CN108090355B - APK automatic triggering tool - Google Patents
APK automatic triggering tool Download PDFInfo
- Publication number
- CN108090355B CN108090355B CN201711220729.XA CN201711220729A CN108090355B CN 108090355 B CN108090355 B CN 108090355B CN 201711220729 A CN201711220729 A CN 201711220729A CN 108090355 B CN108090355 B CN 108090355B
- Authority
- CN
- China
- Prior art keywords
- apk
- interface
- components
- interfaces
- traversed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
The invention discloses an APK automatic triggering tool, which comprises: the APK analysis and pre-processing module, the APK automatic installation and starting module and the APK automatic interaction module. The APK analysis preprocessing module automatically analyzes and acquires information of MainActivity, PackageName, Activity and the like of the APK and prepares for APK automatic interaction; the APK automatic installation and starting module automatically installs the target APK on the simulator and automatically starts the APK in the simulator; and the APK automatic interaction module automatically triggers all components in the APK based on the idea of deep traversal. The invention can automatically install and start the APK, acquire all components in the screen in real time after the APK is started and operated, identify different UI interfaces and different components, simulate real users, and execute corresponding interactive behaviors on different components, thereby triggering malicious codes of the APK and exposing the malicious APK.
Description
Technical Field
The invention belongs to the technical field of Android application program automation interaction, and particularly relates to an APK automatic triggering tool.
Background
With the rapid development of science and technology, the market share of smart phones is rapidly increased, wherein the Android system is popular among a plurality of mobile phone manufacturers and software manufacturers since the release. The Android smart phone brings a plurality of convenient functions to people and brings great potential safety hazards. Most malicious APKs require interaction with a user to exhibit malicious behavior. In order to trigger the malicious behavior of the APK, the characteristics of the APK are exposed before use, the mobile phone security of a user is protected, and an effective APK automatic triggering tool is needed.
The Monkey is an automatic testing tool of the Android system, and can generate a specified number of random events, wherein the event types comprise key input, touch screen operation, gesture input and the like. However, Monkey cannot customize events, and only can randomly generate events, and among the randomly generated events, there is a certain probability that a repeated event triggering the same component is generated, and among the generated events, some of the generated events do not respond on the current interface, do not need to be generated, but cannot be avoided in Monkey.
Besides the Monkey tool, there are other tools that are commonly used in the APK auto-triggering tool, and these tools have the following disadvantages:
1. there are certain limitations to relying on the source code of APK. In practice, it is difficult to obtain the source code of APK, and even if a decompilation tool is used, some source codes are already confused and difficult to analyze effectively.
2. Android source code needs to be modified. Different Android versions exist, the compatibility of source codes after modification is problematic, and many APKs cannot normally operate in an Android system with source codes modified.
3. The character string cannot be generated on demand. Many input components require the input of a properly formatted character string for further operation, and existing tools either do not generate a character string or generate a meaningless random character string that does not meet the requirements.
Disclosure of Invention
In order to overcome the disadvantages of the prior art, an object of the present invention is to provide an APK automatic triggering tool, which avoids analyzing source codes and effectively simulates user operations to obtain better triggering effect. And adopting a depth-first traversal idea, extracting, identifying and traversing the UI components layer by layer item by item, and simulating user operation behaviors for all components needing to click or input texts in the application program to carry out interaction. And the triggered components are recorded in time, so that the repeated triggering of the same component is avoided, and the components of the application program are more comprehensively traversed. The invention provides a fingerprint information construction method of a UI (user interface), a UI storage stack and a UI recycle bin to record the traversal condition of the UI, and can automatically generate effective character strings to fill in an input box. The invention distinguishes different UI interfaces by constructing the fingerprint information of the UI interfaces, records the states of the UI interfaces triggered under various conditions in traversal, establishes a UI interface storage stack for the UI interfaces needing to be continuously triggered to store related information, establishes a UI recycle bin record for the traversed UI interfaces, and can automatically generate character strings meeting the required format for the components needing to fill in the character strings.
In order to achieve the purpose, the invention adopts the technical scheme that:
an APK auto-triggering tool comprising:
the APK analysis preprocessing module is responsible for starting the simulator and analyzing the android manifest.
The APK automatic installation and starting module is responsible for automatically installing the target APK on the simulator and automatically starting the APK in the simulator;
the APK automatic interaction module realizes the function of simulating a user to automatically trigger the component obtained in the UI according to the depth-first traversal principle, and comprises the steps of automatically generating character strings according to related requirements, inputting the character strings into the component needing to input text content, automatically clicking the component needing to be clicked, and reaching different UI interfaces according to the component triggering sequence.
The APK analysis preprocessing module consists of a starting simulator and an analysis android manifest, wherein the starting simulator provides a running environment for using the tool, so that the tool can run effectively, and a user is simulated to automatically trigger the APK; and analyzing the android manifest xml file to obtain the package name of the APK to be tested when the APK is started and the MainActivity of the APK to be tested when the APK is started, and preparing for starting the APK in the next step. And meanwhile, all effective Activity names of the APK to be tested can be obtained when the android manifest is analyzed, and reference information is provided for judging whether the Activity appears in the later interaction process is the Activity of the APK to be tested, so that time consumption caused by interaction in an irrelevant UI (user interface) is avoided, and the operation efficiency is improved.
The relevant information of the APK acquired by the APK analysis preprocessing module at least comprises the class name of MainActivity, the package name PackageName and the collection of all the class names of Activity in the APK when the APK is started.
The APK automatic installation and starting module is divided into an installation sub-module and a starting sub-module, after the position of the APK to be tested is obtained, a target APK can be installed in the simulator through an adb install command, and then the APK is started through an adb shell am start command according to PackageName and MainActivity information obtained by the APK analysis preprocessing module.
The APK automatic installation and starting module automatically installs and starts the appointed APK, and if the APK fails during starting, the APK is automatically restarted.
And the APK automatic interaction module is realized by adopting a depth-first traversal method. When a UI interface is traversed, all triggerable UI components of the interface are firstly obtained, then all the obtained UI components are traversed in sequence, if the UI interface changes after a UI event of a certain component is triggered, information of the original UI interface is stored in a stack, a new UI interface is traversed firstly, and after the traversal is completed, the original UI interface is returned to continue to traverse the rest components. In the traversing process, if a certain interface traverses all components, downward sliding operation is performed on the interface, if the interface changes, the interface after sliding is also regarded as a new UI interface for traversing interaction, if the interface has already traversed and downward sliding can not change the interface content, the information of the interface is stored in a UI recycle bin, then the path of the interface which can reach the previous interface is searched, and the interface returns to the previous interface according to the path. And if the interface completely traverses and no path returns to the previous interface, clicking a backspace key BACK. If the BACK is clicked and the previous page is not returned, but the page which is further ahead is returned, the corresponding button is clicked again on the page until the target page is reached.
The automatic interaction method is based on layer design and uses a depth-first traversal algorithm, which is the key of the whole invention. Specifically, the "layer" mentioned in the present invention refers to different UI interfaces, and each UI interface appears in the whole operation process of the tool necessarily belongs to and only belongs to a certain layer. When the APK is started, the initial UI interface appears as a first layer, if a new UI interface appears after a certain component of the first layer is triggered, the interface is a second layer, and a new UI interface which never appears before after the component of the second layer is triggered is a third layer, and so on. Only one UI interface belonging to the first layer, i.e. the first UI interface appearing after start-up, may have multiple UI interfaces belonging to other layers. If a certain component is triggered and a UI interface of a certain layer which is already appeared before appears, the layer to which the interface belongs is not changed or is the original layer.
The depth-first traversal algorithm specifically comprises the following steps:
1. and when the traversal is performed, the application program is started firstly, all triggerable UI components of the interface are required to be obtained firstly when a UI interface is traversed, all the UI components are traversed in sequence, if the UI interface changes after a UI event of a certain component is triggered, the information of the original UI interface is stored in a stack, a new UI interface is traversed firstly, and after the traversal is completed, the original UI interface is returned to continue traversing the rest components.
2. In the traversing process, if a certain interface finishes traversing all the components, the interface is executed with downward sliding operation, if the interface changes, the interface after sliding is also regarded as a new UI interface for traversing interaction, if the interface finishes traversing and downward sliding can not change the interface content, the path of the interface which can reach the previous interface is searched, and the interface returns to the previous interface according to the path. If an interface completely traverses and has no path BACK to the previous interface, a BACK key BACK can be clicked.
3. If the BACK is clicked and the previous page is not returned, but the page which is further ahead is returned, the corresponding button is clicked again on the page until the target page is reached.
In the execution process of the APK tool, whether the UI interfaces are the same or not needs to be judged, specifically, each UI interface is uniquely identified by constructing fingerprints for each UI interface, and the UI interface is composed of a plurality of different components, so that before the fingerprint information of the UI interface is constructed, the fingerprint information of the different components needs to be constructed. The APK automatic interaction module generates a unique fingerprint value for each UI interface by using a Hash algorithm according to the type, size, coordinate information and class name of Activity of all components in the interface, so as to distinguish different UI interfaces, and the construction method of the fingerprint value of the UI interface comprises the following steps:
firstly, constructing fingerprint information of different components forming a UI interface, wherein the fingerprint information of one component comprises the following contents:
(1) the type of component;
(2) coordinate information of the component;
(3) the size of the component;
(4) class name of Activity where the component is located;
and finally, obtaining the fingerprint value with fixed length by using a Hash algorithm, and obtaining the fingerprint information of the UI interface by using the Hash algorithm once after splicing the obtained fingerprint values of all the components.
Judging whether the UI interfaces are the same according to whether the fingerprint values of the UI interfaces are the same, wherein the specific judgment method comprises the following steps:
step 1, if the Activity class names of the two UI interfaces are different, otherwise, the next step is carried out;
step 2, if the number of the components in the two UI interfaces is different, the two UI interfaces are different, otherwise, the next step is carried out;
and 3, if the fingerprint information of the two UI interfaces is inconsistent, the two UI interfaces are different, otherwise, the two UI interfaces are the same.
In the APK automatic interaction module, in order to ensure that all the obtained UI interfaces can be completely traversed in sequence, the invention constructs a storage stack of the UI interfaces, namely a UI trigger stack.
Specifically, when an APK is automatically triggered, a UI trigger stack exists in the whole program, and the stack sequentially stores all UI interfaces which appear and have not completely traversed all components in the stack. When a UI interface is being traversed, if a new UI interface appears, the current information of the old UI interface is stored and the old UI interface is pushed to the UI trigger stack. When all UI interfaces above the UI interface in the UI trigger stack are popped up and the components in the UI interfaces are traversed, popping up the UI interface to the stack, traversing the components which are not traversed in the UI interface, and if all the components are traversed, directly marking the UI interface as 'triggered to be completed' and not stacking any more.
And for those UI interfaces marked as 'triggered completed', the subsequent interaction process may also occur, and in order to avoid repeatedly traversing the UI interfaces, the invention also constructs a UI recycle bin for storing the UI interfaces of which the components are completely interacted in the interfaces. In the operation process of the tool, if a new UI interface appears, whether the interface is the interface in the UI recycle bin is judged, if yes, traversal is not needed, the interface is directly left from the UI interface, and otherwise, traversal interaction is carried out on the UI interface according to requirements.
In the APK automatic interaction module, the invention mainly carries out simulation interaction on components which can be clicked and need text input, and by simulating the two interactive operations, the simulated user action can interact with most components, so that the coverage rate is higher. Clickable components include Button, Radiobutton, ImageView, TextView, CheckBox, and the like.
And clicking the component needing to be clicked, and generating the character string in the corresponding format according to the related requirements for the component needing to input the character string. Specifically, for components such as EditText, a user is required to input text information, the text input boxes usually need to input texts in a specified format, such as a user name, a password, a mobile phone number and the like, the format information is usually noted in the text attribute values of the components, and in order to better simulate the user to input texts, the text input method and the text input device automatically generate character strings meeting requirements. The invention appoints the generation formats of character strings of the types of 'mailbox', 'mobile phone number', 'verification code', 'user name' and 'password', generates character string input meeting the format requirement as required if the characters required by the text input box are of the types when automatic triggering is carried out, and generates random character string input if the required character string type is not in the input format appointed in the invention.
More specifically, when the tool is used, firstly, all components needing text input are extracted according to class attributes of all the components in a UI (user interface), then, character string input meeting the requirements is automatically generated according to text attribute values of all the components needing text input, and then other components are triggered. Many of the components in a UI interface need to be effectively triggered after text entry, and automatically entering valid strings can better simulate user operations.
For the UI interface capable of sliding downwards, after all the components in the current interface are triggered, the UI interface performs downward sliding operation to acquire more components and perform more comprehensive triggering.
The APK automatic interaction module extracts, identifies and traverses all UI components in the interface layer by layer according to the idea of a depth-first search algorithm on all UI interfaces in the APK, and comprehensively triggers the identified components.
Compared with the prior art, the invention has the beneficial effects that:
1. avoiding repeated triggering of the same component.
The existing tool which can be used for simulating automatic triggering of a user is mainly a Monkey tool, however, the tool randomly selects an event stream during running, if the tool needs to be triggered for many times, a great probability exists for repeatedly triggering some components and repeating some event streams, meanwhile, some more important event streams can not be triggered during running, the problems existing in the APK are difficult to expose, and the test on the APK is not comprehensive. The invention adopts a hierarchical mode, can carry out comprehensive interaction on all the components in each layer, and the triggered components cannot be triggered again in the later operation process, thereby avoiding repetition and saving a large amount of time consumed by repeatedly triggering the same component.
2. The invention is designed based on a hierarchical structure.
The APK uses Activity as a carrier of each page, each Activity is provided with a plurality of components, the structure of the application program is divided, each appearing UI interface is defined as one layer, and each UI interface belongs to and only belongs to a certain layer. An Activity may form a different UI interface due to different states of components therein, belonging to different layers. All the components are traversed based on the layers, the traversing condition is more comprehensive, the structure is clearer, and programming realization and understanding are facilitated.
3. And generating a character string in a format meeting the requirement according to the requirement of the text box.
Many Android application programs have text input boxes needing to input characters, the existing automatic simulation triggering tool mainly generates random character string input, however, many text input boxes need to input specific contents, the contents have fixed formats, and if the input formats are not consistent, the next Activity interface cannot be triggered. The invention can distinguish the contents to be input according to the text attribute contents of the text input box to generate the character strings in accordance with the required format, and can meet the contents required by most APK input boxes. In this way, more interfaces can be triggered to perform simulated interaction with more components.
4. The interaction can be automatically carried out without the source code of the APK.
Many automatic interactive tools are implemented based on the source code design of the APK, and in practical situations, it is often difficult to obtain the source code of the APK, and even if a decompilation tool is used for decompilation, the correct source code cannot be obtained due to code confusion and the like. The invention does not need source codes, because the invention simulates various operations of the user to trigger the components on the application program, only needs to obtain the relevant information of all the components on the current interface during the operation, and then simulates the operations of clicking or inputting character strings and the like of the components by the user, the operation of the user is simulated in the whole process, the source codes are not needed, the step of decompiling can be saved, and the real interactive behavior of the user is more approximate.
5. The component interaction is more comprehensive.
For the components in the UI interface of each layer, the invention records in the interface information whether each component is triggered or not, when the tool runs, only the components which are not triggered are subjected to simulation interaction, and only after all the components in one interface are triggered, the interface is considered to be completely triggered. The invention can perform more comprehensive simulation triggering on the components in the application program and expose more malicious codes hidden in the components.
Drawings
FIG. 1 is a block diagram of the system of the present invention.
Fig. 2 is a flow chart of an APK automated interaction module according to the present invention.
Detailed Description
The embodiments of the present invention will be described in detail below with reference to the drawings and examples.
As shown in fig. 1, the APK automatic triggering tool is composed of three parts, namely, an APK analysis preprocessing module, an APK automatic installation and start module, and an APK automatic interaction module.
Firstly, a running environment is provided for the APK automatic triggering tool, and relevant information of APK starting is obtained. The APK analysis preprocessing module comprises a starting simulator and an analysis android manifest, wherein the starting simulator provides a running environment for an APK automatic triggering tool; and analyzing the android manifest of the APK to obtain the package name of the APK to be tested and the MainActivity during starting, and preparing for starting the APK in the next step.
The APK then needs to be installed and started. The application program processing module is divided into an installation submodule and a starting submodule. After the position of the APK to be tested is obtained, the target APK can be installed in the simulator through an adb install < APKPath > command, and then the APK is started by using an adbshell am start-n < package _ name >/< package _ name > main _ activity _ name > command according to the class name information of the package name PackageName and MainActivity obtained by the preprocessing module.
Then, the APK is triggered comprehensively. The application automation interaction module is responsible for traversing all components in the APK. And if the UI interface changes after a UI event of a certain component is triggered, storing the information of the original UI interface into a stack, traversing a new UI interface, and returning to the original UI interface to continuously traverse the rest components after traversing is completed. In the traversing process, if a certain interface finishes traversing all components, downward sliding operation is performed on the interface, if the interface changes, the interface after sliding is also regarded as a new UI interface for traversing interaction, if the interface finishes traversing and downward sliding can not change the interface content, the information of the interface is stored in a UI recycle bin, then the path of the interface which can reach the previous interface is searched, and the interface returns to the previous interface according to the path. And if the interface completely traverses and no path returns to the previous interface, clicking a backspace key BACK. If the BACK is clicked and the previous page is not returned, but the more previous page is returned, the corresponding component is clicked again on the page until the previous page is reached.
The key technology of the invention is described in detail as follows:
1. obtaining APK related information
The method mainly comprises the steps of obtaining the packageName and the MainActivity required by starting the APK, obtaining all effective Activity names of the APK to be tested, and providing reference information for judging whether the Activity appears in the subsequent interaction process is the Activity of the APK to be tested, so that time consumption caused by interaction in an irrelevant UI (user interface) is avoided, and the efficiency of the method is improved. This information is obtained by analyzing the android manifest.
The contents of android manifest.xml are obtained by aapt dump xmltree < APKPath > android manifest.xml command. In the obtained content, a package name is obtained from the "a: package" character string, a class name of the main Activity is obtained from the "a: android name" and the "android.
2. Installation start APK
Mainly, a designated APK is installed in a simulator, and the APK is started to prepare for the next step of traversing interaction. Installation and startup are realized through adb commands. The method comprises the following specific steps:
the adb install < APKPath > command installs the target APK into the simulator, and then starts the APK by using an adb shell am start-n < package _ name >/< package _ name > according to the information obtained by the APK analysis preprocessing module.
3. Building fingerprint information for components
Acquiring a UI interface, wherein a plurality of components exist, in order to avoid repeated triggering, each component needs to be constructed with fingerprint information for unique identification, and the fingerprint information of one component comprises the following contents:
(1) component types, such as RadioButton, ImageView, TextView;
(2) coordinate information of the component;
(3) the size of the component;
(4) class name of Activity where the component is located.
And splicing the character strings according to the sequence by using the information, and finally obtaining the fingerprint value with fixed length by using a Hash algorithm. And the fingerprint information of the UI interface is obtained by splicing the obtained fingerprint values of the components and then using a Hash algorithm for one time.
4. Automatically traversing all identified components
Performing UI traversal by adopting a depth-first traversal method, as shown in FIG. 2, the steps are:
1) initializing, setting a UI interface storage stack and a UI recycle bin to be empty, and pressing an initial UI interface of the APK into the UI interface storage stack;
2) if the storage stack of the UI interface is empty, ending; otherwise, popping up the UI at the top of the stack as the currently triggered UI, which is denoted as UI1, acquiring the set of components needing to be triggered in the UI1, and executing the following operations for each component in the set:
i. clicking or inputting character strings and other operations according to the component types, and then obtaining a new UI which is recorded as UI 2;
ii, judging whether the UI2 is the same as the UI1, if so, continuing to trigger the next un-triggered component in the UI, returning to i, otherwise, entering iii;
if the UI2 is the existing UI in the UI recycle bin, clicking the backspace key back to the UI1 continues to trigger the next un-triggered component in the UI1, back to i, otherwise, entering iv;
if the UI2 is the existing UI in the UI interface storage stack, sequentially clicking the corresponding components in each UI according to the triggering sequence of the components presented by the UI1, returning to the UI1 again, then continuing to trigger the next un-triggered component, returning to i, otherwise, entering v;
v. push UI1 and UI2 in turn to UI interface stack, then go back to 2), start triggering components in new UI;
3) after the component triggers in the UI1 are completed, the UI1 is stored in the UI recycle bin, back to 2).
In summary, the method is implemented according to the idea of depth-first search, that is, during traversal, the APK is started first, and then all UI interfaces are traversed. When a UI interface is traversed, all valid UI components of the interface need to be obtained first, then all the obtained UI components need to be traversed, and different UI component events need to be triggered according to different types of UI components. If the UI interface changes after the UI component event of a certain component is triggered, the information of the original UI interface is stored in a stack, then a new UI interface is traversed, and after the traversal is completed, the original UI interface is returned to continue to trigger other components.
The invention simulates various operations of a user to trigger the components of the APK, only needs to acquire the relevant information of all the components on the current interface during the operation, and then simulates the operations of clicking or inputting character strings and the like of the components by the user, and the operation of the user is simulated in the whole process, thereby being more in line with the use condition of the user.
The invention avoids repetitive triggering of the components. The invention defines each appearing UI interface as a layer in a layered mode, and traverses all components based on the layer. The components in each layer can be comprehensively interacted, the triggered components cannot be triggered again in the system operation process, repetition is avoided, and a large amount of time consumed by repeatedly triggering the components is saved. The invention can more comprehensively trigger the components in the APK and expose more malicious behaviors hidden in the components.
The invention generates the character strings with corresponding formats according to the requirements of the text boxes. The invention can generate character strings with corresponding formats according to the content of the text attribute of the text input box, thereby meeting the requirements of most text input boxes. Thereby triggering more interfaces to perform simulated interaction with more components.
The present invention does not require the source code of the APK. Because the invention simulates various operations of a user to trigger the components on the APK, the user only needs to acquire the related information of all the components on the current interface during the operation, and then simulates the operations of clicking or inputting character strings and the like of the components by the user, without using source codes, the step of decompiling is omitted, and the real interactive behavior of the user is more approximate.
Claims (7)
1. An APK auto-triggering tool comprising:
the APK analysis preprocessing module is responsible for starting the simulator and analyzing the android manifest.
The APK automatic installation and starting module is responsible for automatically installing the target APK on the simulator and automatically starting the APK in the simulator; the APK automatic installation and starting module is divided into an installation sub-module and a starting sub-module, after the position of the APK to be tested is obtained, a target APK is installed in the simulator through an adb install command, and then the APK is started through an adb shell am start command according to packageName and MainActivity information; the APK automatic installation and starting module automatically installs and starts a designated APK, and if the APK fails during starting, the APK is automatically restarted;
the APK automatic interaction module is used for realizing the function of simulating a user to automatically trigger the component obtained in the UI according to the depth-first traversal principle, and comprises the steps of automatically generating character strings according to related requirements, inputting the character strings into the component needing to input text content, automatically clicking the component needing to be clicked, and reaching different UI interfaces according to the component triggering sequence;
the method is characterized in that the APK automatic interaction module generates a unique fingerprint value for each UI interface by using a Hash algorithm according to the type, size, coordinate information and class name of Activity of all components in the interface, so as to distinguish different UI interfaces, and the construction method of the fingerprint value of the UI interface comprises the following steps:
firstly, constructing fingerprint information of different components forming a UI interface, wherein the fingerprint information of one component comprises the following contents:
(1) the type of component;
(2) coordinate information of the component;
(3) the size of the component;
(4) class name of Activity where the component is located;
the information is utilized to carry out character string splicing according to the sequence, finally, a Hash algorithm is utilized to obtain a fingerprint value with a fixed length, and the fingerprint information of the UI interface is obtained by using the Hash algorithm once after the obtained fingerprint values of all the components are spliced;
judging whether the UI interfaces are the same according to whether the fingerprint values of the UI interfaces are the same, wherein the specific judgment method comprises the following steps:
step 1, if the Activity class names of the two UI interfaces are different, otherwise, the next step is carried out;
step 2, if the number of the components in the two UI interfaces is different, the two UI interfaces are different, otherwise, the next step is carried out;
step 3, if the fingerprint information of the two UI interfaces is inconsistent, the two UI interfaces are different, otherwise, the two UI interfaces are the same;
the method adopts a hierarchical mode to carry out comprehensive interaction on all components in each layer, and triggered components cannot be triggered again in the later operation process, so that repetition is avoided;
dividing the structure of the application program to define each appearing UI interface as a layer, wherein each UI interface necessarily belongs to and only belongs to a certain layer, one Activity can form different UI interfaces due to different states of components in the UI interfaces, the UI interfaces belong to different layers, and all the components are traversed based on the layers;
and distinguishing the contents to be input according to the content of the text attribute of the text input box to generate a character string in a required format.
2. The APK automatic triggering tool is characterized in that the APK analysis preprocessing module consists of a starting simulator and an analysis android manifest.xml, wherein the starting simulator provides a running environment for tool use, enables the tool to run effectively and simulates a user to automatically trigger the APK; analyzing an android manifest (xml) file to obtain a package name of the APK to be tested when the APK is started and MainActivity of the APK to be tested when the APK is started, and preparing for starting the APK in the next step; meanwhile, all effective Activity names of the APK to be tested are obtained when the android manifest is analyzed, and reference information is provided for judging whether the Activity appears in the later interaction process is the Activity of the APK to be tested; the relevant information of the APK acquired by the APK analysis preprocessing module at least comprises the class name of MainActivity, the package name PackageName and the collection of all the class names of Activity in the APK when the APK is started.
3. The APK automatic triggering tool according to claim 1, wherein the APK automatic interaction module is implemented by a depth-first traversal method, when traversing a UI interface, all triggerable UI components of the interface are obtained first, then all the obtained UI components are traversed in sequence, if a UI event of a certain component is triggered and the UI interface changes, the information of the original UI interface is stored in a stack, a new UI interface is traversed first, after the traversal is completed, the rest components are traversed again to the original UI interface, in the traversal process, if the interface traverses all the components, a downward sliding operation is performed on the interface, if the interface changes, the interface after the sliding is also regarded as a new UI interface, the traversal interaction is performed, if the interface traverses completely and the downward sliding cannot change the interface content, the information of the interface is stored in a UI recycle bin, and then searching a path that the interface can reach the previous interface, returning to the previous interface according to the path, if a certain interface is completely traversed and the path does not return to the previous interface, clicking a backspace key, and if the path does not return to the previous page but returns to a more previous page after clicking the BACK key, clicking a corresponding button on the page until the target page is reached.
4. The APK auto-triggering tool of claim 1, wherein during APK automated interaction:
when the method is used, firstly, all components needing text input are extracted according to class attributes of all the components in a UI (user interface), then, according to text attribute values of all the components needing text input, character string input meeting the requirements is automatically generated, and then other components are triggered;
for the UI interface capable of sliding downwards, after all the components in the current interface are triggered, the UI interface performs downward sliding operation to acquire more components and perform more comprehensive triggering.
5. The APK automatic triggering tool according to claim 1, wherein, in order to ensure that all the UI interfaces to be obtained can be completely traversed in sequence, a storage stack of UI interfaces, i.e. a UI triggering stack, is constructed, when an APK is automatically triggered, there is a UI triggering stack in the whole program, the stack sequentially stores all the UI interfaces that appear and have not completely traversed all the components therein, when a certain UI interface is being traversed, if a new UI interface appears, the current information of the old UI interface is stored, and the old UI interface is pushed to the UI triggering stack, when all the UI interfaces above the UI interface in the UI triggering stack have been popped and the components in the UI interfaces have been traversed, the UI interface is popped up to the stack, the components that have not been traversed in the UI interface are traversed, if all the components have been completed, then, this UI interface is marked directly as "triggered complete" and is not pushed further.
6. The APK automatic triggering tool according to claim 5, wherein to avoid repeatedly traversing the UI interfaces marked as "triggered completed", a UI recycle bin is constructed for storing the UI interfaces whose components have completely interacted with each other in those interfaces, during the operation, if a new UI interface appears, it is determined whether the interface is an interface in the UI recycle bin, if so, the interface does not need to be traversed, the interface is directly left, otherwise, the UI interface is traversed and interacted as required.
7. The APK automatic triggering tool according to claim 1, wherein the APK automatic interaction module extracts, identifies and traverses UI components in the interface layer by layer for all UI interfaces in the APK according to the idea of a depth-first search algorithm, and comprehensively triggers the identified components.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711220729.XA CN108090355B (en) | 2017-11-28 | 2017-11-28 | APK automatic triggering tool |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711220729.XA CN108090355B (en) | 2017-11-28 | 2017-11-28 | APK automatic triggering tool |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108090355A CN108090355A (en) | 2018-05-29 |
| CN108090355B true CN108090355B (en) | 2020-10-27 |
Family
ID=62172352
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711220729.XA Active CN108090355B (en) | 2017-11-28 | 2017-11-28 | APK automatic triggering tool |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108090355B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112256636A (en) * | 2020-11-10 | 2021-01-22 | 国网湖南省电力有限公司 | Data acquisition system for mobile application APP |
| CN113360373A (en) * | 2021-05-26 | 2021-09-07 | 上海蛮犀科技有限公司 | Test method for full traversal of Activity page of mobile application |
| CN114936051B (en) * | 2022-05-31 | 2023-06-09 | 金陵科技学院 | Method for performing value-added application based on Android system multi-mode biological identification terminal |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101989929B (en) * | 2010-11-17 | 2014-07-02 | 中兴通讯股份有限公司 | Disaster recovery data backup method and system |
| CN103544100B (en) * | 2012-07-12 | 2018-02-16 | 腾讯科技(深圳)有限公司 | Method of testing, system and the client of portable data processing equipment application program |
| CN105468733B (en) * | 2015-11-23 | 2019-04-19 | 上海爱数信息技术股份有限公司 | A kind of volume clone method deleted again based on source data |
| CN105468529B (en) * | 2015-12-15 | 2018-07-24 | 北京奇虎科技有限公司 | A kind of accurate traversal method of Android application UI controls and device |
| CN107133519B (en) * | 2017-05-15 | 2019-07-05 | 华中科技大学 | Privacy compromise detection method and system in a kind of communication of Android application network |
-
2017
- 2017-11-28 CN CN201711220729.XA patent/CN108090355B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108090355A (en) | 2018-05-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| White et al. | Improving random GUI testing with image-based widget detection | |
| US11755919B2 (en) | Analytics for an automated application testing platform | |
| US10162611B2 (en) | Method and apparatus for business rule extraction | |
| US11042472B2 (en) | Authoring automated test suites using artificial intelligence | |
| CN107193739B (en) | Black box regression testing method | |
| US7865870B2 (en) | Automatic content completion of valid values for method argument variables | |
| US10684839B2 (en) | Plugin for software deployment | |
| JPWO2018235252A1 (en) | Analyzing device, log analyzing method, and analyzing program | |
| EP2990942B1 (en) | Service extraction and application composition | |
| CN108090355B (en) | APK automatic triggering tool | |
| EP3008585B1 (en) | Automatic source code generation | |
| US20200327043A1 (en) | System and a method for automated script generation for application testing | |
| CN108829389A (en) | Android application automation triggering execution method based on Appium | |
| CN109902487B (en) | Android application malicious property detection method based on application behaviors | |
| CN112148602A (en) | Source code security analysis method based on history optimization feature intelligent learning | |
| CN108334441A (en) | A kind of automated testing method and system of Software Development Kit | |
| CN103500109A (en) | Method and device for achieving file collection and software package automatic installation | |
| CN114297700A (en) | Dynamic and static combined mobile application privacy protocol extraction method and related equipment | |
| CN112286486B (en) | Operation method of application program on intelligent terminal, intelligent terminal and storage medium | |
| US20050033953A1 (en) | Systems and methods for a bootstrap mechanism for software execution | |
| CN113342629A (en) | Operation track restoration method and device, computer equipment and storage medium | |
| CN111459774A (en) | Method, device and equipment for acquiring flow of application program and storage medium | |
| Grechanik et al. | Differencing graphical user interfaces | |
| US20160246465A1 (en) | Duplicating a task sequence from a graphical user interface interaction for a development application in view of trace data | |
| CN115827457A (en) | Browser compatibility testing method and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |