CN108255695A - APK beats again the detection method and system of packet - Google Patents
APK beats again the detection method and system of packet Download PDFInfo
- Publication number
- CN108255695A CN108255695A CN201611245330.2A CN201611245330A CN108255695A CN 108255695 A CN108255695 A CN 108255695A CN 201611245330 A CN201611245330 A CN 201611245330A CN 108255695 A CN108255695 A CN 108255695A
- Authority
- CN
- China
- Prior art keywords
- apk
- file
- packets
- module
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the detection methods that a kind of APK beats again packet, it is detected by least one of the metamessage to the description file of APK packets to be measured, executable file, resource file, APK packets, when being detected in corresponding document or metamessage in the presence of default feature according to preset rules, judge that the APK packets are attached most importance to and be packaged APK.The present invention also individually discloses detection device corresponding with above-mentioned each detection method.It is easy to detect, quick, accurate that the present invention has the advantages that, can be applied to detection, the analysis of all APK packets.
Description
Technical field
The present invention relates to the detection methods and system that field of information security technology more particularly to APK beat again packet.
Background technology
Due to the opening of android system, the situation of enough source pledge systems is especially lacked in APK installation kits
Under, there is the APK installation kits much repacked on network.These beat again the mesh that packet APK is often used for realizing various non-good wills
, including to the even embedded malicious code of the embedded advertisement of normally application, great harm is caused to user.It is existing to beat again
Packet inspection technical is all based on greatly structural analysis or is analyzed based on certificate, and shortcoming is that structural analysis needs definition one
A whole set of complicated structural similarity judgment models, and it is limited to detect effect;Certificate analysis needs corresponding just for packet APK is beaten again
Version APP is analyzed, and the certificate of legal APP is compared with beating again packet APP certificates, and this method needs to ensure to have enough
Legal sample compares and analyzes, and implements inconvenience.
Invention content
The purpose of the present invention is to provide the detection methods and system that APK beats again packet, can convenient, fast and accurate reality
Existing APK beats again the judgement of packet.
In a first aspect, the invention discloses the detection method that a kind of APK beats again packet, include the following steps:
At least one of the metamessage of the description file of APK packets to be measured, executable file, resource file, APK packets is examined
It surveys, when being detected in corresponding document or metamessage in the presence of default feature according to preset rules, judges that the APK packets are attached most importance to and be packaged APK.
Further, the default feature of the file includes:Attribute and property value, are beaten again at the class that software packaging increases newly again
The update of character string, commnet information that packet software increases newly.
Further, preset rules include:
If being detected to AndroidManifest.xml files, judge in this document with the presence or absence of the category met the requirements
Property and property value;
If being detected to classes.dex files, judge in this document the class whether increased newly comprising weight software packaging or
Newly-increased character string;
Or
If being detected to resources.arsc files, judge the character that weight software packaging increases newly whether is included in this document
String;
If being detected to the metamessage of APK packets, judge whether the APK packets include and comment is increased newly by weight software packaging
The character string of information.
Second aspect, the invention also discloses the detection methods that another APK beats again packet, include the following steps:
The signature file of APK packets to be measured is detected, when signature file, which exists, to be updated, judges that the APK packets are attached most importance to and is packaged APK.
Further, judge that signature file includes with the presence or absence of newer method:If the characteristic information of signature file contains
Signature tool information then judges that signature file has update.
The third aspect, in order to improve Detection accuracy, the invention also discloses the detection method that the third APK beats again packet,
Include the following steps:
At least one of the metamessage of the description file of APK packets to be measured, executable file, resource file, APK packets is examined
It surveys, judges in corresponding document or metamessage with the presence or absence of default feature by preset rules;
The signature file of APK packets to be measured is detected, judges signature file with the presence or absence of update;
When APK packets have default feature and signature file has update, judge that the APK packets are attached most importance to and be packaged APK.
Fourth aspect, the present invention also individually disclose detection device corresponding with above-mentioned each detection method.
Compared with the prior art, the invention has the advantages that:The present invention is based on the analysis to largely beating again packet APK, from inspection
The critical file for surveying APK packets judges weight with the presence or absence of whether the signature file of predefined feature and APK packets updates two aspects
APK is packaged, it is easy to detect, quick, accurate to have the advantages that, can be applied to detection, the analysis of all APK packets.
Description of the drawings
Fig. 1 is the detection method flow chart that a kind of APK of the present invention beats again packet.
Fig. 2 is the structure diagram for the detection device that a kind of APK of the present invention beats again packet.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention is made below in conjunction with attached drawing into
One step it is described in detail.
Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless
Specify the order of step or based on the execution of certain step needs other steps, otherwise the relative rank of step is
It is adjustable.
Popular on the market there are many weight software packagings, than more typical packet software of beating again for apktools, much beat again packet
Software is also construed as the derived product of apktools, therefore the application is described by taking apktools as an example.
Packet stream journey completely is beaten again for one, general step is as follows:(1)Remove original signature(2)Apktools is anti-
Compiling(3)It modifies to source file(4)Apktools is packaged(5)Signature(6)Publication.Flow is packaged and to a large amount of based on counterweight
The analysis of packet APK file is beaten again, it can be found that beating again packet APK file some denominators, the present invention beats again packet detection side in APK
Face has general applicability.
Embodiment 1:
A kind of APK beats again the detection method of packet, including description file, executable file, resource file, the APK to APK packets to be measured
At least one of metamessage of packet is detected, default special when being judged to exist in corresponding document or metamessage according to preset rules
During sign, judge that the APK packets are attached most importance to and be packaged APK.
By the analysis to largely beating again packet APK, it can be found that some necessary files of APK packets, such as describe file(Such as
AndroidManifest.xml files), executable file(Such as classes.dex files), resource file(Such as
Resources.arsc files), APK packets metamessage etc. often there are some features, including there are special attribute and attributes
It is worth, there are update of newly-increased class, newly-increased character string and commnet information etc., therefore can be according to default rule to upper
The feature for stating file is detected.
It is for reference now to enumerate some examples:
If the 1, being detected AndroidManifest.xml files, judge to whether there is what is met the requirements in this document
Attribute and property value.
If specifically, being detected to AndroidManifest.xml files, the manifest of this document may determine that
With the presence or absence of platform release name attribute in node, such as platformBuildVersionName attributes, and its property value is attached most importance to
Software packaging title, such as APKTOOL.
If the 2, being detected to classes.dex files, judge what is whether increased newly in this document comprising weight software packaging
Class or newly-increased character string.
It is then repacked specifically, software packaging can increase a new class newly after baksmali processes, it is final to be packaged
Classes.dex out is the class name there are above-mentioned newly-increased class.
If the 3, being detected to resources.arsc files, judge whether increased newly in this document comprising weight software packaging
Character string.
Specifically, beating again resources.arsc files in packet procedures will be reduced, can simply exist after reduction
The exclusive character string information of oneself is increased in string.xml newly then to repack.It beats again in the resources.arsc after packet
Structure in there are above-mentioned newly-increased character string informations.
If the 4, being detected to the metamessage of APK packets, judge whether the APK packets include and increased newly by weight software packaging
The character string of comment information.
Specifically, generally allowing to store commnet information in APK packets, that is, Zip packets, software packaging can return in final compression
It is increased newly in oneself exclusive character string to the comment metamessages of apk packets during shelves.
It is corresponding with the detection method, the invention also includes the detection device that a kind of APK beats again packet, in some embodiments,
The detection device includes extraction module, parsing module and matching module, wherein:
Extraction module, for extracting in the metamessage of the description file in APK packets, executable file, resource file, APK packets
It is at least one.
By the analysis to largely beating again packet APK, it can be found that some necessary files of APK packets, such as describe file(Such as
AndroidManifest.xml files), executable file(Such as classes.dex files), resource file(Such as
Resources.arsc files), APK packets metamessage etc..
Parsing module, for parsing the content of extraction module extraction, according to the characteristic information of predefined rule output file.
The module can parse corresponding file format, for above-mentioned AndroidManifest.xml files, i.e.,
The file of BinaryXML forms can be parsed, classes.dex is DEX [Dalvik Executable format] form,
Resources.arsc is the BinaryXML form similar with AndroidManifest.xml, and APK metamessages refer in particular to Zip files
File Trailer structure divisions.
1st, for AndroidManifest.xml files, export each attribute in AndroidManifest.xml files and
Property value is as characteristic information.
2nd, for classes.dex files, class in classes.dex files and character string are exported as characteristic information.
3rd, for resources.arsc files, the character string exported in resources.arsc files is believed as feature
Breath.
4th, for the metamessage of APK packets, output comment information is as characteristic information.
Matching module, for the characteristic information that parsing module exports and predefined feature to be compared, if matching, sentences
The disconnected APK packets, which are attached most importance to, is packaged APK.
It is described below against a variety of situations of parsing module:
1st, it is predefined to be characterized as platform release name attribute and its property value is attached most importance to for AndroidManifest.xml files
Software packaging title.That is, if there are platform release title categories in the manifest nodes of AndroidManifest.xml files
Property, such as platformBuildVersionName attributes, and its property value is attached most importance to software packaging title, such as APKTOOL, then is judged
The APK packets, which are attached most importance to, is packaged APK.
2nd, for classes.dex files, the predefined class or character string for being characterized as weight software packaging and increasing newly.If for example,
The class name of the class increased newly during baksmali there are software packaging in classes.dex files, then judge that the APK packets are attached most importance to
It is packaged APK.
3rd, for resources.arsc files, the predefined character string for being characterized as weight software packaging and increasing newly.If for example,
There are software packagings in resources.arsc files to increase its exclusive character string information newly in string.xml, then judging should
APK packets, which are attached most importance to, is packaged APK.
4th, the character increased newly for the metamessage of APK packets, the predefined heavy software packaging being characterized as in comment information
String.For example, there are oneself exclusive character string that software packaging increases newly in final compression filing in comment metamessages, then
Judge that the APK packets are attached most importance to and be packaged APK.
The present invention is based on the analyses to largely beating again packet APK, special with the presence or absence of predefining from the critical file of detection APK packets
The angle of sign come judge to beat again packet APK, it is easy to detect, quick, accurate to have the advantages that, can be applied to all APK packets detection,
Analysis.
Embodiment 2:
A kind of APK beats again the detection method of packet, the signature file including detecting APK packets to be measured, when signature file, which exists, to be updated,
Judge that the APK packets are attached most importance to and be packaged APK.
By the analysis to largely beating again packet APK, it can be found that the signature file of APK packets repacked generally has spy
Fixed update.
For example, for being normally applied, signature is by developing IDE signatures, and relevant information can be recorded in META-
In MANIFEST.MF files under INF files.For general IDE, its signature character information is all Created-By: 1.0
(Android)、Created-By:1.7.0_71 (Oracle Corporation) is such, and passes through what is signed again
Substantially signature tool is all employed, is characterized as under normal circumstances:
Created-By:1.0 (Android SignApk), the i.e. characteristic information of signature file contain signature tool SignApk
Information.
Corresponding with the detection method, a kind of APK beats again the detection device of packet, including extraction module, parsing module and signature
Identification module, wherein:
Extraction module, for extracting the signature file in APK packets.
For being normally applied, signature is by developing IDE signatures, and relevant information can be recorded in META-INF files
In MANIFEST.MF files under folder.
Parsing module, for parsing the signature file of APK packets to be measured.
Signature recognition module, for judging the signature file parsed with the presence or absence of update, judging if it there is update should
APK packets, which are attached most importance to, is packaged APK.
For example, its signature character information is all Created-By for general IDE: 1.0 (Android)、Created-
By:1.7.0_71 (Oracle Corporation) is such, and all employs signature work substantially by what is signed again
Tool, is characterized as under normal circumstances:Created-By:1.0 (Android SignApk), i.e. the characteristic information of signature file contains
There is the information of signature tool SignApk.
The present invention is based on the analyses to largely beating again packet APK, sentence from the signature file of detection APK packets with the presence or absence of more newly arriving
Disconnected to beat again packet APK, it is easy to detect, quick, accurate to have the advantages that, can be applied to detection, the analysis of all APK packets.
Embodiment 3:
In order to promote the accuracy of detection, the invention also discloses the detection method that a kind of APK beats again packet, in some embodiments
In, as shown in Figure 1, being somebody's turn to do, detection method includes the following steps:
S101, at least one of metamessage for describing file, executable file, resource file, APK packets of APK packets to be measured
It is detected, judges in corresponding document with the presence or absence of default feature by preset rules.
S102 detects the signature file of APK packets to be measured, judges signature file with the presence or absence of update.
S103 when APK packets have default feature and signature file has update, judges that the APK packets are attached most importance to and is packaged APK.
For example, the content of the AndroidManifest.xml files of APK packets is detected, if
There are platformBuildVersioName attributes in the manifest nodes of AndroidManifest.xml, and its value is
APKTOOL, and the second behavior Created-By of the MANIFEST.MF files under the META-INF of APK packets: 1.0
(Android SignApk), then it is the sample by signing again to judge the APK packets.
It should be understood that the sequence of S101 and S102 can be interchanged.The present invention is based on to largely beat again packet APK analysis,
Sentence in terms of whether the critical file of detection APK packets updates two with the presence or absence of the signature file of predefined feature and APK packets
Disconnected to beat again packet APK, it is easy to detect, quick, accurate to have the advantages that, can be applied to detection, the analysis of all APK packets.
It is corresponding with the detection method, the invention also includes the detection device that a kind of APK beats again packet, in some embodiments,
As shown in Fig. 2, the detection device includes extraction module 10, parsing module 20, matching module 30, signature recognition module 40 and result
Output module 50, wherein:
Extraction module 10, for extracting in the metamessage of the description file in APK packets, executable file, resource file, APK packets
At least one;And the signature file being additionally operable in extraction APK packets.
By the analysis to largely beating again packet APK, it can be found that some necessary files of APK packets, such as describe file(Such as
AndroidManifest.xml files), executable file(Such as classes.dex files), resource file(Such as
Resources.arsc files), APK packets metamessage etc..For being normally applied, signature is signed by developing IDE,
Relevant information can be recorded in the MANIFEST.MF files under META-INF files.
Parsing module 20, for parsing the content of the extraction of extraction module 10, according to the feature of predefined rule output file
Information;It is additionally operable to parsing signature file simultaneously.
The module can parse corresponding file format, for above-mentioned AndroidManifest.xml files, i.e.,
The file of BinaryXML forms can be parsed, classes.dex is DEX [Dalvik Executable format] form,
Resources.arsc is the BinaryXML form similar with AndroidManifest.xml, and APK metamessages refer in particular to Zip files
File Trailer structure divisions.
1st, for AndroidManifest.xml files, export each attribute in AndroidManifest.xml files and
Property value is as characteristic information.
2nd, for classes.dex files, class in classes.dex files and character string are exported as characteristic information.
3rd, for resources.arsc files, the character string exported in resources.arsc files is believed as feature
Breath.
4th, for the metamessage of APK packets, output comment information is as characteristic information.
Matching module 30, for the characteristic information that parsing module 20 exports and predefined feature to be compared.
It is described below against a variety of situations of parsing module 20:
1st, it is predefined to be characterized as platform release name attribute and its property value is attached most importance to for AndroidManifest.xml files
Software packaging title.That is, if there are platform release title categories in the manifest nodes of AndroidManifest.xml files
Property, such as platformBuildVersionName attributes, and its property value is attached most importance to software packaging title, such as APKTOOL, then is matched
Success.
2nd, for classes.dex files, the predefined class or character string for being characterized as weight software packaging and increasing newly.If for example,
The class name of the class increased newly during baksmali there are software packaging in classes.dex files, then successful match.
3rd, for resources.arsc files, the predefined character string for being characterized as weight software packaging and increasing newly.If for example,
In resources.arsc files there are software packaging in string.xml increase newly its exclusive character string information, then matching into
Work(.
4th, the character increased newly for the metamessage of APK packets, the predefined heavy software packaging being characterized as in comment information
String.For example, there are oneself exclusive character string that software packaging increases newly in final compression filing in comment metamessages, then
Successful match.
Signature recognition module 40, for judging that the signature file that parsing module 20 has parsed whether there is update.
For example, its signature character information is all Created-By for general IDE: 1.0 (Android)、Created-
By:1.7.0_71 (Oracle Corporation) is such, and all employs signature work substantially by what is signed again
Tool, is characterized as under normal circumstances:Created-By:1.0 (Android SignApk), i.e. the characteristic information of signature file contains
There is the information of signature tool SignApk, then judge that signature file has update.
As a result output module 50, for exporting testing result according to the situation of matching module 30 and signature recognition module 40,
When APK packets have default feature and signature file has update, judge that the APK packets are attached most importance to and be packaged APK.
The present invention is based on the analyses to largely beating again packet APK, special with the presence or absence of predefining from the critical file of detection APK packets
Whether the signature file of sign and APK packets updates two aspects to judge to beat again packet APK, has easy to detect, quick, accurately excellent
Point can be applied to detection, the analysis of all APK packets.
Several embodiments of the present invention have shown and described in above description, but as previously described, it should be understood that the present invention is not
Form disclosed herein is confined to, is not to be taken as the exclusion to other embodiment, and available for various other combinations, modification
And environment, and can be carried out in the scope of the invention is set forth herein by the above teachings or related fields of technology or knowledge
Change.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in institute of the present invention
In attached scope of the claims.
Claims (9)
1. a kind of APK beats again the detection method of packet, which is characterized in that includes the following steps:
At least one of the metamessage of the description file of APK packets to be measured, executable file, resource file, APK packets is examined
It surveys, when being detected in corresponding document or metamessage in the presence of default feature according to preset rules, judges that the APK packets are attached most importance to and be packaged APK.
2. a kind of detection method as described in claim 1, which is characterized in that the default feature of the file includes:Attribute and
The update of character string, commnet information that property value, the class that software packaging increases newly again, weight software packaging increase newly.
3. a kind of detection method as described in claim 1, which is characterized in that preset rules include:
If being detected to AndroidManifest.xml files, judge in this document with the presence or absence of the category met the requirements
Property and property value;
If being detected to classes.dex files, judge in this document the class whether increased newly comprising weight software packaging or
Newly-increased character string;
Or
If being detected to resources.arsc files, judge the character that weight software packaging increases newly whether is included in this document
String;
If being detected to the metamessage of APK packets, judge whether the APK packets include and comment is increased newly by weight software packaging
The character string of information.
4. a kind of APK beats again the detection method of packet, which is characterized in that includes the following steps:
The signature file of APK packets to be measured is detected, when signature file, which exists, to be updated, judges that the APK packets are attached most importance to and is packaged APK.
5. detection method as claimed in claim 4, which is characterized in that judge that signature file whether there is newer method packet
It includes:If the characteristic information of signature file contains signature tool information, judge that signature file has update.
6. a kind of APK beats again the detection method of packet, which is characterized in that includes the following steps:
At least one of the metamessage of the description file of APK packets to be measured, executable file, resource file, APK packets is examined
It surveys, judges in corresponding document or metamessage with the presence or absence of default feature by preset rules;
The signature file of APK packets to be measured is detected, judges signature file with the presence or absence of update;
When APK packets have default feature and signature file has update, judge that the APK packets are attached most importance to and be packaged APK.
7. a kind of APK beats again the detection device of packet, which is characterized in that the detection device include extraction module, parsing module and
With module, wherein:
Extraction module, for extracting in the metamessage of the description file in APK packets, executable file, resource file, APK packets
It is at least one;
Parsing module, for parsing the content of extraction module extraction, according to the characteristic information of predefined rule output file;
Matching module, for the characteristic information that parsing module exports and predefined feature to be compared, judging if matching should
APK packets, which are attached most importance to, is packaged APK.
8. a kind of APK beats again the detection device of packet, which is characterized in that the detection device includes extraction module, parsing module and label
Name identification module, wherein:
Extraction module, for extracting the signature file in APK packets;
Parsing module, for parsing the signature file of APK packets to be measured;
Signature recognition module, for judging that the signature file parsed with the presence or absence of update, judges the APK packets if it there is update
Attach most importance to and be packaged APK.
9. a kind of APK beats again the detection device of packet, which is characterized in that the detection device includes extraction module, parsing module, matching
Module, signature recognition module and result output module, wherein:
Extraction module, for extracting in the metamessage of the description file in APK packets, executable file, resource file, APK packets
It is at least one;And the signature file being additionally operable in extraction APK packets;
Parsing module, for parsing the content of extraction module extraction, according to the characteristic information of predefined rule output file;Simultaneously
It is additionally operable to parsing signature file;
Matching module, for the characteristic information that parsing module exports and predefined feature to be compared;
Signature recognition module, for judging the signature file parsed with the presence or absence of update;
As a result output module, for exporting testing result according to the situation of matching module and signature recognition module, when APK packets exist
When default feature and signature file presence update, judge that the APK packets are attached most importance to and be packaged APK.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611245330.2A CN108255695A (en) | 2016-12-29 | 2016-12-29 | APK beats again the detection method and system of packet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611245330.2A CN108255695A (en) | 2016-12-29 | 2016-12-29 | APK beats again the detection method and system of packet |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108255695A true CN108255695A (en) | 2018-07-06 |
Family
ID=62719895
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611245330.2A Pending CN108255695A (en) | 2016-12-29 | 2016-12-29 | APK beats again the detection method and system of packet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108255695A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111581331A (en) * | 2020-04-27 | 2020-08-25 | 北京字节跳动网络技术有限公司 | Method and device for processing file, electronic equipment and computer readable medium |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
CN104063664A (en) * | 2014-06-26 | 2014-09-24 | 北京奇虎科技有限公司 | Software installation package security detection method, software installation package security detection client, software installation package security detection server and software installation package security detection system |
CN104216946A (en) * | 2014-07-31 | 2014-12-17 | 百度在线网络技术(北京)有限公司 | Method and device for determining repackaging application program |
CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
CN104778409A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Method and device for detecting similarities of Android application software |
WO2015126079A1 (en) * | 2014-02-21 | 2015-08-27 | 주식회사 안랩 | Method and apparatus for detecting repackaging |
CN106162648A (en) * | 2015-04-17 | 2016-11-23 | 上海墨贝网络科技有限公司 | A kind of behavioral value method, server and system applying installation kit |
-
2016
- 2016-12-29 CN CN201611245330.2A patent/CN108255695A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140082729A1 (en) * | 2012-09-19 | 2014-03-20 | Estsecurity Co., Ltd. | System and method for analyzing repackaged application through risk calculation |
WO2015126079A1 (en) * | 2014-02-21 | 2015-08-27 | 주식회사 안랩 | Method and apparatus for detecting repackaging |
CN104063664A (en) * | 2014-06-26 | 2014-09-24 | 北京奇虎科技有限公司 | Software installation package security detection method, software installation package security detection client, software installation package security detection server and software installation package security detection system |
CN104216946A (en) * | 2014-07-31 | 2014-12-17 | 百度在线网络技术(北京)有限公司 | Method and device for determining repackaging application program |
CN104657634A (en) * | 2015-02-28 | 2015-05-27 | 百度在线网络技术(北京)有限公司 | Method and device for identifying pirate application |
CN104778409A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Method and device for detecting similarities of Android application software |
CN106162648A (en) * | 2015-04-17 | 2016-11-23 | 上海墨贝网络科技有限公司 | A kind of behavioral value method, server and system applying installation kit |
Non-Patent Citations (4)
Title |
---|
DARLING757267: "【android】APK文件解包修改重打包签名操作详解", 《HTTPS://BLOG.CSDN.NET/DARLING757267/ARTICLE/DETAILS/12904457》 * |
KONGPINDE: "Apk动态写入信息", 《HTTPS://BLOG.CSDN.NET/KONGPINDE/ARTICLE/DETAILS/51518466》 * |
LESLIEFANG: "android 签名验证防止重打包", 《HTTPS://WWW.CNBLOGS.COM/LESLIEFANG/P/5152358.HTML》 * |
无名大盗: "安卓apk反编译、修改、重新打包、签名全过程", 《HTTPS://BLOG.CSDN.NET/DREAMER2020/ARTICLE/DETAILS/52761606》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111581331A (en) * | 2020-04-27 | 2020-08-25 | 北京字节跳动网络技术有限公司 | Method and device for processing file, electronic equipment and computer readable medium |
CN111581331B (en) * | 2020-04-27 | 2023-08-25 | 抖音视界有限公司 | Method, device, electronic equipment and computer readable medium for processing text |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11941491B2 (en) | Methods and apparatus for identifying an impact of a portion of a file on machine learning classification of malicious content | |
JP5694473B2 (en) | Repackaging application analysis system and method through risk calculation | |
US20170149830A1 (en) | Apparatus and method for automatically generating detection rule | |
CN106407809B (en) | A kind of Linux platform malware detection method | |
CN104700033B (en) | The method and device of viral diagnosis | |
CN104954353B (en) | The method of calibration and device of APK file bag | |
RU2420791C1 (en) | Method of associating previously unknown file with collection of files depending on degree of similarity | |
CN109684840A (en) | Based on the sensitive Android malware detection method for calling path | |
US20110078674A1 (en) | API Backward Compatibility Checking | |
US20160381075A1 (en) | Methods and apparatus for generating and using security assertions associated with containers in a computing environment | |
CN104123493A (en) | Method and device for detecting safety performance of application program | |
KR100942798B1 (en) | Apparatus and method for detecting a virus code | |
CN107944270B (en) | Verifiable android malicious software detection system and method | |
CN105354496B (en) | The detection method and system for the rogue program that Android platform automatically generates | |
CN103294951B (en) | A kind of malicious code sample extracting method based on document type bug and system | |
CN104657634A (en) | Method and device for identifying pirate application | |
CN109063482A (en) | Macrovirus recognition methods, device, storage medium and processor | |
Frantzeskou et al. | Source code author identification based on n-gram author profiles | |
CN109543408A (en) | A kind of Malware recognition methods and system | |
CN110929110B (en) | Electronic document detection method, device, equipment and storage medium | |
CN115146282A (en) | AST-based source code anomaly detection method and device | |
CN104077527A (en) | Method and device for generating virus detection machine and method and device for virus detection | |
CN105975527A (en) | Road up-down relationship identification method and apparatus | |
CN106682508B (en) | The checking and killing method and device of virus | |
AU2012203538A1 (en) | Systems and methods for inter-object pattern matching |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180706 |
|
WD01 | Invention patent application deemed withdrawn after publication |