hot patch be subject to virus, from
And ensure the security of Android application.
A kind of method for detecting Android hot patch security of the present invention, completes detection, mainly includes in two steps:It is right
Dex hot patch file carries out security sweep;Then the security of dex hot patch files described in Android application public key verifications is utilized.
Further, the dex hot patch file security scanning step is specially:
Obtain the patch file of Android application;
Extract the dex hot patch files in Android application patch file;
Security sweep is carried out to dex hot patch file.
Further, it is specially using the security of dex hot patch files described in Android application public key verifications:
Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;
The APK signing certificates applied using Android to be upgraded sign patch.zip files;
Obtain the public signature key of Android application to be upgraded;
Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not
Safety.
Further, the signature that the APK signing certificates applied using Android to be upgraded sign patch.zip files
Order and be:
jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip
patch.zip others
Wherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature
Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate
Further, obtaining the public signature key step that Android to be upgraded is applied is:
Obtain Android package manager;
Obtain certificate factory;
Obtain the Android application signature being currently running;
Obtain the public key for the Android application signature being currently running.
Further, the method for the signature and the public signature key is:
Read the signature of patch.zip files;
Whether the signature for detecting patch.zip files is complete;
The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves
The patch is safe, is verified not by then representing it is fly-by-night patch.
The beneficial effect of technical solution of the present invention is:Using detection method of the present invention, can effectively supervise
Whether legal control hot patch file, prevent virus infection mobile phone.
Embodiment
In order to make those skilled in the art more fully understand technical scheme, with reference to specific embodiment to this
Invention is described in further detail.
Under normal circumstances, the Android application installation in mobile phone and operational process are:
The apk coating erectors of Android application call, and after checking Android application signature, parse the Android Manifest in apk, note
The information such as rights statements and four big components is recorded, solution extrudes so storehouses in lib;
Desktop application receives Android application mount message, and parsing apk obtains application icon and shows, and stores startup
Activity information;
When desktop clicks on the Android application operation, call and start Activity;
Start the process of application by system, default process name writes on the bag name in Android Manifest when being using installation;
Code in application process loading apk in dex, loads necessary resource;
Display starts the Activity pages, and Android application starts.
Android in mobile phone is rear, it is necessary to which when updating patch or loophole, hot patch installation and operation flow is using installation is complete
(Following flow is using Ali Atlas as example, and major hot repair complex frame is similar):
After the change that hot patch is done all concentrates on the Android application process startup, done in loading code and resource necessary
Replace, specific implementation flow be by guiding class to realize, it is specific as follows:
Step 1:The code entrance that Android application process can control is Application, generally in attachBaseContext
Neutralize and handled in onCreate.Amigo provides compiling plug-in unit, in the case where not changing existing code substantially, replaces
Application classes are Amigo classes, and the version being being currently used is verified in attachBaseContext, judge whether to need
Upgrade, code and so storehouses are decompressed from Android patch application apk, finally recall using original Application;And Tinker
Also Application is replaced, but by providing note, generates similar agency and has used oneself to realize, it is necessary to change
The code of Application classes.In addition dex is service packs, it is necessary to recombine new dex texts in independent process in Tinker
Part, could use afterwards.
Step 2:Reflection obtains LoadedApk in attachBaseContext, and replaces mClassloader and be
AmigoClassLoader, inherits DexClassLoader, with the addition of new dex when creating, and specify the road in new so storehouses
Footpath, has override findResource, loadClass methods.
Step 3:Reflection obtains quoting resource in attachBaseContext, creates new AssetManager and replacement.
Step 4:Application in execution attachPatchedApplication, loading patch apk, and
Amigo classes are replaced in onCreate.
Technical solution of the present invention is namely based on installation and the hot patch installation and operation flow of existing Android application, hair
A kind of bright detection hot patch whether safety method, particular technique thinking and technological means are as follows:
Normal conditions, Android application need signature to be installed, the Android system needs pair in Android application installation process
The signature of apk is verified, if service packs could be used that the identical certificate signatures of apk, then contrast issues the signature of patch
Whether consistent sign with currently running apk, meanwhile, security sweep is carried out to patch, determines whether patch file has illegal generation
Code.Which can verify the security of Android hot patch.Specific implementation is as follows:
A kind of method for detecting Android hot patch security, completes detection, mainly includes in two steps:To dex hot patch file into
Row security sweep;Then the security of dex hot patch files described in Android application public key verifications is utilized.
The dex hot patch file security scanning step is specially:
Obtain the patch file of Android application;
Extract the dex hot patch files in Android application patch file;
Security sweep is carried out to dex hot patch file.
Security using dex hot patch files described in Android application public key verifications is specially:
Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;
The APK signing certificates applied using Android to be upgraded sign patch.zip files;
Obtain the public signature key of Android application to be upgraded;
Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not
Safety.
Using Android to be upgraded apply APK signing certificates be to the signature order that patch.zip files are signed:
jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip
patch.zip others
Wherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature
Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate
Obtaining the public signature key step that Android to be upgraded is applied is:
Obtain Android package manager;
Obtain certificate factory;
Obtain the Android application signature being currently running;
Obtain the public key for the Android application signature being currently running.
The signature and the method for the public signature key are:
Read the signature of patch.zip files;
Whether the signature for detecting patch.zip files is complete;
The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves
The patch is safe, is verified not by then representing it is fly-by-night patch.
A kind of method for detecting Android hot patch security provided by the present invention is described in detail above, herein
In apply embodiment the principle and embodiment of the application be set forth, the explanation of above example is only intended to help
Understand the present processes and its core concept;Meanwhile for those of ordinary skill in the art, according to the thought of the application,
There will be changes in specific embodiments and applications, in conclusion this specification content should not be construed as to this
The limitation of application.
Claims (6)
- A kind of 1. method for detecting Android hot patch security, it is characterised in that the side of the detection Android hot patch security Method is completed in two steps:Security sweep is carried out to dex hot patch file;Utilize the security of dex hot patch files described in Android application public key verifications.
- 2. a kind of method for detecting Android hot patch security as claimed in claim 1, it is characterised in that the dex is vulcanized Fourth file security scanning step is specially:Obtain the patch file of Android application;Extract the dex hot patch files in Android application patch file;Security sweep is carried out to dex hot patch file.
- 3. a kind of method for detecting Android hot patch security as claimed in claim 1, it is characterised in that should using Android The security of dex hot patch file is specially described in public key verifications:Zip is carried out to the patch file for obtaining Android application to compress to form patch.zip files;The APK signing certificates applied using Android to be upgraded sign patch.zip files;Obtain the public signature key of Android application to be upgraded;Compare the signature and the public signature key, if identical, illustrate Android hot patch safety, no person's Android hot patch is not Safety.
- 4. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that utilize to be upgraded Android application APK signing certificates be to the signature order that patch.zip files are signed:jarsigner -verbose -keystore KEYSTORE_FILEPATH -signedjar patch_v.zip patch.zip othersWherein:KEYSTORE_FILEPATH represents the path of apk certificates;Patch_v.zip represents the ZIP after the completion of signature Filename;Patch.zip represents to need the filename signed;Others represents the alias of certificate.
- 5. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that obtain to be upgraded Android application public signature key step be:Obtain Android package manager;Obtain certificate factory;Obtain the Android application signature being currently running;Obtain the public key for the Android application signature being currently running.
- 6. a kind of method for detecting Android hot patch security as claimed in claim 3, it is characterised in that described to compare institute State signature and the method for the public signature key is:Read the signature of patch.zip files;Whether the signature for detecting patch.zip files is complete;The public signature key applied using Android to be upgraded verifies the signature of patch.zip files, is verified, proves The patch is safe, is verified not by then representing it is fly-by-night patch.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711263819.7A CN107958150A (en) | 2017-12-05 | 2017-12-05 | A kind of method for detecting Android hot patch security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711263819.7A CN107958150A (en) | 2017-12-05 | 2017-12-05 | A kind of method for detecting Android hot patch security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107958150A true CN107958150A (en) | 2018-04-24 |
Family
ID=61963099
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711263819.7A Pending CN107958150A (en) | 2017-12-05 | 2017-12-05 | A kind of method for detecting Android hot patch security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107958150A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109344619A (en) * | 2018-08-15 | 2019-02-15 | 北京奇艺世纪科技有限公司 | The hot restorative procedure and device of application program |
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN109828772A (en) * | 2019-02-19 | 2019-05-31 | 百度在线网络技术(北京)有限公司 | Hot update method, operating system, terminal device and storage medium |
CN111221563A (en) * | 2020-01-13 | 2020-06-02 | 上海博泰悦臻网络技术服务有限公司 | Application management method and system |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7810159B2 (en) * | 2005-06-14 | 2010-10-05 | At&T Intellectual Property I, L.P. | Methods, computer networks and computer program products for reducing the vulnerability of user devices |
CN103942073A (en) * | 2014-04-08 | 2014-07-23 | 北京奇虎科技有限公司 | Method and device for realizing system hot patching |
CN104049973A (en) * | 2014-06-25 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Safety verification method and device for android application program |
CN105429760A (en) * | 2015-12-01 | 2016-03-23 | 神州融安科技(北京)有限公司 | Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment) |
CN105787357A (en) * | 2016-03-28 | 2016-07-20 | 福建联迪商用设备有限公司 | APK (Android Package) downloading method and system based on Android system |
CN106055979A (en) * | 2016-05-24 | 2016-10-26 | 百度在线网络技术(北京)有限公司 | Kernel fixing method and apparatus |
CN107301105A (en) * | 2016-04-14 | 2017-10-27 | 华为技术有限公司 | Verify the method and device of hot patch or dynamic base |
CN107423624A (en) * | 2017-04-12 | 2017-12-01 | 北京奇虎科技有限公司 | terminal system vulnerability scanning method and device |
-
2017
- 2017-12-05 CN CN201711263819.7A patent/CN107958150A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7810159B2 (en) * | 2005-06-14 | 2010-10-05 | At&T Intellectual Property I, L.P. | Methods, computer networks and computer program products for reducing the vulnerability of user devices |
CN103942073A (en) * | 2014-04-08 | 2014-07-23 | 北京奇虎科技有限公司 | Method and device for realizing system hot patching |
CN104049973A (en) * | 2014-06-25 | 2014-09-17 | 北京思特奇信息技术股份有限公司 | Safety verification method and device for android application program |
CN105429760A (en) * | 2015-12-01 | 2016-03-23 | 神州融安科技(北京)有限公司 | Method and system for identity verification of digital certificate based on TEE (Trusted Execution Environment) |
CN105787357A (en) * | 2016-03-28 | 2016-07-20 | 福建联迪商用设备有限公司 | APK (Android Package) downloading method and system based on Android system |
CN107301105A (en) * | 2016-04-14 | 2017-10-27 | 华为技术有限公司 | Verify the method and device of hot patch or dynamic base |
CN106055979A (en) * | 2016-05-24 | 2016-10-26 | 百度在线网络技术(北京)有限公司 | Kernel fixing method and apparatus |
CN107423624A (en) * | 2017-04-12 | 2017-12-01 | 北京奇虎科技有限公司 | terminal system vulnerability scanning method and device |
Non-Patent Citations (1)
Title |
---|
DENGYIN2000: "插件化阿里Atlas之插件热补丁安全校验", 《HTTPS://WWW.JIANSHU.COM/P/D1149C86CA7A?UTM_CAMPAIGN=HUGO&UTM_MEDIUM=READER_SHARE&UTM_CONTENT=NOTE》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109344619A (en) * | 2018-08-15 | 2019-02-15 | 北京奇艺世纪科技有限公司 | The hot restorative procedure and device of application program |
CN109472148A (en) * | 2018-11-15 | 2019-03-15 | 百度在线网络技术(北京)有限公司 | Load the method, apparatus and storage medium of hot patch |
CN109472148B (en) * | 2018-11-15 | 2021-04-02 | 百度在线网络技术(北京)有限公司 | Method, device and storage medium for loading hot patch |
CN109828772A (en) * | 2019-02-19 | 2019-05-31 | 百度在线网络技术(北京)有限公司 | Hot update method, operating system, terminal device and storage medium |
US11221838B2 (en) | 2019-02-19 | 2022-01-11 | Baidu Online Network Technology (Beijing) Co., Ltd. | Hot update method, operating system, terminal device, system, and computer-readable storage medium for a system process |
CN111221563A (en) * | 2020-01-13 | 2020-06-02 | 上海博泰悦臻网络技术服务有限公司 | Application management method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107958150A (en) | A kind of method for detecting Android hot patch security | |
US10031743B2 (en) | Method and apparatus for kernel repair and patching | |
CN103530534B (en) | A kind of Android program ROOT authorization method based on signature verification | |
CN103559591B (en) | Software management system based on trust computing and management method | |
WO2019037522A1 (en) | Bug fixing method, bug fixing device and server | |
WO2017050186A1 (en) | Application permission management method and smart pos terminal | |
CN106355081A (en) | Android program start verification method and device | |
CN102880828B (en) | Intrusion detection and recovery system aiming at virtualization support environment | |
CN104123481A (en) | Method and device for preventing application program from being tampered | |
CN107466455B (en) | POS machine security verification method and device | |
US20160197950A1 (en) | Detection system and method for statically detecting applications | |
CN104408370A (en) | Android system security verification method and verification device thereof | |
CN101901323B (en) | System filtration method for monitoring loading activity of program module | |
CN112231702B (en) | Application protection method, device, equipment and medium | |
CN104680061A (en) | Method and system for verifying code signing during startup of application in Android environment | |
Sellwood et al. | Sleeping android: The danger of dormant permissions | |
WO2017008728A1 (en) | Method and system for classifying development mode and product mode for terminal | |
CN107273742A (en) | A kind of mandate installation method, barcode scanning payment terminal, server and the system of Android application | |
CN106709281B (en) | Patch granting and acquisition methods, device | |
CN111338674A (en) | Instruction processing method, device and equipment | |
CN118051918A (en) | Security vulnerability restoration management method and device | |
CN109918912A (en) | A kind of Ile repair method and relevant device for computer virus | |
CN111158729A (en) | System upgrading method, device, equipment and storage medium | |
CN112955889A (en) | Safe starting device and method | |
CN112163216B (en) | Method and system for establishing safe computing environment of intelligent electric energy meter |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180424 |
|
WD01 | Invention patent application deemed withdrawn after publication |