CN109976769B - Method, device and equipment for determining server identification corresponding to application installation package - Google Patents

Method, device and equipment for determining server identification corresponding to application installation package Download PDF

Info

Publication number
CN109976769B
CN109976769B CN201910165257.5A CN201910165257A CN109976769B CN 109976769 B CN109976769 B CN 109976769B CN 201910165257 A CN201910165257 A CN 201910165257A CN 109976769 B CN109976769 B CN 109976769B
Authority
CN
China
Prior art keywords
package
server
application installation
source code
installation package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910165257.5A
Other languages
Chinese (zh)
Other versions
CN109976769A (en
Inventor
阚志刚
陈彪
李军旗
彭文波
邓凌峰
付杰
林凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Bangcle Technology Co ltd
Original Assignee
Beijing Bangcle Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Bangcle Technology Co ltd filed Critical Beijing Bangcle Technology Co ltd
Priority to CN201910165257.5A priority Critical patent/CN109976769B/en
Publication of CN109976769A publication Critical patent/CN109976769A/en
Application granted granted Critical
Publication of CN109976769B publication Critical patent/CN109976769B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/53Decompilation; Disassembly
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method, a device and equipment for determining a server identifier corresponding to an application installation package, wherein the method comprises the following steps: the source code of the application installation package is obtained by performing decompiling on the application installation package; determining a server identifier from the source code; the server identification comprises at least one of a server domain name and a server IP address; determining the reference condition of the source code to the variable corresponding to the determined server identifier; and determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier. Therefore, the embodiment of the invention can obtain the source code of the application installation package, and statically analyze the server identifier corresponding to the application installation package according to the source code of the application installation package, and can effectively avoid the problem caused by dynamically running the application because the application does not need to be dynamically run, and comprehensively and accurately determine the server identifier corresponding to the application.

Description

Method, device and equipment for determining server identification corresponding to application installation package
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device and equipment for determining a server identifier corresponding to an application installation package.
Background
At present, when security risk detection is performed on a terminal application, detection is often performed through a server corresponding to the application, specifically, a server identifier corresponding to the application needs to be determined first, and then whether the server is a known violation server is determined according to the identifier, and if so, it can be determined that the application has a security risk.
In the prior art, a server identifier corresponding to an application is generally determined by dynamically running the application, specifically, the application is run first, communication data between the application and a corresponding server in a running process is intercepted, and then the server identifier corresponding to the application is determined according to the intercepted communication data.
Although the prior art can determine the server identifier corresponding to the application by dynamically running the application, the prior art has at least the following problems: if the application is subjected to proxy detection, communication data between the application and the corresponding server cannot be directly acquired; if the application needs to log in with the account password, the application cannot be logged in without the account password, and communication data between the application and the corresponding server cannot be directly acquired; if the application communicates with the third-party server in addition to the corresponding server, the identifier of the third-party server is easily determined as the identifier of the server corresponding to the application when the application is dynamically run, so that the determined identifier of the server is inaccurate.
As can be seen from the above, in the prior art, when the server identifier corresponding to the application is determined in a manner of dynamically running the application, the server identifier corresponding to the application cannot be determined comprehensively and accurately.
Disclosure of Invention
The embodiment of the invention provides a method, a device and equipment for determining a server identifier corresponding to an application installation package, and aims to solve the problem that the server identifier corresponding to an application cannot be determined comprehensively and accurately when the server identifier corresponding to the application is determined in a dynamic application running mode in the prior art.
In order to solve the technical problem, the invention is realized as follows:
in a first aspect, a method for determining a server identifier corresponding to an application installation package is provided, where the method includes:
the method comprises the steps of obtaining a source code of an application installation package by performing decompiling on the application installation package;
determining a server identification from the source code; the server identification comprises at least one of a domain name of the server and an IP address of the server;
determining the reference condition of the source code to the variable corresponding to the determined server identifier;
and determining a server identifier corresponding to the application installation package according to the reference condition and the determined server identifier.
In a second aspect, an apparatus for determining a server identifier corresponding to an application installation package is provided, where the apparatus includes:
the acquisition module is used for acquiring a source code of the application installation package by performing decompiling on the application installation package;
a first determining module, configured to determine a server identifier from the source code; the server identification comprises at least one of a domain name of the server and an IP address of the server;
a second determining module, configured to determine a reference condition of the source code to a variable corresponding to the determined server identifier;
and the third determining module is used for determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier.
In a third aspect, a terminal device is provided, the terminal device comprising a processor, a memory and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method according to the first aspect.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the first aspect.
In the embodiment of the invention, the source code of the application installation package can be obtained by decompiling the application installation package, the server identifier is determined from the source code, then, the reference condition of the source code to the variable corresponding to the determined server identifier can be determined, and the server identifier corresponding to the application installation package is determined according to the reference condition and the determined server identifier. According to the content of the embodiment of the invention, the source code of the application installation package can be obtained, the server identifier corresponding to the application installation package is statically analyzed according to the source code of the application installation package, and the dynamic operation of the application is not needed any more, so that the problem caused by the dynamic operation of the application can be effectively avoided, and the server identifier corresponding to the application can be comprehensively and accurately determined.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic flowchart of a method for determining a server identifier corresponding to an application installation package according to an embodiment of the present invention;
FIG. 2 is one of the code diagrams provided by one embodiment of the present invention;
FIG. 3 is a second code diagram provided in accordance with an embodiment of the present invention;
FIG. 4 is a third code diagram provided in accordance with an embodiment of the present invention;
FIG. 5 is a diagram illustrating an application scenario provided by an embodiment of the present invention;
fig. 6 is a schematic block diagram illustrating a determining apparatus for determining a server identifier corresponding to an application installation package according to an embodiment of the present invention;
fig. 7 is a second schematic diagram illustrating module components of the apparatus for determining a server identifier corresponding to an application installation package according to an embodiment of the present invention;
fig. 8 is a schematic hardware structure diagram of a device for determining a server identifier corresponding to an application installation package according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The technical solutions provided by the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for determining a server identifier corresponding to an application installation package according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step 102: and obtaining the source code of the application installation package by performing decompiling on the application installation package.
Step 104: determining a server identifier from the source code; the server identification includes at least one of a server domain name and a server IP address.
Step 106: determining the reference condition of the source code to the variable corresponding to the determined server identifier;
step 108: and determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier.
In the embodiment of the present invention, the application installation package of the application may be obtained first, and then the source code of the application installation package may be obtained by performing decompiling on the obtained application installation package.
In an example, when the application installation package of the application is obtained, the application installation package can be obtained by downloading from an application store, and since the content is the prior art, the description of the example is omitted here.
After the application installation package of the application is obtained, the obtained application installation package can be decompiled. In one example, the retrieved application may be an android operating system based application. The following describes the decompilation process of the obtained application installation package in detail by taking an application as an example based on an android operating system:
in an example, after the application installation package of the application is obtained, the obtained application installation package may be decompressed to obtain class.
In the embodiment of the present invention, after the source code of the application installation package is obtained, a server identifier may be determined from the obtained source code, where the server identifier may include at least one of a server domain name and a server IP address.
In one embodiment, the server identification may be determined from the derived source code by a pre-set regular expression. Specifically, the regular expression may be determined according to a composition rule of the server domain name and the server IP address, then, the character string in the source code may be matched according to the determined regular expression, and when the character string in the source code is successfully matched with the determined regular expression, the character string may be determined as the server identifier.
In an example, when a character string in a source code is successfully matched with a determined regular expression, information such as a packet name and a storage path of a packet in which a source file appears in the character string may be obtained, and the obtained information is recorded.
It should be noted that the package (package) involved in the embodiment of the present invention may provide a mechanism for distinguishing name spaces of classes for JAVA, may be an organization manner of the classes, and may be a set of related classes and interfaces, and the package involved in the embodiment of the present invention may provide a management mechanism for access rights and naming.
When information such as a package name and a storage path of a package in which a source file in which the character string appears is located is obtained, the information may be obtained from a source code of an application installation package of the application, or may be obtained from a specified configuration file of the application, where the specified configuration file of the application may include a file in an xml format and a file in a properties format in the configuration file of the application.
In the embodiment of the present invention, after the server identifier is determined from the source code, a reference condition of the source code to the variable corresponding to the determined server identifier may be determined. The variable corresponding to the determined server identifier may be a variable pointed by the determined server identifier when the assignment operation is performed.
For example, the determined server identification may be: www.abc.com, the code where the server ID is located may be: if public String host is "www.abc.com", then as known from the content of the piece of code, the server identifier is assigned, and at this time, the variable pointed to by the assignment operation can be determined from the piece of code: host, so the variable host pointed to by the assignment operation can be determined as the variable corresponding to the server identifier www.abc.com.
It should be noted that, in the prior art, whether the server identifier is assigned according to the code may be identified, and therefore, the embodiment of the present invention is not described herein again.
In the embodiment of the present invention, after determining the variable corresponding to the determined server identifier, a reference condition of the source code to the variable corresponding to the determined server identifier may be determined.
In one embodiment, the reference of the source code to the variable corresponding to the determined server identifier may include at least one of: determining whether the variable corresponding to the server identification is quoted by the source code; whether the package name of the package where the source code of the reference variable is positioned is related to the package name of the application installation package or not.
In one example, when determining whether the variable corresponding to the determined server identifier is referred to by the source code, it may be determined whether the variable corresponding to the determined server identifier is referred to by the code in one or some of the packages in the source code, for example, the source code may include the code: if public String host is "www.abc.com", after www.abc.com is determined as the server identifier and host is determined as the variable corresponding to the server identifier, it may be determined whether the variable host is referred to by the code in the certain package or packages in the source code, and specifically, whether the attribute name of the variable host is referred to by the code in the certain package or packages in the source code.
In another example, when determining whether the variable corresponding to the determined server identifier is referred to by the source code, it may be determined whether the variable corresponding to the determined server identifier is referred to by a code in a certain package or certain packages in an application configuration file, for example, a configuration file named "conf. Www.def.com, after www.def.com is determined as the server identifier and the host is determined as the variable corresponding to the server identifier, it may be determined whether the variable host is referred to by the code in the package or packages in the application configuration file, and specifically, whether the attribute name of the variable host is referred to by the code in the package or packages in the application configuration file.
In another example, when determining whether the package name of the package in which the source code of the reference variable is located is related to the package name of the application installation package, the package name of the application installation package and the package name of the package in which the source code of the reference variable is located may be extracted from the source code, and then, it may be determined whether the two package names are related.
When the package name of the application installation package is extracted from the source code, the package name can be extracted through a preset regular expression. Specifically, the package name of the application installation package can be extracted from a specified package in the source code of the application installation package, such as a package with the name of "android manifest" and format of xml, by a preset regular expression.
For example, as shown in fig. 2, as can be seen from fig. 2, on the manifest node in the application installation package, the attribute package identifies the package name of the application installation package, and at this time, the package name of the application installation package can be identified as com.
Since the technology of matching and extracting the package name of the application installation package by the regular expression is the prior art, the description of this example is omitted here.
In this example, the packet name of the packet in which the source code of the reference variable is located may also be determined by using a preset regular expression, where the regular expression used to determine the packet name of the application installation packet may be the same as or different from the regular expression used to determine the packet name of the packet in which the source code of the reference variable is located.
After determining the package name of the package in which the source code of the reference variable is located and the package name of the application installation package, it may be determined whether the two package names are related, where when determining whether the two package names are related, the determination may be performed according to a preset determination rule, and in one example, the preset determination rule may be determined based on at least one of the following: the second-level package name of the package where the source code of the reference variable is located and the application installation package; and the source code of the reference variable is positioned in the package and the third-level package name of the application installation package.
In one example, the preset determination rule may specifically be: when the package where the source code of the reference variable is located is the same as the second-level package name of the application installation package, determining that the two package names are related; and when the package where the source code of the reference variable is located is not identical to the secondary package name of the application installation package, determining that the two package names are not related.
In another example, the preset determination rule may specifically be: when the package where the source code of the reference variable is located is the same as the third-level package name of the application installation package, determining that the two package names are related; and when the package in which the source code of the reference variable is positioned is different from the third-level package name of the application installation package, determining that the two package names are not related.
In another example, the preset determination rule may specifically be: when the package where the source code of the reference variable is located is the same as the second-level package name or the third-level package name of the application installation package, determining that the two package names are related; and when the source code of the reference variable is in the package, the second-level package name and the third-level package name of the application installation package are different, determining that the two package names are not related.
In another example, the preset determination rule may further specifically be: when the package where the source code of the reference variable is located is the same as the second-level package name and the third-level package name of the application installation package, determining that the two package names are related; and when the package where the source code of the reference variable is located is not identical to the second-level package name and the third-level package name of the application installation package, determining that the two package names are not related.
In the embodiment of the present invention, after determining the reference condition of the source code to the variable corresponding to the determined server identifier, the server identifier corresponding to the application installation package may be determined according to the determined reference condition and the determined server identifier.
In one embodiment, the reference of the determined source code to the variable corresponding to the determined server identifier may include: and if the variable corresponding to the determined server identifier is not referred by the source code, at this time, the server identifier corresponding to the variable which is not referred by the source code can be filtered from the determined server identifier, and then the server identifier corresponding to the application installation package is determined according to the residual server identifiers after filtering.
The source code of the application installation package may include a server identifier that a corresponding variable does not refer to by the source code, for example, a server identifier that is annotated, a server identifier used in a development or test phase, and the like, where the server identifier that the corresponding variable does not refer to by the source code is present in the source code, but the corresponding variable is not referred to by any valid code in the source code, so that the application cannot communicate with the server based on the server identifier that the corresponding variable does not refer to by the source code when running, and therefore the server identifier that the corresponding variable does not refer to by the source code is not the server identifier that the application installation package corresponds to, in the embodiment of the present invention, when determining the server identifier that the application installation package corresponds to, the server identifier that the corresponding variable does not refer to by the source code needs to be filtered out first, and then, determining the server identification corresponding to the application installation package from the residual server identifications after filtering.
In another embodiment, the reference of the determined source code to the variable corresponding to the determined server identifier may include: and if the packet name of the packet in which the source code of the reference variable is located is not related to the packet name of the application installation packet, filtering the server identification corresponding to the variable referenced by the source code from the determined server identification, and then determining the server identification corresponding to the application installation packet according to the residual server identification after filtering.
For example, the partial code in one package of source code may be as shown in FIG. 3, and then the code shown in FIG. 3 may determine that the server identifies http:// api. zhongtouda. com, and that the server identifies the corresponding variable URL, and the partial code in one package of source code may be as shown in FIG. 4, and then the variable URL referred to by the code shown in FIG. 4.
After determining that the variable URL corresponding to the server identifier http:// api. zhongtouda. com is referred, the packet name of the packet where the source code referring to the variable URL is located may be determined, as can be seen from fig. 4, the packet name of the packet where the source code referring to the variable URL is located is com. zhongrongtongdai. ui, as can be seen from fig. 3, the packet name of the application installation packet is com. zhongrongtongdai. tools, and then the two packet names may be determined, and the two packet names have the same secondary packet name and different tertiary packet names, if the preset determination rule is: when the package where the source code of the reference variable is located is the same as the second-level package name of the application installation package, determining that the two package names are related, and determining that the two package names are related because the second-level package names of the two package names are the same and are both zhongrongtongdai; if the preset judgment rule is as follows: when the package where the source code of the reference variable is located is the same as the three-level package names of the application installation package, determining that the two package names are related, and determining that the two package names are unrelated because the three-level package names of the two package names are different, namely ui and tools; if the preset judgment rule is as follows: when the package where the source code of the reference variable is located is the same as the second-level package name or the third-level package name of the application installation package, determining that the two package names are related, and determining that the two package names are related because the second-level package names of the two package names are the same; if the preset judgment rule is as follows: when the package where the source code of the reference variable is located is the same as the second-level package name and the third-level package name of the application installation package, it is determined that the two package names are related, and then since the second-level package names of the two package names are the same and the third-level package names are different, it can be determined that the two package names are unrelated.
In this example, if the two determined package names are not related, the server identifier http:// api. zhongtouda. com corresponding to the variable URL referred by the source code may be filtered, and the server identifier corresponding to the application installation package is determined from the remaining server identifiers after filtering; if the two determined package names are related, the server identification corresponding to the application installation package can be determined according to the server identification http:// api.
As shown in fig. 5, the application may communicate with the server of the application when running, or may simultaneously communicate with at least one third-party server providing the service. The application can communicate with at least one third-party server during running, so that in the source code of the application installation package of the application, the server identifier corresponding to the third-party server is possibly determined as the server identifier, and the corresponding variable is also quoted.
Since the third-party server is not the server of the application, the package name of the package in which the code of the variable corresponding to the server identifier of the third-party server is located is referred to, although the package name of the application installation package of the application corresponding to the third-party server is related to the package name of the application installation package of the application, the package name of the application installation package is not related to the package name of the application installation package, and therefore, the server identifier of the third-party server can be filtered when the server identifier corresponding to the application installation package is determined.
In an embodiment of the present invention, when the server identifier is determined from the source code, a server domain name may be determined, and when the server identifier corresponding to the application installation package is determined according to the reference condition and the determined server identifier, the server domain name corresponding to the application installation package may be determined according to the reference condition and the determined server identifier, and then, a server IP address corresponding to the application installation package may be determined according to the determined server domain name, and the server identifier corresponding to the application installation package may be determined according to the determined server domain name and the determined server IP address.
In one example, the server identification corresponding to the application installation package can include a server IP address corresponding to the application installation package and a server domain name corresponding to the application installation package. When the server identifier corresponding to the application installation package is determined according to the server identifier corresponding to the application installation package and the server IP address corresponding to the application installation package, the server domain name corresponding to the application installation package and the server IP address corresponding to the application installation package may be directly determined as the server identifier corresponding to the application installation package.
When the server IP address corresponding to the application installation package is determined according to the determined server domain name, the IP addresses returned when a plurality of devices access the determined server domain name may be obtained first, and when the plurality of devices access the determined server domain name, the plurality of devices may access the determined server domain name at the same time.
In the embodiment of the invention, when the IP addresses returned when a plurality of devices access the server domain name are obtained, the IP addresses returned when the plurality of devices access the server domain name through a ping command can be obtained; if the device corresponding to the server domain name forbids the ping command, the IP addresses returned by the multiple devices when accessing the server domain name by running a browser driver plug-in, such as a chromedriver plug-in, can be obtained. Specifically, the multiple devices may dynamically access the server domain name by running a browser driver plug-in, perform packet capture processing on communication data of the server domain name, and then may identify a server IP address corresponding to the server domain name from captured data packets.
In another embodiment of the present invention, when the server identifier is determined from the source code, the server IP address may be determined, and when the server identifier corresponding to the application installation package is determined according to the reference condition and the determined server identifier, the server IP address corresponding to the application installation package may be determined according to the reference condition and the determined server identifier, and then the server domain name corresponding to the application installation package may be determined according to the determined server IP address, and the server identifier corresponding to the application installation package may be determined according to the determined server domain name and the determined server IP address.
Since the technology of determining the server domain name according to the server IP address is the prior art, the description of this embodiment is omitted here.
In this embodiment of the present invention, after determining the server identifier corresponding to the application installation package, the obtained server identifier may be stored, and in an example, the server identifier corresponding to the installation package may be stored according to a preset storage format, where the preset storage format may include the following contents: a packet name of a packet in which a source code of a variable corresponding to a server identifier corresponding to the application installation packet is referenced, an MD5(MD5Message-Digest Algorithm, MD5Message Digest Algorithm) value of the source code, a server domain name corresponding to the application installation packet, and a server IP address corresponding to the application installation packet.
For example, the preset storage format may be as shown in table 1:
TABLE 1
Figure BDA0001986084100000121
In the embodiment of the invention, the source code of the application installation package can be obtained by decompiling the application installation package, the server identifier is determined from the source code, then, the reference condition of the source code to the variable corresponding to the determined server identifier can be determined, and the server identifier corresponding to the application installation package is determined according to the reference condition and the determined server identifier. According to the content of the embodiment of the invention, the source code of the application installation package can be obtained, the server identifier corresponding to the application installation package is statically analyzed according to the source code of the application installation package, and the dynamic operation of the application is not needed any more, so that the problem caused by the dynamic operation of the application can be effectively avoided, and the server identifier corresponding to the application can be comprehensively and accurately determined.
Corresponding to the method for determining the server address, an embodiment of the present invention further provides a device for determining a server identifier corresponding to an application installation package, fig. 6 is one of schematic block diagrams of the device for determining a server identifier corresponding to an application installation package, provided by the embodiment of the present invention, and as shown in fig. 6, the device for determining a server identifier corresponding to an application installation package includes:
an obtaining module 61, configured to obtain a source code of an application installation package by performing decompiling on the application installation package;
a first determining module 62, configured to determine a server identifier from the source code; the server identification comprises at least one of a server domain name and a server IP address;
a second determining module 63, configured to determine a reference condition of the source code to a variable corresponding to the determined server identifier;
and a third determining module 64, configured to determine, according to the reference condition and the determined server identifier, a server identifier corresponding to the application installation package.
Optionally, the third determining module 64 is configured to:
if the reference condition of the variable comprises: if the variable is not quoted by the source code, filtering out a server identification corresponding to the variable which is not quoted by the source code from the determined server identification, and determining a server identification corresponding to the application installation package according to the residual server identification after filtering;
if the reference condition of the variable comprises: and if the variable is quoted by the source code, determining whether the package name of the package where the source code quoted the variable is positioned is related to the package name of the application installation package, filtering out the server identification corresponding to the variable quoted by the source code from the determined server identification when the package name is not related, and determining the server identification corresponding to the application installation package according to the residual server identification after filtering.
Optionally, the first determining module 62 is configured to:
determining a server domain name from the source code;
the third determination module 64 includes (see fig. 7):
the first determining submodule 641 is configured to determine, according to the reference condition and the determined server identifier, a server domain name corresponding to the application installation package;
the obtaining submodule 642 is configured to obtain IP addresses returned when the multiple devices access the server domain name corresponding to the application installation package;
a filtering sub-module 643, configured to filter out duplicate IP addresses from the obtained IP addresses;
and a second determining submodule 644, configured to determine, according to the remaining filtered IP addresses, a server IP address corresponding to the application installation package.
Optionally, the obtaining sub-module 642 is configured to:
acquiring IP addresses returned by the multiple devices when accessing the server domain name corresponding to the application installation package through a ping command;
or
And acquiring IP addresses returned by the devices when the devices access the server domain name corresponding to the application installation package by operating a browser drive plug-in.
In this embodiment, a source code of the application installation package may be obtained by decompiling the application installation package, and a server identifier may be determined from the source code, then, a reference condition of the source code to a variable corresponding to the determined server identifier may be determined, and a server identifier corresponding to the application installation package may be determined according to the reference condition and the determined server identifier. According to the content of the embodiment of the invention, the source code of the application installation package can be obtained, the server identifier corresponding to the application installation package is statically analyzed according to the source code of the application installation package, and the dynamic operation of the application is not needed any more, so that the problem caused by the dynamic operation of the application can be effectively avoided, and the server identifier corresponding to the application can be comprehensively and accurately determined.
Corresponding to the method for determining the server identifier corresponding to the application installation package, an embodiment of the present invention further provides a device for determining the server identifier corresponding to the application installation package, and fig. 8 is a schematic diagram of a hardware structure of the device for determining the server identifier corresponding to the application installation package according to an embodiment of the present invention.
The device for determining the server identifier corresponding to the application installation package may be the terminal device or the server provided in the foregoing embodiment, which is used to determine the server identifier corresponding to the application installation package.
The device for determining the server identifier corresponding to the application installation package may have a relatively large difference due to different configurations or performances, and may include one or more processors 801 and a memory 802, where the memory 802 may store one or more stored applications or data. Wherein the memory 802 may be a transient storage or a persistent storage. The application program stored in memory 802 may include one or more modules (not shown), each of which may include a series of computer-executable instructions in a determining device for a server identification corresponding to an application installation package. Still further, the processor 801 may be configured to communicate with the memory 802 to execute a series of computer-executable instructions in the memory 802 on a determined device of the server identification corresponding to the application installation package. The apparatus for determining the server identifier corresponding to the application installation package may further include one or more power supplies 803, one or more wired or wireless network interfaces 804, one or more input/output interfaces 805, and one or more keyboards 806.
Specifically, in this embodiment, the determining device for the server identifier corresponding to the application installation package includes a memory and one or more programs, where the one or more programs are stored in the memory, and the one or more programs may include one or more modules, and each module may include a series of computer-executable instructions in the determining device for the server identifier corresponding to the application installation package, and the one or more programs configured to be executed by the one or more processors include computer-executable instructions for:
the method comprises the steps of obtaining a source code of an application installation package by performing decompiling on the application installation package;
determining a server identification from the source code; the server identification comprises at least one of a server domain name and a server IP address;
determining the reference condition of the source code to the variable corresponding to the determined server identifier;
and determining a server identifier corresponding to the application installation package according to the reference condition and the determined server identifier.
Optionally, the computer-executable instructions, when executed by the processor 802, may include at least one of the following references to the variables:
whether the variable is referenced by the source code;
and whether the package name of the package where the source code referring to the variable is positioned is related to the package name of the application installation package or not.
Optionally, when the computer-executable instructions are executed by the processor 802, the determining, according to the reference condition and the determined server identifier, a server identifier corresponding to the application installation package includes:
if the reference condition of the variable comprises: if the variable is not quoted by the source code, filtering out a server identification corresponding to the variable which is not quoted by the source code from the determined server identification, and determining a server identification corresponding to the application installation package according to the residual server identification after filtering;
if the reference condition of the variable comprises: and if the variable is quoted by the source code, determining whether the package name of the package where the source code quoted the variable is positioned is related to the package name of the application installation package, filtering out the server identification corresponding to the variable quoted by the source code from the determined server identification when the package name is not related, and determining the server identification corresponding to the application installation package according to the residual server identification after filtering.
Optionally, when the computer-executable instructions are executed by the processor 802, whether the package name of the package in which the source code referring to the variable is located is related to the package name of the application installation package is determined according to a preset determination rule, where the preset determination rule is determined based on at least one of the following: the second-level package name of the package where the source code referencing the variable is located and the application installation package, and the third-level package name of the package where the source code referencing the variable is located and the application installation package.
Optionally, the computer executable instructions, when executed by the processor 802, determine a server identification from the source code, comprising:
determining a server domain name from the source code;
the determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier includes:
determining a server domain name corresponding to the application installation package according to the reference condition and the determined server identifier;
acquiring IP addresses returned when a plurality of devices access the server domain name corresponding to the application installation package;
filtering out repeated IP addresses from the obtained IP addresses;
and determining the IP address of the server corresponding to the application installation package according to the residual IP addresses after filtering.
Optionally, when the computer-executable instructions are executed by the processor 802, the obtaining IP addresses returned when the multiple devices access the server domain name corresponding to the application installation package includes one of:
acquiring IP addresses returned by the multiple devices when accessing the server domain name corresponding to the application installation package through a ping command;
and acquiring IP addresses returned by the devices when the devices access the server domain name corresponding to the application installation package by operating a browser drive plug-in.
In this embodiment, a source code of the application installation package may be obtained by decompiling the application installation package, and a server identifier may be determined from the source code, then, a reference condition of the source code to a variable corresponding to the determined server identifier may be determined, and a server identifier corresponding to the application installation package may be determined according to the reference condition and the determined server identifier. According to the content of the embodiment of the invention, the source code of the application installation package can be obtained, the server identifier corresponding to the application installation package is statically analyzed according to the source code of the application installation package, and the dynamic operation of the application is not needed any more, so that the problem caused by the dynamic operation of the application can be effectively avoided, and the server identifier corresponding to the application can be comprehensively and accurately determined.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functions of the units may be implemented in the same software and/or hardware or in a plurality of software and/or hardware when implementing the invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present invention, and is not intended to limit the present invention. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.

Claims (6)

1. A method for determining a server identifier corresponding to an application installation package is characterized by comprising the following steps:
the method comprises the steps of obtaining a source code of an application installation package by performing decompiling on the application installation package;
determining a server identification from the source code; the server identification comprises at least one of a server domain name and a server IP address;
determining the reference condition of the source code to the variable corresponding to the determined server identifier;
determining a server identifier corresponding to the application installation package according to the reference condition and the determined server identifier;
wherein the reference condition of the variable comprises at least one of the following:
whether the variable is referenced by the source code;
whether the package name of the package where the source code of the reference variable is located is related to the package name of the application installation package or not;
correspondingly, the determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier includes:
if the reference condition of the variable comprises: if the variable is not quoted by the source code, filtering out a server identification corresponding to the variable which is not quoted by the source code from the determined server identification, and determining a server identification corresponding to the application installation package according to the residual server identification after filtering;
if the reference condition of the variable comprises: if the variable is quoted by the source code, determining whether the package name of the package where the source code quoted the variable is located is related to the package name of the application installation package, if not, filtering out the server identification corresponding to the variable quoted by the source code from the determined server identification, and determining the server identification corresponding to the application installation package according to the residual server identification after filtering;
whether the package name of the package where the source code referring to the variable is located is related to the package name of the application installation package is determined according to a preset judgment rule, wherein the preset judgment rule is determined based on at least one of the following: the second-level package name of the package where the source code referencing the variable is located and the application installation package, and the third-level package name of the package where the source code referencing the variable is located and the application installation package.
2. The method of claim 1, wherein determining the server identification from the source code comprises:
determining a server domain name from the source code;
the determining the server identifier corresponding to the application installation package according to the reference condition and the determined server identifier includes:
determining a server domain name corresponding to the application installation package according to the reference condition and the determined server identifier;
acquiring IP addresses returned when a plurality of devices access the server domain name corresponding to the application installation package;
filtering out repeated IP addresses from the obtained IP addresses;
and determining the IP address of the server corresponding to the application installation package according to the residual IP addresses after filtering.
3. The method according to claim 2, wherein the obtaining of the IP addresses returned by the plurality of devices when accessing the server domain name corresponding to the application installation package comprises one of:
acquiring IP addresses returned by the multiple devices when accessing the server domain name corresponding to the application installation package through a ping command;
and acquiring IP addresses returned by the devices when the devices access the server domain name corresponding to the application installation package by operating a browser drive plug-in.
4. An apparatus for determining a server identifier corresponding to an application installation package, the apparatus comprising:
the acquisition module is used for acquiring a source code of the application installation package by performing decompiling on the application installation package;
a first determining module, configured to determine a server identifier from the source code; the server identification comprises at least one of a domain name of the server and an IP address of the server;
a second determining module, configured to determine a reference condition of the source code to a variable corresponding to the determined server identifier; wherein the reference condition of the variable comprises at least one of the following: whether the variable is referenced by the source code; whether the package name of the package where the source code of the reference variable is located is related to the package name of the application installation package or not;
a third determining module, configured to determine, according to the reference condition and the determined server identifier, a server identifier corresponding to the application installation package; if the reference condition of the variable comprises: if the variable is not quoted by the source code, filtering out a server identification corresponding to the variable which is not quoted by the source code from the determined server identification, and determining a server identification corresponding to the application installation package according to the residual server identification after filtering;
if the reference condition of the variable comprises: if the variable is quoted by the source code, determining whether the package name of the package where the source code quoted the variable is located is related to the package name of the application installation package, if not, filtering out the server identification corresponding to the variable quoted by the source code from the determined server identification, and determining the server identification corresponding to the application installation package according to the residual server identification after filtering;
whether the package name of the package where the source code referring to the variable is located is related to the package name of the application installation package is determined according to a preset judgment rule, wherein the preset judgment rule is determined based on at least one of the following: the second-level package name of the package where the source code referencing the variable is located and the application installation package, and the third-level package name of the package where the source code referencing the variable is located and the application installation package.
5. A terminal device, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the method according to any one of claims 1 to 3.
6. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 3.
CN201910165257.5A 2019-03-05 2019-03-05 Method, device and equipment for determining server identification corresponding to application installation package Active CN109976769B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910165257.5A CN109976769B (en) 2019-03-05 2019-03-05 Method, device and equipment for determining server identification corresponding to application installation package

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910165257.5A CN109976769B (en) 2019-03-05 2019-03-05 Method, device and equipment for determining server identification corresponding to application installation package

Publications (2)

Publication Number Publication Date
CN109976769A CN109976769A (en) 2019-07-05
CN109976769B true CN109976769B (en) 2022-02-11

Family

ID=67077933

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910165257.5A Active CN109976769B (en) 2019-03-05 2019-03-05 Method, device and equipment for determining server identification corresponding to application installation package

Country Status (1)

Country Link
CN (1) CN109976769B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111162961B (en) * 2019-12-05 2021-12-31 任子行网络技术股份有限公司 Method, system and readable storage medium for discovering mobile application master control server
CN111124486A (en) * 2019-12-05 2020-05-08 任子行网络技术股份有限公司 Method, system and storage medium for discovering android application to refer to third-party tool

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002019131A1 (en) * 2000-09-01 2002-03-07 Op40, Inc. System and method for collaboration using web browsers
CN104462959A (en) * 2014-12-04 2015-03-25 北京奇虎科技有限公司 Reinforcement protection method, sever and system for android app
CN106022127A (en) * 2016-05-10 2016-10-12 江苏通付盾科技有限公司 APK file security detection method and apparatus
CN106294133A (en) * 2016-07-29 2017-01-04 腾讯科技(深圳)有限公司 Detection method, relevant apparatus and the system of a kind of application program installation kit

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002019131A1 (en) * 2000-09-01 2002-03-07 Op40, Inc. System and method for collaboration using web browsers
CN104462959A (en) * 2014-12-04 2015-03-25 北京奇虎科技有限公司 Reinforcement protection method, sever and system for android app
CN106022127A (en) * 2016-05-10 2016-10-12 江苏通付盾科技有限公司 APK file security detection method and apparatus
CN106294133A (en) * 2016-07-29 2017-01-04 腾讯科技(深圳)有限公司 Detection method, relevant apparatus and the system of a kind of application program installation kit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于IP分布及请求响应时间的恶意fast-flux域名检测算法;袁福祥 等;《信息工程大学学报》;20180408;第18卷(第05期);601-606 *

Also Published As

Publication number Publication date
CN109976769A (en) 2019-07-05

Similar Documents

Publication Publication Date Title
CN108268289B (en) Parameter configuration method, device and system for web application
CN107391101B (en) Information processing method and device
CN107066519B (en) Task detection method and device
CN107016282B (en) information processing method and device
CN105205413B (en) A kind of guard method of data and device
CN108595246B (en) Method, device and equipment for running application
CN109976769B (en) Method, device and equipment for determining server identification corresponding to application installation package
CN111400681B (en) Data authority processing method, device and equipment
CN111753270B (en) Application program login verification method, device, equipment and storage medium
CN112685030A (en) Method, device, storage medium and electronic equipment for generating service code
CN113536174A (en) Interface loading method, device and equipment
CN109144600B (en) Application program running method and device and computer readable medium
CN108616361A (en) A kind of method and device of identification equipment uniqueness
CN111355672A (en) Message forwarding method and device
CN109615423B (en) Service processing method and device
CN113254163B (en) Processing method and device of block chain data
CN111694992A (en) Data processing method and device
CN110941443B (en) Method and device for modifying file name in SDK (software development kit) and electronic equipment
CN112579955A (en) Page access method, equipment, medium and electronic equipment
CN109409037B (en) Method, device and equipment for generating data confusion rule
CN111078435A (en) Service processing method and device and electronic equipment
CN112559565A (en) Abnormity detection method, system and device
CN108334775B (en) Method and device for detecting jail-crossing plug-in
KR20150139546A (en) Removable storage device identity and configuration information
CN114840427A (en) Code testing and test case generating method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant